- Newest
- Most votes
- Most comments
https://docs.aws.amazon.com/datazone/latest/userguide/working-with-associated-accounts.html https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html https://docs.aws.amazon.com/datazone/latest/userguide/data-portal-permissions.html https://aws.amazon.com/datazone/faqs/
I have reviewed the above links here are a few things to consider:
Account Association: Ensure that both the root domain and the target associated account belong to the same AWS Organization. If the AWS accounts aren't part of the same AWS organization, the association request can't be initiated or accepted1. Keep in mind that an AWS account can only be associated with one root Amazon DataZone domain.
Invalid Request Error: The "Invalid Request" JSON message you're seeing might be related to an authorization issue. AWS generates access denied errors when it either explicitly or implicitly denies an authorization request. This can happen when a policy contains a Deny statement for the specific AWS action or when there is no applicable Deny statement and also no applicable Allow statement. In case of implicit denial, the policy must explicitly allow the principal to perform an action.
Access Permissions: You might need to check and update the permissions required to use the Amazon DataZone data portal. You can access the Amazon DataZone data portal using either your single sign-on (SSO) or AWS credentials from the same AWS account in which the root domain is created. To enable an IAM principal in the root domain account to access the data portal, attach the AmazonDataZonePortalFullAccessPolicy to the IAM principal.
If you already have AWS IAM Identity Center enabled and configured in the same AWS Region where you have created your Amazon DataZone root domain, you can skip some steps. Once IAM Identity Center is enabled, all SSO users and groups can access the Amazon DataZone data portal web application using their existing SSO credentials, enabling users to access the Amazon DataZone data portal without IAM credentials.
Amazon DataZone Portal and Domains: The Amazon DataZone portal is an integrated data experience that verifies existing credentials from your identity provider. Domains in Amazon DataZone are collections of objects such as data assets, projects, associated AWS accounts, and data sources, and they help in organizing resources aligned to business-driven domains. They provide a scalable container for teams and related Amazon DataZone entities.
Relevant content
- asked 2 years ago
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 4 months ago