# All capabilities project profile The All capabilities project profile enables your Amazon SageMaker Unified Studio users to analyze data and build machine learning and generative AI models and applications powered by Amazon Bedrock, Amazon EMR, AWS Glue, Amazon Athena, Amazon SageMaker AI, and Amazon SageMaker Lakehouse. You can use the following procedures to create an all capabilities project profile. **Topics** + [ ## Configure all capabilities for your Amazon SageMaker unified domain ](#configure-all-capabilities) + [ ## Create an All capabilities project profile ](#create-all-capabilities-project-profile) ## Configure all capabilities for your Amazon SageMaker unified domain Complete the following procedure to configure all capabilities for your Amazon SageMaker unified domain. 1. Navigate to the Amazon SageMaker management console at [https://console.aws.amazon.com/datazone](https://console.aws.amazon.com/datazone) and use the region selector in the top navigation bar to choose the appropriate AWS Region. 1. Either create a new domain or choose an existing domain where you want to configure all capabilities. 1. On the domain's details page, under the **Next steps for your domain** section, choose the **Configure** button next to the **All capabilities**. 1. On the **Create project profile: All capabilities** page, in the **All capabilities** section, review the on-create and on-demand capabilities for this project profile. On-create capabilities are configured and ready to use when the project is created. On-demand capabilities can be configured when needed after project creation to control cost. 1. On the **Create project profile: All capabilities**, expand the **Default tooling blueprint deployment settings** section and review the settings, including the Tooling blueprint deployment account and region. **Important** Note that by configuring all capabilities for your domain (this procedure), you can only enable the Tooling blueprint in the same AWS account and region as your domain. To enable the Tooling blueprint in an account or region that's different from that of your domain's, see [Create an All capabilities project profile](#create-all-capabilities-project-profile) or [Custom project profile](custom.md). 1. On the **Create project profile: All capabilities**, in the **Enable blueprints** section, review the following blueprints that will be enabled for this project profile. **Important** Note that by configuring all capabilities for your domain (this procedure), you can only enable these blueprints in the same AWS account and region as your domain. To enable these blueprints in an account or region that's different from that of your domain's, see [Create an All capabilities project profile](#create-all-capabilities-project-profile) or [Custom project profile](custom.md). + MLExperiments + Workflows + LakehouseCatalog + EmrOnEc2 + Tooling + RedshiftServerless + LakeHouseDatabase + EmrServerless + AmazonBedrockGenerativeAI 1. On the **Create project profile: All capabilities** page, in the **Manage access role** section, specify a service role that gives Amazon SageMaker Unified Studio authorization to ingest and manage access to datashares, tables and views in Amazon Redshift. You can create a new or using an existing role. 1. On the **Create project profile: All capabilities** page, in the **Provisioning role** section, specify a service role that gives Amazon SageMaker Unified Studio authorization to ingest and manage access to datashares, tables and views in Amazon Redshift. 1. On the **Create project profile: All capabilities** page, in the **Amazon S3 bucket for blueprints** section, specify an Amazon S3 bucket for blueprints in your AWS account. 1. On the **Create project profile: All capabilities ** page, in the **Networking section**, specify a VPC in which to provision your Amazon SageMaker unified domain. VPCs tagged with Amazon SageMaker Unified Studio should be correctly configured. In the **Subnets** section, select at least 3 subnets in different **Availability Zones** that contain required VPC Endpoints. Private subnets are recommended, not all functionality is available when selecting public subnets. 1. In the **Data encryption** section, specify the encryption settings. Your data is encrypted by default with a key that AWS owns and manages for you. To choose a different key, customize your encryption settings. 1. In the **User role policy** section, you have the option to specify your own user role policy. Amazon SageMaker Unified Studio creates IAM roles for project users to perform data analytics, AI, and ML actions. You can attach your own AWS IAM policies to the role rather than using the default system-managed policy. This provides more granular control over permissions but requires knowledge of IAM policy configuration. The IAM policy must include all necessary permissions required for the service to function properly. 