Optional ReadonlyiamOptional ReadonlyssoIAM Identity Center (SSO) user ID for federated domain access. Use this for SSO-based users; mutually exclusive with iamRole.
Use cases: SSO-based domain access; Federated identity; IAM Identity Center integration
AWS: DataZone SSO user profile linked to IAM Identity Center
Validation: Optional; valid SSO user ID; mutually exclusive with iamRole
IAM role reference for this user's domain access. The role is resolved via MDAA role helper (by ARN, name, or SSM ref). Use this for IAM-based users; mutually exclusive with ssoId.
Use cases: IAM-based domain access; Role-based user identity; Non-SSO environments
AWS: IAM role associated as a DataZone user profile
Validation: Optional; valid MdaaRoleRef; mutually exclusive with ssoId