IAM 角色的设置是什么,某些服务可以使用它来创建数据库和表,并在启用 Lake Formation 时,在从 IAMAllowedPrincipals 组撤销 SUPER后查询该表?附加到此类角色的 AWS 推荐的 IAM 策略不起作用:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GlueFullReadAccess",
"Effect": "Allow",
"Action": [
"lakeformation:GetDataAccess",
"glue:GetTable",
"glue:GetTables",
"glue:SearchTables",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetPartitions"
],
"Resource": "*"
}
]
}