Interface DataZoneDomainProps

IAM role with administrative privileges over the domain. Used for user management, resource configuration, and governance policy administration. Resolved via MDAA role helper.

Use cases: Domain administration; Governance policy management; Resource configuration

AWS: IAM role granted DataZone domain admin permissions

Validation: Required; valid MdaaRoleRef

Human-readable description of the domain's purpose and scope.

Use cases: Domain documentation; Organizational context

AWS: DataZone domain description

Validation: Optional; string

Hierarchical domain units for organizing projects and governance scopes within the domain.

Use cases: Organizational hierarchy; Project grouping; Governance scope isolation

AWS: DataZone domain units

Validation: Optional; valid NamedDomainUnits

Named groups to be added to the domain. Groups are SSO-only and identified by a friendly name mapped to an SSO group ID.

Use cases: Team-based domain access; SSO group provisioning

AWS: DataZone group profiles (SSO)

Validation: Optional; valid NamedDataZoneGroups

Associated account names granted ownership of the root domain unit, allowing project creation at the domain root. Names must match entries in the domain's associatedAccounts config.

Use cases: Cross-account root ownership; Delegated domain administration

AWS: DataZone root domain unit owner (account)

Validation: Optional; string array; names must match associatedAccounts keys

Group names granted ownership of the root domain unit. Names must match entries in the domain's groups config.

Use cases: Root-level domain administration; Team-based ownership

AWS: DataZone root domain unit owner (group)

Validation: Optional; string array; names must match domain groups keys

User names granted ownership of the root domain unit. Names must match entries in the domain's users config.

Use cases: Root-level domain administration; User-based ownership

AWS: DataZone root domain unit owner (user)

Validation: Optional; string array; names must match domain users keys

Controls how users are assigned to the domain. MANUAL requires explicit assignment; AUTOMATIC assigns users based on organizational policies.

Use cases: User provisioning control; Automated vs. manual user onboarding

AWS: DataZone domain user assignment mode

Validation: Optional; 'MANUAL' | 'AUTOMATIC'

Named users to be added to the domain. Each user is identified by a friendly name and can be IAM-based or SSO-based.

Use cases: Individual domain access; IAM and SSO user provisioning

AWS: DataZone user profiles (IAM or SSO)

Validation: Optional; valid NamedDataZoneUsers