amazon iam - How to enable cross account access to dynamoDB table using AWS Glue

Question

Hello and thanks for any comments in advance

I am following the following tutorial Cross-Account Cross-Region Access to DynamoDB Tables https://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-etl-dynamo-db-cross-account.html

I follow the article but have become confused.

I have two accounts 'A' and 'B' and want to allow a Glue job run in Account 'B' to access the dynamoDB table in account 'A' and replicate the table in account 'B'. As far as I can see I have to

1. Create a policy for read access to my DynamoDB table in account 'A'
2. Create a role in account 'A' with the Another AWS account option (using account 'B' account id)and add the policy from step 1 to it
3. Get the arn for the role in step 2 and in account 'B' grant the access role using the arn of the role created in step2.

When I run my Glue job I get a error Requested resource not found: Table: table-name not found (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: ResourceNotFoundException

Can anyone give me any pointers to where I am going wrong. Specifically does the table the error refers to the dynamoDB table in Account 'A' or is it a 'table' in Glue itself , I am not experienced in Glue but I see you can create tables there etc? If someone could tell me if there are any steps missing from the tutorial - I would be very grateful

Finally I have checked the table exists and both Glue job and dynamoDB table are in the same region (us-east-1)

Many thanks for your time.

question from:https://stackoverflow.com/questions/65928272/how-to-enable-cross-account-access-to-dynamodb-table-using-aws-glue

Answer 1

For anyone struggling with this. I have since found out how to set up cross-account access using the following AWS documentation see IAM Tutorial: Delegate access across AWS accounts using IAM roles