Merge pull request #137 from ichekaldin/glue-job-permissions

Add AWS Glue Job permissions
mattclay · Apr 15, 2021 · d195380 · d195380
2 parents 25185a5 + 11223ad
commit d195380
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/aws/policy/application-services.yaml b/aws/policy/application-services.yaml
@@ -107,6 +107,12 @@ Statement:
       - kinesis:RemoveTagsFromStream
       - kinesis:StartStreamEncryption
       - kinesis:StopStreamEncryption
+      - glue:DeleteJob
+      - glue:GetJob
+      - glue:GetTags
+      - glue:TagResource
+      - glue:UntagResource
+      - glue:UpdateJob
     Resource:
       - 'arn:aws:ssm:{{ aws_region }}:{{ aws_account_id }}:parameter/*'
       - 'arn:aws:codebuild:{{ aws_region }}:{{ aws_account_id }}:*'
@@ -117,6 +123,7 @@ Statement:
       - 'arn:aws:logs:{{ aws_region }}:{{ aws_account_id }}:log-group:*'
       - 'arn:aws:states:{{ aws_region }}:{{ aws_account_id }}:*'
       - 'arn:aws:kinesis:{{ aws_region }}:{{ aws_account_id }}:stream/*'
+      - 'arn:aws:glue:{{ aws_region }}:{{ aws_account_id }}:job/*'
   - Sid: AllowGlobalRestrictedResourceActionsWhichIncurFees
     Effect: Allow
     Action:
@@ -130,10 +137,12 @@ Statement:
       - kinesis:DeleteStream
       - kinesis:IncreaseStreamRetentionPeriod
       - kinesis:UpdateShardCount
+      - glue:CreateJob
     Resource:
       - 'arn:aws:sns:{{ aws_region }}:{{ aws_account_id }}:*'
       - 'arn:aws:states:{{ aws_region }}:{{ aws_account_id }}:*'
       - 'arn:aws:kinesis:{{ aws_region }}:{{ aws_account_id }}:stream/*'
+      - 'arn:aws:glue:{{ aws_region }}:{{ aws_account_id }}:job/*'
   - Sid: ModifyCloudwatchLogs
     Effect: Allow
     Action:

diff --git a/aws/terminator/data_services.py b/aws/terminator/data_services.py
@@ -72,6 +72,27 @@ def terminate(self):
         self.client.delete_connection(ConnectionName=self.name)
 
 
+class GlueJob(Terminator):
+    @staticmethod
+    def create(credentials):
+        return Terminator._create(credentials, GlueJob, 'glue', lambda client: client.get_jobs()['Jobs'])
+
+    @property
+    def id(self):
+        return self.instance['Name']
+
+    @property
+    def name(self):
+        return self.instance['Name']
+
+    @property
+    def created_time(self):
+        return self.instance['CreatedOn']
+
+    def terminate(self):
+        self.client.delete_job(JobName=self.name)
+
+
 class Glacier(Terminator):
     @staticmethod
     def create(credentials):