search
Ctrlk
AcademyCustomer Portal

AWS Glue

This article outlines the integration with the AWS Glue connector, enabling streamlined metadata management through crawling and manual lineage building.

The connector supports SDK-based connectivity to AWS Glue environments for metadata extraction from schemas, tables, and columns. Role-Based Authentication and IAM User Authentication provide secure access to AWS Glue resources based on the configured AWS account and region.

hashtag
Overview

hashtag
Connector Details

Connector Category

ETL Tool

OvalEdge Release Supported

Release6.3.4 and later

Connectivity

[How the connection is established with AWS Glue]

SDK

Verified AWS Glue Version

Glue 5.0

circle-exclamation

The AWS Glue connector has been validated with the mentioned "Verified AWS Glue Versions" and is expected to be compatible with other supported AWS Glue versions. If there are any issues with validation or metadata crawling, please submit a support ticket for investigation and feedback.

SDK Details

Sl. No.
SDK Details
Supported Version
Reference

1

AWS SDK

2.41.34

Click herearrow-up-right

hashtag
Connector Features

Feature
Availability

Crawling

Delta Crawling

Profiling

Data Preview

Auto Lineage

Manual Lineage

Secure Authentication via Credential Manager

Data Quality

DAM (Data Access Management)

hashtag
Metadata Mapping

The following objects are crawled from AWS Glue and mapped to the corresponding UI assets.

AWS Glue Object
AWS Glue Attribute
OvalEdge Attribute
OvaEdge Category
OvalEdge Type

Schema

Database Name

Schema

Tables

Schema

Schema

Description

Source Description

Descriptions

Schema

Table

Table Name

Table

Tables

Table

Table

Table Type (EXTERNAL, etc)

Type

Tables

Table

Table

Description

Source Description

Descriptions

-

Column

Column Name

Column

Table Columns

Table Column

Column

Data Type

Column Type

Table Columns

Table Column

Column

Description

Source Description

Table Columns

Table Column

Column

Position

Column Position

Table Columns

Table Column

Column

Length / Precision

Data Type Size

Table Columns

Table Column

hashtag
Set up a Connection

hashtag
Prerequisites

The following are the prerequisites to establish a connection:

hashtag
Service Account User Permissions

circle-exclamation

It is recommended to use a separate service account to establish the connection to the data source, configured with the following minimum set of permissions.

circle-info

👨‍💻Who can provide these permissions? These permissions are typically granted by the AWS Glue administrator, as users may not have the required access to assign them independently.

Objects
Sys Tables
Access Permissions

Schema

glue:GetDatabases

IAM permission to call glue:GetDatabases

Schema

glue:GetDatabase

IAM permission to call glue:GetDatabase

Table

glue:GetTables

glue:GetTables

Table

glue:GetTable

glue:GetTable

Table

glue:GetTableVersions

glue:GetTableVersions

Table

glue:GetTableVersion

glue:GetTableVersion

Table

Athena + S3

athena:StartQueryExecution, s3:GetObject

circle-info

  • glue:GetDatabases and glue:GetDatabase permissions are required to list and retrieve metadata for AWS Glue Data Catalog databases (logical schema containers).

  • glue:GetTables permission is required to list all tables under a specific database (schema) in AWS Glue Data Catalog.

  • glue:GetTable permission retrieves metadata for individual tables, including schema, location, and input format details.

  • glue:GetTableVersions and glue:GetTableVersion permissions are required to access historical table version metadata when versioning is enabled.

  • athena:StartQueryExecution and s3:GetObject permissions are required to query Glue tables through Athena and access underlying data stored in Amazon S3.

hashtag
Connection Configuration Steps

circle-exclamation

Users are required to have the Connector Creator role in order to configure a new connection.

  1. Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for AWS Glue, and complete the required parameters.

circle-info

Fields marked with an asterisk (*) are mandatory for establishing a connection.

Field Name
Description

Connector Type

By default, "AWS Glue" is displayed as the selected connector type.

Authentication*

Select the type of Authentication from the dropdown menu.

  • Role-Based Authentication

  • IAM User Authentication

Field Name
Description

Credential Manager*

Select the desired credentials manager from the drop-down list. The corresponding parameters will be displayed based on the selected option.

Supported Credential Managers:

  • OE Credential Manager

  • AWS Secrets Manager

  • HashiCorp

  • Azure Key Vault

For more details, click herearrow-up-right.

