-

catatan

JSON


{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Sid": "GetS3AndDataSourcesMetadata",
            "Effect": "Allow",
            "Action": [
                "glue:GetDatabases",
                "glue:GetSchema",
                "glue:GetTables",
                "s3:ListBucket",
                "s3:GetObject",
                "s3:GetBucketLocation",
                "glue:GetDatabase",
                "glue:GetTable",
                "glue:ListSchemas",
                "glue:GetPartitions"
            ],
            "Resource": [
                "arn:aws:s3:::amzn-s3-demo-bucket/*",
                "arn:aws:glue:us-east-1:111122223333:catalog",
    "arn:aws:glue:us-east-1:111122223333:connection/*"
            ]
        },
        {
            "Sid": "ExecuteQueries",
            "Effect": "Allow",
            "Action": [
                "athena:ListDataCatalogs",
                "athena:ListDatabases",
                "athena:ListTableMetadata",
                "athena:StartQueryExecution",
                "athena:GetQueryExecution",
                "athena:RunQuery",
                "athena:StartSession",
                "athena:GetQueryResults",
                "athena:ListWorkGroups",
                "s3:ListMultipartUploadParts",
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "athena:GetDataCatalog",
                "s3:AbortMultipartUpload",
                "s3:GetObject",
                "s3:PutObject",
                "athena:GetWorkGroup"
            ],
            "Resource": [
                "arn:aws:s3:::amzn-s3-demo-bucket/*",
                "arn:aws:athena:us-east-1:111122223333:workgroup/workgroup-name"
            ]
        },
        {
            "Sid": "GetGlueConnections",
            "Effect": "Allow",
            "Action": [
                "glue:GetConnections",
                "glue:GetConnection"
            ],
            "Resource": [
                "arn:aws:glue:us-east-1:111122223333:catalog",
                "arn:aws:glue:us-east-1:111122223333:connection/*"
            ]
        },
        {
            "Sid": "GetSecrets",
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": [
                "arn:aws:secretsmanager:us-east-1:111122223333:secret:secret-name"
            ]
        },
        {
            "Sid": "GetClusterCredentials",
            "Effect": "Allow",
            "Action": [
                "redshift:GetClusterCredentials"
            ],
            "Resource": [
                "arn:aws:redshift:us-east-1:111122223333:cluster:cluster-name"
            ]
        }
    ]
}

catatan

JSON


{
    "Version":"2012-10-17",		 	 	 		 	 	 
    "Statement": [
        {
            "Sid": "GetS3AndDataSourcesMetadata",
            "Effect": "Allow",
            "Action": [
                "glue:GetDatabases",
                "glue:GetSchema",
                "glue:GetTables",
                "s3:ListBucket",
                "s3:GetObject",
                "s3:GetBucketLocation",
                "glue:GetDatabase",
                "glue:GetTable",
                "glue:ListSchemas",
                "glue:GetPartitions"
            ],
            "Resource": [
                "arn:aws:s3:::amzn-s3-demo-bucket/*",                
                "arn:aws:glue:us-east-2:111122223333:catalog",
                "arn:aws:glue:us-east-2:111122223333:connection/*"
            ]
        },
        {
            "Sid": "ExecuteAthenaQueries",
            "Effect": "Allow",
            "Action": [
                "athena:ListDataCatalogs",
                "athena:ListDatabases",
                "athena:ListTableMetadata",
                "athena:StartQueryExecution",
                "athena:GetQueryExecution",
                "athena:RunQuery",
                "athena:StartSession",
                "athena:GetQueryResults",
                "athena:ListWorkGroups",
                "s3:ListMultipartUploadParts",
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "athena:GetDataCatalog",
                "s3:AbortMultipartUpload",
                "s3:GetObject",
                "s3:PutObject",
                "athena:GetWorkGroup"
            ],
            "Resource": [
                "arn:aws:s3:::amzn-s3-demo-bucket/*",
                "arn:aws:athena:us-east-2:111122223333:workgroup/workgroup-name"
            ]
        },
        {
            "Sid": "GetGlueConnections",
            "Effect": "Allow",
            "Action": [
                "glue:GetConnections",
                "glue:GetConnection"
            ],
            "Resource": [
                "arn:aws:glue:us-east-2:111122223333:catalog",
                "arn:aws:glue:us-east-2:111122223333:connection/*"
            ]
        },
        {
            "Sid": "GetSecrets",
            "Effect": "Allow",
            "Action": [                
                "secretsmanager:GetSecretValue"
            ],
            "Resource": [
                "arn:aws:secretsmanager:us-east-2:111122223333:secret:secret-name"       
            ]
        }
    ]
}

catatan


"Action": [
    "glue:GetConnection",
    "glue:GetConnections"    
],
"Resource": [
    "arn:aws:glue:region:account_id:connection/*"
],
"Condition": {
    "StringEqualsIfExists": {
        "aws:ResourceTag/UserProfile": "user_profile_name"
    }
}


"Action": [
    "glue:DeleteConnection",
    "glue:UpdateConnection",
    "glue:CreateConnection",
    "glue:TagResource"
],
"Resource": [
    "arn:aws:glue:region:account_id:connection/*"
],
"Condition": {
    "StringEquals": {
        "aws:ResourceTag/UserProfile": "user_profile"
    }
}

Misalnya, "arn:aws:glue:region:account-id:catalog" atau "arn:aws:glue:region:account-id:database/db-name".
Sebagai contoh, "arn:aws:athena:region:account-id:workgroup/workgroup-name".
Sebagai contoh, "arn:aws:secretsmanager:region:account-id:secret:secret-name".
Sebagai contoh, "arn:aws:redshift:region:account-id:cluster:cluster-name".

Awas Javascript dinonaktifkan atau tidak tersedia di browser Anda.

Untuk menggunakan Dokumentasi AWS, Javascript harus diaktifkan. Lihat halaman Bantuan browser Anda untuk petunjuk.

Konvensi Dokumen

Sebelumnya

FAQs