How to: Allow Glue jobs to access databases across accounts

Question

Closed this issue a year ago · 0 comments

Networking must be in place
How to test it (trying a given port between two EC2 instances in each account, for example)
Create key
Create CMK -- can't use default keys
Encrypt key with CMK -- be sure you actually do this! (edit and save)
Policy on Key
Policy on CMK
Policy on Glue service role in other account
Glue service should assume the role
Make sure boto3 uses the full ARN of the cross-account secret.