TechQA.

IAM Role setup enabled to create databases and tables with Lake Formation

896 views Asked by At

What would be the setup of an IAM Role, that can be used by some service to create databases and tables and also query that tables, when Lake Formation is enabled, after revoking SUPER form the IAMAllowedPrincipals group? The AWS recommended IAM Policy, attached to such a role did not work:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "GlueFullReadAccess",
        "Effect": "Allow",
        "Action": [
            "lakeformation:GetDataAccess",
            "glue:GetTable",
            "glue:GetTables",
            "glue:SearchTables",
            "glue:GetDatabase",
            "glue:GetDatabases",
            "glue:GetPartitions"
        ],
        "Resource": "*"
    }
]

}

amazon-web-services amazon-iam aws-lake-formation
Original Q&A
1

There are 1 answers

1
Dennis Traub On

The GlueFullReadAccess Policy only allows read access. It doesn’t provide write permissions. To be able to create databases, tables, and partitions, you need to add the respective permissions as well.

Please have a look at the AWS Glue API reference to see the available actions.

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-IAM

Related Questions in AWS-LAKE-FORMATION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions