Amazon EMR

2023/11/17 - Amazon EMR - 3 updated api methods

Changes  Launch support for IAM Identity Center Trusted Identity Propagation and workspace storage encryption using AWS KMS in EMR Studio

CreateStudio (updated) Link ¶
Changes (request)
{'EncryptionKeyArn': 'string',
 'IdcInstanceArn': 'string',
 'IdcUserAssignment': 'REQUIRED | OPTIONAL',
 'TrustedIdentityPropagationEnabled': 'boolean'}

Creates a new Amazon EMR Studio.

See also: AWS API Documentation

Request Syntax

client.create_studio(
    Name='string',
    Description='string',
    AuthMode='SSO'|'IAM',
    VpcId='string',
    SubnetIds=[
        'string',
    ],
    ServiceRole='string',
    UserRole='string',
    WorkspaceSecurityGroupId='string',
    EngineSecurityGroupId='string',
    DefaultS3Location='string',
    IdpAuthUrl='string',
    IdpRelayStateParameterName='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    TrustedIdentityPropagationEnabled=True|False,
    IdcUserAssignment='REQUIRED'|'OPTIONAL',
    IdcInstanceArn='string',
    EncryptionKeyArn='string'
)
type Name

string

param Name

[REQUIRED]

A descriptive name for the Amazon EMR Studio.

type Description

string

param Description

A detailed description of the Amazon EMR Studio.

type AuthMode

string

param AuthMode

[REQUIRED]

Specifies whether the Studio authenticates users using IAM or IAM Identity Center.

type VpcId

string

param VpcId

[REQUIRED]

The ID of the Amazon Virtual Private Cloud (Amazon VPC) to associate with the Studio.

type SubnetIds

list

param SubnetIds

[REQUIRED]

A list of subnet IDs to associate with the Amazon EMR Studio. A Studio can have a maximum of 5 subnets. The subnets must belong to the VPC specified by VpcId . Studio users can create a Workspace in any of the specified subnets.

  • (string) --

type ServiceRole

string

param ServiceRole

[REQUIRED]

The IAM role that the Amazon EMR Studio assumes. The service role provides a way for Amazon EMR Studio to interoperate with other Amazon Web Services services.

type UserRole

string

param UserRole

The IAM user role that users and groups assume when logged in to an Amazon EMR Studio. Only specify a UserRole when you use IAM Identity Center authentication. The permissions attached to the UserRole can be scoped down for each user or group using session policies.

type WorkspaceSecurityGroupId

string

param WorkspaceSecurityGroupId

[REQUIRED]

The ID of the Amazon EMR Studio Workspace security group. The Workspace security group allows outbound network traffic to resources in the Engine security group, and it must be in the same VPC specified by VpcId .

type EngineSecurityGroupId

string

param EngineSecurityGroupId

[REQUIRED]

The ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by VpcId .

type DefaultS3Location

string

param DefaultS3Location

[REQUIRED]

The Amazon S3 location to back up Amazon EMR Studio Workspaces and notebook files.

type IdpAuthUrl

string

param IdpAuthUrl

The authentication endpoint of your identity provider (IdP). Specify this value when you use IAM authentication and want to let federated users log in to a Studio with the Studio URL and credentials from your IdP. Amazon EMR Studio redirects users to this endpoint to enter credentials.

type IdpRelayStateParameterName

string

param IdpRelayStateParameterName

The name that your identity provider (IdP) uses for its RelayState parameter. For example, RelayState or TargetSource . Specify this value when you use IAM authentication and want to let federated users log in to a Studio using the Studio URL. The RelayState parameter differs by IdP.

type Tags

list

param Tags

A list of tags to associate with the Amazon EMR Studio. Tags are user-defined key-value pairs that consist of a required key string with a maximum of 128 characters, and an optional value string with a maximum of 256 characters.

  • (dict) --

    A key-value pair containing user-defined metadata that you can associate with an Amazon EMR resource. Tags make it easier to associate clusters in various ways, such as grouping clusters to track your Amazon EMR resource allocation costs. For more information, see Tag Clusters .

    • Key (string) --

      A user-defined key, which is the minimum required information for a valid tag. For more information, see Tag .

    • Value (string) --

      A user-defined value, which is optional in a tag. For more information, see Tag Clusters .

type TrustedIdentityPropagationEnabled

boolean

param TrustedIdentityPropagationEnabled

A Boolean indicating whether to enable Trusted identity propagation for the Studio. The default value is false .

type IdcUserAssignment

string

param IdcUserAssignment

Specifies whether IAM Identity Center user assignment is REQUIRED or OPTIONAL . If the value is set to REQUIRED , users must be explicitly assigned to the Studio application to access the Studio.

type IdcInstanceArn

string

param IdcInstanceArn

The ARN of the IAM Identity Center instance to create the Studio application.

type EncryptionKeyArn

string

param EncryptionKeyArn

The KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.

rtype

dict

returns

Response Syntax

{
    'StudioId': 'string',
    'Url': 'string'
}

Response Structure

  • (dict) --

    • StudioId (string) --

      The ID of the Amazon EMR Studio.

    • Url (string) --

      The unique Studio access URL.

DescribeStudio (updated) Link ¶
Changes (response)
{'Studio': {'EncryptionKeyArn': 'string',
            'IdcInstanceArn': 'string',
            'IdcUserAssignment': 'REQUIRED | OPTIONAL',
            'TrustedIdentityPropagationEnabled': 'boolean'}}

Returns details for the specified Amazon EMR Studio including ID, Name, VPC, Studio access URL, and so on.

