f Create the permissions policy for the role based on the example in Overview

F create the permissions policy for the role based on

This preview shows page 255 - 257 out of 395 pages.

f. Create the permissions policy for the role based on the example in Overview of the IAM Roles for Lake Formation (p. 247) . g. Choose Next: Tags . h. Choose Next: Review . i. For Role name , type a role name. Role names must be unique within your AWS account. j. Review the role and then choose Create role . k. Click Roles tab, search for the role name created from the last step. l. Choose Trust relationships , and then select Edit trust relationship . m.Override the existing policy document with the IAM Role for Lake Formation trust policy specified in the Overview of the IAM Roles for Lake Formation (p. 247) section. Then click Update Trust Relationship . 249
Image of page 255
Amazon EMR Management Guide Before You Begin 5. In your organization's IdP, you must configure SAML assertions that map the users in your organization to the Identity Provider and the IAM role for Lake Formation that was just created. You do this by configuring the three attribute elements shown in the following table. • Replace account-id with your AWS account ID. • Replace IAM_Role_For_Lake_Formation with the name of the IAM role for Lake Formation that you created. • Replace IAM_identity_provider_name with the name of the IAM identity provider that you created in previous steps. • Replace user_alias with the name of the attribute used to hold the user name defined in your organization. Attribute Elements Value Role arn:aws:iam:: account- id :role/ IAM_Role_For_Lake_Formation ,arn:aws:iam:: account- id :saml-provider/ IAM_identity_provider_name RoleSessionName user_alias Attributes/Username user_alias The exact steps for performing the mapping depend on which IdP you're using. For more information, see the next section Supported Third-Party Providers for SAML (p. 250) . For more information, see Configuring SAML Assertions for the Authentication Response . Supported Third-Party Providers for SAML Integration between Amazon EMR and AWS Lake Formation supports SAML 2.0-based federation with the following third-party providers: Microsoft Active Directory Federation Services (AD FS), Auth0, and Okta. The following sections provide information to help you configure these IdPs to work with AWS Lake Formation federation. Auth0 AWS Integration in Auth0 – This page on the Auth0 documentation website describes how to set up single sign-on (SSO) with the AWS Management Console. It also includes a JavaScript example. To enable federated access to Lake Formation, customize the following steps in the Auth0 documentation: When providing an application callback URL, provide a temporary URL, as shown in the following example. Update public-dns with the actual DNS name for your master node after launching your cluster.
Image of page 256
Image of page 257

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes