0

How to write an AWS IAM Policy document such that it does the following:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "ec2:StartInstances",
      "Condition": {
        "StringEquals": {
          "glue:SourceGlueJobArn": "arn:aws:glue:some_glue_job_name"
        },
      },
      "Effect": "Allow",
      "Resource": "arn:aws:ec2:some_instance_id"
    }
  ]
}

The idea would be that only a Glue Job named some_glue_job_name (or any other valid identifier as far as IAM conditions go) can do ec2:StartInstances (note that this action is just for example). To compare, Lambda has lambda:SourceFunctionArn. But Glue seems to not have any such identifier supported for IAM conditionals.

Is there a workaround or am I missing something?

Just changing the execution role of the glue job is not possible, hence the necessity in the first place.

Improve this question
Related questions
85
What is exactly "Assume" a role in AWS?
1
aws glue IAM role cant connect to aws opensearch
0
AWS Glue with S3 endpoint and bucket policy
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.