studios
Creates, updates, deletes or gets a studio resource or lists studios in a region
Overview
| Name | studios |
| Type | Resource |
| Description | Resource schema for AWS::EMR::Studio |
| Id | awscc.emr.studios |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
arn | string | The Amazon Resource Name (ARN) of the EMR Studio. |
auth_mode | string | Specifies whether the Studio authenticates users using single sign-on (SSO) or IAM. Amazon EMR Studio currently only supports SSO authentication. |
default_s3_location | string | The default Amazon S3 location to back up EMR Studio Workspaces and notebook files. A Studio user can select an alternative Amazon S3 location when creating a Workspace. |
description | string | A detailed description of the Studio. |
engine_security_group_id | string | The ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by VpcId. |
name | string | A descriptive name for the Amazon EMR Studio. |
studio_id | string | The ID of the EMR Studio. |
subnet_ids | array | A list of up to 5 subnet IDs to associate with the Studio. The subnets must belong to the VPC specified by VpcId. Studio users can create a Workspace in any of the specified subnets. |
tags | array | A list of tags to associate with the Studio. Tags are user-defined key-value pairs that consist of a required key string with a maximum of 128 characters, and an optional value string with a maximum of 256 characters. |
url | string | The unique Studio access URL. |
vpc_id | string | The ID of the Amazon Virtual Private Cloud (Amazon VPC) to associate with the Studio. |
workspace_security_group_id | string | The ID of the Amazon EMR Studio Workspace security group. The Workspace security group allows outbound network traffic to resources in the Engine security group, and it must be in the same VPC specified by VpcId. |
idp_auth_url | string | Your identity provider's authentication endpoint. Amazon EMR Studio redirects federated users to this endpoint for authentication when logging in to a Studio with the Studio URL. |
idp_relay_state_parameter_name | string | The name of relay state parameter for external Identity Provider. |
trusted_identity_propagation_enabled | boolean | A Boolean indicating whether to enable Trusted identity propagation for the Studio. The default value is false. |
idc_user_assignment | string | Specifies whether IAM Identity Center user assignment is REQUIRED or OPTIONAL. If the value is set to REQUIRED, users must be explicitly assigned to the Studio application to access the Studio. |
idc_instance_arn | string | The ARN of the IAM Identity Center instance to create the Studio application. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
studio_id | string | The ID of the EMR Studio. |
region | string | AWS region. |
For more information, see AWS::EMR::Studio.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | studios | INSERT | AuthMode, EngineSecurityGroupId, Name, ServiceRole, SubnetIds, VpcId, WorkspaceSecurityGroupId, DefaultS3Location, region |
delete_resource | studios | DELETE | Identifier, region |
update_resource | studios | UPDATE | Identifier, PatchDocument, region |
list_resources | studios_list_only | SELECT | region |
get_resource | studios | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual studio.
SELECT
region,
arn,
auth_mode,
default_s3_location,
description,
engine_security_group_id,
name,
service_role,
studio_id,
subnet_ids,
tags,
url,
user_role,
vpc_id,
workspace_security_group_id,
idp_auth_url,
idp_relay_state_parameter_name,
trusted_identity_propagation_enabled,
idc_user_assignment,
idc_instance_arn,
encryption_key_arn
FROM awscc.emr.studios
WHERE
region = 'us-east-1' AND
Identifier = '{{ studio_id }}';
Lists all studios in a region.
SELECT
region,
studio_id
FROM awscc.emr.studios_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new studio resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.emr.studios (
AuthMode,
DefaultS3Location,
EngineSecurityGroupId,
Name,
ServiceRole,
SubnetIds,
VpcId,
WorkspaceSecurityGroupId,
region
)
SELECT
'{{ auth_mode }}',
'{{ default_s3_location }}',
'{{ engine_security_group_id }}',
'{{ name }}',
'{{ service_role }}',
'{{ subnet_ids }}',
'{{ vpc_id }}',
'{{ workspace_security_group_id }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.emr.studios (
AuthMode,
DefaultS3Location,
Description,
EngineSecurityGroupId,
Name,
ServiceRole,
SubnetIds,
Tags,
UserRole,
VpcId,
WorkspaceSecurityGroupId,
IdpAuthUrl,
IdpRelayStateParameterName,
TrustedIdentityPropagationEnabled,
IdcUserAssignment,
IdcInstanceArn,
EncryptionKeyArn,
region
)
SELECT
'{{ auth_mode }}',
'{{ default_s3_location }}',
'{{ description }}',
'{{ engine_security_group_id }}',
'{{ name }}',
'{{ service_role }}',
'{{ subnet_ids }}',
'{{ tags }}',
'{{ user_role }}',
'{{ vpc_id }}',
'{{ workspace_security_group_id }}',
'{{ idp_auth_url }}',
'{{ idp_relay_state_parameter_name }}',
'{{ trusted_identity_propagation_enabled }}',
'{{ idc_user_assignment }}',
'{{ idc_instance_arn }}',
'{{ encryption_key_arn }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: studio
props:
- name: auth_mode
value: '{{ auth_mode }}'
- name: default_s3_location
value: '{{ default_s3_location }}'
- name: description
value: '{{ description }}'
- name: engine_security_group_id
value: '{{ engine_security_group_id }}'
- name: name
value: '{{ name }}'
- name: service_role
value: '{{ service_role }}'
- name: subnet_ids
value:
- '{{ subnet_ids[0] }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
- name: user_role
value: null
- name: vpc_id
value: '{{ vpc_id }}'
- name: workspace_security_group_id
value: '{{ workspace_security_group_id }}'
- name: idp_auth_url
value: '{{ idp_auth_url }}'
- name: idp_relay_state_parameter_name
value: '{{ idp_relay_state_parameter_name }}'
- name: trusted_identity_propagation_enabled
value: '{{ trusted_identity_propagation_enabled }}'
- name: idc_user_assignment
value: '{{ idc_user_assignment }}'
- name: idc_instance_arn
value: '{{ idc_instance_arn }}'
- name: encryption_key_arn
value: null
UPDATE example
Use the following StackQL query and manifest file to update a studio resource, using stack-deploy.
/*+ update */
UPDATE awscc.emr.studios
SET PatchDocument = string('{{ {
"DefaultS3Location": default_s3_location,
"Description": description,
"Name": name,
"SubnetIds": subnet_ids,
"Tags": tags,
"IdpAuthUrl": idp_auth_url,
"IdpRelayStateParameterName": idp_relay_state_parameter_name
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ studio_id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.emr.studios
WHERE
Identifier = '{{ studio_id }}' AND
region = 'us-east-1';
Permissions
To operate on the studios resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
elasticmapreduce:CreateStudio,
elasticmapreduce:DescribeStudio,
elasticmapreduce:AddTags,
sso:CreateManagedApplicationInstance,
sso:DeleteManagedApplicationInstance,
iam:PassRole
elasticmapreduce:DescribeStudio,
sso:GetManagedApplicationInstance
elasticmapreduce:UpdateStudio,
elasticmapreduce:DescribeStudio,
elasticmapreduce:AddTags,
elasticmapreduce:RemoveTags
elasticmapreduce:DeleteStudio,
elasticmapreduce:DescribeStudio,
sso:DeleteManagedApplicationInstance
elasticmapreduce:ListStudios