group_profiles
Creates, updates, deletes or gets a group_profile resource or lists group_profiles in a region
Overview
| Name | group_profiles |
| Type | Resource |
| Description | Group profiles represent groups of Amazon DataZone users. Groups can be manually created, or mapped to Active Directory groups of enterprise customers. In Amazon DataZone, groups serve two purposes. First, a group can map to a team of users in the organizational chart, and thus reduce the administrative work of a Amazon DataZone project owner when there are new employees joining or leaving a team. Second, corporate administrators use Active Directory groups to manage and update user statuses and so Amazon DataZone domain administrators can use these group memberships to implement Amazon DataZone domain policies. |
| Id | aws.datazone.group_profiles |
Fields
| Name | Datatype | Description |
|---|---|---|
domain_id | string | The identifier of the Amazon DataZone domain in which the group profile is created. |
domain_identifier | string | The identifier of the Amazon DataZone domain in which the group profile would be created. |
group_identifier | string | The ID of the group. |
group_name | string | The group-name of the Group Profile. |
id | string | The ID of the Amazon DataZone group profile. |
status | string | The status of the group profile. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | DomainIdentifier, GroupIdentifier, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all group_profiles in a region.
SELECT
region,
domain_id,
domain_identifier,
group_identifier,
group_name,
id,
status
FROM aws.datazone.group_profiles
WHERE region = 'us-east-1';
Gets all properties from an individual group_profile.
SELECT
region,
domain_id,
domain_identifier,
group_identifier,
group_name,
id,
status
FROM aws.datazone.group_profiles
WHERE region = 'us-east-1' AND data__Identifier = '<DomainId>|<Id>';
INSERT example
Use the following StackQL query and manifest file to create a new group_profile resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.datazone.group_profiles (
DomainIdentifier,
GroupIdentifier,
region
)
SELECT
'{{ DomainIdentifier }}',
'{{ GroupIdentifier }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.datazone.group_profiles (
DomainIdentifier,
GroupIdentifier,
Status,
region
)
SELECT
'{{ DomainIdentifier }}',
'{{ GroupIdentifier }}',
'{{ Status }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: group_profile
props:
- name: DomainIdentifier
value: '{{ DomainIdentifier }}'
- name: GroupIdentifier
value: '{{ GroupIdentifier }}'
- name: Status
value: '{{ Status }}'
DELETE example
/*+ delete */
DELETE FROM aws.datazone.group_profiles
WHERE data__Identifier = '<DomainId|Id>'
AND region = 'us-east-1';
Permissions
To operate on the group_profiles resource, the following permissions are required:
Create
datazone:CreateGroupProfile,
datazone:GetGroupProfile,
datazone:UpdateGroupProfile,
sso:ListProfiles,
sso:GetProfile,
sso:AssociateProfile,
sso:DisassociateProfile
Read
datazone:GetGroupProfile
Update
datazone:UpdateGroupProfile,
datazone:GetGroupProfile,
sso:ListProfiles,
sso:GetProfile,
sso:AssociateProfile,
sso:DisassociateProfile
Delete
datazone:DeleteGroupProfile,
datazone:GetGroupProfile,
datazone:UpdateGroupProfile,
sso:ListProfiles,
sso:GetProfile,
sso:AssociateProfile,
sso:DisassociateProfile
List
datazone:SearchGroupProfiles