CreatePresignedDomainUrl
Creates a URL for a specified UserProfile in a Domain. When accessed in a web browser, the user will be automatically signed in to the domain, and granted access to all of the Apps and files associated with the Domain's Amazon Elastic File System volume. This operation can only be called when the authentication mode equals IAM.
The IAM role or user passed to this API defines the permissions to access the app. Once the presigned URL is created, no additional permission is required to access this URL. IAM authorization policies for this API are also enforced for every HTTP request and WebSocket frame that attempts to connect to the app.
You can restrict access to this API and to the URL that it returns to a list of IP addresses, Amazon VPCs or Amazon VPC Endpoints that you specify. For more information, see Connect to Amazon SageMaker AI Studio Through an Interface VPC Endpoint .
Note
-
The URL that you get from a call to
CreatePresignedDomainUrl
has a default timeout of 5 minutes. You can configure this value usingExpiresInSeconds
. If you try to use the URL after the timeout limit expires, you are directed to the AWS console sign-in page. -
The JupyterLab session default expiration time is 12 hours. You can configure this value using SessionExpirationDurationInSeconds.
Request Syntax
{
"DomainId": "string
",
"ExpiresInSeconds": number
,
"LandingUri": "string
",
"SessionExpirationDurationInSeconds": number
,
"SpaceName": "string
",
"UserProfileName": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- DomainId
-
The domain ID.
Type: String
Length Constraints: Maximum length of 63.
Pattern:
^d-(-*[a-z0-9]){1,61}
Required: Yes
- ExpiresInSeconds
-
The number of seconds until the pre-signed URL expires. This value defaults to 300.
Type: Integer
Valid Range: Minimum value of 5. Maximum value of 300.
Required: No
- LandingUri
-
The landing page that the user is directed to when accessing the presigned URL. Using this value, users can access Studio or Studio Classic, even if it is not the default experience for the domain. The supported values are:
-
studio::relative/path
: Directs users to the relative path in Studio. -
app:JupyterServer:relative/path
: Directs users to the relative path in the Studio Classic application. -
app:JupyterLab:relative/path
: Directs users to the relative path in the JupyterLab application. -
app:RStudioServerPro:relative/path
: Directs users to the relative path in the RStudio application. -
app:CodeEditor:relative/path
: Directs users to the relative path in the Code Editor, based on Code-OSS, Visual Studio Code - Open Source application. -
app:Canvas:relative/path
: Directs users to the relative path in the Canvas application.
Type: String
Length Constraints: Maximum length of 1023.
Required: No
-
- SessionExpirationDurationInSeconds
-
The session expiration duration in seconds. This value defaults to 43200.
Type: Integer
Valid Range: Minimum value of 1800. Maximum value of 43200.
Required: No
- SpaceName
-
The name of the space.
Type: String
Length Constraints: Maximum length of 63.
Pattern:
^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}
Required: No
- UserProfileName
-
The name of the UserProfile to sign-in as.
Type: String
Length Constraints: Maximum length of 63.
Pattern:
^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}
Required: Yes
Response Syntax
{
"AuthorizedUrl": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- AuthorizedUrl
-
The presigned URL.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
- ResourceNotFound
-
Resource being access is not found.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: