After careful consideration, we decided to end support for Amazon FinSpace, effective October 7, 2026. Amazon FinSpace will no longer accept new customers beginning October 7, 2025. As an existing customer with an Amazon FinSpace environment created before October 7, 2025, you can continue to use the service as normal. After October 7, 2026, you will no longer be able to use Amazon FinSpace. For more information, see [Amazon FinSpace end of support](https://docs.aws.amazon.com/finspace/latest/userguide/amazon-finspace-end-of-support.html). 

# Setting up an Amazon FinSpace environment
Setting up the environment

**Important**  
Amazon FinSpace Dataset Browser will be discontinued on *March 26, 2025*. Starting *November 29, 2023*, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using [Amazon FinSpace with Managed Kdb Insights](https://aws.amazon.com/finspace/features/managed-kdb-insights/) will not be affected. For more information, review the [FAQ](https://aws.amazon.com/finspace/faqs/) or contact [AWS Support](https://aws.amazon.com/contact-us/) to assist with your transition.

An Amazon FinSpace environment is created from an AWS account. In this section, you sign up for an AWS account, create an administrator access, and create a FinSpace environment.

** **Topics** **
+ [

# Sign up for Amazon Web Services
](sign-up-for-aws.md)
+ [

# Create an Amazon FinSpace environment
](create-an-amazon-finspace-environment.md)
+ [

# Sample data bundles
](sample-data-bundle.md)

# Sign up for Amazon Web Services
Sign up for AWS

**Important**  
Amazon FinSpace Dataset Browser will be discontinued on *March 26, 2025*. Starting *November 29, 2023*, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using [Amazon FinSpace with Managed Kdb Insights](https://aws.amazon.com/finspace/features/managed-kdb-insights/) will not be affected. For more information, review the [FAQ](https://aws.amazon.com/finspace/faqs/) or contact [AWS Support](https://aws.amazon.com/contact-us/) to assist with your transition.

When you sign up for AWS, your account is automatically signed up for all services in AWS, including Amazon FinSpace. You are charged only for the services that you use.

If you already have an AWS account, skip to the next step.

## Sign up for an AWS account


If you do not have an AWS account, complete the following steps to create one.

**To sign up for an AWS account**

1. Open [https://portal.aws.amazon.com/billing/signup](https://portal.aws.amazon.com/billing/signup).

1. Follow the online instructions.

   Part of the sign-up procedure involves receiving a phone call or text message and entering a verification code on the phone keypad.

   When you sign up for an AWS account, an *AWS account root user* is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform [tasks that require root user access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks).

AWS sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to [https://aws.amazon.com/](https://aws.amazon.com/) and choosing **My Account**.

## Create a user with administrative access


After you sign up for an AWS account, secure your AWS account root user, enable AWS IAM Identity Center, and create an administrative user so that you don't use the root user for everyday tasks.

**Secure your AWS account root user**

1.  Sign in to the [AWS Management Console](https://console.aws.amazon.com/) as the account owner by choosing **Root user** and entering your AWS account email address. On the next page, enter your password.

   For help signing in by using root user, see [Signing in as the root user](https://docs.aws.amazon.com/signin/latest/userguide/console-sign-in-tutorials.html#introduction-to-root-user-sign-in-tutorial) in the *AWS Sign-In User Guide*.

1. Turn on multi-factor authentication (MFA) for your root user.

   For instructions, see [Enable a virtual MFA device for your AWS account root user (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/enable-virt-mfa-for-root.html) in the *IAM User Guide*.

**Create a user with administrative access**

1. Enable IAM Identity Center.

   For instructions, see [Enabling AWS IAM Identity Center](https://docs.aws.amazon.com//singlesignon/latest/userguide/get-set-up-for-idc.html) in the *AWS IAM Identity Center User Guide*.

1. In IAM Identity Center, grant administrative access to a user.

   For a tutorial about using the IAM Identity Center directory as your identity source, see [ Configure user access with the default IAM Identity Center directory](https://docs.aws.amazon.com//singlesignon/latest/userguide/quick-start-default-idc.html) in the *AWS IAM Identity Center User Guide*.

