Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.
AWS verwaltete Richtlinie: AmazonDataZoneGlueManageAccessRolePolicy
Diese Richtlinie gibt Amazon die DataZone Erlaubnis, AWS Glue-Daten im Katalog zu veröffentlichen. Es gibt Amazon auch die DataZone Erlaubnis, Zugriff auf veröffentlichte AWS Glue-Assets im Katalog zu gewähren oder den Zugriff zu widerrufen.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "GlueTagDatabasePermissions", "Effect": "Allow", "Action": [ "glue:TagResource", "glue:UntagResource" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" }, "ForAnyValue:StringLikeIfExists": { "aws:TagKeys": "DataZoneDiscoverable_*" } } }, { "Sid": "GlueDataQualityPermissions", "Effect": "Allow", "Action": [ "glue:ListDataQualityResults", "glue:GetDataQualityResult" ], "Resource": "arn:aws:glue:*:*:dataQualityRuleset/*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "GlueCrawlerPermissions", "Effect": "Allow", "Action": "glue:ListCrawls", "Resource": "arn:aws:glue:*:*:crawler/*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "GlueTableDatabasePermissions", "Effect": "Allow", "Action": [ "glue:CreateTable", "glue:DeleteTable", "glue:GetDatabases", "glue:GetTables", "glue:SearchTables" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:table/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "GlueGetTagsPermissions", "Effect": "Allow", "Action": [ "glue:GetTags", "glue:GetCatalog" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "LakeformationResourceSharingPermissions", "Effect": "Allow", "Action": [ "lakeformation:BatchGrantPermissions", "lakeformation:BatchRevokePermissions", "lakeformation:CreateDataCellsFilter", "lakeformation:CreateLakeFormationOptIn", "lakeformation:DeleteDataCellsFilter", "lakeformation:DeleteLakeFormationOptIn", "lakeformation:GrantPermissions", "lakeformation:GetDataCellsFilter", "lakeformation:GetResourceLFTags", "lakeformation:ListDataCellsFilter", "lakeformation:ListLakeFormationOptIns", "lakeformation:ListPermissions", "lakeformation:RegisterResource", "lakeformation:RevokePermissions", "lakeformation:UpdateDataCellsFilter", "glue:GetDatabase", "glue:GetTable", "organizations:DescribeOrganization", "ram:GetResourceShareInvitations", "ram:ListResources" ], "Resource": "*" }, { "Sid": "LakeformationResourceFederatedSharingPermissions", "Effect": "Allow", "Action": [ "lakeformation:GetDataAccess" ], "Resource": "*", "Condition": { "Null": { "lakeformation:GlueARN": "true" }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "glue.amazonaws.com", "lakeformation.amazonaws.com" ] } } }, { "Sid": "CrossAccountRAMResourceSharingPermissions", "Effect": "Allow", "Action": [ "glue:DeleteResourcePolicy", "glue:PutResourcePolicy" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:table/*" ], "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "ram.amazonaws.com" ] } } }, { "Sid": "CrossAccountLakeFormationResourceSharingPermissions", "Effect": "Allow", "Action": [ "ram:CreateResourceShare" ], "Resource": "*", "Condition": { "StringEqualsIfExists": { "ram:RequestedResourceType": [ "glue:Table", "glue:Database", "glue:Catalog" ] }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "lakeformation.amazonaws.com" ] } } }, { "Sid": "CrossAccountRAMResourceShareInvitationPermission", "Effect": "Allow", "Action": [ "ram:AcceptResourceShareInvitation" ], "Resource": "arn:aws:ram:*:*:resource-share-invitation/*" }, { "Sid": "CrossAccountRAMResourceSharingViaLakeFormationPermissions", "Effect": "Allow", "Action": [ "ram:AssociateResourceShare", "ram:DeleteResourceShare", "ram:DisassociateResourceShare", "ram:GetResourceShares", "ram:ListResourceSharePermissions", "ram:UpdateResourceShare" ], "Resource": "*", "Condition": { "StringLike": { "ram:ResourceShareName": [ "LakeFormation*" ] }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "lakeformation.amazonaws.com" ] } } }, { "Sid": "CrossAccountRAMResourceSharingViaLakeFormationHybrid", "Effect": "Allow", "Action": "ram:AssociateResourceSharePermission", "Resource": "*", "Condition": { "ArnLike": { "ram:PermissionArn": "arn:aws:ram::aws:permission/AWSRAMLFEnabled*" }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "lakeformation.amazonaws.com" ] } } }, { "Sid": "KMSDecryptPermission", "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/datazone:projectId": "proj-all" } } }, { "Sid": "GetRoleForDataZone", "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": [ "arn:aws:iam::*:role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonDataZone*" ] }, { "Sid": "PassRoleForDataLocationRegistration", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonDataZone*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lakeformation.amazonaws.com" ] } } } ] }
