Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for AWS Glue

AWS Glue (service prefix: glue) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by AWS Glue

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
BatchCreatePartition Creates one or more partitions in a batch operation.

Write

BatchDeleteConnection Deletes a list of connection definitions from the data catalog.

Write

BatchDeletePartition Deletes one or more partitions in a batch operation.

Write

BatchDeleteTable Deletes multiple tables at once.

Write

BatchGetPartition Retrieves partitions in a batch request.

Read

CreateClassifier Creates a Classifier in the user's account.

Write

CreateConnection Creates a connection definition in the data catalog.

Write

CreateCrawler Creates a new Crawler with specified targets.

Write

CreateDatabase Creates a new database in a data catalog.

Write

CreateDevEndpoint Creates a new DevEndpoint.

Write

CreateJob Creates a new job.

Write

CreatePartition Creates a new partition.

Write

CreateScript Transforms a directed acyclic graph (DAG) into a Python script.

Write

CreateTable Creates a new table definition in the data catalog.

Write

CreateTrigger Creates a new trigger.

Write

CreateUserDefinedFunction Creates a new function definition in the data catalog.

Write

DeleteClassifier Removes a Classifier from the metadata store.

Write

DeleteConnection Deletes a connection from the data catalog.

Write

DeleteCrawler Removes a specified Crawler from the metadata store.

Write

DeleteDatabase Removes a specified database from a data catalog.

Write

DeleteDevEndpoint Deletes a specified DevEndpoint.

Write

DeleteJob Deletes a specified job.

Write

DeletePartition Deletes a specified partition.

Write

DeleteTable Removes a table definition from the data catalog.

Write

DeleteTrigger Deletes a specified trigger.

Write

DeleteUserDefinedFunction Deletes an existing function definition from the data catalog.

Write

GetCatalogImportStatus Updates an existing function definition in the data catalog.

Read

GetClassifier Retrieve a Classifier by name.

Read

GetClassifiers Lists all Classifier objects in the metadata store.

Read

GetConnection Retrieves a connection definition from the data catalog.

Read

GetConnections Retrieves a list of connection definitions from the data catalog.

Read

GetCrawler Retrieves metadata for a specified Crawler.

Read

GetCrawlerMetrics Retrieves metrics about specified crawlers.

Read

GetCrawlers Retrieves metadata for all Crawlers defined in the customer account.

Read

GetDatabase Retrieves the definition of a specified database.

Read

GetDatabases Retrieves all databases defined in a given data catalog.

Read

GetDataflowGraph Transforms a Python script into a directed acyclic graph (DAG).

Read

GetDevEndpoint Retrieves information about a specified DevEndpoint.

Read

GetDevEndpoints Retrieves all the DevEndpoints in this AWS account

Read

GetJob Retrieves an existing job definition.

Read

GetJobRun Retrieves the metadata for a given job run.

Read

GetJobRuns Retrieves metadata for all runs of a given job.

Read

GetJobs Retrieves all current jobs.

Read

GetMapping Creates mappings.

Write

GetPartition Retrieves information about a specified partition.

Read

GetPartitions Retrieves information about the partitions in a table.

Read

GetPlan Gets a Python script to perform a specified mapping.

Read

GetTable Retrieves the Table definition in a data catalog for a specified table

Read

GetTableVersions Retrieves a list of strings that identify available versions of a specified table.

Read

GetTables Retrieves the definitions of some or all of the tables in a given database.

Read

GetTrigger Retrieves the definition of a trigger.

Read

GetTriggers Gets all the triggers associated with a job.

Read

GetUserDefinedFunction Retrieves a specified function definition from the data catalog.

Read

GetUserDefinedFunctions Retrieves a multiple function definitions from the data catalog.

Read

ImportCatalogToGlue Imports an existing Athena data catalog to AWS Glue.

Write

ResetJobBookmark Resets a bookmark entry.

Write

StartCrawler Starts a crawl using the specified Crawler.

Write

StartCrawlerSchedule Changes the schedule state of the specified crawler to SCHEDULED.

Write

StartJobRun Runs a job.

Write

StartTrigger Starts an existing trigger.

Write

StopCrawler If the specified Crawler is running, stops the crawl.

Write

StopCrawlerSchedule Sets the schedule state of the specified crawler to NOT_SCHEDULED.

Write

StopTrigger Stops a specified trigger

Write

UpdateClassifier Modifies an existing Classifier.

Write

UpdateConnection Updates a connection definition in the data catalog.

Write

UpdateCrawler Updates a Crawler.

Write

UpdateDatabase Updates an existing database definition in a data catalog.

Write

UpdateDevEndpoint Updates a specified DevEndpoint.

Write

UpdateJob Updates an existing job definition.

Write

UpdatePartition Updates a partition.

Write

UpdateTable Gets information about the results of the specified query execution.

Write

UpdateTrigger Updates a trigger definition.

Write

UpdateUserDefinedFunction Updates an existing function definition in the data catalog.

Write

Resources Defined by Glue

Glue has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for AWS Glue

Glue has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.