Resource: awsGlueResourcePolicy
Provides a Glue resource policy. Only one can exist per region.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsCallerIdentityCurrent =
new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "current", {});
const dataAwsPartitionCurrent = new aws.dataAwsPartition.DataAwsPartition(
this,
"current_1",
{}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsPartitionCurrent.overrideLogicalId("current");
const dataAwsRegionCurrent = new aws.dataAwsRegion.DataAwsRegion(
this,
"current_2",
{}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsRegionCurrent.overrideLogicalId("current");
const dataAwsIamPolicyDocumentGlueExamplePolicy =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"glue-example-policy",
{
statement: [
{
actions: ["glue:CreateTable"],
principals: [
{
identifiers: ["*"],
type: "AWS",
},
],
resources: [
`arn:\${${dataAwsPartitionCurrent.partition}}:glue:\${${dataAwsRegionCurrent.name}}:\${${dataAwsCallerIdentityCurrent.accountId}}:*`,
],
},
],
}
);
new aws.glueResourcePolicy.GlueResourcePolicy(this, "example", {
policy: dataAwsIamPolicyDocumentGlueExamplePolicy.json,
});
Argument Reference
The following arguments are supported:
policy
– (Required) The policy to be applied to the aws glue data catalog.enableHybrid
- (Optional) Indicates that you are using both methods to grant cross-account. Valid values aretrue
andfalse
. Note the terraform will not perform drift detetction on this field as its not return on read.
Attributes Reference
No additional attributes are exported.
Import
Glue Resource Policy can be imported using the account ID: