> ## Documentation Index
> Fetch the complete documentation index at: https://docs.labelbox.com/llms.txt
> Use this file to discover all available pages before exploring further.

# IAM integration

> Using IAM delegated access integrations is the recommended option for all cloud users. See [Cloud storage integrations](/docs/iam-delegated-access) for instructions on setting up cloud storage integrations on the Labelbox platform.

## Create a new organization's IAM integration

```python theme={null}
from labelbox.schema.iam_integration import (
    AwsIamIntegrationSettings,
    GcpIamIntegrationSettings,
    AzureIamIntegrationSettings,
)

organization = client.get_organization()

# AWS
aws_settings = AwsIamIntegrationSettings(
    role_arn="arn:aws:iam::123456789012:role/LabelboxDelegatedAccess",
    read_bucket="my-s3-bucket"
)

aws_integration = organization.create_iam_integration(
    name="My AWS Integration",
    settings=aws_settings
)

# GCP
gcp_settings = GcpIamIntegrationSettings(
    read_bucket="gs://my-gcp-bucket"
)

gcp_integration = organization.create_iam_integration(
    name="My GCP Integration",
    settings=gcp_settings
)

# Azure
azure_settings = AzureIamIntegrationSettings(
    read_container_url="https://mystorageaccount.blob.core.windows.net/mycontainer",
    tenant_id="your-tenant-id",
    client_id="your-client-id",  # Optional for creation
    client_secret="your-client-secret"  # Optional for creation
)

azure_integration = organization.create_iam_integration(
    name="My Azure Integration",
    settings=azure_settings
)
```

## Update an IAM integration

```python theme={null}
# AWS
updated_aws_settings = AwsIamIntegrationSettings(
    role_arn="arn:aws:iam::123456789012:role/UpdatedLabelboxRole",
    read_bucket="my-updated-s3-bucket"
)

aws_integration.update(
    name="Updated AWS Integration",
    settings=updated_aws_settings
)

# GCP
updated_gcp_settings = GcpIamIntegrationSettings(
    read_bucket="gs://my-updated-gcp-bucket"
)

gcp_integration.update(
    name="Updated GCP Integration",
    settings=updated_gcp_settings
)

# Azure
updated_azure_settings = AzureIamIntegrationSettings(
    read_container_url="https://updatedstorageaccount.blob.core.windows.net/mycontainer",
    tenant_id="updated-tenant-id"
)

azure_integration.update(
    name="Updated Azure Integration",
    settings=updated_azure_settings
)
```

## Set an IAM integration as default

```python theme={null}
iam_integration.set_as_default()
```

## Validate an IAM integration

```python theme={null}
iam_integration.validate()
```

## List your organization's IAM integrations

```python theme={null}
import labelbox as lb

client = lb.Client("<YOUR_API_KEY>")
organization = client.get_organization()
iam_integrations = organization.get_iam_integrations()

for integration in iam_integrations:
	print(integration)
```

## Get the default IAM integration

```
default_integration = organization.get_default_iam_integration()
```

## Set IAM integration during dataset creation

Each dataset can have only one IAM integration. Use the `iam_integration` optional field for `client.create_dataset`.

If not set, it will use the default integration of your organization.

You can then upload data rows using the cloud storage URLs.

```python theme={null}
iam_integration = organization.get_iam_integrations()[1] 
dataset = client.create_dataset(name="IAM manual demo", iam_integration=iam_integration)
```

## Override default integration during dataset creation

You can override the default integration when creating a dataset.

```python theme={null}
dataset = client.create_dataset(name="IAM manual demo", iam_integration=None)
```

## Update dataset integration

You can change the current integration of a dataset with `add_iam_integration`.

```python theme={null}
# Get all IAM integrations
iam_integrations = client.get_organization().get_iam_integrations()
 
 # Get IAM integration id
iam_integration_id = [integration.uid for integration
   in iam_integrations
   if integration.name == "My S3 integration"][0]

# Set IAM integration for integration id
dataset.add_iam_integration(iam_integration_id)


 # Get IAM integration object
iam_integration = [integration.uid for integration
   in iam_integrations
   if integration.name == "My S3 integration"][0]

# Set IAM integration for IAMIntegrtion object
dataset.add_iam_integration(iam_integration)
```

## Remove/Unselect dataset integration

```python theme={null}
dataset.remove_iam_integration()
```

## Upload data rows with delegated access

Make sure the type of IAM integration matches your data rows' cloud storage, then use the URL for the `row_data` field to upload data rows.

```python theme={null}
# Some examples: 
datarows = [{"row_data": "https://<bucket-name>.s3.<region>.amazonaws.com/<key>"}] # Amazon S3
datarows = [{"row_data": "gs://gcs-lb-demo-bucket/test.png"}] # Google Cloud Storage
datarows = [{"row_data": "https://labelboxdatasets.blob.core.windows.net/datasets/geospatial/001.jpg"}] # Microsoft Azure Blob Storage

task1 = dataset.create_data_rows(datarows)
task1.wait_till_done()
```