Common Terminologies in Guidewire You Should Know

AWS Glue Catalog provides a centralized metadata repository for managing data across different AWS accounts. In enterprise environments, teams often need secure, cross-account access to share metadata, tables, and schemas efficiently. This guide walks through the process of configuring cross-account access for AWS Glue Catalog.


Understanding Cross-Account Access in AWS Glue

By default, AWS Glue Catalog is account-specific, but you can grant access to other accounts using AWS Identity and Access Management (IAM) roles and policies. The key components involved are:

Source Account: The AWS account that owns the Glue Catalog.

Target Account: The AWS account that requires access to the Glue Catalog.

IAM Roles & Policies: Define permissions for secure access between accounts.

Lake Formation: Provides fine-grained access control for Glue Catalog resources.


Step 1: Creating an IAM Role for the Target Account

In the Source Account, create an IAM role that allows the Target Account to access AWS Glue.

Go to IAM → Roles → Create Role

Select AWS service and choose Glue as the use case.

Choose Another AWS Account and enter the Target Account ID.

Attach the following trust policy:


json

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Principal": {

        "AWS": "arn:aws:iam::<TARGET_ACCOUNT_ID>:root"

      },

      "Action": "sts:AssumeRole"

    }

  ]

}

Click Create Role and note the ARN for later use.


Step 2: Setting Up Glue Catalog Permissions

In the Source Account, attach a policy to the IAM role to allow Glue access:


json

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Action": [

        "glue:GetTable",

        "glue:GetDatabase",

        "glue:GetTables",

        "glue:GetPartitions"

      ],

      "Resource": [

        "arn:aws:glue::<SOURCE_ACCOUNT_ID>:catalog",

        "arn:aws:glue::<SOURCE_ACCOUNT_ID>:database/default",

        "arn:aws:glue::<SOURCE_ACCOUNT_ID>:table/default/*"

      ]

    }

  ]

}

This grants the target account permission to query and retrieve metadata from the Glue Catalog.


Step 3: Configuring AWS Lake Formation for Fine-Grained Access

If AWS Lake Formation is enabled, configure Lake Formation permissions for better control:

Navigate to AWS Lake Formation → Data Permissions.

Select the Glue database and grant permissions to the Target Account IAM role.

Specify actions such as SELECT, DESCRIBE, and CREATE_TABLE.

Lake Formation ensures secure, governed access to shared metadata across accounts.


Step 4: Testing Cross-Account Access

In the Target Account, assume the IAM role and retrieve Glue metadata:

python

import boto3


session = boto3.Session(profile_name="cross_account_role")

glue_client = session.client("glue")


response = glue_client.get_databases()

print(response)

If properly configured, this script will return Glue Catalog metadata from the source account.


Final Thoughts

Setting up cross-account access for AWS Glue Catalog improves data sharing and governance across multiple AWS accounts. By using IAM roles, policies, and Lake Formation, organizations can enable secure metadata access while maintaining strict security controls.

Need help integrating AWS Glue with data lakes or analytics platforms? Let’s explore further!

Learn : GuideWire Certification Course Training
Read More : Guidewire Architecture Explained for Beginners


Visit IHUB Talent Institute Hyderabad
Get Direction

Comments

Post a Comment

Popular posts from this blog

How to Use Tosca's Test Configuration Parameters

Tosca by Tricentis is a powerful model-based test automation tool widely used in enterprise environments for end-to-end testing. One of its most useful features is Test Configuration Parameters (TCPs), which provide flexibility and control in managing test execution. TCPs enable testers to create reusable test cases by passing dynamic values without hardcoding them. This significantly enhances test maintenance, scalability, and efficiency. In this blog, we’ll explore what Test Configuration Parameters are, how to create and use them, and the best practices to follow when working with TCPs in Tosca. What Are Test Configuration Parameters? Test Configuration Parameters are custom-defined key-value pairs that can be associated with test cases, test case folders, or execution lists in Tosca. They help manage configuration data such as environment URLs, browser types, credentials, or any other variable data that may differ across test runs. By using TCPs, you can avoid duplicating test case...
Read more

Installing Java and Eclipse IDE for Selenium Automation

Selenium is one of the most popular open-source tools for automating web applications for testing purposes. To begin your journey with Selenium automation using Java, you need to first install Java Development Kit (JDK) and an Integrated Development Environment (IDE) like Eclipse. This blog will walk you through the step-by-step process of setting up Java and Eclipse IDE on your system, preparing you to start writing and executing Selenium scripts. Step 1: Install Java Development Kit (JDK) What is JDK? The Java Development Kit (JDK) provides the tools required to develop and run Java applications. It includes the Java Runtime Environment (JRE), compiler (javac), and various development tools. How to Install JDK: Download JDK: Visit the official Oracle website or use an open-source version like AdoptOpenJDK. Download the latest stable version (preferably JDK 11 or later). Install JDK: Run the downloaded installer and follow the installation wizard. During installation, note the install...
Read more

How Flutter Works Behind the Scenes

Flutter, Google’s open-source UI toolkit, has rapidly become a popular choice for building beautiful, natively compiled applications for mobile, web, and desktop from a single codebase. But have you ever wondered how Flutter works behind the scenes to deliver such smooth and performant apps? In this blog, we’ll dive into Flutter’s architecture and explain the key components that make it tick. What is Flutter? At its core, Flutter allows developers to write code in the Dart programming language, which is then compiled to native machine code. Flutter doesn’t rely on native UI components; instead, it draws every pixel on the screen using its own rendering engine. This unique approach gives developers full control over the UI and enables consistent behavior across platforms. Flutter’s Architecture: The Big Picture Flutter’s architecture can be broken down into three main layers: Dart Framework Flutter Engine Platform-Specific Embedder 1. Dart Framework The Dart framework is what developers...
Read more