5 thoughts on “Cross-account AWS Glue Data Catalog access with Glue ETL

  1. In both policies, you are granting “Action”: “s3:*”.
    Why do we need all Write permissions on the source catalog, DBs and S3? The Glue jobs in account A only needs to read the data from the relevant S3 buckets of account B. So granting all Write permissions might lead to accidentally modifying the data in account B which is undesirable if the job is reading from prod accounts/buckets. Just reflecting based on a real scenario I’m facing!
    I guess only List and Read permissions would be enough.

    1. Hi Avishek,
      Thank you for visiting the blog.
      Yes, list and get permission should be enough to read the data for this purpose.
      Regards,
      Anand

  2. Very nice details steps – made it super easy to understand. Thank you for the nice documentation.

Leave a Reply