# AWS Glue This article outlines the integration with the AWS Glue connector, enabling streamlined metadata management through crawling and manual lineage building. The connector supports SDK-based connectivity to AWS Glue environments for metadata extraction from schemas, tables, and columns. Role-Based Authentication and IAM User Authentication provide secure access to AWS Glue resources based on the configured AWS account and region.

## Overview ### Connector Details


Connector Category	ETL Tool
OvalEdge Release Supported	Release6.3.4 and later
Connectivity [How the connection is established with AWS Glue]	SDK
Verified AWS Glue Version	Glue 5.0

{% hint style="warning" %} The AWS Glue connector has been validated with the mentioned "Verified AWS Glue Versions" and is expected to be compatible with other supported AWS Glue versions. If there are any issues with validation or metadata crawling, please submit a support ticket for investigation and feedback. {% endhint %} **SDK Details**

Sl. No.	SDK Details	Supported Version	Reference
1	AWS SDK	2.41.34	Click here

### Connector Features | Feature | Availability | | -------------------------------------------- | :----------: | | Crawling | ✅ | | Delta Crawling | ❌ | | Profiling | ❌ | | Data Preview | ❌ | | Auto Lineage | ❌ | | Manual Lineage | ✅ | | Secure Authentication via Credential Manager | ✅ | | Data Quality | ❌ | | DAM (Data Access Management) | ❌ | ### Metadata Mapping The following objects are crawled from AWS Glue and mapped to the corresponding UI assets.

AWS Glue Object	AWS Glue Attribute	OvalEdge Attribute	OvaEdge Category	OvalEdge Type
Schema	Database Name	Schema	Tables	Schema
Schema	Description	Source Description	Descriptions	Schema
Table	Table Name	Table	Tables	Table
Table	Table Type (EXTERNAL, etc)	Type	Tables	Table
Table	Description	Source Description	Descriptions	-
Column	Column Name	Column	Table Columns	Table Column
Column	Data Type	Column Type	Table Columns	Table Column
Column	Description	Source Description	Table Columns	Table Column
Column	Position	Column Position	Table Columns	Table Column
Column	Length / Precision	Data Type Size	Table Columns	Table Column

## Set up a Connection ### Prerequisites The following are the prerequisites to establish a connection: #### **Service Account User Permissions** {% hint style="warning" %} It is recommended to use a separate service account to establish the connection to the data source, configured with the following minimum set of permissions. {% endhint %} {% hint style="info" %} 👨‍💻**Who can provide these permissions?** These permissions are typically granted by the AWS Glue administrator, as users may not have the required access to assign them independently. {% endhint %}

Objects	Sys Tables	Access Permissions
Schema	glue:GetDatabases	IAM permission to call glue:GetDatabases
Schema	glue:GetDatabase	IAM permission to call glue:GetDatabase
Table	glue:GetTables	glue:GetTables
Table	glue:GetTable	glue:GetTable
Table	glue:GetTableVersions	glue:GetTableVersions
Table	glue:GetTableVersion	glue:GetTableVersion
Table	Athena + S3	athena:StartQueryExecution, s3:GetObject

{% hint style="info" %} * glue:GetDatabases and glue:GetDatabase permissions are required to list and retrieve metadata for AWS Glue Data Catalog databases (logical schema containers). * glue:GetTables permission is required to list all tables under a specific database (schema) in AWS Glue Data Catalog. * glue:GetTable permission retrieves metadata for individual tables, including schema, location, and input format details. * glue:GetTableVersions and glue:GetTableVersion permissions are required to access historical table version metadata when versioning is enabled. * athena:StartQueryExecution and s3:GetObject permissions are required to query Glue tables through Athena and access underlying data stored in Amazon S3. {% endhint %} ### Connection Configuration Steps {% hint style="warning" %} Users are required to have the Connector Creator role in order to configure a new connection. {% endhint %} 1. Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for AWS Glue, and complete the required parameters. {% hint style="info" %} Fields marked with an asterisk (\*) are mandatory for establishing a connection. {% endhint %}

Field Name	Description
Connector Type	By default, "AWS Glue" is displayed as the selected connector type.
Authentication*	Select the type of Authentication from the dropdown menu. Role-Based Authentication IAM User Authentication

Field Name

Description

Connector Type

By default, "AWS Glue" is displayed as the selected connector type.

Authentication*

Select the type of Authentication from the dropdown menu.

Role-Based Authentication
IAM User Authentication

{% tabs %} {% tab title="Role-Based Authentication" %}

Field Name	Description
Credential Manager*	Select the desired credentials manager from the drop-down list. The corresponding parameters will be displayed based on the selected option. Supported Credential Managers: OE Credential Manager AWS Secrets Manager HashiCorp Azure Key Vault For more details, click here.
Connector Name*	Enter a unique name for the AWS Glue connection (Example: "AWS_Glue").
Connector Description	Enter a brief description of the connector.
Connector Environment	Select the environment (Example: PROD, STG) configured for the connector. For more details, click here.
Cross-Account Role ARN	Enter the ARN (Amazon Resource Name) of the role used for cross-account access.
Database Region*	Select the AWS Region where the AWS Glue resources are configured (Example: us-xxxx-1, ap-xxxx-1). The selected region is used to establish connectivity and retrieve metadata from the configured AWS Glue environment.

