# Projects A project in Amazon SageMaker Unified Studio is a boundary within a domain where you can collaborate with other users to work on a business use case. In projects, you can create and share data and resources. When you are added to a project, you gain access to relevant files and tools within that project, such as resources to create and deploy machine learning models. You can create new files and resources for the project, manage existing resources, and share work with other users on the same project. After you gain access to Amazon SageMaker Unified Studio, you can create a new project or become added to an existing project by another user. The tools and resources available in the project are based on the project profile that is used to create a project. For more information about accessing Amazon SageMaker Unified Studio, see [Access Amazon SageMaker Unified Studio](getting-started-access-the-portal.md). There are two types of domains that your admin can create in the Amazon SageMaker Unified Studio management console. If your admin grants you access to an Amazon DataZone domain, see [Amazon DataZone projects and environments](https://docs.aws.amazon.com/datazone/latest/userguide/working-with-projects.html) in the Amazon DataZone User Guide. The sections in this guide describe projects in an Amazon SageMaker unified domain. **Note** To join a project, you must create a project yourself or be added to a project by a project owner. **Topics** + [ # Create a new project ](create-new-project.md) + [ # Get project details ](view-project-details.md) + [ # Edit a project ](edit-project.md) + [ # Update a project ](update-project.md) + [ # Move a project to a different domain unit ](move-project.md) + [ # Delete a project ](delete-project.md) + [ # Add project members ](add-project-members.md) + [ # Remove project members ](remove-project-members.md) + [ # Using a project with trusted identity propagation enabled ](using-project-tip.md) # Create a new project In Amazon SageMaker Unified Studio, projects enable a group of users to collaborate on various business use cases. Within projects, you can manage data assets in the Amazon SageMaker Unified Studio catalog, perform data analysis, organize workflows, develop machine learning models, build generative AI apps, and more. In order to create a project in Amazon SageMaker Unified Studio, you must gain access to Amazon SageMaker Unified Studio. A domain unit owner must also grant you access to create projects through an authorization policy. For more information, see [Domain units and authorization policies in Amazon SageMaker Unified Studio](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/domain-units.html). When you create a project, you choose a name and description, customize parameters for project resources, and then review selections. ## Step 1: Project name and description To begin creating a project, navigate to the Amazon SageMaker Unified Studio landing page and choose **Create project**. The Project name and description includes the following fields: + Project name - The name of your Amazon SageMaker Unified Studio project. Enter a name here. The name of the project can not be edited after the project is created. + Description - An optional description of your project. You can edit this later. + Domain unit - The business-level entity that lets your team organize and manage policies for business needs in the project. If nobody in the domain has created domain units, you create a project in the root domain unit by default and no action is needed here. If domain units have been created, select the name of the domain unit you want your project to be in. For more information, see [Domain units and authorization policies in Amazon SageMaker Unified Studio](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/domain-units.html). + Project profile - Project profiles define which resources and tools should be provisioned in the project. These include tools and compute resources for SQL, data science, data engineering, and machine learning development. Project profiles can include resources and tools from Amazon Redshift, Amazon SageMaker AI, and other AWS services. Select the project profile that contains the resources and tools you will need to use in your project. The project profiles available for you to choose from are defined by your administrator in the Amazon SageMaker Unified Studio management console. For more information, see the Amazon SageMaker Unified Studio Administrator Guide. After you fill in the fields for project creation, choose **Continue** to customize parameters. ## Step 2: Customize parameters On the next page of project creation, select a project file storage — Amazon S3 storage or Git repository for your project code artifacts. You can view and edit the names and values for different resources that are created when the project is created. For S3 storage, you will be provided with a link to a shared folder. For more information on Amazon S3 storage for Amazon SageMaker Unified Studio, refer to [Unified storage](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/storage.html) in Amazon SageMaker Unified Studio storage. **Note** Some of the parameter values might be determined by your admin or by the default value from the environment blueprint, according to the configurations that your admin has set in the Amazon SageMaker Unified Studio management console. If you are not able to view or change a parameter value that you want to specify, contact your admin to edit the configurations. For more information, see [Manage Tooling blueprint parameters](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/manage-tooling-blueprint.html). ### Connect to a Git repository As part of this process, if your admin has configured the parameters to be editable, you can choose a Git repository to connect to your project. You can choose to connect your project to an existing third-party Git repository or create a new Git repository to connect to. **Important** When you connect a project to a third-party Git repository, all users who can sign in to any domain in the account have read and write access to all repositories on that connection. This access is not limited to the project or domain where the connection was created. To enforce isolation between repositories, use separate AWS accounts. Do not store sensitive information in connected repositories unless all users in the account are authorized to access it. #### To connect to an existing 3P Git repository 1. In the Git connection dropdown, select a connection from AWS CodeConnections that is enabled for Amazon SageMaker Unified Studio. Available Git connections are provided by your administrator in the Amazon SageMaker Unified Studio management console. 1. Select either the Existing repository and existing branch or Existing repository and new branch radio button. Then in the Repository name dropdown, you will see a list of repositories accessible with the connection. 1. Select the name of the repository you want to connect your project to. 1. In the branch name dropdown, either select an existing branch, or enter a branch name to create a new one. #### To create a new Git repository 1. In the Git connection dropdown, select a connection from AWS CodeConnections that is enabled for Amazon SageMaker Unified Studio. Available Git connections are provided by your administrator in the Amazon SageMaker Unified Studio management console. 1. Select the New repository and new branch radio button. 1. Provide a name for the repository. 1. Enter a name for the branch you want to create within the new repository. The new repository and branch will then be created when the project is created. Depending on which project profile you are using to create a project and what parameters your admin has configured to be editable, you might have other fields to choose parameters for. When you have chosen the parameters you want, choose **Continue** to review the selections. ## Step 3: Review Use the last page of project creation to review the configurations you have selected. When everything is configured as desired on the project creation review page, choose **Create project**. You are then redirected to the project home page. It might take a few minutes before the project is created and you can access tools. ## Next steps After you create a project, you can add members and resources to the project and begin using tools. There are many ways to get started building your project, including the following options: + Add members to your project to collaborate together. For more information, see [Add project members](add-project-members.md). + Add data to your project. For more information, see [Data](data.md). + Add compute resources to your project. For more information, see [Compute](compute.md). + Find, train, and deploy machine learning models. For more information, see [Machine learning](sagemaker.md). + Use Amazon Bedrock in SageMaker Unified Studio to create generative AI apps. For more information, see [Amazon Bedrock in SageMaker Unified Studio](bedrock.md). # Get project details An Amazon SageMaker Unified Studio project contains essential configuration details that you may need to access for various development, deployment, and administrative tasks. The following section provides information on how to navigate to your **Project details** page, which includes key information and metadata. The **Project details** page includes: + Project ID + Project role ARN + Amazon S3 location + Domain unit name + Domain ID **To navigate to your **Project details** page** 1. Navigate to Amazon SageMaker Unified Studio using the URL from your admin and log in using your IAM Identity Center (SSO) or AWS credentials. For more information, see [Access Amazon SageMaker Unified Studio](getting-started-access-the-portal.md). 1. If not open already, navigate to the Amazon SageMaker Unified Studio home page by choosing the icon located at the top left corner of the page. 1. Under **Your projects**, choose your project. 1. If not open already, choose the **Project details** tab. ## View the SageMaker AI domain details associated with your project A SageMaker AI domain is created for your Amazon SageMaker Unified Studio Project. You may need to update your SageMaker AI domain to update your Amazon SageMaker Unified Studio Project. Use the following instructions to get the associated SageMaker AI domain details. **Note** The domain ID in [Get project details](#view-project-details) is *not* the same as your SageMaker AI domain ID. **To get your SageMaker AI domain details** 1. Navigate to your **Project details** tab. For more information, see [Get project details](#view-project-details). 1. Copy your **Project ID**. 1. Navigate to the [Amazon Amazon SageMaker AI console](https://console.aws.amazon.com/sagemaker). 1. Expand the **Admin configurations** section. 1. Under **Admin configurations**, choose **Domains**. 1. From the list of domains, find the domain name that contains the **Project ID** you copied above. You can use the search function on that page. 1. Choose the hyperlink of your domain to view your **Domain details**. # Edit a project In Amazon SageMaker Unified Studio, projects enable a group of users to collaborate on various business use cases. Within projects, you can manage data assets in the Amazon SageMaker Unified Studio catalog, perform data analysis, organize workflows, develop machine learning models, build generative AI apps, and more. To edit an Amazon SageMaker Unified Studio project, you must be the owner of that project or the domain administrator of the domain that contains this project. Project owners can edit the project in the following ways: + Adding members to a project. For more information, see [Add project members](add-project-members.md). + Removing members from a project. For more information, see [Remove project members](remove-project-members.md). + Updating project parameters. For more information, see [Update a project](update-project.md). + Changing a project description. To change the project description in an existing project, complete the following steps. 1. Navigate to Amazon SageMaker Unified Studio using the URL from your admin and log in using your SSO or AWS credentials. 1. Choose **Select a project**. 1. If you don't see the name of your project under **Recently updated projects**, choose **Browse all projects**. 1. Choose the project that you want to edit. If you don't readily see it in the list of projects, you can search for it by specifying the project name in the **Search projects** field. 1. On the **Project overview** page, choose the edit icon next to **Description**. An editable text box appears. 1. Input the changes you want to make in the text box. 1. Choose the checkmark to save your changes. # Update a project You and your admin can make changes to project settings and parameters by updating a project. There are three different kinds of project updates: + Service-initiated updates. Projects are made up of blueprints that set up resources using different AWS services, and sometimes these services require updates to their parameters due to feature changes or security initiatives. + Admin-initiated updates. The Amazon SageMaker Unified Studio domain admin can edit or update blueprint parameters for a project in the Amazon SageMaker Unified Studio management console after that project has been created. When this happens, project owners in Amazon SageMaker Unified Studio must update the project for the changes to take effect. + Owner-initiated updates. Amazon SageMaker Unified Studio project owners can update certain parameters. Some parameters are not modifiable, and other parameters are modifiable if the domain admins configure them to be editable in the Amazon SageMaker Unified Studio management console. The project owners can then make updates to modifiable parameters in Amazon SageMaker Unified Studio. When a service-initiated update or admin-initiated update occurs and a project is eligible for updating, a blue banner appears to notify project owners of the change. Project owners can then update the project to implement the changes. **Note** If a service or admin has initiated an update by updating relevant blueprints, the project owner must update the project so that project members can use all project capabilities. The project capabilities might be limited until the project owner completes the update. Project owners can initiate updates to some project parameters if their domain admin has made those parameters editable. To update a project, complete the following steps: 1. Navigate to Amazon SageMaker Unified Studio using the URL from your admin and log in using your SSO or AWS credentials. 1. From the top center menu, choose **Browse all projects**. 1. Select the name of the project to navigate to that project. 1. On the **Project overview** page, choose **Actions > Update project**. 1. (Optional) Review the information in the **Domain updates** section, if applicable. 1. Review the information in the **Project profile updates** section. 1. Review the information in **Environment updates**. 1. Choose **Show update parameters** in each section to review and update the modifiable parameters as desired. If there are other parameters that you want to update that are listed as non-modifiable, contact your admin. 1. Choose **Update project**. Updating a project might take a few minutes as resources are deployed. When the update is complete, you can use your project with the updated parameters. # Move a project to a different domain unit Move a project You can move a project from one domain unit to another. To move a project to a different domain unit in Amazon SageMaker Unified Studio, you must meet the following requirements: + You must have a policy grant for project creation in the domain unit to which you are moving the project. + All members of the project must have project membership permissions in the domain unit to which you are moving the project. + You must be a domain unit owner in the domain unit to which you're moving the project. + You must be an owner of the project. To move an existing project to a different domian unit, complete the following steps: 1. Navigate to Amazon SageMaker Unified Studio using the URL from your admin and log in using your SSO or AWS credentials. 1. Choose **Browse projects**. 1. Choose the project that you want to move. 1. Expand **Actions** and choose **Move project**. 1. Select the domain unit that you want to move this project to and then choose **Move project**. # Delete a project The act of deleting a project is final. Deletion irrevocably deletes the project’s contents, including compute instances, data sources, queries, and more, and all the content within those project resources. Deleting a project does not delete non-Amazon SageMaker Unified Studio AWS resources that Amazon SageMaker Unified Studio might have helped you create. If you no longer need these AWS resources, delete them in their respective AWS service and account. For example, if you create Amazon Bedrock model evaluation jobs in Amazon Bedrock in SageMaker Unified Studio, the jobs that aren't automatically deleted when you delete the project. You will need to use the Amazon Bedrock console to delete the model evaluation jobs. Contact your administrator if you don't have access to the Amazon Bedrock in SageMaker Unified Studio console. To delete an Amazon SageMaker Unified Studio project, you must be an owner of the project. To delete an existing project, complete the following steps. 1. Navigate to Amazon SageMaker Unified Studio using the URL from your admin and log in using your SSO or AWS credentials. 1. Choose **Select a project**. 1. If you don't see the name of your project under **Recently updated projects**, choose **Browse all projects**. 1. Choose the project that you want to delete. If you don't readily see it in the list of projects, you can search for it by specifying the project name in the **Search projects** field. 1. On the **Project overview** page, expand **Actions** and choose **Delete project**. Review the informational warnings about the potential impact of deleting the project. 1. If you accept the warnings, then type in the confirmation text and choose **Delete project**. **Important** Deleting a project is an irrevocable action that cannot be undone by you or by AWS. # Add project members In Amazon SageMaker Unified Studio, projects enable a group of users to collaborate on various business use cases. Within projects, you can manage data assets in the Amazon SageMaker Unified Studio catalog, perform data analysis, organize workflows, develop machine learning models, build generative AI apps, and more. A project member can be a user or a group of users, and a project can have a maximum of 20 members. There are two different roles that members can have: + **Contributor**: These members can contribute to the project. + **Owner**: These members can contribute to the project, add members to the project, and remove members of the project. They can also edit the project description or delete the project. The person who creates the project has the role of Owner by default. There are three different kinds of members you can add: + Single sign-on (SSO) users. An SSO user can sign into Amazon SageMaker Unified Studio using credentials from IAM Identity Center or another SSO source. + SSO groups. You can add groups of users created in IAM Identity Center. An SSO group is considered one project member. + IAM principals (roles or users). An IAM user can sign into Amazon SageMaker Unified Studio with their IAM credentials. Note that IAM roles can't access Amazon SageMaker Unified Studio directly and must contribute to the project programmatically. To add members to an existing project, complete the following steps. 1. Navigate to Amazon SageMaker Unified Studio using the URL from your admin and log in using your SSO or AWS credentials. 1. Choose **Select a project**. 1. If you don't see the name of your project under **Recently updated projects**, choose **Browse all projects**. 1. Choose the project that you want to edit. If you don't readily see it in the list of projects, you can search for it by specifying the project name in the **Search projects** field. 1. On the **Project overview** page, expand **Actions** and choose **Manage members**. 1. Choose **Add members**. 1. Enter the name of the user or group you want to add in the search bar, and select the name from the list. 1. Select **Contributor** if you want to add the project member as a contributor, or choose **Owner** if you want to add the project member as a project owner. 1. (Optional) Repeat these steps to add more project members. You can add up to 8 project members at a time. 1. Choose **Add members**. # Remove project members In Amazon SageMaker Unified Studio, projects enable a group of users to collaborate on various business use cases. Within projects, you can manage data assets in the Amazon SageMaker Unified Studio catalog, perform data analysis, organize workflows, develop machine learning models, build generative AI apps, and more. A project member can be a user or a group of users, and a project can have a maximum of 20 members. To remove members from a project, you must be an owner of that project. To remove members from an existing project, complete the following steps. 1. Navigate to Amazon SageMaker Unified Studio using the URL from your admin and log in using your SSO or AWS credentials. 1. Choose **Select a project**. 1. If you don't see the name of your project under **Recently updated projects**, choose **Browse all projects**. 1. Choose the project that you want to edit. If you don't readily see it in the list of projects, you can search for it by specifying the project name in the **Search projects** field. 1. On the **Project overview** page, expand **Actions** and choose **Manage members**. 1. Select the member or members you want to remove from the project. You can remove up to 8 members at a time. 1. Choose **Remove members**. A popup window appears so that you can confirm this action. 1. Choose **Remove members**. Members that you remove from the project will no longer have access to files and data in that project. The assets that were created by those project members remain in the project inventory. # Using a project with trusted identity propagation enabled Trusted identity propagation in IAM Identity Center enables administrators of AWS services to grant permissions based on user attributes, such as user ID or group associations. With trusted identity propagation, identity context is added to an IAM role to identify the user requesting access to AWS resources. This context is propagated to other AWS services. For more information on how to enable trusted identity propagation in Amazon SageMaker Unified Studio, see [Trusted Identity Propagation](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/trusted-identity-propagation.html) in the Amazon SageMaker Unified Studio Administrator Guide. Currently in Amazon SageMaker Unified Studio, you can use trusted identity propagation in the following use cases: + If you want to use Amazon SageMaker Unified Studio to run Amazon Athena queries using your single sign-on (SSO) user or group credentials. + If you want to use Amazon SageMaker Unified Studio to connect to your existing Amazon Redshift clusters or Amazon Redshift Serverless endpoints that are IAM Identity Center enabled and run Amazon Redshift queries that are authorized based on your SSO credentials. Once your administrator has enabled trusted identity propagation for your Amazon SageMaker unified domain, you can use this feature in your Amazon SageMaker Unified Studio projects. The procedures below describe the currently supported use cases. **Topics** + [ ## Create a new project with trusted identity propagation ](#create-new-project-tip) + [ ## Working with Amazon Athena with trusted identity propagation ](#athena-workgroup-tip) + [ ## Connect to existing Amazon Redshift clusters or Serverless endpoints with trusted identity propagation ](#create-redshift-connection-tip) ## Create a new project with trusted identity propagation First, you need to create a new project in your trusted identity propagation-enabled domain. In the current release of Amazon SageMaker Unified Studio, trusted identity propagation is only supported for projects that are created starting with 07/23/2025 and beyond. Trusted identity propagation is NOT supported for projects that were created prior to 07/23/2025 even if they live in a domain that has trusted identity propagation enabled. You can follow the steps in [Create a new project](create-new-project.md) to create your trusted identity propagation enabled project. When selecting a project profile with which you create your project, make sure to select a project profile that has configured/set `enableTIPPermissions` to true. ## Working with Amazon Athena with trusted identity propagation Once you create a project with trusted identity propagation enabled, this project launches a default connection to an Amazon Athena workgroup - you can see AWS Data Catalog under Lakehouse in the query editor's data explorer tab. You can then use the query editor to write and run queries against this Amazon Athena workgroup. Your access to the data in this Amazon Athena workgroup is authorized through your SSO credentials due to trusted identity propagation. **Considerations and limitations for this use case:** + There is only one connection for Athena in SM US (by design). Setting `enableTrustedIdentityPropagation` to true on an existing project does not create a new blueprint that can authorize on trusted identity propagation credentials. + In the current release of Amazon SageMaker Unified Studio, the default project database which provides project users with data access based on their roles is not displayed in the query editor's data explorer tab in this new project with trusted identity propagation enabled. project role-based data access, will not appear in the SQL Editor's data explorer. + Currently, users cannot use their SSO credentials via trusted identity propagation to subscribe to or publish data. Users can create a separate project without trusted identity propagation to view the default project data catalog and use the subscriptions capability. + When a project has trusted identity propagation enabled, as you mouse over the nodes in the data explorer tab in the query editor, you'll see a tip informing you that all data authorization in this project is based on user SSO credentials with trusted identity propagation. + In the current release of Amazon SageMaker Unified Studio, in Jupyter Lab, Visual ETL, and other tools where Amazon Athena is used but where trusted identity propagation is currently NOT supported, data explorer displays the default project database and users are authorized to access this data based on the project role. ## Connect to existing Amazon Redshift clusters or Serverless endpoints with trusted identity propagation Within trusted identity propagation-enabled project, you can connect to an existing Amazon Redshift provisioned cluster or Amazon Redshift Serverless endpoint and then run queries against that data with your SSO credentials. You can follow the steps described in [Connecting to an existing Amazon Redshift resource](adding-a-existing-compute-connection.md), and under **Authentication**, make sure to select **IAM Identity Center** since you want to access the resource with you SSO credentials and run Amazon Redshift queries in Amazon SageMaker Unified Studio with trusted identity propagation. **Considerations and limitations for this use case:** + When trusted identity propagation is enabled in a project, there is no default connection for Amazon Redshift. Users have to explicitly create a connection to an existing Amazon Redshift cluster or serverless endpoint that supports IdC with trusted identity propagation. For more information, see [Connect to existing Amazon Redshift clusters or Serverless endpoints with trusted identity propagation](#create-redshift-connection-tip) + Currently, users cannot use their SSO credentials via trusted identity propagation to subscribe to or publish data products. + Trusted identity propagation is only supported if your Amazon SageMaker Unified Studio project and your Amazon Redshift cluster or serverless endpoint are in the same AWS account. + Currently, IAM identity Center does not support trusted identity propagation across regions. Therefore, your IAM Identity Center instance and your Amazon SageMaker unified domain must be in the same AWS account.