Search code examples
pythonamazon-iamaws-glueaws-cdk

Can't Add IAM Policy to Glue Crawler with get_att

I am currently trying to add a policy statement to a glue crawler using the AWS CDK (Python) and am getting an issue with trying to retrieve the ARN of the crawler using the get_att() method from the crawler (documentation here). I have provided the code that I am using to create the crawler and would like to then use a policy document to add the statement to the resource. I'm happy to provide further info if anyone thinks it would help. Thanks in advance for your time!

from aws_cdk import (
    aws_glue,
    aws_iam
)

def new_glueCrawler(stack):
    glue_job_role = aws_iam.Role(
                stack,
                'roleName',
                role_name='roleName',
                assumed_by=aws_iam.ServicePrincipal('glue.amazonaws.com'),
                managed_policies=[aws_iam.ManagedPolicy.from_aws_managed_policy_name('service-role/AWSGlueServiceRole')])

    def prepend(list, str):
                str += '{0}'
                list = [{"path": str.format(i)} for i in list]
                return(list)

    s3TargetList = prepend('pathList', 'bucketName')

    glueCrawler = aws_glue.CfnCrawler(stack, 'crawlerName',
            name='crawlerName',
            role=glue_job_role.role_arn,
            targets={"s3Targets": s3TargetList},
            crawler_security_configuration='securityName',
            database_name='dbName',
            schedule=aws_glue.CfnCrawler.ScheduleProperty(schedule_expression='cron(5 2 * * ? *)'),
            schema_change_policy=aws_glue.CfnCrawler.SchemaChangePolicyProperty(delete_behavior='DELETE_FROM_DATABASE',
                update_behavior='UPDATE_IN_DATABASE')) 
    return glueCrawler

adminPolicyDoc = aws_iam.PolicyDocument()
adminPolicyDoc.add_statements([aws_iam.PolicyStatement(actions=['glue:StartCrawler'],
                                                       effect=aws_iam.Effect.ALLOW,
                                                       resources=[glueCrawler.get_att('arn')]
                                                      )
                              ]
                             )

Unfortunately, with CfnCrawler, the process isn't as nice as it is with other objects in the CDK framework. For example, if you wanted to obtain the arn of a lambdaObject, you could simply call lambdaObject.function_arn. It doesn't appear that it is that easy with Crawler's. Any insight would be greatly appreciated!

Solution

  • So I was able to obtain the arn using the following code snippet where the crawler is the object that I am trying to get the arn for: core.Stack.of(stack).format_arn(service='glue',resource='crawler',resource_name=crawler.name)