Configure studio user role AWS IAM Identity Center Configure AWS KMS encryption key Configure tags

Additional studio settings

Nimble Studio setup includes additional studio settings. With these settings, you can view all the changes Nimble Studio setup makes to your AWS account, configure your studio user role, and change your encryption key type. You can also add optional tags to your studio resources.

Configure studio user role

An AWS service can assume a service role to perform actions on your behalf. Nimble Studio requires a studio user role for it to give users access to resources in your studio.

You can attach AWS Identity and Access Management (IAM) managed policies to the studio user role. The policies allow users to perform certain actions, such as creating jobs in a specific Nimble Studio application. Because applications depend on specific conditions in the managed policy, if you don’t use the managed policies, the application might not perform as expected.

You can change the studio user role after you complete setup, at any time. For more information about user roles, see IAM Roles.

The following tabs contain instructions for two different use cases. To create and use a new service role, choose the New service role tab. To use an existing service role, choose the Existing service role tab.

AWS IAM Identity Center

AWS IAM Identity Center is a cloud-based single sign-on service for managing users and groups. IAM Identity Center can also be integrated with your enterprise single sign-on (SSO) provider so that users can sign in with their company account.

Nimble Studio enables IAM Identity Center by default, and it is required to set up and use Nimble Studio. For more information, see What is AWS IAM Identity Center.

Configure AWS KMS encryption key

AWS Key Management Service (AWS KMS) keys are the primary type of KMS key that you can use to encrypt, decrypt, and re-encrypt your data.

Nimble Studio includes the following AWS KMS encryption key types:

AWS owned key – AWS owned keys are KMS keys that the AWS service owns and manages for use in multiple AWS accounts. AWS owned keys do not reside in your AWS account, but Nimble Studio can use an AWS owned key to protect the resources in your account.

To use AWS KMS, you don't need to create or maintain the key or its key policy. There is no charge to use AWS owned keys and they do not count against AWS KMS quotas for your AWS account.
Customer managed AWS KMS key – A customer managed key is a KMS key in your AWS account that you create, own, and manage.

You have full control over these KMS keys. Customer managed keys incur a monthly fee. They also incur a fee for each API request to AWS KMS beyond the free tier. For more information about AWS KMS pricing, see AWS Key Management Service pricing.

The encryption key type cannot be changed after you complete setup. For more information about AWS KMS and encryption key types, see the AWS KMS documentation.

To choose a different encryption key type

Select Choose a different AWS KMS key (advanced).
Select an AWS KMS key or enter an Amazon resource number (ARN).
Choose Create AWS KMS key.

Configure tags

Tags act as labels for organizing your Nimble Studio resources. You can add up to 50 tags to identify, organize, filter, and search for resources.

Each tag consists two parts, which you define: a tag Key and an optional tag Value — for example, key: domain and value: anycompanystudio.com.

You can add or remove tags after you complete setup, at any time. For more information about tags, see Tagging your AWS resources.

To add tags to your studio resources

Choose Add new tag.
Enter the tag Key.
(Optional) Enter the tag Value.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Quick setup

Delete a studio