1. On the **Create project profile: All capabilities ** page, in the **Authorization - optional** section, specify who can use this project profile to create projects in all domain units. This can also be done per domain unit in Amazon SageMaker Unified Studio. Choose either **Selected users and groups** (select which users and groups are authorized to use this project profile) or **Allow all users and groups** (allow any user to use this project profile). **Note** Projects do not provide strong security isolation. To limit cross-domain and cross-project resource discovery you can consider creating projects in separate accounts. 1. Choose **Create project profile**. After you complete this procedure, your All capabilities project profile for this domain is created and all the supported blueprints for it are enabled. Your domain users can then proceed to use this project profile to create projects in Amazon SageMaker Unified Studio. ## Create an All capabilities project profile Complete the following procedure to create a All capabilities project profile for your Amazon SageMaker unified domain. Once this procedure is complete, your All capabilities project profile will only include the capabilities defined in the [Tooling blueprint](blueprints.md). To complete configuring all capabilities for your Amazon SageMaker unified domain, you must then use the **Blueprints** tab and configure the following blueprints for this project profile: + MLExperiments + Workflows + LakehouseCatalog + EmrOnEc2 + RedshiftServerless + LakeHouseDatabase + EmrServerless + AmazonBedrockGenerativeAI **Important** Note that when you enable a blueprint, by default, you are enabling it in the same region as your domain. When you are enabling blueprints for a project profile that is created and enabled in a different region from your domain, you must enable these blueprints in same region where this project profile is enabled (in addition to enabling this blueprint in the same region as your domain). You can do this via the **Regions** tab in the blueprint details page. This applies to all blueprints, including the Tooling blueprint. 1. Navigate to the Amazon SageMaker management console at [https://console.aws.amazon.com/datazone](https://console.aws.amazon.com/datazone) and use the region selector in the top navigation bar to choose the appropriate AWS Region. 1. Either create a new domain or choose an existing domain where you want to create a All capabilities project profile. 1. On the domain's details page, choose the **Project profiles** tab and then choose **Create**. 1. On the **Create project profile** page, in the **Project profile name and description** section, specify the name of the project profile and the description. 1. On the **Create project profile** page, in the **Project profile creation options** section, choose **Create from a template**, and then under **Project profile templates**, choose **All capabilities**. 1. On the **Create project profile** page, in the **Default tooling blueprint deployment settings** section, review the selections for the default deployment settings for the Tooling blueprint. 1. On the **Create project profile** page, in the **Project files storage** section, choose a storage configuration type from Amazon S3 - new and Git repository. For more information on storage types, see [._unified-storage.xml](._unified-storage.xml) **Important** Note that by creating this project profile from a template, you can either enable the Tooling blueprint in the same AWS account and region as your domain (prepopulated by default) or you can enable the Tooling blueprint in a different AWS account and region from this domain (an associated account). 1. On the **Create project profile** page, in the **Authorization - optional** section, specify who can use this project profile to create projects in all domain units. This can also be done per domain unit in the Amazon SageMaker Unified Studio. You can specify **Selected users and groups** or **Allow all users and groups** options. **Note** Projects do not provide strong security isolation. To limit cross-domain and cross-project resource discovery you can consider creating projects in separate accounts. 1. On the **Create project profile** page, in the **Project profile readiness** section, specify whether you want to enable this project profile on creation. Unless you check the **Enable project profile on creation** checkbox, your project profile is disabled and not available to use for Amazon SageMaker Unified Studio projects after its creation. Leaving a project profile in a disabled state upon creation gives you the opportunity to customize your blueprints before making the project profile available. 1. Choose **Create project profile**. **Important** After you complete this procedure, your All capabilities project profile will only include the capabilities defined in the [Tooling blueprint](blueprints.md). You can further customize this project profile and configure it to include all capabilities by using the **Blueprints** tab to enable the rest of its required blueprints. They are the following: MLExperiments Workflows LakehouseCatalog EmrOnEc2 RedshiftServerless LakeHouseDatabase EmrServerless AmazonBedrockGenerativeAI