Setting up Amazon IAM Identity Center (IAM Identity Center) - Amazon Glue DataBrew
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Setting up Amazon IAM Identity Center (IAM Identity Center)

Using Amazon IAM Identity Center (IAM Identity Center), your users can sign in to DataBrew with a simple URL, without signing in to the Amazon Web Services Management Console and without needing an Amazon account.

To set up IAM Identity Center
  1. Open the Amazon Organizations console, and create an organization if you don't already have one. All features are enabled by default for this organization.

    For more information, see Amazon IAM Identity Center Prerequisites and Creating and managing an organization.

  2. Open the Amazon IAM Identity Center console

  3. Choose your identity source.

    By default, you get an IAM Identity Center store for quick and easy user management. Optionally, you can connect an external identity provider instead, or connect an Amazon Managed Microsoft AD directory with your on-premises Active Directory. In this guide, we use the default IAM Identity Center store.

    For more information, see Choose your identity source in the Amazon IAM Identity Center User Guide.

  4. Create a permission set for DataBrew access:

    1. In the IAM Identity Center navigation pane, choose Amazon accounts, and then choose Permission sets.

    2. On the Create permission set page, choose Create a custom permission set.

    3. For Relay state, enter https://console.aws.amazon.com/databrew/home?region=us-east-1#landing.

      Entering this enables your users to go directly to DataBrew.

    4. Choose Attach Amazon managed policies, search for DataBrew, and choose AwsGlueDataBrewFullAccessPolicy. Choosing this gives your users all the permissions that they need for DataBrew. You can find more details in Adding an IAM policy for a console user.

    5. (Optional) Choose Create a custom permissions policy and customize the permissions for your users.

  5. In the IAM Identity Center navigation pane, choose Groups, and choose Create group. Enter the group name and choose Create.

  6. Add a user to IAM Identity Center store:

    1. In the IAM Identity Center navigation pane, choose Users.

    2. On the Add user screen, enter the required information and choose Send an email to the user with password setup instructions. The user should get an email about the next setup steps.

    3. Choose Next: Groups, choose the group that you want, and choose Add user.

      Users should receive an email inviting them to use SSO. In this email, they need to choose Accept invitation and set the password. They can also find the portal URL in the email. They can use this URL to access DataBrew.

  7. Assign each user to an account:

    1. Open the IAM Identity Center console, and in the navigation pane, choose Amazon accounts.

    2. Choose Amazon organization and choose an Amazon account.

    3. On the Assign Users screen, choose the Groups tab and choose the group that you want.

    4. Choose Next: Permission sets.

    5. Choose the permission set for DataBrew, and choose Finish.

Login steps for an IAM Identity Center-enabled user

  1. Sign into Amazon using an IAM Identity Center-enabled account.

    Sign-in form with username field, "Remember username" checkbox, and "Next" button.
  2. Click on Amazon Account identity

    Amazon Account identity dropdown menu in the top-right corner of the console interface.
  3. Click Management console for one-click re-direction to the DataBrew console.