Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Updating IAM Identity Center
integration
After creating the connection, you can add third-party applications for the IAM Identity Center
integration to integrate with Lake Formation, and get access to Amazon S3 data on behalf of the users.
You can also remove existing applications from the IAM Identity Center integration. You can add or
remove applications using Lake Formation console, Amazon CLI, and using UpdateLakeFormationIdentityCenterConfiguration operation.
After creating IAM Identity Center integration, you can't update the instance ARN
.
- Amazon Web Services Management Console
-
To update an existing IAM Identity Center connection with Lake Formation
Sign in to the Amazon Web Services Management Console, and open the Lake Formation console at https://console.amazonaws.cn/lakeformation/.
In the left navigation pane, select IAM Identity Center integration.
Select Add on the IAM Identity Center integration page.
-
Enter one or more valid Amazon Web Services account IDs, organization IDs, and/or organizational
unit IDs to allow external accounts to access the Data Catalog resources.
On the Add applications screen, enter the application IDs of the third-party applications that you want to integrate with Lake Formation.
Select Add.
- Amazon CLI
-
You can add or remove third-party applications for the IAM Identity Center integration
by running the following Amazon CLI command. When you set external filtering
status to ENABLED
, it enables the IAM Identity Center to provide identity
management for third-party applications to access data managed by Lake Formation. You
can also enable or disable the IAM Identity Center integration by setting the application
status.
aws lakeformation update-lake-formation-identity-center-configuration \
--external-filtering '{"AuthorizedTargets": ["<app arn1>
", "<app arn2>
"], "Status": "ENABLED"}'\
--share-recipients '[{"DataLakePrincipalIdentifier": "<444455556666>
"}
{"DataLakePrincipalIdentifier": "<777788889999>
"}]' \
--application-status ENABLED