AWS Glue now supports resource-based policies and resource-level permissions for the AWS Glue Data Catalog
You can now restrict access to specific AWS Glue Data Catalog objects with resource-based policies and resource-level permissions. You can set up a resource-based policy on your AWS Glue Data Catalog to give AWS Identify and Access Management (IAM) users and roles granular access to metadata definitions of databases, tables, connections, and user-defined functions. You can also restrict access to specific objects in the AWS Glue Data Catalog using resource-level permissions in identity-based policies (IAM policies).
Previously, you could use identity-based policies to restrict access to the AWS Glue Data Catalog APIs, such as GetDatabases, GetTables, CreateTable, and others. Now, with this change, you can further restrict AWS Glue Data Catalog API access to specific AWS Glue Data Catalog objects. You can also limit the AWS Glue Data Catalog objects that are returned in the resulting call. To learn more, please visit our documentation.
Additionally, you can now share the metadata stored in the AWS Glue Data Catalog in a given AWS account with other AWS accounts by adding a resource-based policy to grant cross-account access to those accounts. To learn more about how to grant cross-account access to the AWS Glue Data Catalog, please refer visit our documentation.
For AWS Glue availability, please visit the AWS region table.