2023/11/17 - Amazon EMR - 3 updated api methods
Changes Launch support for IAM Identity Center Trusted Identity Propagation and workspace storage encryption using AWS KMS in EMR Studio
{'EncryptionKeyArn': 'string',
'IdcInstanceArn': 'string',
'IdcUserAssignment': 'REQUIRED | OPTIONAL',
'TrustedIdentityPropagationEnabled': 'boolean'}
Creates a new Amazon EMR Studio.
See also: AWS API Documentation
Request Syntax
client.create_studio(
Name='string',
Description='string',
AuthMode='SSO'|'IAM',
VpcId='string',
SubnetIds=[
'string',
],
ServiceRole='string',
UserRole='string',
WorkspaceSecurityGroupId='string',
EngineSecurityGroupId='string',
DefaultS3Location='string',
IdpAuthUrl='string',
IdpRelayStateParameterName='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
TrustedIdentityPropagationEnabled=True|False,
IdcUserAssignment='REQUIRED'|'OPTIONAL',
IdcInstanceArn='string',
EncryptionKeyArn='string'
)
string
[REQUIRED]
A descriptive name for the Amazon EMR Studio.
string
A detailed description of the Amazon EMR Studio.
string
[REQUIRED]
Specifies whether the Studio authenticates users using IAM or IAM Identity Center.
string
[REQUIRED]
The ID of the Amazon Virtual Private Cloud (Amazon VPC) to associate with the Studio.
list
[REQUIRED]
A list of subnet IDs to associate with the Amazon EMR Studio. A Studio can have a maximum of 5 subnets. The subnets must belong to the VPC specified by VpcId . Studio users can create a Workspace in any of the specified subnets.
(string) --
string
[REQUIRED]
The IAM role that the Amazon EMR Studio assumes. The service role provides a way for Amazon EMR Studio to interoperate with other Amazon Web Services services.
string
The IAM user role that users and groups assume when logged in to an Amazon EMR Studio. Only specify a UserRole when you use IAM Identity Center authentication. The permissions attached to the UserRole can be scoped down for each user or group using session policies.
string
[REQUIRED]
The ID of the Amazon EMR Studio Workspace security group. The Workspace security group allows outbound network traffic to resources in the Engine security group, and it must be in the same VPC specified by VpcId .
string
[REQUIRED]
The ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by VpcId .
string
[REQUIRED]
The Amazon S3 location to back up Amazon EMR Studio Workspaces and notebook files.
string
The authentication endpoint of your identity provider (IdP). Specify this value when you use IAM authentication and want to let federated users log in to a Studio with the Studio URL and credentials from your IdP. Amazon EMR Studio redirects users to this endpoint to enter credentials.
string
The name that your identity provider (IdP) uses for its RelayState parameter. For example, RelayState or TargetSource . Specify this value when you use IAM authentication and want to let federated users log in to a Studio using the Studio URL. The RelayState parameter differs by IdP.
list
A list of tags to associate with the Amazon EMR Studio. Tags are user-defined key-value pairs that consist of a required key string with a maximum of 128 characters, and an optional value string with a maximum of 256 characters.
(dict) --
A key-value pair containing user-defined metadata that you can associate with an Amazon EMR resource. Tags make it easier to associate clusters in various ways, such as grouping clusters to track your Amazon EMR resource allocation costs. For more information, see Tag Clusters.
Key (string) --
A user-defined key, which is the minimum required information for a valid tag. For more information, see Tag.
Value (string) --
A user-defined value, which is optional in a tag. For more information, see Tag Clusters.
boolean
A Boolean indicating whether to enable Trusted identity propagation for the Studio. The default value is false .
string
Specifies whether IAM Identity Center user assignment is REQUIRED or OPTIONAL . If the value is set to REQUIRED , users must be explicitly assigned to the Studio application to access the Studio.
string
The ARN of the IAM Identity Center instance to create the Studio application.
string
The KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.
dict
Response Syntax
{
'StudioId': 'string',
'Url': 'string'
}
Response Structure
(dict) --
StudioId (string) --
The ID of the Amazon EMR Studio.
Url (string) --
The unique Studio access URL.
{'Studio': {'EncryptionKeyArn': 'string',
'IdcInstanceArn': 'string',
'IdcUserAssignment': 'REQUIRED | OPTIONAL',
'TrustedIdentityPropagationEnabled': 'boolean'}}
Returns details for the specified Amazon EMR Studio including ID, Name, VPC, Studio access URL, and so on.
