Glue job accessing glue data catalog in different AWS account - isgaur/AWS-BigData-Solutions GitHub Wiki

Define a Role in Account A with following policy :

{ 

    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::your-s3-bucket",
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:PutObject",
                "s3:ListObject"
            ],
            "Resource": "arn:aws:s3:::your-s3-bucket/path/to-data/*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:GetObject",
                "s3:ListObject"
            ],
            "Resource": "arn:aws:s3:::your-s3-bucket/path/to-data/*",
            "Effect": "Allow"
        }
    ]

}

Add a trust relationship:

{ 

  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::Account_b_AWS#:root"
      },
      "Action": "sts:AssumeRole"
    }
  ]

}

The above IAM role can be assumed by an IAM role in Account B to access the data.
⚠️ **GitHub.com Fallback** ⚠️