AWS Glue API 权限:操作和资源参考
在设置AWS Glue 中的 Identity and Access Management和编写可附加到 IAM 身份的权限策略(基于身份的策略)或可附加到资源的权限策略(资源策略)时,可以使用下面的表作为参考。该表列出每个 AWS Glue API 操作、您可授予执行权限的对应操作以及您可授予权限的 AWS 资源。您可以在策略的 Action 字段中指定这些操作,并在策略的 Resource 字段中指定资源值。
对某些 AWS Glue 资源的操作需要原级和子资源 ARN 也包含在策略的 Resource 字段中。有关更多信息,请参阅数据目录 ARN。
通常,可将 ARN 分段替换为通配符。有关更多信息,请参阅 IAM 用户指南 中的 IAM JSON 策略元素。
IAM 策略的条件键由 API 操作列出。您可以在 AWS Glue 策略中使用 AWS 范围的条件键来表达条件。有关 AWS 范围内的键的完整列表,请参阅 IAM 用户指南 中的 AWS 全局条件键。
要指定操作,请在 API 操作名称之前使用 glue: 前缀(例如,glue:GetTable)。
使用滚动条查看表的其余部分。
|
AWS Glue API 和操作所需的权限
|
|||
|---|---|---|---|
| AWS Glue API 操作 | 所需权限(API 操作) | 资源 | 条件密钥 |
| BatchCreatePartition (batch_create_partition) | glue:BatchCreatePartition |
|
|
| BatchDeleteConnection (batch_delete_connection) | glue:BatchDeleteConnection |
要通过调用执行的所有连接删除都必须由 IAM 授权。如果其中任何删除未经授权,调用将失败,且不会删除任何连接。 |
|
| BatchDeletePartition (batch_delete_partition) | glue:BatchDeletePartition |
要通过调用执行的所有分区删除都必须由 IAM 授权。如果其中任何删除未经授权,调用将失败,且不会删除任何分区。 |
|
| BatchDeleteTable (batch_delete_table) | glue:BatchDeleteTable |
要通过调用执行的所有表删除都必须由 IAM 授权。如果其中任何删除未经授权,调用将失败,且不会删除任何表。 |
|
| BatchDeleteTableVersion (batch_delete_table_version) | glue:BatchDeleteTableVersion |
|
|
| BatchGetCrawlers (batch_get_crawlers) | glue:BatchGetCrawlers |
arn:aws-cn:glue:
|
glue:resourceTag |
| BatchGetDevEndpoints (batch_get_dev_endpoints) | glue:BatchGetDevEndpoints |
arn:aws-cn:glue:
|
glue:resourceTag |
| BatchGetJobs (batch_get_jobs) | glue:BatchGetJobs |
arn:aws-cn:glue:
|
glue:resourceTag |
| BatchGetPartition (batch_get_partition) | glue:BatchGetPartition |
|
|
| BatchGetTriggers (batch_get_triggers) | glue:BatchGetTriggers |
arn:aws-cn:glue:
|
glue:resourceTag |
| BatchStopJobRun (batch_stop_job_run) | glue:BatchStopJobRun |
* |
|
| CreateClassifier (create_classifier) | glue:CreateClassifier |
* |
|
| CreateConnection (create_connection) | glue:CreateConnection |
|
|
| CreateCrawler (create_crawler) | glue:CreateCrawler |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
aws:RequestTag |
| CreateDatabase (create_database) | glue:CreateDatabase |
|
|
| CreateDevEndpoint (create_dev_endpoint) | glue:CreateDevEndpoint |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
aws:RequestTag |
| CreateJob (create_job) | glue:CreateJob |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
aws:RequestTag |
| CreatePartition (create_partition) | glue:CreatePartition |
|
|
| CreateScript (create_script) | glue:CreateScript |
*
|
|
| CreateSecurityConfiguration (create_security_configuration) | glue:CreateSecurityConfiguration |
*
|
|
| CreateTable (create_table) | glue:CreateTable |
|
|
| CreateTrigger (create_trigger) | glue:CreateTrigger |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
aws:RequestTag |
| CreateUserDefinedFunction (create_user_defined_function) | glue:CreateUserDefinedFunction |
>
|
|
| DeleteClassifier (delete_classifier) | glue:DeleteClassifier |
* |
|
| DeleteConnection (delete_connection) | glue:DeleteConnection |
|
|
| DeleteCrawler (delete_crawler) | glue:DeleteCrawler |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| DeleteDatabase (delete_database) | glue:DeleteDatabase |
|
|
| DeleteDevEndpoint (delete_dev_endpoint) | glue:DeleteDevEndpoint |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| DeleteJob (delete_job) | glue:DeleteJob |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| DeletePartition (delete_partition) | glue:DeletePartition |
|
|
| DeleteResourcePolicy (delete_resource_policy) | glue:DeleteResourcePolicy |
* |
|
| DeleteSecurityConfiguration (delete_security_configuration) | glue:DeleteSecurityConfiguration |
*
|
|
| DeleteTable (delete_table) | glue:DeleteTable |
|
|
| DeleteTableVersion (delete_table_version) | glue:DeleteTableVersion |
|
|
| DeleteTrigger (delete_trigger) | glue:DeleteTrigger |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| DeleteUserDefinedFunction (delete_user_defined_function) | glue:DeleteUserDefinedFunction |
|
|
| GetCatalogImportStatus (get_catalog_import_status) | glue:GetCatalogImportStatus |
|
|
| GetClassifier (get_classifier) | glue:GetClassifier |
* |
|
| GetClassifiers (get_classifiers) | glue:GetClassifiers |
* |
|
| GetConnection (get_connection) | glue:GetConnection |
|
|
| GetConnections (get_connections) | glue:GetConnections |
|
|
