SageMaker APIIzin Amazon: Tindakan, Izin, dan Referensi Sumber Daya

Saat menyiapkan kontrol akses dan menulis kebijakan izin yang dapat dilampirkan ke IAM identitas (kebijakan berbasis identitas), gunakan tabel berikut sebagai referensi. Tabel mencantumkan setiap SageMaker API operasi Amazon, tindakan terkait yang dapat Anda berikan izin untuk melakukan tindakan, dan AWS sumber daya yang dapat Anda berikan izin. Anda menentukan tindakan dalam bidang Action kebijakan, dan Anda menentukan nilai sumber daya pada bidang Resource kebijakan.

catatan

Kecuali untuk ListTagsAPI, pembatasan tingkat sumber daya tidak tersedia pada panggilan. List- Setiap pengguna yang memanggil a List- API akan melihat semua sumber daya jenis itu di akun.

Untuk menyatakan kondisi dalam SageMaker kebijakan Amazon Anda, Anda dapat menggunakan tombol kondisi AWS-wide. Untuk daftar lengkap tombol AWS-wide, lihat Kunci yang Tersedia di Referensi Otorisasi Layanan.

Awas

Beberapa SageMaker API tindakan mungkin masih dapat diakses melaluiSearch API. Misalnya, jika pengguna memiliki IAM kebijakan yang menolak izin untuk Describe panggilan untuk SageMaker sumber daya tertentu, pengguna tersebut masih dapat mengakses informasi deskripsi melalui Penelusuran. API Untuk sepenuhnya membatasi akses pengguna ke Describe panggilan, Anda juga harus membatasi akses ke Pencarian. API Untuk daftar SageMaker sumber daya yang dapat diakses melalui PencarianAPI, lihat Referensi AWS CLI Perintah SageMaker Pencarian.

Gunakan bilah gulir untuk melihat seluruh tabel.

