Updating a IAM Identity Center integration - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Updating a IAM Identity Center integration

After creating the connection, you can add third-party applications for the IAM Identity Center integration to integrate with Lake Formation, and get access to Amazon S3 data on behalf of the users. You can also remove existing applications from the IAM Identity Center integration. You can add or remove applications using Lake Formation console, Amazon CLI, and using UpdateLakeFormationIdentityCenterConfiguration operation.

Note

After creating IAM Identity Center integration, you can't update the instance ARN.

Amazon Web Services Management Console
To update an existing IAM Identity Center connection with Lake Formation

  1. Sign in to the Amazon Web Services Management Console, and open the Lake Formation console at https://console.amazonaws.cn/lakeformation/.

  2. In the left navigation pane, select IAM Identity Center integration.

  3. Select Add on the IAM Identity Center integration page.

  4. Enter one or more valid Amazon Web Services account IDs, organization IDs, and/or organizational unit IDs to allow external accounts to access the Data Catalog resources.

  5. On the Add applications screen, enter the application IDs of the third-party applications that you want to integrate with Lake Formation.

  6. Select Add.

Amazon CLI

You can add or remove third-party applications for the IAM Identity Center integration by running the following Amazon CLI command. When you set external filtering status to ENABLED, it enables the IAM Identity Center to provide identity management for third-party applications to access data managed by Lake Formation. You can also enable or disable the IAM Identity Center integration by setting the application status. 

aws lakeformation update-lake-formation-identity-center-configuration \
 --external-filtering '{"AuthorizedTargets": ["<app arn1>", "<app arn2>"], "Status": "ENABLED"}'\
 --share-recipients '[{"DataLakePrincipalIdentifier": "<444455556666>"}
                     {"DataLakePrincipalIdentifier": "<777788889999>"}]' \
 --application-status ENABLED