AWS Glue

OvalEdge uses an AWS SDK driver to connect to the data source, which allows users to crawl data objects (Tables, Table Columns, etc.).

Overview

Connector Details

Connector Category	RDBMS System
OvalEdge Release Current Connector Version	6.3.4
Connectivity [How OvalEdge connects to AWS Glue]	AWS SDK
OvalEdge Releases Supported (Available from)	Release4.3 Onwards

Connector Features

Crawling of Metadata Objects	Supported
Profiling	Not Supported
Query Sheet	Not Supported
Data Preview	Not Supported
Lineage	Not Supported
Authentication via Credential Manager	Supported
Data Quality	Not Supported
DAM (Data Access Management)	Not Supported
Bridge	Supported

Getting Ready to Establish a Connection

Prerequisites

The following are the prerequisites required for establishing a connection:

Service Account User Permissions

Important: We recommend having a separate service account to establish a connection from OvalEdge to the data source with minimal permissions.

Operations	Minimum Permissions
List databases	glue:GetDatabases
Get database details	glue:GetDatabase
List tables in a database	glue:GetTables
Get table details	glue:GetTable
List table versions	glue:GetTableVersions
Get table metadata	glue:GetTableVersion
Query table data (if used with Athena)	athena:StartQueryExecution + s3:GetObject (for underlying data)

Setup a Connection

Important: You must have the Connector Creator role to set up a connection in OvalEdge.

Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for AWS Glue, and complete the specific parameters.
Note: Fields marked with an asterisk (*) are mandatory for establishing a connection.

Field Name	Description
Connector Type	By default, "AWS Glue" is displayed as the selected connector type.
Connector Settings
Authentication*	OvalEdge supports the following two types of authentication for AWS Glue: IAM User Authentication Role Based Authentication
Credential Manager*	Select the desired credentials manager from the drop-down list. Relevant parameters will be displayed based on your selection. Supported Credential Managers: OE Credential Manager HashiCorp AWS Secrets Manager Azure Key Vault
License Add Ons	OvalEdge connectors have a default license add-on for data crawling.
Connector Name*	Enter a unique name for the AWS Glue connection. (Example: "AWS Glue_Prod").
Connector Environment	Select the environment (Example: PROD, STG) configured for the connector.
Access key*	Enter a unique identifier that is part of the credential pair, like a username.
Secret key*	A secret, like a password, is used to sign requests to AWS.
Database region*	The Region refers to the specific geographical location where the AWS Glue resides. Specify the region to ensure the connector interacts with the correct Glue region. Example: us-east-1
Cross-Account Role ARN	A Cross Account Role ARN refers to an IAM role's Amazon Resource Name (ARN) that allows an AWS account to access resources (like AWS Glue) in another AWS account. Enter the Cross Account Role ARN Name. Example: CrossAccountGlue *Note: This field is available when the authentication mechanism is selected as role-based authentication.*
Default Governance Roles
Default Governance Roles*	Select the appropriate users or teams for each governance role from the drop-down list. All users and teams configured in OvalEdge Security are displayed for selection.
Admin Roles
Admin Roles*	Select one or more users from the drop-down list for Integration Admin and Security and Governance Admin. All users configured in OvalEdge Security are available for selection.
Bridge
Select Bridge*	If applicable, select the bridge from the drop-down list. The drop-down list displays all active bridges configured in OvalEdge. These bridges enable communication between data sources and OvalEdge without altering firewall rules.

After entering all connection details, you can perform the following actions:
1. Click Validate to verify the connection.
2. Click Save to store the connection for future use.
3. Click Save & Configure to apply additional settings before saving.
The saved connection will appear on the Connectors home page.

Connectivity Troubleshooting

If incorrect parameters are provided, you may encounter error messages. To resolve these issues, ensure all input is correct. If problems persist, contact your assigned OvalEdge support team.

S.No.

Error Description

Resolution

Failed to establish a connection. Please check the credentials.

Error Description:

Invalid credentials are provided, or the user or role does not have access.

Resolution:

Verify the AWS credentials (Access Key ID and Secret Access Key) provided for authentication.
Ensure the IAM user or role has the necessary permissions to access AWS Glue.
Check if the credentials are correctly configured in your application or AWS CLI/SDK.

Errors while downloading the File.

Error Description:

403: Access denied: The IAM user or role lacks permissions to perform the specified Glue operation.
404: No such key: The object does not exist in the AWS Glue.

Resolution:

For 403 Access Denied: Update the IAM policy attached to the user or role to include the specified permission on the respective objects.

Manage Connector Operations

Configure Settings for Connector Operations

The AWS Glue connector offers various settings to customize data crawling and access. These include:

Crawler: Configure data that needs to be extracted.
Profiler: Customize data profiling rules and methods.
Note: The Profiler options will be disabled.
Access Instructions: Specify how data can be accessed as a note.
Business Glossary Settings: Manage term associations at the connector level.
Anomaly Detection Settings: Configure anomaly detection preferences at the connector level.
Others: Configure notification recipients for metadata changes.

Crawl/Profile

Important: You must have the Integration Admin role in OvalEdge for crawl/profile operations.

Crawl and Profile operations enable you to select one or more schemas from a list of all available schemas within a specific database. This allows you to customize the crawling and profiling operations selection according to your requirements. Furthermore, it provides the option to schedule crawling and profiling and enable anomaly detection to identify any irregularities in the data objects.

Other Operations

The Connectors page in OvalEdge provides a centralized view of all configured connectors, including their health status. You can view, edit, validate, and delete connectors using the Nine Dots menu.

Managing connectors includes:

Connectors Health: Displays performance with a green (active) or red (inactive) icon, helping monitor data flow and address issues early.
Viewing: Shows connector details (e.g., Databases, Tables, Table Columns) via the View icon.

Nine Dots Menu Options:

Edit Connector: Update and revalidate the data source.
Validate Connector: Check the connection's integrity.
Settings: Modify connector settings.