{% endtab %} {% tab title="IAM User Authentication" %}

Field Name	Description
Credential Manager*	Select the desired credentials manager from the drop-down list. The corresponding parameters will be displayed based on the selected option. Supported Credential Managers: OE Credential Manager AWS Secrets Manager HashiCorp Azure Key Vault For more details, click here.
Connector Name*	Enter a unique name for the AWS Glue connection (Example: "AWS_Glue").
Connector Description	Enter a brief description of the connector.
Connector Environment	Select the environment (Example: PROD, STG) configured for the connector. For more details, click here.
Access key*	Enter the AWS Access Key ID used to authenticate the IAM user.
Secret key*	Enter the AWS Secret Access Key associated with the Access Key ID.
Database Region*	Select the AWS Region where the AWS Glue resources are configured (Example: us-xxxx-1, ap-xxxx-1). The selected region is used to establish connectivity and retrieve metadata from the configured AWS Glue environment.

{% endtab %} {% endtabs %} **Default Governance Roles**


Default Governance Roles*	Select the appropriate users or teams for each governance role from the drop-down list. All users configured in the security settings are available for selection.

**Admin Roles**


Admin Roles*	Select one or more users from the dropdown list for Integration Admin and Security & Governance Admin. All users configured in the security settings are available for selection.

**Bridge**


Select Bridge*	If applicable, select the bridge from the drop-down list. The drop-down list displays all active bridges that have been configured. These bridges facilitate communication between data sources and the system without requiring changes to firewall rules.

Select Bridge*

If applicable, select the bridge from the drop-down list.

The drop-down list displays all active bridges that have been configured. These bridges facilitate communication between data sources and the system without requiring changes to firewall rules.

2. After entering all connection details, the following actions can be performed: 1. Click **Validate** to verify the connection. 2. Click **Save** to store the connection for future use. 3. Click **Save & Configure** to apply additional settings before saving. 3. The saved connection will appear on the **Connectors home** page. ## Manage Connector Operations ### Crawl {% hint style="warning" %} To perform crawl operations, users must be assigned the Integration Admin role. {% endhint %} The **Crawl/Profile** button allows users to select one or more schemas for crawling. 1. Navigate to the Connectors page and click **Crawl/Profile**. 2. Select the schemas to crawl. 3. The **Crawl** option is selected by default. 4. Click **Run** to collect metadata from the connected source and load it into the **Data Catalog**. 5. After a successful crawl, the information appears in the **Data Catalog** > **Databases**/**<>Codes** tab. The **Schedule** checkbox allows automated crawling at defined intervals, from a minute to a year. 1. Click the **Schedule checkbox** to enable the Select Period drop-down. 2. Select a time interval for the operation from the drop-down menu. 3. Click **Schedule** to initiate metadata collection from the connected source. 4. The system will automatically execute the **crawl** operation at the scheduled time. ### Other Operations The **Connectors** page provides a centralized view of all configured connectors, along with their health status. **Managing connectors includes:** * **Connector Health:** Displays the current status of each connector using a **green** icon for active connections and a **red** icon for inactive connections, helping to monitor the connectivity with data sources. * **Viewing**: Click the **Eye** icon next to the connector name to view connector details, including databases, tables, columns, and codes. **Nine Dots Menu Options:** To view, edit, validate, configure, or delete connectors, click on the **Nine Dots** menu. * **Edit Connector**: Update and revalidate the data source. * **Validate Connector**: Check the connection's integrity. * **Settings**: Modify connector settings. * **Crawler**: Configure data extraction. * **Access Instructions:** Add notes on how data can be accessed. * **Business Glossary Settings**: Manage term associations at the connector level. * **Others**: Configure notification recipients for metadata changes. * **Delete Connector**: Remove a connector with confirmation. For more details on connector settings, click [here](https://docs.ovaledge.com/connectors/introduction-to-connectors/setup-and-connectivity/connector-settings). ### Connectivity Troubleshooting If incorrect parameters are entered, error messages may appear. Ensure all inputs are accurate to resolve these issues. If issues persist, contact the assigned support team.

Sl. No.	Error Message(s)	Error Description & Resolution
1	Error while validating AwsGlue connection Failed to list databases from AWS Glue \| Root cause: glue.rf.amazonaws.com	Description: The selected Database Region is incorrect or does not contain the configured AWS Glue resources. Resolution: Verify that the correct AWS Region is selected in the Database Region field. Confirm that the AWS Glue resources are available in the selected region. Update the region configuration and validate the connection again.
2	Invalid Access Key or Secret Key	Description: The Access Key or Secret Key is invalid, expired, or does not have permission to access AWS Glue resources in the selected Database Region. Resolution: Verify that the Access Key and Secret Key are correct. Confirm that the IAM credentials are active and have the required AWS Glue permissions. Update the credentials in the connector configuration and validate the connection again.

Sl. No.

Error Message(s)

Error Description & Resolution

Error while validating AwsGlue connection Failed to list databases from AWS Glue | Root cause: glue.rf.amazonaws.com

Description: The selected Database Region is incorrect or does not contain the configured AWS Glue resources.

Resolution:

Verify that the correct AWS Region is selected in the Database Region field.
Confirm that the AWS Glue resources are available in the selected region.
Update the region configuration and validate the connection again.

Invalid Access Key or Secret Key

Description: The Access Key or Secret Key is invalid, expired, or does not have permission to access AWS Glue resources in the selected Database Region.

Resolution:

Verify that the Access Key and Secret Key are correct.
Confirm that the IAM credentials are active and have the required AWS Glue permissions.
Update the credentials in the connector configuration and validate the connection again.

*** Copyright © 2026, OvalEdge LLC, Peachtree Corners GA USA --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ovaledge.com/release8.1/connectors/connector-repositories/etl-tool/aws-glue.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.