AWS::EMR::Studio
The AWS::EMR::Studio
resource specifies an Amazon EMR Studio. An EMR Studio is a web-based, integrated development environment for fully managed Jupyter notebooks that run on Amazon EMR clusters. For more information, see the
Amazon EMR Management Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::EMR::Studio", "Properties" : { "AuthMode" :
String
, "DefaultS3Location" :String
, "Description" :String
, "EncryptionKeyArn" :String
, "EngineSecurityGroupId" :String
, "IdcInstanceArn" :String
, "IdcUserAssignment" :String
, "IdpAuthUrl" :String
, "IdpRelayStateParameterName" :String
, "Name" :String
, "ServiceRole" :String
, "SubnetIds" :[ String, ... ]
, "Tags" :[ Tag, ... ]
, "TrustedIdentityPropagationEnabled" :Boolean
, "UserRole" :String
, "VpcId" :String
, "WorkspaceSecurityGroupId" :String
} }
YAML
Type: AWS::EMR::Studio Properties: AuthMode:
String
DefaultS3Location:String
Description:String
EncryptionKeyArn:String
EngineSecurityGroupId:String
IdcInstanceArn:String
IdcUserAssignment:String
IdpAuthUrl:String
IdpRelayStateParameterName:String
Name:String
ServiceRole:String
SubnetIds:- String
Tags:- Tag
TrustedIdentityPropagationEnabled:Boolean
UserRole:String
VpcId:String
WorkspaceSecurityGroupId:String
Properties
AuthMode
-
Specifies whether the Studio authenticates users using IAM Identity Center or IAM.
Required: Yes
Type: String
Allowed values:
SSO | IAM
Update requires: Replacement
DefaultS3Location
-
The Amazon S3 location to back up EMR Studio Workspaces and notebook files.
Required: Yes
Type: String
Pattern:
^s3://.*
Minimum:
6
Maximum:
10280
Update requires: No interruption
Description
-
A detailed description of the Amazon EMR Studio.
Required: No
Type: String
Minimum:
0
Maximum:
256
Update requires: No interruption
EncryptionKeyArn
-
The AWS KMS key identifier (ARN) used to encrypt Amazon EMR Studio workspace and notebook files when backed up to Amazon S3.
Required: No
Type: String
Pattern:
^arn:aws(-(cn|us-gov|iso-f|iso-e))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$
Update requires: Replacement
EngineSecurityGroupId
-
The ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by
VpcId
.Required: Yes
Type: String
Pattern:
^sg-[a-zA-Z0-9\-._]+$
Minimum:
4
Maximum:
256
Update requires: Replacement
IdcInstanceArn
-
The ARN of the IAM Identity Center instance the Studio application belongs to.
Required: No
Type: String
Minimum:
20
Maximum:
2048
Update requires: Replacement
IdcUserAssignment
-
Indicates whether the Studio has
REQUIRED
orOPTIONAL
IAM Identity Center user assignment. If the value is set toREQUIRED
, users must be explicitly assigned to the Studio application to access the Studio.Required: No
Type: String
Allowed values:
REQUIRED | OPTIONAL
Update requires: Replacement
IdpAuthUrl
-
Your identity provider's authentication endpoint. Amazon EMR Studio redirects federated users to this endpoint for authentication when logging in to a Studio with the Studio URL.
Required: No
Type: String
Pattern:
^https://[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])(:[0-9]*)*([?/#].*)?$
Maximum:
4096
Update requires: No interruption
IdpRelayStateParameterName
-
The name of your identity provider's
RelayState
parameter.Required: No
Type: String
Minimum:
0
Maximum:
256
Update requires: No interruption
Name
-
A descriptive name for the Amazon EMR Studio.
Required: Yes
Type: String
Pattern:
[a-zA-Z0-9_-]+
Minimum:
1
Maximum:
256
Update requires: No interruption
ServiceRole
-
The Amazon Resource Name (ARN) of the IAM role that will be assumed by the Amazon EMR Studio. The service role provides a way for Amazon EMR Studio to interoperate with other AWS services.
Required: Yes
Type: String
Pattern:
^arn:aws(-(cn|us-gov|iso-f|iso-e))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$
Update requires: Replacement
SubnetIds
-
A list of subnet IDs to associate with the Amazon EMR Studio. A Studio can have a maximum of 5 subnets. The subnets must belong to the VPC specified by
VpcId
. Studio users can create a Workspace in any of the specified subnets.Required: Yes
Type: Array of String
Minimum:
1
Update requires: No interruption
-
An array of key-value pairs to apply to this resource.
For more information, see Tag.
Required: No
Type: Array of Tag
Update requires: No interruption
TrustedIdentityPropagationEnabled
-
Indicates whether the Studio has Trusted identity propagation enabled. The default value is
false
.Required: No
Type: Boolean
Update requires: Replacement
UserRole
-
The Amazon Resource Name (ARN) of the IAM user role that will be assumed by users and groups logged in to a Studio. The permissions attached to this IAM role can be scoped down for each user or group using session policies. You only need to specify
UserRole
when you setAuthMode
toSSO
.Required: No
Type: String
Pattern:
^arn:aws(-(cn|us-gov|iso-f|iso-e))?:[a-z-]+:(([a-z]+-)+[0-9])?:([0-9]{12})?:[^.]+$
Update requires: Replacement
VpcId
-
The ID of the Amazon Virtual Private Cloud (Amazon VPC) to associate with the Studio.
Required: Yes
Type: String
Pattern:
^(vpc-[0-9a-f]{8}|vpc-[0-9a-f]{17})$
Update requires: Replacement
WorkspaceSecurityGroupId
-
The ID of the Workspace security group associated with the Amazon EMR Studio. The Workspace security group allows outbound network traffic to resources in the Engine security group and to the internet.
Required: Yes
Type: String
Pattern:
^sg-[a-zA-Z0-9\-._]+$
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the resource ID. For example:
{ "Ref": "es-EXAMPLE12345678XXXXXXXXXXX" }
Ref returns the ID of the Amazon EMR Studio.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
Arn
-
The Amazon Resource Name (ARN) of the Amazon EMR Studio. For example:
arn:aws:elasticmapreduce:us-east-1:653XXXXXXXXX:studio/es-EXAMPLE12345678XXXXXXXXXXX
. StudioId
-
The ID of the Amazon EMR Studio. For example:
es-EXAMPLE12345678XXXXXXXXXXX
. Url
-
The unique access URL of the Amazon EMR Studio. For example:
https://es-EXAMPLE12345678XXXXXXXXXXX.emrstudio-prod.us-east-1.amazonaws.com
.