**Sign in as the user with administrative access**
+ To sign in with your IAM Identity Center user, use the sign-in URL that was sent to your email address when you created the IAM Identity Center user.

  For help signing in using an IAM Identity Center user, see [Signing in to the AWS access portal](https://docs.aws.amazon.com/signin/latest/userguide/iam-id-center-sign-in-tutorial.html) in the *AWS Sign-In User Guide*.

**Assign access to additional users**

1. In IAM Identity Center, create a permission set that follows the best practice of applying least-privilege permissions.

   For instructions, see [ Create a permission set](https://docs.aws.amazon.com//singlesignon/latest/userguide/get-started-create-a-permission-set.html) in the *AWS IAM Identity Center User Guide*.

1. Assign users to a group, and then assign single sign-on access to the group.

   For instructions, see [ Add groups](https://docs.aws.amazon.com//singlesignon/latest/userguide/addgroups.html) in the *AWS IAM Identity Center User Guide*.

## (Optional) Attach managed policies for creating FinSpace environment


To create a FinSpace environment, the user performing the actions must have IAM permissions for `AdministratorAccess` or must have the FinSpace managed policy attached to their role. This step is optional if the user has `AdministratorAccess` permissions. Create and attach FinSpace managed policies to the account you used to create the FinSpace environment. These policies grant permissions to create the FinSpace environment and superusers in an AWS account.

1. Create a managed policy on the JSON tab for FinSpace. For more information, see [Creating policies on the JSON tab](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html#access_policies_create-json-editor).

