<aside> 💡 Guide IAM role/policies and Glue, Athena and Grafana configurations to create an AWS env. for Amazon Monitron Dashboard
</aside>
aws s3 cp s3://coupangfc s3://coupangfc-monitron-pilot --recursive
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::691519384763:user/WSControlPlaneUser",
"{glue service role}"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::coupangfc-monitron-pilot/*",
"arn:aws:s3:::coupangfc-monitron-pilot"
]
}
]
}
Glue Service Rule includes CustomGlueServiceRolePolicy and CustomS3Policy
Grafana Service Role includes CustomGrafanaAthenaAccessPolicy and CustomS3Policy
Lambda Execution Role includes LambdaBasicExecutionRolePolicy and CustomS3Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::coupangfc-monitron*",
"arn:aws:s3:::coupangfc"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:GetObjectVersion",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::coupangfc-monitron*/*",
"arn:aws:s3:::coupangfc/*"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"glue:ListCrawlers",
"glue:GetCrawler",
"glue:GetCrawlers",
"glue:StartCrawler",
"glue:ListCrawls",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetTable",
"glue:GetTables",
"glue:CreateCrawler",
"glue:CreateDatabase",
"glue:GetTableVersion",
"glue:GetTableVersions",
"glue:UpdateTable",
"glue:BatchGetCrawlers",
"glue:CreateTable",
"glue:StopCrawler",
"glue:DeleteTableVersion",
"glue:DeleteCrawler",
"glue:UpdateCrawler",
"glue:SearchTables",
"glue:CreatePartition",
"glue:UpdatePartition",
"glue:CreatePartitionIndex",
"glue:GetClassifier",
"glue:GetClassifiers",
"glue:GetPartition",
"glue:GetPartitionIndexes",
"glue:DeletePartition",
"glue:DeletePartitionIndex",
"glue:UpdateColumnStatisticsForTable",
"glue:GetColumnStatisticsForTable",
"glue:GetTags",
"glue:UpdateDatabase",
"glue:DeleteDatabase",
"glue:BatchDeleteTable",
"glue:BatchDeleteTableVersion",
"glue:DeleteColumnStatisticsForTable",
"glue:DeleteTable",
"glue:UpdateCrawlerSchedule",
"glue:StartCrawlerSchedule",
"glue:GetPartitions",
"glue:BatchCreatePartition",
"glue:BatchUpdatePartition",
"glue:UpdateColumnStatisticsForPartition"
],
"Resource": [
"arn:aws:glue:us-east-1:654405684375:catalog", //need to change account id
"arn:aws:glue:us-east-1:654405684375:database/monitron-*",
"arn:aws:glue:us-east-1:654405684375:table/monitron-*",
"arn:aws:glue:us-east-1:654405684375:crawler/monitron-*"
]
}
]
}