Skip to main content

studios

Creates, updates, deletes or gets a studio resource or lists studios in a region

Overview

Namestudios
TypeResource
DescriptionResource schema for AWS::EMR::Studio
Idawscc.emr.studios

Fields

NameDatatypeDescription
arnstringThe Amazon Resource Name (ARN) of the EMR Studio.
auth_modestringSpecifies whether the Studio authenticates users using single sign-on (SSO) or IAM. Amazon EMR Studio currently only supports SSO authentication.
default_s3_locationstringThe default Amazon S3 location to back up EMR Studio Workspaces and notebook files. A Studio user can select an alternative Amazon S3 location when creating a Workspace.
descriptionstringA detailed description of the Studio.
engine_security_group_idstringThe ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by VpcId.
namestringA descriptive name for the Amazon EMR Studio.
studio_idstringThe ID of the EMR Studio.
subnet_idsarrayA list of up to 5 subnet IDs to associate with the Studio. The subnets must belong to the VPC specified by VpcId. Studio users can create a Workspace in any of the specified subnets.
tagsarrayA list of tags to associate with the Studio. Tags are user-defined key-value pairs that consist of a required key string with a maximum of 128 characters, and an optional value string with a maximum of 256 characters.
urlstringThe unique Studio access URL.
vpc_idstringThe ID of the Amazon Virtual Private Cloud (Amazon VPC) to associate with the Studio.
workspace_security_group_idstringThe ID of the Amazon EMR Studio Workspace security group. The Workspace security group allows outbound network traffic to resources in the Engine security group, and it must be in the same VPC specified by VpcId.
idp_auth_urlstringYour identity provider's authentication endpoint. Amazon EMR Studio redirects federated users to this endpoint for authentication when logging in to a Studio with the Studio URL.
idp_relay_state_parameter_namestringThe name of relay state parameter for external Identity Provider.
trusted_identity_propagation_enabledbooleanA Boolean indicating whether to enable Trusted identity propagation for the Studio. The default value is false.
idc_user_assignmentstringSpecifies whether IAM Identity Center user assignment is REQUIRED or OPTIONAL. If the value is set to REQUIRED, users must be explicitly assigned to the Studio application to access the Studio.
idc_instance_arnstringThe ARN of the IAM Identity Center instance to create the Studio application.
regionstringAWS region.

For more information, see AWS::EMR::Studio.

Methods

NameAccessible byRequired Params
create_resourceINSERTAuthMode, EngineSecurityGroupId, Name, ServiceRole, SubnetIds, VpcId, WorkspaceSecurityGroupId, DefaultS3Location, region
delete_resourceDELETEdata__Identifier, region
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
list_resourcesSELECTregion
get_resourceSELECTdata__Identifier, region

SELECT examples

Gets all properties from an individual studio.

SELECT
region,
arn,
auth_mode,
default_s3_location,
description,
engine_security_group_id,
name,
service_role,
studio_id,
subnet_ids,
tags,
url,
user_role,
vpc_id,
workspace_security_group_id,
idp_auth_url,
idp_relay_state_parameter_name,
trusted_identity_propagation_enabled,
idc_user_assignment,
idc_instance_arn,
encryption_key_arn
FROM awscc.emr.studios
WHERE region = 'us-east-1' AND data__Identifier = '<StudioId>';

INSERT example

Use the following StackQL query and manifest file to create a new studio resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.emr.studios (
 AuthMode,
 DefaultS3Location,
 EngineSecurityGroupId,
 Name,
 ServiceRole,
 SubnetIds,
 VpcId,
 WorkspaceSecurityGroupId,
 region
)
SELECT 
'{{ AuthMode }}',
 '{{ DefaultS3Location }}',
 '{{ EngineSecurityGroupId }}',
 '{{ Name }}',
 '{{ ServiceRole }}',
 '{{ SubnetIds }}',
 '{{ VpcId }}',
 '{{ WorkspaceSecurityGroupId }}',
'{{ region }}';

DELETE example

/*+ delete */
DELETE FROM awscc.emr.studios
WHERE data__Identifier = '<StudioId>'
AND region = 'us-east-1';

Permissions

To operate on the studios resource, the following permissions are required:

Create

elasticmapreduce:CreateStudio,
elasticmapreduce:DescribeStudio,
elasticmapreduce:AddTags,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
iam:PassRole

Read

elasticmapreduce:DescribeStudio,
sso:GetManagedApplicationInstance

Update

elasticmapreduce:UpdateStudio,
elasticmapreduce:DescribeStudio,
elasticmapreduce:AddTags,
elasticmapreduce:RemoveTags

Delete

elasticmapreduce:DeleteStudio,
elasticmapreduce:DescribeStudio,
sso:DeleteManagedApplicationInstance

List

elasticmapreduce:ListStudios