See also: AWS API Documentation
Request Syntax
client.describe_studio(
StudioId='string'
)
string
[REQUIRED]
The Amazon EMR Studio ID.
dict
Response Syntax
{
'Studio': {
'StudioId': 'string',
'StudioArn': 'string',
'Name': 'string',
'Description': 'string',
'AuthMode': 'SSO'|'IAM',
'VpcId': 'string',
'SubnetIds': [
'string',
],
'ServiceRole': 'string',
'UserRole': 'string',
'WorkspaceSecurityGroupId': 'string',
'EngineSecurityGroupId': 'string',
'Url': 'string',
'CreationTime': datetime(2015, 1, 1),
'DefaultS3Location': 'string',
'IdpAuthUrl': 'string',
'IdpRelayStateParameterName': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'IdcInstanceArn': 'string',
'TrustedIdentityPropagationEnabled': True|False,
'IdcUserAssignment': 'REQUIRED'|'OPTIONAL',
'EncryptionKeyArn': 'string'
}
}
Response Structure
(dict) --
Studio (dict) --
The Amazon EMR Studio details.
StudioId (string) --
The ID of the Amazon EMR Studio.
StudioArn (string) --
The Amazon Resource Name (ARN) of the Amazon EMR Studio.
Name (string) --
The name of the Amazon EMR Studio.
Description (string) --
The detailed description of the Amazon EMR Studio.
AuthMode (string) --
Specifies whether the Amazon EMR Studio authenticates users with IAM or IAM Identity Center.
VpcId (string) --
The ID of the VPC associated with the Amazon EMR Studio.
SubnetIds (list) --
The list of IDs of the subnets associated with the Amazon EMR Studio.
(string) --
ServiceRole (string) --
The name of the IAM role assumed by the Amazon EMR Studio.
UserRole (string) --
The name of the IAM role assumed by users logged in to the Amazon EMR Studio. A Studio only requires a UserRole when you use IAM authentication.
WorkspaceSecurityGroupId (string) --
The ID of the Workspace security group associated with the Amazon EMR Studio. The Workspace security group allows outbound network traffic to resources in the Engine security group and to the internet.
EngineSecurityGroupId (string) --
The ID of the Engine security group associated with the Amazon EMR Studio. The Engine security group allows inbound network traffic from resources in the Workspace security group.
Url (string) --
The unique access URL of the Amazon EMR Studio.
CreationTime (datetime) --
The time the Amazon EMR Studio was created.
DefaultS3Location (string) --
The Amazon S3 location to back up Amazon EMR Studio Workspaces and notebook files.
IdpAuthUrl (string) --
Your identity provider's authentication endpoint. Amazon EMR Studio redirects federated users to this endpoint for authentication when logging in to a Studio with the Studio URL.
IdpRelayStateParameterName (string) --
The name of your identity provider's RelayState parameter.
Tags (list) --
A list of tags associated with the Amazon EMR Studio.
(dict) --
A key-value pair containing user-defined metadata that you can associate with an Amazon EMR resource. Tags make it easier to associate clusters in various ways, such as grouping clusters to track your Amazon EMR resource allocation costs. For more information, see Tag Clusters.
Key (string) --
A user-defined key, which is the minimum required information for a valid tag. For more information, see Tag.
Value (string) --
A user-defined value, which is optional in a tag. For more information, see Tag Clusters.
IdcInstanceArn (string) --
The ARN of the IAM Identity Center instance the Studio application belongs to.
TrustedIdentityPropagationEnabled (boolean) --
Indicates whether the Studio has Trusted identity propagation enabled. The default value is false .
IdcUserAssignment (string) --
Indicates whether the Studio has REQUIRED or OPTIONAL IAM Identity Center user assignment. If the value is set to REQUIRED , users must be explicitly assigned to the Studio application to access the Studio.
EncryptionKeyArn (string) --
The KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.
{'EncryptionKeyArn': 'string'}
Updates an Amazon EMR Studio configuration, including attributes such as name, description, and subnets.
See also: AWS API Documentation
Request Syntax
client.update_studio(
StudioId='string',
Name='string',
Description='string',
SubnetIds=[
'string',
],
DefaultS3Location='string',
EncryptionKeyArn='string'
)
string
[REQUIRED]
The ID of the Amazon EMR Studio to update.
string
A descriptive name for the Amazon EMR Studio.
string
A detailed description to assign to the Amazon EMR Studio.
list
A list of subnet IDs to associate with the Amazon EMR Studio. The list can include new subnet IDs, but must also include all of the subnet IDs previously associated with the Studio. The list order does not matter. A Studio can have a maximum of 5 subnets. The subnets must belong to the same VPC as the Studio.
(string) --
string
The Amazon S3 location to back up Workspaces and notebook files for the Amazon EMR Studio.
string
The KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.
None