Skip to main content

Preflight checks for AWS Glue

Before running the AWS Glue crawler, you can run preflight checks to validate your configuration and IAM permissions. The following preflight checks are completed:

Authentication check

Validates that credentials are correct and Atlan can connect to the AWS Glue Data Catalog.

Success: Authentication successful - connected to AWS Glue Data Catalog

Failure: Authentication failed - could not connect to AWS Glue or Glue client not initialized

If this check fails, verify your AWS Glue access permissions and that the credentials (access key/secret or role ARN) and region are correct.

Get databases permission

Validates that the IAM principal has permission to list databases in the Glue Data Catalog (glue:GetDatabases).

Success: GetDatabases permission validated - can list databases

Failure: Access denied - verify IAM permissions for glue:GetDatabases or GetDatabases permission check failed - invalid response structure

Make sure your IAM user or role has at least glue:GetDatabases (for example, via the managed policy AWSGlueConsoleFullAccess or a custom policy that includes this action).

Get tables permission

Validates that the IAM principal has permission to list tables in at least one Glue database (glue:GetTables). If no databases exist, this check still passes.

Success: GetTables permission validated - can list tables in database '<database name>' or GetTables permission validated - no databases found to test

Failure: Access denied - verify IAM permissions for glue:GetTables or GetTables permission check failed: <error message>

Make sure your IAM user or role has at least glue:GetTables on the Glue databases you intend to crawl.