{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ProducerPolicy0",
"Effect": "Allow",
"Action": [
"glue:BatchCreatePartition",
"glue:CreateClassifier",
"glue:CreateDatabase",
"glue:CreateJob",
"glue:CreatePartition",
"glue:CreateSchema",
"glue:CreateTable",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetPartition",
"glue:GetPartitions",
"glue:GetSchema",
"glue:GetSchemaByDefinition",
"glue:GetSchemaVersion",
"glue:GetTable",
"glue:GetTables",
"glue:GetTableVersion",
"glue:GetTableVersions",
"glue:GetTags",
"glue:ImportCatalogToGlue",
"glue:ListRegistries",
"glue:ListSchemas",
"glue:ListSchemaVersions",
"glue:PutResourcePolicy",
"glue:PutSchemaVersionMetadata",
"glue:QuerySchemaVersionMetadata",
"glue:RegisterSchemaVersion",
"glue:SearchTables",
"glue:TagResource",
"glue:UpdateDatabase",
"glue:UpdatePartition",
"glue:UpdateSchema",
"glue:UpdateTable",
"glue:GetResourcePolicy",
"glue:PutResourcePolicy"
],
"Resource": "*"
},
{
"Sid": "ProducerPolicy1",
"Effect": "Allow",
"Action": [
"lakeformation:DescribeResource",
"lakeformation:GrantPermissions",
"lakeformation:RevokePermissions",
"lakeformation:BatchGrantPermissions",
"lakeformation:BatchRevokePermissions",
"lakeformation:ListPermissions",
"lakeformation:ListResources",
"lakeformation:GetDataLakeSettings",
"lakeformation:GetEffectivePermissionsForPath",
"lakeformation:GetDataAccess",
"lakeformation:GetResourceLFTags",
"lakeformation:AddLFTagsToResource",
"lakeformation:GetLFTag",
"lakeformation:CreateLFTag",
"lakeformation:DeleteLFTag",
"lakeformation:UpdateLFTag",
"lakeformation:PutDataLakeSettings",
"lakeformation:RegisterResource",
"lakeformation:UpdateResource"
],
"Resource": "*"
},
{
"Sid": "ProducerPolicy2",
"Effect": "Allow",
"Action": [
"ram:CreateResourceShare",
"ram:GetResourceShares"
],
"Resource": "*"
},
{
"Sid": "ProducerPolicy3",
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:BatchGetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateItem",
"dynamodb:PutItem",
"dynamodb:DescribeTable"
],
"Resource": [
"arn:aws:dynamodb:*:{{data_mesh_account_id}}:table/AwsDataMeshSubscriptions",
"arn:aws:dynamodb:*:{{data_mesh_account_id}}:table/AwsDataMeshSubscriptions/index/AwsDataMeshSubscriptions-Subscriber",
"arn:aws:dynamodb:*:{{data_mesh_account_id}}:table/AwsDataMeshSubscriptions/index/AwsDataMeshSubscriptions-Owner"
]
},
{
"Sid": "ProducerPolicy4",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:GetRolePolicy",
"iam:PutRolePolicy"
],
"Resource": [
"arn:aws:iam::{{data_mesh_account_id}}:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess",
"arn:aws:iam::{{data_mesh_account_id}}:role/AwsDataMesh/DataMeshAdminReadOnly"
]
},
{
"Sid": "ProducerPolicy5",
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "lakeformation.amazonaws.com"
}
}
}
]
}