1. Use the following managed policy:

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "finspace:*"
            ],
            "Resource": "*"
        }
    ]
}
```

------

# Create an Amazon FinSpace environment
Create an environment

**Important**  
Amazon FinSpace Dataset Browser will be discontinued on *March 26, 2025*. Starting *November 29, 2023*, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using [Amazon FinSpace with Managed Kdb Insights](https://aws.amazon.com/finspace/features/managed-kdb-insights/) will not be affected. For more information, review the [FAQ](https://aws.amazon.com/finspace/faqs/) or contact [AWS Support](https://aws.amazon.com/contact-us/) to assist with your transition.

An Amazon FinSpace environment is created from an AWS account. To create a FinSpace environment, the user performing the actions must have IAM permissions for `AdministratorAccess` or the FinSpace managed policy attached to their role.

 **To create a FinSpace environment** 

1. Sign in to your AWS account and open FinSpace from the AWS Management Console. It is located under Analytics, and you can find it by searching for *FinSpace*. Your AWS account number is displayed for verification purposes.

1. Choose **Create Environment**.  
![\[A screenshot that shows how to create a FinSpace environment.\]](http://docs.aws.amazon.com/finspace/latest/userguide/images/02-getting-started/create-environment-Name-key.png)

1. Enter a name for your FinSpace environment under **Environment name**.

1. (Optional) Add **Environment description**.

1. Select a symmetric encryption KMS key to encrypt data in your FinSpace environment. If a KMS key is not available in the region where you want to create your FinSpace environment, create a new key.

   For more information, see [Creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the *AWS Key Management Service Developer Guide*

1. Select an authentication method for the environment from the following options:
**Warning**  
Selected authentication method cannot be changed once an environment is created.  
![\[A screenshot that shows the authentication method for creating an environment.\]](http://docs.aws.amazon.com/finspace/latest/userguide/images/02-getting-started/create-environment-auth-method.png)

   1.  **Email and password**: You must specify an initial superuser. A superuser has elevated permissions to create and manage application users, control application permissions and access all data. When the environment is completed performing setup, you will need to return to the FinSpace AWS console to obtain the sign in credentials from the environment details page. Enter the following information for the superuser:

      1. Enter the **Email address**.

      1. Enter **First name**.

      1. Enter **Last Name**.

   1.  **Single Sign On**:

      1. Enter the name of your SAML 2.0 Identity Provider (IdP) which will be used for authentication.

      1. You can choose to either upload SAML metadata document or enter the SAML metadata document URL issued by your IdP. Learn more about [SAML 2.0 based SSO](saml-sso.md) support in FinSpace.

      1. Provide the attribute definition from your SAML 2.0 compliant identity provider (IdP) for the email field. Refer to the documentation of your IdP to determine the correct format for the attribute. An example for email attribute is `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`.

1. Choose **Create Environment**. The environment creation process has now begun and it will take 50-60 minutes to finish in the background. You can return to other activities while the environment is being created.

![\[A screenshot that shows the create environment sample data bundles tags.\]](http://docs.aws.amazon.com/finspace/latest/userguide/images/02-getting-started/create-environment-bundles-tags.png)


After the environment is created, a domain URL will be generated which is the sign-in url for your FinSpace web application.

**Note**  
Review [Inter-network traffic privacy in Amazon FinSpace Dataset browser](inter-network-traffic-privacy.md) to ensure that your FinSpace web application is accessible to users.

## Setup additional superusers


After your Amazon FinSpace environment is created, you can create additional superusers and configure permission groups from within the FinSpace web application. A superuser has all permissions to take all actions in FinSpace. The first superuser is created when the environment is created in the AWS console page. After the superuser is created, the superuser uses the credentials to login to the FinSpace web application for the first time.

 **To create a superuser** 

1. Sign in to your AWS account in which the FinSpace environment was created and open FinSpace from the AWS management console. It is located under Analytics, and you can find it by searching for FinSpace. Your AWS account number is displayed for verification purposes.

1. Select the FinSpace environment for which a superuser will be created.

1. In the section, superusers, choose **Add superuser.** 

1. Enter the **Email address**.

1. Enter **First name**.

1. Enter **Last name**.

1. Choose **Next**. 

1. Review the superuser details.

1. Choose **Create and view credentials**. Note that if you have created an environment with SSO, you will not receive a temporary password as you will be authenticated with your IdP.

The credentials of superusers, who have yet to sign in, are listed in a banner at the top of the environment details page.

Share the credentials with the person designated as the superuser. The credentials are necessary to sign in to your FinSpace web application. The **Domain** is the sign-in url for your FinSpace web application.

## AWS tags


You can optionally assign tags to an Amazon FinSpace environment. A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define. If you're using AWS Identity and Access Management, you can control which users in your AWS account have permission to create, edit, or delete tags.

 **To add a new tag in your FinSpace environment** 

1. Sign in to your AWS account and open FinSpace from the AWS Management Console. It is located under Analytics, and you can find it by searching for *FinSpace*. Your AWS account number is displayed for verification purposes.

1. Select the FinSpace environment to manage and add tags.

1. Under the **Tags** section, choose **Manage Tags**.

1. To add a new tag, choose **Add new tag**. Add tag details.

1. Choose **Save changes**.

 **To delete an existing tag in your FinSpace environment** 

1. Sign in to your AWS account and open FinSpace from the AWS Management Console. It is located under Analytics, and you can find it by searching for FinSpace. Your AWS account number is displayed for verification purposes.

1. Select the FinSpace environment to manage and add tags.

1. Under the **Tags** section, choose **Manage Tags**.

1. Choose **Remove** for the tag you want to remove.

1. Choose **Save changes**.

# Sample data bundles


**Important**  
Amazon FinSpace Dataset Browser will be discontinued on *March 26, 2025*. Starting *November 29, 2023*, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using [Amazon FinSpace with Managed Kdb Insights](https://aws.amazon.com/finspace/features/managed-kdb-insights/) will not be affected. For more information, review the [FAQ](https://aws.amazon.com/finspace/faqs/) or contact [AWS Support](https://aws.amazon.com/contact-us/) to assist with your transition.

All environments have a Capital Markets Sample data bundle installed so you can browse, search and analyze this data to explore FinSpace.

The Capital Markets Sample data bundle includes sample datasets that contain trades and quotes data, example categories and controlled vocabularies. The sample datasets can also be used with the provided [example notebooks](example-notebook.md).