Add and remove user profiles - Amazon SageMaker
Add user profilesRemove user profiles
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Add and remove user profiles

The following sections demonstrate how to add and remove user profiles from an Amazon SageMaker domain using the SageMaker console or the Amazon Command Line Interface (Amazon CLI).

Add user profiles

The following section shows how to add user profiles to a domain using the SageMaker console or the Amazon CLI.

After you add a user profile to the domain, users can login using a URL. If the domain uses Amazon IAM Identity Center for authentication, users receive an email that contains the URL to sign in to the domain. If the domain uses Amazon Identity and Access Management, you can create a URL for a user profile using CreatePresignedDomainUrl

Add user profiles from the console

You can add user profiles to a domain from the SageMaker console by following this procedure.

  1. Open the Amazon SageMaker console at https://console.amazonaws.cn/sagemaker/.

  2. On the left navigation pane, choose Admin configurations.

  3. Under Admin configurations, choose domains.

  4. From the list of domains, select the domain that you want to add a user profile to.

  5. On the domain details page, choose the User profiles tab.

  6. Choose Add user. This opens a new page.

  7. Use the default name for your user profile or add a custom name.

  8. For Execution role, choose an option from the role selector. If you choose Enter a custom IAM role ARN, the role must have, at a minimum, an attached trust policy that grants SageMaker permission to assume the role. For more information, see SageMaker Roles.

    If you choose Create a new role, the Create an IAM role dialog box opens:

    1. For S3 buckets you specify, specify additional Amazon S3 buckets that users of your notebooks can access. If you don't want to add access to more buckets, choose None.

    2. Choose Create role. SageMaker creates a new IAM role, AmazonSageMaker-ExecutionPolicy, with the AmazonSageMakerFullAccess policy attached.

  9. (Optional) Add tags to the user profile. All resources that the user profile creates will have a domain ARN tag and a user profile ARN tag. The domain ARN tag is based on domain ID, while the user profile ARN tag is based on the user profile name.

  10. Choose Next.

  11. In the SageMaker Studio section, you have the option to choose between the newer and classic version of Studio as your default experience.

    • If you choose SageMaker Studio (recommended) as your default experience, the Studio Classic IDE has default settings. For information on the default settings, see Default settings.

      For information on Studio, see Amazon SageMaker Studio.

    • If you choose Studio Classic as your default experience, you can choose to enable or disable notebook resource sharing. Notebook resources include artifacts such as cell output and Git repositories. For more information on Notebook resources, see Share and Use an Amazon SageMaker Studio Classic Notebook.

  12. Under SageMaker Canvas , you can configure your SageMaker Canvas settings. For the instructions and configuration details for onboarding, see Getting started with using Amazon SageMaker Canvas.

    1. For the Canvas base permissions configuration, select whether to establish the minimum required permissions to use the SageMaker Canvas application.

    2. (Optional) For the Time series forecasting configuration: To grant user permissions for time series forecasting in SageMaker Canvas, leave the Enable time series forecasting option turned on. It is turned on by default.

    3. (Optional) If you left Enable time series forecasting turned on, select Create and use a new execution role. Alternatively, if you already have an IAM role with the required Amazon Forecast permissions attached, select Use an existing execution role. For more information, see the IAM role setup method.

  13. Under RStudio, if RStudio license, select whether you want to create the user with one of the following authorizations:

    • Unauthorized

    • RStudio Admin

    • RStudio User

  14. Choose Next.

  15. In the Customize Studio UI page you can customize the viewable applications and machine learning (ML) tools displayed in Studio. This customization only hides the applications and ML tools in the left navigation pane in Studio. For information on the Studio UI, see Amazon SageMaker Studio UI overview.

    For information about the applications, see Applications supported in Amazon SageMaker Studio.

    The customize Studio UI feature is not available in Studio Classic. If you wish to set Studio as your default experience, choose Previous and to return to the previous step.

  16. Choose Next.

  17. After you have reviewed your changes, choose Create user profile.

Create user profiles from the Amazon CLI

To create a user profile in a domain from the Amazon CLI, run the following command from the terminal of your local machine. For information about the available JupyterLab version ARNs, see Setting a default JupyterLab version.

aws --region region \
sagemaker create-user-profile \
--domain-id domain-id \
--user-profile-name user-name \
--user-settings '{
  "JupyterServerAppSettings": {
    "DefaultResourceSpec": {
      "SageMakerImageArn": "sagemaker-image-arn",
      "InstanceType": "system"
    }
  }
}'

You can use the Amazon CLI to customize the applications and ML tools displayed in Studio for the user, using StudioWebPortalSettings. Use HiddenAppTypes to hide applications and HiddenMlTools to hide ML tools. For more information on customizing the left navigation of the Studio UI, see Customize Amazon SageMaker Studio user interface. This feature is not available for Studio Classic.

Remove user profiles

All apps launched by a user profile must be deleted to delete the user profile. The following section shows how to remove user profiles from a domain using the SageMaker console or Amazon CLI.

Remove user profiles from the console

  1. Open the Amazon SageMaker console at https://console.amazonaws.cn/sagemaker/.

  2. On the left navigation pane, choose Admin configurations.

  3. Under Admin configurations, choose domains.

  4. From the list of domains, select the domain that you want to remove a user profile from.

  5. On the domain details page, choose the User profiles tab.

  6. Select the user profile that you want to delete.

  7. On the User Details page, for each non-failed app in the Apps list, choose Action.

  8. From the dropdown list, choose Delete.

  9. On the Delete app dialog box, choose Yes, delete app. Then enter delete in the confirmation field, and choose Delete.

  10. When Status shows as Deleted for all apps, choose Edit.

  11. On the Edit User page, choose Delete user.

  12. On the Delete user pop-up, choose Yes, delete user.

  13. Enter delete in the field to confirm deletion.

  14. Choose Delete.

Remove user profiles from the Amazon CLI

To delete a user profile from the Amazon CLI, run the following command from the terminal of your local machine.

aws sagemaker delete-user-profile \
--region region \
--domain-id domain-id \
--user-profile-name user-name