SageMaker APIOperasi Amazon dan Izin yang Diperlukan untuk Tindakan

SageMaker APIOperasi Amazon	Izin yang Diperlukan (APITindakan)	Sumber daya
`DeleteEarthObservationJob`	`sagemaker-geospatial:DeleteEarthObservationJob`	`arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id`
`DeleteVectorEnrichmentJob`	`sagemaker-geospatial:DeleteVectorEnrichmentJob`	`arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id`
`ExportEarthObservationJob`	`sagemaker-geospatial:ExportEarthObservationJob`	`arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id`
`ExportVectorEnrichmentJob`	`sagemaker-geospatial:ExportVectorEnrichmentJob`	`arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id`
`GetEarthObservationJob`	`sagemaker-geospatial:GetEarthObservationJob`	`arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id`
`GetRasterDataCollection`	`sagemaker-geospatial:GetRasterDataCollection`	`arn:aws:sagemaker-geospatial:region:account-id:raster-data-collection/public/id`
`GetTile`	`sagemaker-geospatial:GetTile`	`arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id`
`GetVectorEnrichmentJob`	`sagemaker-geospatial:GetVectorEnrichmentJob`	`arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id`
`ListEarthObservationJobs`	`sagemaker-geospatial:ListEarthObservationJobs`	`*`
`ListRasterDataCollections`	`sagemaker-geospatial:ListRasterDataCollections`	`*`
`ListTagsForResource`	`sagemaker-geospatial:ListTagsForResource`	`arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id`
`ListVectorEnrichmentJobs`	`sagemaker-geospatial:ListVectorEnrichmentJobs`	`*`
`SearchRasterDataCollection`	`sagemaker-geospatial:SearchRasterDataCollection`	`arn:aws:sagemaker-geospatial:region:account-id:raster-data-collection/public/id`
`StartEarthObservationJob`	`sagemaker-geospatial:StartEarthObservationJob`	`arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id`
`StartVectorEnrichmentJob`	`sagemaker-geospatial:StartVectorEnrichmentJob`	`arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id`
`StopEarthObservationJob`	`sagemaker-geospatial:StopEarthObservationJob`	`arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id`
`StopVectorEnrichmentJob`	`sagemaker-geospatial:StopVectorEnrichmentJob`	`arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id`
`TagResource`	`sagemaker-geospatial:TagResource`	`arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id`
`UntagResource`	`sagemaker-geospatial:UntagResource`	`arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id`
`AddTags`	`sagemaker:AddTags`	`arn:aws:sagemaker:region:account-id:*`
`CreateApp`	`sagemaker:CreateApp`	`arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName`
`CreateAppImageConfig`	`sagemaker:CreateAppImageConfig`	`arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName`
`CreateAutoMLJob`	`sagemaker:CreateAutoMLJob` `iam:PassRole` Izin berikut hanya diperlukan jika salah satu yang terkait `ResourceConfig` memiliki peran tertentu `VolumeKmsKeyId` dan peran terkait tidak memiliki kebijakan yang mengizinkan tindakan ini: `kms:CreateGrant`	`arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName`
`CreateAutoMLJobV2`	`sagemaker:CreateAutoMLJobV2` `iam:PassRole` Izin berikut hanya diperlukan jika salah satu yang terkait `ResourceConfig` memiliki peran tertentu `VolumeKmsKeyId` dan peran terkait tidak memiliki kebijakan yang mengizinkan tindakan ini: `kms:CreateGrant`	`arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName`
`CreateDomain`	`sagemaker:CreateDomain` `iam:CreateServiceLinkedRole` `iam:PassRole` Diperlukan jika kunci yang dikelola KMS pelanggan ditentukan untuk`KmsKeyId`: `elasticfilesystem:CreateFileSystem` `kms:CreateGrant` `kms:Decrypt` `kms:DescribeKey` `kms:GenerateDataKeyWithoutPlainText` Diperlukan untuk membuat domain yang mendukungRStudio: `sagemaker:CreateApp`	`arn:aws:sagemaker:region:account-id:domain/domain-id`
`CreateEndpoint`	`sagemaker:CreateEndpoint` `kms:CreateGrant`(diperlukan hanya jika yang terkait `EndPointConfig` memiliki yang `KmsKeyId` ditentukan)	`arn:aws:sagemaker:region:account-id:endpoint/endpointName` `arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName`
`CreateEndpointConfig`	`sagemaker:CreateEndpointConfig`	`arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName`
`CreateFlowDefinition`	`sagemaker:CreateFlowDefinition` `iam:PassRole`	`arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName`
`CreateHumanTaskUi`	`sagemaker:CreateHumanTaskUi`	`arn:aws:sagemaker:region:account-id:human-task-ui/humanTaskUiName`
`CreateInferenceRecommendationsJob`	`sagemaker:CreateInferenceRecommendationsJob` `iam:PassRole` Izin berikut hanya diperlukan jika Anda menentukan kunci enkripsi: `kms:CreateGrant` `kms:Decrypt` `kms:DescribeKey` `kms:GenerateDataKey`	`arn:aws:sagemaker:region:account-id:inference-recommendations-job/inferenceRecommendationsJobName`
`CreateHyperParameterTuningJob`	`sagemaker:CreateHyperParameterTuningJob` `iam:PassRole` Izin berikut hanya diperlukan jika salah satu yang terkait `ResourceConfig` memiliki peran tertentu `VolumeKmsKeyId` dan peran terkait tidak memiliki kebijakan yang mengizinkan tindakan ini: `kms:CreateGrant`	`arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJobName`
`CreateImage`	`sagemaker:CreateImage` `iam:PassRole`	`arn:aws:sagemaker:region:account-id:image/*`
`CreateImageVersion`	`sagemaker:CreateImageVersion`	`arn:aws:sagemaker:region:account-id:image-version/imageName/*`
