group_profiles
Creates, updates, deletes or gets a group_profile resource or lists group_profiles in a region
Overview
| Name | group_profiles |
| Type | Resource |
| Description | Group profiles represent groups of Amazon DataZone users. Groups can be manually created, or mapped to Active Directory groups of enterprise customers. In Amazon DataZone, groups serve two purposes. First, a group can map to a team of users in the organizational chart, and thus reduce the administrative work of a Amazon DataZone project owner when there are new employees joining or leaving a team. Second, corporate administrators use Active Directory groups to manage and update user statuses and so Amazon DataZone domain administrators can use these group memberships to implement Amazon DataZone domain policies. |
| Id | awscc.datazone.group_profiles |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
domain_id | string | The identifier of the Amazon DataZone domain in which the group profile is created. |
domain_identifier | string | The identifier of the Amazon DataZone domain in which the group profile would be created. |
group_identifier | string | The ID of the group. |
group_name | string | The group-name of the Group Profile. |
id | string | The ID of the Amazon DataZone group profile. |
status | string | The status of the group profile. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
domain_id | string | The identifier of the Amazon DataZone domain in which the group profile is created. |
id | string | The ID of the Amazon DataZone group profile. |
region | string | AWS region. |
For more information, see AWS::DataZone::GroupProfile.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | group_profiles | INSERT | DomainIdentifier, GroupIdentifier, region |
delete_resource | group_profiles | DELETE | Identifier, region |
update_resource | group_profiles | UPDATE | Identifier, PatchDocument, region |
list_resources | group_profiles_list_only | SELECT | region |
get_resource | group_profiles | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual group_profile.
SELECT
region,
domain_id,
domain_identifier,
group_identifier,
group_name,
id,
status
FROM awscc.datazone.group_profiles
WHERE
region = 'us-east-1' AND
Identifier = '{{ domain_id }}|{{ id }}';
Lists all group_profiles in a region.
SELECT
region,
domain_id,
id
FROM awscc.datazone.group_profiles_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new group_profile resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.datazone.group_profiles (
DomainIdentifier,
GroupIdentifier,
region
)
SELECT
'{{ domain_identifier }}',
'{{ group_identifier }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.datazone.group_profiles (
DomainIdentifier,
GroupIdentifier,
Status,
region
)
SELECT
'{{ domain_identifier }}',
'{{ group_identifier }}',
'{{ status }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: group_profile
props:
- name: domain_identifier
value: '{{ domain_identifier }}'
- name: group_identifier
value: '{{ group_identifier }}'
- name: status
value: '{{ status }}'
UPDATE example
Use the following StackQL query and manifest file to update a group_profile resource, using stack-deploy.
/*+ update */
UPDATE awscc.datazone.group_profiles
SET PatchDocument = string('{{ {
"Status": status
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ domain_id }}|{{ id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.datazone.group_profiles
WHERE
Identifier = '{{ domain_id }}|{{ id }}' AND
region = 'us-east-1';
Permissions
To operate on the group_profiles resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
datazone:CreateGroupProfile,
datazone:GetGroupProfile,
datazone:UpdateGroupProfile,
sso:ListProfiles,
sso:GetProfile,
sso:AssociateProfile,
sso:DisassociateProfile
datazone:GetGroupProfile
datazone:UpdateGroupProfile,
datazone:GetGroupProfile,
sso:ListProfiles,
sso:GetProfile,
sso:AssociateProfile,
sso:DisassociateProfile
datazone:DeleteGroupProfile,
datazone:GetGroupProfile,
datazone:UpdateGroupProfile,
sso:ListProfiles,
sso:GetProfile,
sso:AssociateProfile,
sso:DisassociateProfile
datazone:SearchGroupProfiles