Accept an account association request from an Amazon DataZone domain and enable an environment blueprint - Amazon DataZone

Accept an account association request from an Amazon DataZone domain and enable an environment blueprint

To accept association in the Amazon DataZone management console with an Amazon DataZone domain, you must assume an IAM role in the account with administrative permissions. Configure the IAM permissions required to use the Amazon DataZone management console to obtain the minimum permissions.

Complete the following to accept association with an Amazon DataZone domain.

  1. Sign in to the AWS Management Console and open the Amazon DataZone management console at https://console.aws.amazon.com/datazone.

  2. Choose View requests and select the inviting domain from the list. The state of the invitation should be Requested. Choose Review request.

  3. Choose whether to enable the default data lake and/or data warehouse environment blueprints by selecting neither, both, or one of the boxes. You can do this later.

    • The data lake environment blueprint enables domain users to create and manage AWS Glue, Amazon S3, and Amazon Athena resources to publish and consume from a data lake.

    • The data warehouse environment blueprint enables domain users to create and manage Amazon Redshift resources to publish and consume from a data warehouse.

  4. If you choose to select one or both of the default environment blueprints, then configure the following permissions and resources.

    • The Manage access IAM role provides permissions to Amazon DataZone to enable domain users to ingest and manage access to tables, like AWS Glue and Amazon Redshift. You can choose to have Amazon DataZone create and use a new IAM role, or you can choose from a list of existing IAM roles.

    • The Provisioning IAM role provides permissions to Amazon DataZone to enable domain users to create and configure environment resources, like AWS Glue databases. You can choose to have Amazon DataZone create and use a new IAM role, or you can choose from a list of existing IAM roles.

    • The Amazon S3 bucket for Data Lake is the bucket or path that Amazon DataZone will use when domain users store data lake data. You can use the default bucket selected by Amazon DataZone or choose your own existing Amazon S3 path by entering its path string. If you select your own Amazon S3 path, you will need to update IAM policies to provide Amazon DataZone with permissions to use it.

  5. When you are satisfied with your configurations, choose Accept and configure association.