Connector Name*

Enter a unique name for the AWS Glue connection

(Example: "AWS_Glue").

Connector Description

Enter a brief description of the connector.

Connector Environment

Select the environment (Example: PROD, STG) configured for the connector.

For more details, click herearrow-up-right.

Cross-Account Role ARN

Enter the ARN (Amazon Resource Name) of the role used for cross-account access.

Database Region*

Select the AWS Region where the AWS Glue resources are configured (Example: us-xxxx-1, ap-xxxx-1). The selected region is used to establish connectivity and retrieve metadata from the configured AWS Glue environment.

Default Governance Roles

Default Governance Roles*

Select the appropriate users or teams for each governance role from the drop-down list. All users configured in the security settings are available for selection.

Admin Roles

Admin Roles*

Select one or more users from the dropdown list for Integration Admin and Security & Governance Admin. All users configured in the security settings are available for selection.

Bridge

Select Bridge*

If applicable, select the bridge from the drop-down list.

The drop-down list displays all active bridges that have been configured. These bridges facilitate communication between data sources and the system without requiring changes to firewall rules.

  1. After entering all connection details, the following actions can be performed:

    1. Click Validate to verify the connection.

    2. Click Save to store the connection for future use.

    3. Click Save & Configure to apply additional settings before saving.

  2. The saved connection will appear on the Connectors home page.

hashtag
Manage Connector Operations

hashtag
Crawl

circle-exclamation

To perform crawl operations, users must be assigned the Integration Admin role.

The Crawl/Profile button allows users to select one or more schemas for crawling.

  1. Navigate to the Connectors page and click Crawl/Profile.

  2. Select the schemas to crawl.

  3. The Crawl option is selected by default.

  4. Click Run to collect metadata from the connected source and load it into the Data Catalog.

  5. After a successful crawl, the information appears in the Data Catalog > Databases/<>Codes tab.

The Schedule checkbox allows automated crawling at defined intervals, from a minute to a year.

  1. Click the Schedule checkbox to enable the Select Period drop-down.

  2. Select a time interval for the operation from the drop-down menu.

  3. Click Schedule to initiate metadata collection from the connected source.

  4. The system will automatically execute the crawl operation at the scheduled time.

hashtag
Other Operations

The Connectors page provides a centralized view of all configured connectors, along with their health status.

Managing connectors includes:

  • Connector Health: Displays the current status of each connector using a green icon for active connections and a red icon for inactive connections, helping to monitor the connectivity with data sources.

  • Viewing: Click the Eye icon next to the connector name to view connector details, including databases, tables, columns, and codes.

Nine Dots Menu Options:

To view, edit, validate, configure, or delete connectors, click on the Nine Dots menu.

  • Edit Connector: Update and revalidate the data source.

  • Validate Connector: Check the connection's integrity.

  • Settings: Modify connector settings.

    • Crawler: Configure data extraction.

    • Access Instructions: Add notes on how data can be accessed.

    • Business Glossary Settings: Manage term associations at the connector level.

    • Others: Configure notification recipients for metadata changes.

  • Delete Connector: Remove a connector with confirmation.

For more details on connector settings, click herearrow-up-right.

hashtag
Connectivity Troubleshooting

If incorrect parameters are entered, error messages may appear. Ensure all inputs are accurate to resolve these issues. If issues persist, contact the assigned support team.

Sl. No.
Error Message(s)
Error Description & Resolution

1

Error while validating AwsGlue connection Failed to list databases from AWS Glue | Root cause: glue.rf.amazonaws.com

Description: The selected Database Region is incorrect or does not contain the configured AWS Glue resources.

Resolution:

  • Verify that the correct AWS Region is selected in the Database Region field.

  • Confirm that the AWS Glue resources are available in the selected region.

  • Update the region configuration and validate the connection again.

2

Invalid Access Key or Secret Key

Description: The Access Key or Secret Key is invalid, expired, or does not have permission to access AWS Glue resources in the selected Database Region.

Resolution:

  • Verify that the Access Key and Secret Key are correct.

  • Confirm that the IAM credentials are active and have the required AWS Glue permissions.

  • Update the credentials in the connector configuration and validate the connection again.

Copyright © 2026, OvalEdge LLC, Peachtree Corners GA USA

PreviousGoogle Data FusionNextData Pipeline

Last updated

Was this helpful?