Managing access to Amazon Braket - Amazon Braket

Managing access to Amazon Braket

This chapter describes the permissions that are required to run Amazon Braket, or to restrict the access of specific users and roles. You can grant (or deny) the required permissions to any user or role in your account. To do so, attach the appropriate Amazon Braket policy to that user or role in your account as described in the following sections.

As a prerequisite, you must enable Amazon Braket. To enable Braket, be sure to sign in as a user or role that has (1) administrator permissions or (2) is assigned the AmazonBraketFullAccess policy and has permissions to create Amazon Simple Storage Service (Amazon S3) buckets.

Amazon Braket resources

Braket creates one type of resource: the quantum-task resource. The AWS Resource Name (ARN) for this resource type is as follows:

  • Resource Name: AWS::Service::Braket

  • ARN Regex: arn:${Partition}:braket:${Region}:${Account}:quantum-task/${RandomId}

Notebooks and roles

You can use the noteboook resource type in Braket. A notebook is an Amazon SageMaker AI resource that Braket is able to share. To use a notebook with Braket, you must specify an IAM role with a name that begins with AmazonBraketServiceSageMakerNotebook.

To create a notebook, you must use a role with admin permissions or that has the following inline policy attached to it.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:CreateRole", "Resource": "arn:aws:iam::*:role/service-role/AmazonBraketServiceSageMakerNotebookRole*" }, { "Effect": "Allow", "Action": "iam:CreatePolicy", "Resource": [ "arn:aws:iam::*:policy/service-role/AmazonBraketServiceSageMakerNotebookAccess*", "arn:aws:iam::*:policy/service-role/AmazonBraketServiceSageMakerNotebookRole*" ] }, { "Effect": "Allow", "Action": "iam:AttachRolePolicy", "Resource": "arn:aws:iam::*:role/service-role/AmazonBraketServiceSageMakerNotebookRole*", "Condition": { "StringLike": { "iam:PolicyARN": [ "arn:aws:iam::aws:policy/AmazonBraketFullAccess", "arn:aws:iam::*:policy/service-role/AmazonBraketServiceSageMakerNotebookAccess*", "arn:aws:iam::*:policy/service-role/AmazonBraketServiceSageMakerNotebookRole*" ] } } } ] }

To create the role, follow the steps given in the Create a notebook page or have your administrator create it for you. Ensure that the AmazonBraketFullAccess policy is attached.

After you’ve created the role, you can reuse that role for all notebooks you launch in the future.