On this page

    Data Lake Authentication Options for Glue Catalog

    Project Data Credentials with Access Key/IAM Role

    For authentication using Project Data Credentials:

    1. For Authentication Method, select Project Data Credentials.
    2. Under Modify Project Data Credentials, the IAM role that is used in the project data is shown.
    3. Policy JSON: Use the Policy JSON template and append to the existing IAM policy associated with the project role/user shown in the previous step. Alternatively, create a new IAM policy and attach it to the project role/user. For steps on how to attach new permission policies to an existing IAM role/user, see setting up AWS permissions. Skip this step if you have already created a policy and attached it to the IAM role/user in the previous section.

    Go back to the General tab configuration.

    Data Source Credentials with Access Key

    For authentication using Data Source Credentials with Access Key:

    1. For Authentication Method, select Data Source Credentials.
    2. For Create IAM Role or Access Key, select Access Key.
    3. For Policy JSON, use the JSON template to create an IAM user with Access Key. Attach a policy to access the Glue Catalog source. For steps, see create an IAM user. Skip this step if you have already created an IAM user in the previous section.
    4. For Access Key ID, enter the access key ID that is specific to the Glue Catalog source.
    5. For Secret Access Key, enter the secret access key that is specific to the Glue Catalog source.
    6. (Optional) For Role ARN, enter the ARN of the IAM role the access key should assume.

    Go back to the General tab configuration.

    Data Source Credentials with IAM Role

    For authentication using Data Source Credentials with a new IAM role:

    1. For Authentication Method, select Data Source Credentials.
    2. For Create IAM Role or Access Key, select IAM Role.
    3. For Policy JSON, use the JSON template to create an IAM role for the Glue Catalog source. For steps, see create an IAM role. Skip this step if you have already created an IAM role in the previous section.
    4. For Role ARN, enter the role ARN for the source to assume the role.
    5. Under Modify Project Data Credentials, the IAM role/user associated with the project is shown.
    6. For Policy JSON, use the JSON template to modify the project data role/user shown in the previous step to give it permissions to assume the IAM role you created for this source. For steps on how to attach new permission policies to an existing IAM role, see setting up AWS permissions.

    Go back to the General tab configuration.