See also: AWS API Documentation

Request Syntax

client.describe_studio(
    StudioId='string'
)
type StudioId

string

param StudioId

[REQUIRED]

The Amazon EMR Studio ID.

rtype

dict

returns

Response Syntax

{
    'Studio': {
        'StudioId': 'string',
        'StudioArn': 'string',
        'Name': 'string',
        'Description': 'string',
        'AuthMode': 'SSO'|'IAM',
        'VpcId': 'string',
        'SubnetIds': [
            'string',
        ],
        'ServiceRole': 'string',
        'UserRole': 'string',
        'WorkspaceSecurityGroupId': 'string',
        'EngineSecurityGroupId': 'string',
        'Url': 'string',
        'CreationTime': datetime(2015, 1, 1),
        'DefaultS3Location': 'string',
        'IdpAuthUrl': 'string',
        'IdpRelayStateParameterName': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'IdcInstanceArn': 'string',
        'TrustedIdentityPropagationEnabled': True|False,
        'IdcUserAssignment': 'REQUIRED'|'OPTIONAL',
        'EncryptionKeyArn': 'string'
    }
}

Response Structure

  • (dict) --

    • Studio (dict) --

      The Amazon EMR Studio details.

      • StudioId (string) --

        The ID of the Amazon EMR Studio.

      • StudioArn (string) --

        The Amazon Resource Name (ARN) of the Amazon EMR Studio.

      • Name (string) --

        The name of the Amazon EMR Studio.

      • Description (string) --

        The detailed description of the Amazon EMR Studio.

      • AuthMode (string) --

        Specifies whether the Amazon EMR Studio authenticates users with IAM or IAM Identity Center.

      • VpcId (string) --

        The ID of the VPC associated with the Amazon EMR Studio.

      • SubnetIds (list) --

        The list of IDs of the subnets associated with the Amazon EMR Studio.

        • (string) --

      • ServiceRole (string) --

        The name of the IAM role assumed by the Amazon EMR Studio.

      • UserRole (string) --

        The name of the IAM role assumed by users logged in to the Amazon EMR Studio. A Studio only requires a UserRole when you use IAM authentication.

      • WorkspaceSecurityGroupId (string) --

        The ID of the Workspace security group associated with the Amazon EMR Studio. The Workspace security group allows outbound network traffic to resources in the Engine security group and to the internet.

      • EngineSecurityGroupId (string) --

        The ID of the Engine security group associated with the Amazon EMR Studio. The Engine security group allows inbound network traffic from resources in the Workspace security group.

      • Url (string) --

        The unique access URL of the Amazon EMR Studio.

      • CreationTime (datetime) --

        The time the Amazon EMR Studio was created.

      • DefaultS3Location (string) --

        The Amazon S3 location to back up Amazon EMR Studio Workspaces and notebook files.

      • IdpAuthUrl (string) --

        Your identity provider's authentication endpoint. Amazon EMR Studio redirects federated users to this endpoint for authentication when logging in to a Studio with the Studio URL.

      • IdpRelayStateParameterName (string) --

        The name of your identity provider's RelayState parameter.

      • Tags (list) --

        A list of tags associated with the Amazon EMR Studio.

        • (dict) --

          A key-value pair containing user-defined metadata that you can associate with an Amazon EMR resource. Tags make it easier to associate clusters in various ways, such as grouping clusters to track your Amazon EMR resource allocation costs. For more information, see Tag Clusters .

          • Key (string) --

            A user-defined key, which is the minimum required information for a valid tag. For more information, see Tag .

          • Value (string) --

            A user-defined value, which is optional in a tag. For more information, see Tag Clusters .

      • IdcInstanceArn (string) --

        The ARN of the IAM Identity Center instance the Studio application belongs to.

      • TrustedIdentityPropagationEnabled (boolean) --

        Indicates whether the Studio has Trusted identity propagation enabled. The default value is false .

      • IdcUserAssignment (string) --

        Indicates whether the Studio has REQUIRED or OPTIONAL IAM Identity Center user assignment. If the value is set to REQUIRED , users must be explicitly assigned to the Studio application to access the Studio.

      • EncryptionKeyArn (string) --

        The KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.

UpdateStudio (updated) Link ¶
Changes (request)
{'EncryptionKeyArn': 'string'}

Updates an Amazon EMR Studio configuration, including attributes such as name, description, and subnets.

See also: AWS API Documentation

Request Syntax

client.update_studio(
    StudioId='string',
    Name='string',
    Description='string',
    SubnetIds=[
        'string',
    ],
    DefaultS3Location='string',
    EncryptionKeyArn='string'
)
type StudioId

string

param StudioId

[REQUIRED]

The ID of the Amazon EMR Studio to update.

type Name

string

param Name

A descriptive name for the Amazon EMR Studio.

type Description

string

param Description

A detailed description to assign to the Amazon EMR Studio.

type SubnetIds

list

param SubnetIds

A list of subnet IDs to associate with the Amazon EMR Studio. The list can include new subnet IDs, but must also include all of the subnet IDs previously associated with the Studio. The list order does not matter. A Studio can have a maximum of 5 subnets. The subnets must belong to the same VPC as the Studio.

  • (string) --

type DefaultS3Location

string

param DefaultS3Location

The Amazon S3 location to back up Workspaces and notebook files for the Amazon EMR Studio.

type EncryptionKeyArn

string

param EncryptionKeyArn

The KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.

returns

None