Add and Remove User Profiles - Amazon SageMaker
Add user profilesRemove user profiles

Add and Remove User Profiles

The following sections demonstrate how to add and remove user profiles from an Amazon SageMaker domain using the SageMaker console or the AWS Command Line Interface (AWS CLI).

Add user profiles

The following section shows how to add user profiles to a domain using the SageMaker console or the AWS CLI.

After you add a user profile to the domain, users can login using a URL. If the domain uses AWS IAM Identity Center for authentication, users receive an email that contains the URL to sign in to the domain. If the domain uses AWS Identity and Access Management, you can create a URL for a user profile using CreatePresignedDomainUrl

Add user profiles from the console

You can add user profiles to a domain from the SageMaker console by following this procedure.

  1. Open the Amazon SageMaker console at https://console.aws.amazon.com/sagemaker/.

  2. On the left navigation pane, choose Admin configurations.

  3. Under Admin configurations, choose domains.

  4. From the list of domains, select the domain that you want to add a user profile to.

  5. On the domain details page, choose the User profiles tab.

  6. Choose Add user. This opens a new page.

  7. Use the default name for your user profile or add a custom name.

  8. For Execution role, choose an option from the role selector. If you choose Enter a custom IAM role ARN, the role must have, at a minimum, an attached trust policy that grants SageMaker permission to assume the role. For more information, see SageMaker Roles.

    If you choose Create a new role, the Create an IAM role dialog box opens:

    1. For S3 buckets you specify, specify additional Amazon S3 buckets that users of your notebooks can access. If you don't want to add access to more buckets, choose None.

    2. Choose Create role. SageMaker creates a new IAM role, AmazonSageMaker-ExecutionPolicy, with the AmazonSageMakerFullAccess policy attached.

  9. (Optional) Add tags to the user profile. All resources that the user profile creates will have a domain ARN tag and a user profile ARN tag. The domain ARN tag is based on domain ID, while the user profile ARN tag is based on the user profile name.

  10. Choose Next.

  11. Under Default JupyterLab version, select a JupyterLab version from the dropdown to use as the default for your user profile. For information about selecting a JupyterLab version, see JupyterLab Versioning.

  12. In the SageMaker Projects and JumpStart section, you have two options. You can accept the default Project and JumpStart settings, or you can customize whether the user profile can create projects and use JumpStart. For more information, see SageMaker Studio Permissions Required to Use Projects.

  13. Choose Next.

  14. (Optional) If the domain has an RStudio license associated, select whether you want to create the user with one of the following authorizations:

    • Unauthorized

    • RStudio Admin

    • RStudio User

  15. Choose Next.

  16. For the Canvas base permissions configuration, select whether to establish the minimum required permissions to use the SageMaker Canvas application.

  17. (Optional) For the Time series forecasting configuration: To grant user permissions for time series forecasting in SageMaker Canvas, leave the Enable time series forecasting option turned on. It is turned on by default.

  18. (Optional) If you left Enable time series forecasting turned on, select Create and use a new execution role. Alternatively, if you already have an IAM role with the required Amazon Forecast permissions attached, select Use an existing execution role. For more information, see the IAM role setup method.

  19. Choose Submit.

Create user profiles from the AWS CLI

To create a user profile in a domain from the AWS CLI, run the following command from the terminal of your local machine. For information about the available JupyterLab version ARNs, see Setting a default JupyterLab version.

aws --region region \
sagemaker create-user-profile \
--domain-id domain-id \
--user-profile-name user-name \
--user-settings '{
  "JupyterServerAppSettings": {
    "DefaultResourceSpec": {
      "SageMakerImageArn": "sagemaker-image-arn",
      "InstanceType": "system"
    }
  }
}'

Remove user profiles

All apps launched by a user profile must be deleted to delete the user profile. The following section shows how to remove user profiles from a domain using the SageMaker console or AWS CLI.

Remove user profiles from the console

  1. Open the Amazon SageMaker console at https://console.aws.amazon.com/sagemaker/.

  2. On the left navigation pane, choose Admin configurations.

  3. Under Admin configurations, choose domains.

  4. From the list of domains, select the domain that you want to remove a user profile from.

  5. On the domain details page, choose the User profiles tab.

  6. Select the user profile that you want to delete.

  7. On the User Details page, for each non-failed app in the Apps list, choose Action.

  8. From the dropdown list, choose Delete.

  9. On the Delete app dialog box, choose Yes, delete app. Then enter delete in the confirmation field, and choose Delete.

  10. When Status shows as Deleted for all apps, choose Edit.

  11. On the Edit User page, choose Delete user.

  12. On the Delete user pop-up, choose Yes, delete user.

  13. Enter delete in the field to confirm deletion.

  14. Choose Delete.

Remove user profiles from the AWS CLI

To delete a user profile from the AWS CLI, run the following command from the terminal of your local machine.

aws sagemaker delete-user-profile \
--region region \
--domain-id domain-id \
--user-profile-name user-name