Amazon EMR Studio Workspace Creation and Launching in AWS

Design and customise workspaces in an EMR studio to organise and operate notebooks. This section covers workspace construction and use.

Helpful EMR Studio Workspace topics:

Make an EMR Studio Workspace

Start an EMR Studio Workspace

Learn EMR Studio's Workspace UI.

See EMR Studio notebook examples.

Save EMR Studio Workspace content.

EMR Studio Workspace and notebook deletion

Know workspace status

Fix Workspace connectivity.

Make an EMR Studio Workspace

Create EMR Studio Workspaces to run notebook code.

To create an EMR studio workplace

Log into EMR Studio.

Select “Create a Workspace.”

Enter a workspace description and name. Naming workspaces helps find them on the Workspaces page.

Workspace collaboration allows Studio users to collaborate in real time on this workspace. Create collaborators after starting the Workspace.

Joining a cluster to a workspace requires expanding Advanced setup. You can add a cluster later. Refer to Attach CPU to EMR Studio Workspace for information.

Provisioning a new cluster requires administrator access.

After choosing a workspace cluster, attach the cluster.

Click Create a Workspace at the bottom.

After creating a workspace, EMR Studio opens the Workspaces page. The freshly established workspace is listed with a green success banner at the top.

Any Studio user can see shared workspaces by default. However, only one individual can utilise a workstation. You can collaborate with other users in EMR Studio using workspace collaboration.

Launch of EMR Studio Workspace

The notebook editor in a Workspace lets you deal with notebook files. The Workspaces page of a studio lists all accessible workspaces, along with their Name, Status, Creation time, and Last Modified.

Note

Your EMR notebooks from the previous Amazon EMR console may be in the console as EMR Studio Workspaces. IAM role rights are needed to access or create Workspaces in EMR Notebooks. You may need to refresh the Workspaces list to see a notebook you made in the last terminal.

To create a notepad and editing workspace

Your Studio's Workspaces page has the workspace. Keywords and column values can filter the list.

Select the workspace name to open it in a new browser tab. It may take several minutes to open the workspace if idle. Click Launch Workspace after selecting the Workspace row.

These launch options are available:

Quick launch: Use default settings to launch your workspace. Select Quick launch to connect clusters to JupyterLab.

Start your workstation with customisable settings. Launch Jupyter or JupyterLab, connect to an EMR cluster, and select security groups.

Note

Working in a workspace is limited to one user. EMR Studio alerts you when you try to open a specified Workspace that is in use. The Workspaces page shows the workspace user in the User column.

EMR Notebooks Security Within AWS Dashboard & EMR Studio

Security for EMR Notebooks

Recent Amazon EMR documentation highlights numerous built-in options to increase EMR Notebook security that are now available in the AWS dashboard as EMR Studio Workspaces. These capabilities are aimed to give users precise control so that only authorised users may access and interact with these notebooks and, most crucially, use the notebook editor to run code on linked clusters.

The security measures for Amazon EMR and its clusters complement those for EMR Notebooks. Tiered security allows for additional thoroughness. Many important processes for restricting access and securing notebook environments are mentioned in the documentation:

AWS IAM Integration: Integrated Identity and Access Management is crucial. Use IAM policy statements. In these policies, AWS defines permissions, including who can access what resources and do what. The documentation suggests using policy statements with notebook tags to restrict access.

This solution lets you tag EMR notebooks with key-value labels and build IAM policies that allow or deny access based on these tags. These extracts do not include the tagging methods, however this allows more granular control than providing access to all notebooks. Certain projects, teams, or data sensitivity levels may allow access control.

Amazon EC2 security groups are highlighted. They function as virtual firewalls. They control network traffic between the notebook editor and the cluster's primary instance in EMR Notebooks.

This basic network security solution restricts network connectivity between the real computing resources (the principal instance of the EMR cluster), where code execution begins, and the notebook environment, where the user interacts. According to the documentation, customers can adjust EMR Notebook security groups to meet their network isolation needs or use the default settings. EMR Notebook EC2 security group configuration instructions are available.

An AWS Service Role is utilised for setup. Highlights your responsibility to define this job. This Service Role is necessary to grant EMR notebooks authorisation to communicate with other AWS services. This Service Role allows notebook code to interface with databases, access S3 data, and call other AWS APIs.

The least privilege principle requires that a position only have the access needed to complete their tasks.

AWS console access requires additional permissions to access EMR Notebooks. Console users can access EMR Notebooks as EMR Studio Workspaces. You require extra IAM role rights to access or create these Workspaces. Use of the “Create Workspace” button requires this. This adds access control to the console interface, unlike the notebook's execution permissions or Service Role for communicating with other services. It indicates that basic EMR console rights and console access to EMR Studio Workspaces are covered elsewhere.

Together, EC2 security groups act as virtual firewalls to regulate network traffic, IAM policies with notebook tags limit access, a specific AWS Service Role defines interaction permissions with other services, and additional IAM permissions for console access to EMR Studio Workspaces allow administrators to customise the security posture of their EMR Notebook environments.

These rules restrict network connections and cross-service rights for notebook operations and ensure that only authorised users can work with notebooks and run programs. According to the documentation, these functionalities complement the Amazon EMR security architecture by providing a multidimensional approach to notebook-based data processing workflow security.