AWS Glue (IAM)

aws analytics

A fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load data for analytics.

Common permissions

glue:GetJobglue:GetJobsglue:GetJobRunglue:GetJobRunsglue:GetTableglue:GetTablesglue:GetDatabase

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "glue:GetJob",
        "glue:GetJobs",
        "glue:GetJobRun",
        "glue:GetJobRuns",
        "glue:GetTable",
        "glue:GetTables",
        "glue:GetDatabase"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid glue:* — grants full control including creating, updating, and deleting jobs, crawlers, and data catalogs.
Avoid glue:DeleteJob — allows deletion of ETL jobs, causing data processing failures.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/glue/glue.json ↗

API

full doc /v1/iam/glue