feat(client-glue): AWS Glue now supports dynamic session policies for job executions. This feature allows you to specify custom, fine-grained permissions for each job run without creating multiple IAM roles.

Author: awstools

clients/client-glue/src/commands/BatchGetWorkflowsCommand.ts

@@ -163,6 +163,7 @@ export interface BatchGetWorkflowsCommandOutput extends BatchGetWorkflowsRespons
  * //                     MaintenanceWindow: "STRING_VALUE",
  * //                     ProfileName: "STRING_VALUE",
  * //                     StateDetail: "STRING_VALUE",
+ * //                     ExecutionRoleSessionPolicy: "STRING_VALUE",
  * //                   },
  * //                 ],
  * //               },
@@ -276,6 +277,7 @@ export interface BatchGetWorkflowsCommandOutput extends BatchGetWorkflowsRespons
  * //                   MaintenanceWindow: "STRING_VALUE",
  * //                   ProfileName: "STRING_VALUE",
  * //                   StateDetail: "STRING_VALUE",
+ * //                   ExecutionRoleSessionPolicy: "STRING_VALUE",
  * //                 },
  * //               ],
  * //             },

clients/client-glue/src/commands/GetJobRunCommand.ts

@@ -82,6 +82,7 @@ export interface GetJobRunCommandOutput extends GetJobRunResponse, __MetadataBea
  * //     MaintenanceWindow: "STRING_VALUE",
  * //     ProfileName: "STRING_VALUE",
  * //     StateDetail: "STRING_VALUE",
+ * //     ExecutionRoleSessionPolicy: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-glue/src/commands/GetJobRunsCommand.ts

@@ -85,6 +85,7 @@ export interface GetJobRunsCommandOutput extends GetJobRunsResponse, __MetadataB
  * //       MaintenanceWindow: "STRING_VALUE",
  * //       ProfileName: "STRING_VALUE",
  * //       StateDetail: "STRING_VALUE",
+ * //       ExecutionRoleSessionPolicy: "STRING_VALUE",
  * //     },
  * //   ],
  * //   NextToken: "STRING_VALUE",

clients/client-glue/src/commands/GetWorkflowCommand.ts

@@ -159,6 +159,7 @@ export interface GetWorkflowCommandOutput extends GetWorkflowResponse, __Metadat
  * //                   MaintenanceWindow: "STRING_VALUE",
  * //                   ProfileName: "STRING_VALUE",
  * //                   StateDetail: "STRING_VALUE",
+ * //                   ExecutionRoleSessionPolicy: "STRING_VALUE",
  * //                 },
  * //               ],
  * //             },
@@ -272,6 +273,7 @@ export interface GetWorkflowCommandOutput extends GetWorkflowResponse, __Metadat
  * //                 MaintenanceWindow: "STRING_VALUE",
  * //                 ProfileName: "STRING_VALUE",
  * //                 StateDetail: "STRING_VALUE",
+ * //                 ExecutionRoleSessionPolicy: "STRING_VALUE",
  * //               },
  * //             ],
  * //           },

clients/client-glue/src/commands/GetWorkflowRunCommand.ts

@@ -152,6 +152,7 @@ export interface GetWorkflowRunCommandOutput extends GetWorkflowRunResponse, __M
  * //                 MaintenanceWindow: "STRING_VALUE",
  * //                 ProfileName: "STRING_VALUE",
  * //                 StateDetail: "STRING_VALUE",
+ * //                 ExecutionRoleSessionPolicy: "STRING_VALUE",
  * //               },
  * //             ],
  * //           },

clients/client-glue/src/commands/GetWorkflowRunsCommand.ts

@@ -154,6 +154,7 @@ export interface GetWorkflowRunsCommandOutput extends GetWorkflowRunsResponse, _
  * //                   MaintenanceWindow: "STRING_VALUE",
  * //                   ProfileName: "STRING_VALUE",
  * //                   StateDetail: "STRING_VALUE",
+ * //                   ExecutionRoleSessionPolicy: "STRING_VALUE",
  * //                 },
  * //               ],
  * //             },

clients/client-glue/src/commands/StartJobRunCommand.ts

@@ -52,6 +52,7 @@ export interface StartJobRunCommandOutput extends StartJobRunResponse, __Metadat
  *   WorkerType: "Standard" || "G.1X" || "G.2X" || "G.025X" || "G.4X" || "G.8X" || "Z.2X",
  *   NumberOfWorkers: Number("int"),
  *   ExecutionClass: "FLEX" || "STANDARD",
+ *   ExecutionRoleSessionPolicy: "STRING_VALUE",
  * };
  * const command = new StartJobRunCommand(input);
  * const response = await client.send(command);

clients/client-glue/src/models/models_0.ts

@@ -9360,6 +9360,13 @@ export interface JobRun {
    * @public
    */
   StateDetail?: string | undefined;
+
+  /**
+   * <p>This inline session policy to the StartJobRun API allows you to dynamically restrict the permissions of the specified
+   *       execution role for the scope of the job, without requiring the creation of additional IAM roles.</p>
+   * @public
+   */
+  ExecutionRoleSessionPolicy?: string | undefined;
 }
 
