Skip to content

Resource: awsEmrStudio

Provides an Elastic MapReduce Studio.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.emrStudio.EmrStudio(this, "example", {
  authMode: "SSO",
  defaultS3Location: "s3://${aws_s3_bucket.test.bucket}/test",
  engineSecurityGroupId: "${aws_security_group.test.id}",
  name: "example",
  serviceRole: "${aws_iam_role.test.arn}",
  subnetIds: ["${aws_subnet.test.id}"],
  userRole: "${aws_iam_role.test.arn}",
  vpcId: "${aws_vpc.test.id}",
  workspaceSecurityGroupId: "${aws_security_group.test.id}",
});

Argument Reference

The following arguments are required:

  • authMode- (Required) Specifies whether the Studio authenticates users using IAM or Amazon Web Services SSO. Valid values are sso or iam.
  • defaultS3Location - (Required) The Amazon S3 location to back up Amazon EMR Studio Workspaces and notebook files.
  • name - (Required) A descriptive name for the Amazon EMR Studio.
  • engineSecurityGroupId - (Required) The ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by vpcId.
  • serviceRole - (Required) The IAM role that the Amazon EMR Studio assumes. The service role provides a way for Amazon EMR Studio to interoperate with other Amazon Web Services services.
  • subnetIds - (Required) A list of subnet IDs to associate with the Amazon EMR Studio. A Studio can have a maximum of 5 subnets. The subnets must belong to the VPC specified by vpcId. Studio users can create a Workspace in any of the specified subnets.
  • vpcId - (Required) The ID of the Amazon Virtual Private Cloud (Amazon VPC) to associate with the Studio.
  • workspaceSecurityGroupId - (Required) The ID of the Amazon EMR Studio Workspace security group. The Workspace security group allows outbound network traffic to resources in the Engine security group, and it must be in the same VPC specified by vpcId.

The following arguments are optional:

  • description - (Optional) A detailed description of the Amazon EMR Studio.
  • idpAuthUrl - (Optional) The authentication endpoint of your identity provider (IdP). Specify this value when you use IAM authentication and want to let federated users log in to a Studio with the Studio URL and credentials from your IdP. Amazon EMR Studio redirects users to this endpoint to enter credentials.
  • idpRelayStateParameterName - (Optional) The name that your identity provider (IdP) uses for its RelayState parameter. For example, RelayState or TargetSource. Specify this value when you use IAM authentication and want to let federated users log in to a Studio using the Studio URL. The RelayState parameter differs by IdP.
  • tags - (Optional) list of tags to apply to the EMR Cluster. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • userRole - (Optional) - The IAM user role that users and groups assume when logged in to an Amazon EMR Studio. Only specify a User Role when you use Amazon Web Services SSO authentication. The permissions attached to the User Role can be scoped down for each user or group using session policies.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn- ARN of the studio.
  • url - The unique access URL of the Amazon EMR Studio.

Import

EMR studios can be imported using the id, e.g.,

$ terraform import aws_emr_studio.studio es-123456ABCDEF