AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for AWS Glue

AWS Glue (service prefix: glue) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by AWS Glue

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
BatchCreatePartition Creates one or more partitions in a batch operation. Write
BatchDeleteConnection Deletes a list of connection definitions from the data catalog. Write
BatchDeletePartition Deletes one or more partitions in a batch operation. Write
BatchDeleteTable Deletes multiple tables at once. Write
BatchGetPartition Retrieves partitions in a batch request. Read
CreateClassifier Creates a Classifier in the user's account. Write
CreateConnection Creates a connection definition in the data catalog. Write
CreateCrawler Creates a new Crawler with specified targets. Write
CreateDatabase Creates a new database in a data catalog. Write
CreateDevEndpoint Creates a new DevEndpoint. Write
CreateJob Creates a new job. Write
CreatePartition Creates a new partition. Write
CreateScript Transforms a directed acyclic graph (DAG) into a Python script. Write
CreateTable Creates a new table definition in the data catalog. Write
CreateTrigger Creates a new trigger. Write
CreateUserDefinedFunction Creates a new function definition in the data catalog. Write
DeleteClassifier Removes a Classifier from the metadata store. Write
DeleteConnection Deletes a connection from the data catalog. Write
DeleteCrawler Removes a specified Crawler from the metadata store. Write
DeleteDatabase Removes a specified database from a data catalog. Write
DeleteDevEndpoint Deletes a specified DevEndpoint. Write
DeleteJob Deletes a specified job. Write
DeletePartition Deletes a specified partition. Write
DeleteTable Removes a table definition from the data catalog. Write
DeleteTrigger Deletes a specified trigger. Write
DeleteUserDefinedFunction Deletes an existing function definition from the data catalog. Write
GetCatalogImportStatus Updates an existing function definition in the data catalog. Read
GetClassifier Retrieve a Classifier by name. Read
GetClassifiers Lists all Classifier objects in the metadata store. Read
GetConnection Retrieves a connection definition from the data catalog. Read
GetConnections Retrieves a list of connection definitions from the data catalog. Read
GetCrawler Retrieves metadata for a specified Crawler. Read
GetCrawlerMetrics Retrieves metrics about specified crawlers. Read
GetCrawlers Retrieves metadata for all Crawlers defined in the customer account. Read
GetDatabase Retrieves the definition of a specified database. Read
GetDatabases Retrieves all databases defined in a given data catalog. Read
GetDataflowGraph Transforms a Python script into a directed acyclic graph (DAG). Read
GetDevEndpoint Retrieves information about a specified DevEndpoint. Read
GetDevEndpoints Retrieves all the DevEndpoints in this AWS account Read
GetJob Retrieves an existing job definition. Read
GetJobRun Retrieves the metadata for a given job run. Read
GetJobRuns Retrieves metadata for all runs of a given job. Read
GetJobs Retrieves all current jobs. Read
GetMapping Creates mappings. Read
GetPartition Retrieves information about a specified partition. Read
GetPartitions Retrieves information about the partitions in a table. Read
GetPlan Gets a Python script to perform a specified mapping. Read
GetTable Retrieves the Table definition in a data catalog for a specified table Read
GetTableVersions Retrieves a list of strings that identify available versions of a specified table. Read
GetTables Retrieves the definitions of some or all of the tables in a given database. Read
GetTrigger Retrieves the definition of a trigger. Read
GetTriggers Gets all the triggers associated with a job. Read
GetUserDefinedFunction Retrieves a specified function definition from the data catalog. Read
GetUserDefinedFunctions Retrieves a multiple function definitions from the data catalog. Read
ImportCatalogToGlue Imports an existing Athena data catalog to AWS Glue. Write
ResetJobBookmark Resets a bookmark entry. Write
StartCrawler Starts a crawl using the specified Crawler. Write
StartCrawlerSchedule Changes the schedule state of the specified crawler to SCHEDULED. Write
StartJobRun Runs a job. Write
StartTrigger Starts an existing trigger. Write
StopCrawler If the specified Crawler is running, stops the crawl. Write
StopCrawlerSchedule Sets the schedule state of the specified crawler to NOT_SCHEDULED. Write
StopTrigger Stops a specified trigger Write
UpdateClassifier Modifies an existing Classifier. Write
UpdateConnection Updates a connection definition in the data catalog. Write
UpdateCrawler Updates a Crawler. Write
UpdateDatabase Updates an existing database definition in a data catalog. Write
UpdateDevEndpoint Updates a specified DevEndpoint. Write
UpdateJob Updates an existing job definition. Write
UpdatePartition Updates a partition. Write
UpdateTable Gets information about the results of the specified query execution. Write
UpdateTrigger Updates a trigger definition. Write
UpdateUserDefinedFunction Updates an existing function definition in the data catalog. Write

Resources Defined by Glue

AWS Glue has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for AWS Glue

Glue has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.