From e88f4756e9b922a9d9ce27cb9d23db1efe740037 Mon Sep 17 00:00:00 2001 From: tspicer Date: Wed, 4 Apr 2018 23:49:13 -0400 Subject: [PATCH] add IAM policies --- iam/athena.json | 67 +++++++++++++++++++++++++++++++++++++++++++++++ iam/spectrum.json | 56 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+) create mode 100644 iam/athena.json create mode 100644 iam/spectrum.json diff --git a/iam/athena.json b/iam/athena.json new file mode 100644 index 0000000..871f000 --- /dev/null +++ b/iam/athena.json @@ -0,0 +1,67 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:PutObject", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts", + "s3:DeleteObject" + ], + "Resource": [ + "arn:aws:s3:::yourbucketname/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "s3:GetBucketLocation", + "s3:CreateBucket", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:DeleteObject" + ], + "Resource": [ + "arn:aws:s3:::yourbucketname" + ] + }, + { + "Effect": "Allow", + "Action": [ + "athena:*" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "glue:CreateDatabase", + "glue:DeleteDatabase", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:UpdateDatabase", + "glue:CreateTable", + "glue:DeleteTable", + "glue:BatchDeleteTable", + "glue:UpdateTable", + "glue:GetTable", + "glue:GetTables", + "glue:BatchCreatePartition", + "glue:CreatePartition", + "glue:DeletePartition", + "glue:BatchDeletePartition", + "glue:UpdatePartition", + "glue:GetPartition", + "glue:GetPartitions", + "glue:BatchGetPartition" + ], + "Resource": [ + "*" + ] + } + ] +} diff --git a/iam/spectrum.json b/iam/spectrum.json new file mode 100644 index 0000000..1c1bba6 --- /dev/null +++ b/iam/spectrum.json @@ -0,0 +1,56 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:Get*", + "s3:List*" + ], + "Resource": "arn:aws:s3:::yourbucketname/*" + }, + { + "Effect": "Allow", + "Action": [ + "s3:ListBucket" + ], + "Resource": "arn:aws:s3:::yourbucketname" + }, + { + "Effect": "Allow", + "Action": [ + "athena:*" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "glue:CreateDatabase", + "glue:DeleteDatabase", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:UpdateDatabase", + "glue:CreateTable", + "glue:DeleteTable", + "glue:BatchDeleteTable", + "glue:UpdateTable", + "glue:GetTable", + "glue:GetTables", + "glue:BatchCreatePartition", + "glue:CreatePartition", + "glue:DeletePartition", + "glue:BatchDeletePartition", + "glue:UpdatePartition", + "glue:GetPartition", + "glue:GetPartitions", + "glue:BatchGetPartition" + ], + "Resource": [ + "*" + ] + } + ] +}