| GetCrawler (get_crawler) | glue:GetCrawler |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| GetCrawlerMetrics (get_crawler_metrics) | glue:GetCrawlerMetrics |
* |
|
| GetCrawlers (get_crawlers) | glue:GetCrawlers |
* |
|
| GetDatabase (get_database) | glue:GetDatabase |
|
|
| GetDatabases (get_databases) | glue:GetDatabases |
|
|
| GetDataCatalogEncryptionSettings (get_data_catalog_encryption_settings) | glue:GetDataCatalogEncryptionSettings |
* |
|
| GetDataflowGraph (get_dataflow_graph) | glue:GetDataflowGraph |
* |
|
| GetDevEndpoint (get_dev_endpoint) | glue:GetDevEndpoint |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| GetDevEndpoints (get_dev_endpoints) | glue:GetDevEndpoints |
* |
|
| GetJob (get_job) | glue:GetJob |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| GetJobRun (get_job_run) | glue:GetJobRun |
* |
|
| GetJobRuns (get_job_runs) | glue:GetJobRuns |
* |
|
| GetJobs (get_jobs) | glue:GetJobs |
* |
|
| GetMapping (get_mapping) | glue:GetMapping |
* |
|
| GetPartition (get_partition) | glue:GetPartition |
|
|
| GetPartitions (get_partitions) | glue:GetPartitions |
|
|
| GetPlan (get_plan) | glue:GetPlan |
* |
|
| GetResourcePolicy (get_resource_policy) | glue:GetResourcePolicy |
* |
|
| GetSecurityConfiguration (get_security_configuration) | glue:GetSecurityConfiguration |
*
|
|
| GetSecurityConfigurations (get_security_configurations) | glue:GetSecurityConfigurations |
*
|
|
| GetTable (get_table) | glue:GetTable |
|
|
| GetTables (get_tables) | glue:GetTables |
|
|
| GetTableVersion (get_table_version) | glue:GetTableVersion |
|
|
| GetTableVersions (get_table_versions) | glue:GetTableVersions |
|
|
| GetTags (get_tags) | glue:GetTags |
*
|
|
| GetTrigger (get_trigger) | glue:GetTrigger |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| GetTriggers (get_triggers) | glue:GetTriggers |
* |
|
| GetUserDefinedFunction (get_user_defined_function) | glue:GetUserDefinedFunction |
|
|
| GetUserDefinedFunctions (get_user_defined_functions) | glue:GetUserDefinedFunctions |
|
|
| ImportCatalogToGlue (import_catalog_to_glue) | glue:ImportCatalogToGlue |
|
|
| ListCrawlers (list_crawlers) | glue:ListCrawlers |
* |
|
| ListDevEndpoints (list_dev_endpoints) | glue:ListDevEndpoints |
* |
|
| ListJobs (list_jobs) | glue:ListJobs |
* |
|
| ListTriggers (list_triggers) | glue:ListTriggers |
* |
|
| PutResourcePolicy (put_resource_policy) | glue:PutResourcePolicy |
* |
|
| PutDataCatalogEncryptionSettings (put_data_catalog_encryption_settings) | glue:PutDataCatalogEncryptionSettings |
* |
|
| ResetJobBookmark (reset_job_bookmark) | glue:ResetJobBookmark |
* |
|
| StartCrawler (start_crawler) | glue:StartCrawler |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| StartCrawlerSchedule (start_crawler_schedule) | glue:StartCrawlerSchedule |
* |
|
| StartJobRun (start_job_run) | glue:StartJobRun |
* |
|
| StartTrigger (start_trigger) | glue:StartTrigger |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| StopCrawler (stop_crawler) | glue:StopCrawler |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| StopCrawlerSchedule (stop_crawler_schedule) | glue:StopCrawlerSchedule |
* |
|
| StopTrigger (stop_trigger) | glue:StopTrigger |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| TagResource (tag_resource) | glue:TagResource |
*
|
aws:RequestTag |
| UntagResource (untag_resource) | glue:UntagResource |
*
|
aws:TagKeys |
| UpdateClassifier (update_classifier) | glue:UpdateClassifier |
* |
|
| UpdateConnection (update_connection) | glue:UpdateConnection |
|
|
| UpdateCrawler (update_crawler) | glue:UpdateCrawler |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| UpdateCrawlerSchedule (update_crawler_schedule) | glue:UpdateCrawlerSchedule |
* |
|
| UpdateDatabase (update_database) | glue:UpdateDatabase |
|
|
| UpdateDevEndpoint (update_dev_endpoint) | glue:UpdateDevEndpoint |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| UpdateJob (update_job) | glue:UpdateJob |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| UpdatePartition (update_partition) | glue:UpdatePartition |
|
|
| UpdateTable (update_table) | glue:UpdateTable |
|
|
| UpdateTrigger (update_trigger) | glue:UpdateTrigger |
arn:aws-cn:glue:
或 arn:aws-cn:glue: |
glue:resourceTag |
| UpdateUserDefinedFunction (update_user_defined_function) | glue:UpdateUserDefinedFunction |
|