Posted On: Sep 20, 2021
Amazon EMR Studio is an integrated development environment (IDE) that makes it easy for data scientists and data engineers to develop, visualize, and debug data engineering and data science applications written in R, Python, Scala, and PySpark. Today, we are introducing additional authentication options with EMR Studio. Before this release, to login to EMR Studio, you needed to integrate your identity provider (IdP) with AWS Single Sign-on (AWS SSO). With this release, you can now choose to use AWS Identity and Access Management (IAM) authentication or use IAM federation with your corporate credentials to login to EMR Studio, in addition to using AWS SSO.
Each EMR Studio provides a unique access URL allowing users to directly login to their Studio environments with their corporate credentials. When you choose IAM Authentication, you can directly login to EMR Studio via the AWS Console or the EMR Studio access URL, which redirects you to the IAM login page for authentication. When you choose IAM federation or AWS SSO-based authentication, accessing the Studio access URL redirects to your identity provider's sign-in portal for authentication. You can also access EMR Studio from your identity provider's portal. If you have more than one studio in your environment, you can also directly access specific Studios directly from your IdP portal. AWS SSO is a great choice if you want to define federated access permissions for your users based on their group memberships in a single centralized directory such as Microsoft Active Directory. If you use multiple directories, or want to manage the permissions based on user attributes, consider IAM as your design alternative.
With each of these options, you can define per-user fine-grained access control on resources. When using AWS SSO, you can use IAM session policies to manage permissions. For example, you can create session policy to restrict users from creating a new EMR cluster. When using IAM, you can grant users access to an EMR Studio with IAM permissions policies and attribute-based access control (ABAC). For example, you can attach a permissions policy to an IAM identity for creating new EMR clusters.
To learn more about federation options in AWS, see our documentation here. To learn more about using IAM-based authentication or IAM federation on EMR Studio, see our Amazon EMR Studio documentation here. EMR Studio is available in US East (Ohio, N. Virginia), US West (Oregon), Canada (Central), Europe (Ireland, Frankfurt, London, and Stockholm), and Asia Pacific (Mumbai, Seoul, Singapore, Sydney, and Tokyo) regions.