 /**

clients/client-glue/src/models/models_3.ts

@@ -1344,6 +1344,13 @@ export interface StartJobRunRequest {
    * @public
    */
   ExecutionClass?: ExecutionClass | undefined;
+
+  /**
+   * <p>This inline session policy to the StartJobRun API allows you to dynamically restrict the permissions of the specified
+   *       execution role for the scope of the job, without requiring the creation of additional IAM roles.</p>
+   * @public
+   */
+  ExecutionRoleSessionPolicy?: string | undefined;
 }
 
 /**
@@ -5146,27 +5153,10 @@ export interface JobUpdate {
 
   /**
    * <p>The type of predefined worker that is allocated when a job runs. Accepts a value of
-   *       G.1X, G.2X, G.4X, G.8X or G.025X for Spark jobs. Accepts the value Z.2X for Ray jobs.</p>
-   *          <ul>
-   *             <li>
-   *                <p>For the <code>G.1X</code> worker type, each worker maps to 1 DPU (4 vCPUs, 16 GB of memory) with 94GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.</p>
-   *             </li>
-   *             <li>
-   *                <p>For the <code>G.2X</code> worker type, each worker maps to 2 DPU (8 vCPUs, 32 GB of memory) with 138GB disk, and provides 1 executor per worker. We recommend this worker type for workloads such as data transforms, joins, and queries, to offers a scalable and cost effective way to run most jobs.</p>
-   *             </li>
-   *             <li>
-   *                <p>For the <code>G.4X</code> worker type, each worker maps to 4 DPU (16 vCPUs, 64 GB of memory) with 256GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs in the following Amazon Web Services Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), and Europe (Stockholm).</p>
-   *             </li>
-   *             <li>
-   *                <p>For the <code>G.8X</code> worker type, each worker maps to 8 DPU (32 vCPUs, 128 GB of memory) with 512GB disk, and provides 1 executor per worker. We recommend this worker type for jobs whose workloads contain your most demanding transforms, aggregations, joins, and queries. This worker type is available only for Glue version 3.0 or later Spark ETL jobs, in the same Amazon Web Services Regions as supported for the <code>G.4X</code> worker type.</p>
-   *             </li>
-   *             <li>
-   *                <p>For the <code>G.025X</code> worker type, each worker maps to 0.25 DPU (2 vCPUs, 4 GB of memory) with 84GB disk, and provides 1 executor per worker. We recommend this worker type for low volume streaming jobs. This worker type is only available for Glue version 3.0 or later streaming jobs.</p>
-   *             </li>
-   *             <li>
-   *                <p>For the <code>Z.2X</code> worker type, each worker maps to 2 M-DPU (8vCPUs, 64 GB of memory) with 128 GB disk, and provides up to 8 Ray workers based on the autoscaler.</p>
-   *             </li>
-   *          </ul>
+   *       G.1X, G.2X, G.4X, G.8X or G.025X for Spark jobs. Accepts the value Z.2X for Ray jobs. For more information, see
+   *       <a href="https://docs.aws.amazon.com/glue/latest/dg/add-job.html#create-job">Defining job properties for Spark jobs
+   *       </a>
+   *          </p>
    * @public
    */
   WorkerType?: WorkerType | undefined;

clients/client-glue/src/protocols/Aws_json1_1.ts

@@ -12625,6 +12625,7 @@ const se_StartJobRunRequest = (input: StartJobRunRequest, context: __SerdeContex
     AllocatedCapacity: [],
     Arguments: _json,
     ExecutionClass: [],
+    ExecutionRoleSessionPolicy: [],
     JobName: [],
     JobRunId: [],
     JobRunQueuingEnabled: [],
@@ -15914,6 +15915,7 @@ const de_JobRun = (output: any, context: __SerdeContext): JobRun => {
     DPUSeconds: __limitedParseDouble,
     ErrorMessage: __expectString,
     ExecutionClass: __expectString,
+    ExecutionRoleSessionPolicy: __expectString,
     ExecutionTime: __expectInt32,
     GlueVersion: __expectString,
     Id: __expectString,