{ "Version": "2012-10-17", "Statement": [ { "Sid": "ProducerPolicy0", "Effect": "Allow", "Action": [ "glue:BatchCreatePartition", "glue:CreateClassifier", "glue:CreateDatabase", "glue:CreateJob", "glue:CreatePartition", "glue:CreateSchema", "glue:CreateTable", "glue:GetDatabase", "glue:GetDatabases", "glue:GetPartition", "glue:GetPartitions", "glue:GetSchema", "glue:GetSchemaByDefinition", "glue:GetSchemaVersion", "glue:GetTable", "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions", "glue:GetTags", "glue:ImportCatalogToGlue", "glue:ListRegistries", "glue:ListSchemas", "glue:ListSchemaVersions", "glue:PutResourcePolicy", "glue:PutSchemaVersionMetadata", "glue:QuerySchemaVersionMetadata", "glue:RegisterSchemaVersion", "glue:SearchTables", "glue:TagResource", "glue:UpdateDatabase", "glue:UpdatePartition", "glue:UpdateSchema", "glue:UpdateTable", "glue:GetResourcePolicy", "glue:PutResourcePolicy" ], "Resource": "*" }, { "Sid": "ProducerPolicy1", "Effect": "Allow", "Action": [ "lakeformation:DescribeResource", "lakeformation:GrantPermissions", "lakeformation:RevokePermissions", "lakeformation:BatchGrantPermissions", "lakeformation:BatchRevokePermissions", "lakeformation:ListPermissions", "lakeformation:ListResources", "lakeformation:GetDataLakeSettings", "lakeformation:GetEffectivePermissionsForPath", "lakeformation:GetDataAccess", "lakeformation:GetResourceLFTags", "lakeformation:AddLFTagsToResource", "lakeformation:GetLFTag", "lakeformation:CreateLFTag", "lakeformation:DeleteLFTag", "lakeformation:UpdateLFTag", "lakeformation:PutDataLakeSettings", "lakeformation:RegisterResource", "lakeformation:UpdateResource" ], "Resource": "*" }, { "Sid": "ProducerPolicy2", "Effect": "Allow", "Action": [ "ram:CreateResourceShare", "ram:GetResourceShares" ], "Resource": "*" }, { "Sid": "ProducerPolicy3", "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:UpdateItem", "dynamodb:PutItem", "dynamodb:DescribeTable" ], "Resource": [ "arn:aws:dynamodb:*:{{data_mesh_account_id}}:table/AwsDataMeshSubscriptions", "arn:aws:dynamodb:*:{{data_mesh_account_id}}:table/AwsDataMeshSubscriptions/index/AwsDataMeshSubscriptions-Subscriber", "arn:aws:dynamodb:*:{{data_mesh_account_id}}:table/AwsDataMeshSubscriptions/index/AwsDataMeshSubscriptions-Owner" ] }, { "Sid": "ProducerPolicy4", "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetRolePolicy", "iam:PutRolePolicy" ], "Resource": [ "arn:aws:iam::{{data_mesh_account_id}}:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess", "arn:aws:iam::{{data_mesh_account_id}}:role/AwsDataMesh/DataMeshAdminReadOnly" ] }, { "Sid": "ProducerPolicy5", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "lakeformation.amazonaws.com" } } } ] }