CreatePresignedDomainUrl - Amazon SageMaker

CreatePresignedDomainUrl

Creates a URL for a specified UserProfile in a Domain. When accessed in a web browser, the user will be automatically signed in to the domain, and granted access to all of the Apps and files associated with the Domain's Amazon Elastic File System volume. This operation can only be called when the authentication mode equals IAM.

The IAM role or user passed to this API defines the permissions to access the app. Once the presigned URL is created, no additional permission is required to access this URL. IAM authorization policies for this API are also enforced for every HTTP request and WebSocket frame that attempts to connect to the app.

You can restrict access to this API and to the URL that it returns to a list of IP addresses, Amazon VPCs or Amazon VPC Endpoints that you specify. For more information, see Connect to Amazon SageMaker Studio Through an Interface VPC Endpoint .

Note

The URL that you get from a call to CreatePresignedDomainUrl has a default timeout of 5 minutes. You can configure this value using ExpiresInSeconds. If you try to use the URL after the timeout limit expires, you are directed to the AWS console sign-in page.

Request Syntax

{ "DomainId": "string", "ExpiresInSeconds": number, "LandingUri": "string", "SessionExpirationDurationInSeconds": number, "SpaceName": "string", "UserProfileName": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

DomainId

The domain ID.

Type: String

Length Constraints: Maximum length of 63.

Pattern: ^d-(-*[a-z0-9]){1,61}

Required: Yes

ExpiresInSeconds

The number of seconds until the pre-signed URL expires. This value defaults to 300.

Type: Integer

Valid Range: Minimum value of 5. Maximum value of 300.

Required: No

LandingUri

The landing page that the user is directed to when accessing the presigned URL. Using this value, users can access Studio or Studio Classic, even if it is not the default experience for the domain. The supported values are:

  • studio::relative/path: Directs users to the relative path in Studio.

  • app:JupyterServer:relative/path: Directs users to the relative path in the Studio Classic application.

  • app:JupyterLab:relative/path: Directs users to the relative path in the JupyterLab application.

  • app:RStudioServerPro:relative/path: Directs users to the relative path in the RStudio application.

  • app:CodeEditor:relative/path: Directs users to the relative path in the Code Editor, based on Code-OSS, Visual Studio Code - Open Source application.

  • app:Canvas:relative/path: Directs users to the relative path in the Canvas application.

Type: String

Length Constraints: Maximum length of 1023.

Required: No

SessionExpirationDurationInSeconds

The session expiration duration in seconds. This value defaults to 43200.

Type: Integer

Valid Range: Minimum value of 1800. Maximum value of 43200.

Required: No

SpaceName

The name of the space.

Type: String

Length Constraints: Maximum length of 63.

Pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}

Required: No

UserProfileName

The name of the UserProfile to sign-in as.

Type: String

Length Constraints: Maximum length of 63.

Pattern: ^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}

Required: Yes

Response Syntax

{ "AuthorizedUrl": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AuthorizedUrl

The presigned URL.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

ResourceNotFound

Resource being access is not found.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: