Satts B

Today’s TIL is courtesy of my colleague ( Tanuj Patel) .

I was trying to understand how to define the right arns in a IAM policy

The scenario was

“ How do I specific the arns in a IAM Policy document, that says, allow s:DeleteObject for this folder and all resources under it”

The answer is to specific the directory and a second arn with the directory/* in it.

{
"Sid": "DeleteAllowForParticularFolder",
"Effect": "Allow",
"Action":
[
"s3:DeleteObject"
],
"Resource":
[
"arn:aws:s3:::generic-bucket/generic-folder",
"arn:aws:s3:::generic-bucket/generic-folder/*"
]
}

--

--

Today’s TIL is a byproduct of my coding in Python for AWS Glue.

Problem: I was trying to figure out to conditionally apply arguments to a method based on some input params to the REST API

Solution:

args = dict(
Name='string',
Description='string',
Role='string',
ExecutionProperty={
'MaxConcurrentRuns': 123
},
Command={
'Name': 'string',
'ScriptLocation': 'string',
'PythonVersion': '3' # Using only Python3
},
NonOverridableArguments={
'string': 'string'
},
MaxRetries=123,
Timeout=123,
Tags={
'string': 'string'
},
NotificationProperty={
'NotifyDelayAfter': 123
},
GlueVersion='string',
NumberOfWorkers=123,
WorkerType='Standard'|'G.1X'|'G.2X'
)
if request['DefaultArguments']:
args['DefaultArguments']= {
'string': 'string'
}
response = glue_client.create_job(**args)

--

--