`CreateLabelingJob`	pembuat sagemaker: CreateLabelingJob saya: PassRole	`arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName`
`CreateModel`	`sagemaker:CreateModel` `iam:PassRole`	`arn:aws:sagemaker:region:account-id:model/modelName`
`CreateModelPackage`	`sagemaker:CreateModelPackage`	`arn:aws:sagemaker:region:account-id:model-package/modelPackageName`
`CreateModelPackageGroup`	`sagemaker:CreateModelPackageGroup`	`arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName`
`CreateNotebookInstance`	`sagemaker:CreateNotebookInstance` `iam:PassRole` Izin berikut hanya diperlukan jika Anda menentukan VPC untuk instance buku catatan Anda: `ec2:CreateNetworkInterface` `ec2:DescribeSecurityGroups` `ec2:DescribeSubnets` `ec2:DescribeVpcs` Izin berikut hanya diperlukan jika Anda menentukan kunci enkripsi: `kms:DescribeKey` `kms:CreateGrant` Izin berikut hanya diperlukan jika Anda menentukan AWS rahasia Secrets Manager untuk mengakses repositori Git pribadi: `secretsmanager:GetSecretValue`	`arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName`
`CreatePipeline`	`sagemaker:CreatePipeline` `iam:PassRole`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name` `arn:aws-partition:iam::account-id:role/role-name`
`CreatePresignedDomainUrl`	`sagemaker:CreatePresignedDomainUrl`	`arn:aws:sagemaker:region:account-id:app/domain-id/userProfileName`/*
`CreatePresignedNotebookInstanceUrl`	`sagemaker:CreatePresignedNotebookInstanceUrl`	`arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName`
`CreateProcessingJob`	`sagemaker:CreateProcessingJob` `iam:PassRole` `kms:CreateGrant`(diperlukan hanya jika yang terkait `ProcessingResources` memiliki peran tertentu `VolumeKmsKeyId` dan peran terkait tidak memiliki kebijakan yang mengizinkan tindakan ini) `ec2:CreateNetworkInterface`(diperlukan hanya jika Anda menentukan aVPC)	`arn:aws:sagemaker:region:account-id:processing-job/processingJobName`
`CreateSpace`	`sagemaker:CreateSpace`	`arn:aws:sagemaker:region:account-id:space/domain-id/spaceName`
`CreateStudioLifecycleConfig`	`sagemaker:CreateStudioLifecycleConfig`	`arn:aws:sagemaker:region:account-id:studio-lifecycle-config/.*`
`CreateTrainingJob`	`sagemaker:CreateTrainingJob` `iam:PassRole` `kms:CreateGrant`(diperlukan hanya jika yang terkait `ResourceConfig` memiliki peran tertentu `VolumeKmsKeyId` dan peran terkait tidak memiliki kebijakan yang mengizinkan tindakan ini)	`arn:aws:sagemaker:region:account-id:training-job/trainingJobName`
`CreateTransformJob`	`sagemaker:CreateTransformJob` `kms:CreateGrant`(diperlukan hanya jika yang terkait `TransformResources` memiliki peran tertentu `VolumeKmsKeyId` dan peran terkait tidak memiliki kebijakan yang mengizinkan tindakan ini)	`arn:aws:sagemaker:region:account-id:transform-job/transformJobName`
`CreateUserProfile`	`sagemaker:CreateUserProfile` `iam:PassRole`	`arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName`
`CreateWorkforce`	`sagemaker:CreateWorkforce` `cognito-idp:DescribeUserPoolClient` `cognito-idp:UpdateUserPool` `cognito-idp:DescribeUserPool` `cognito-idp:UpdateUserPoolClient`	`arn:aws:sagemaker:region:account-id:workforce/*`
`CreateWorkteam`	`sagemaker:CreateWorkteam` `cognito-idp:DescribeUserPoolClient` `cognito-idp:UpdateUserPool` `cognito-idp:DescribeUserPool` `cognito-idp:UpdateUserPoolClient`	`arn:aws:sagemaker:region:account-id:workteam/private-crowd/work team name`
`DeleteApp`	`sagemaker:DeleteApp`	`arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName`
`DeleteAppImageConfig`	`sagemaker:DeleteAppImageConfig`	`arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName`
`DeleteDomain`	`sagemaker:DeleteDomain`	`arn:aws:sagemaker:region:account-id:domain/domainId`
`DeleteEndpoint`	`sagemaker:DeleteEndpoint`	`arn:aws:sagemaker:region:account-id:endpoint/endpointName`
`DeleteEndpointConfig`	`sagemaker:DeleteEndpointConfig`	`arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName`
`DeleteFlowDefinition`	`sagemaker:DeleteFlowDefinition`	`arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName`
`DeleteHumanLoop`	`sagemaker:DeleteHumanLoop`	`arn:aws:sagemaker:region:account-id:human-loop/humanLoopName`
`DeleteImage`	`sagemaker:DeleteImage`	`arn:aws:sagemaker:region:account-id:image/imageName`
`DeleteImageVersion`	`sagemaker:DeleteImageVersion`	`arn:aws:sagemaker:region:account-id:image-version/imageName/versionNumber`
`DeleteModel`	`sagemaker:DeleteModel`	`arn:aws:sagemaker:region:account-id:model/modelName`
`DeleteModelPackage`	`sagemaker:DeleteModelPackage`	`arn:aws:sagemaker:region:account-id:model-package/modelPackageName`
`DeleteModelPackageGroup`	`sagemaker:DeleteModelPackageGroup`	`arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName`
`DeleteModelPackageGroupPolicy`	`sagemaker:DeleteModelPackageGroupPolicy`	`arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName`
`DeleteNotebookInstance`	`sagemaker:DeleteNotebookInstance` Izin berikut hanya diperlukan jika Anda menetapkan VPC untuk instance buku catatan Anda: `ec2:DeleteNetworkInterface` Izin berikut hanya diperlukan jika Anda menetapkan kunci enkripsi saat membuat instance notebook: `kms:DescribeKey`	`arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName`
`DeletePipeline`	`sagemaker:DeletePipeline`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name`
`DeleteSpace`	`sagemaker:DeleteSpace`	`arn:aws:sagemaker:region:account-id:space/domain-id/spaceName`
`DeleteTags`	`sagemaker:DeleteTags`	`arn:aws:sagemaker:region:account-id:*`
`DeleteUserProfile`	`sagemaker:DeleteUserProfile`	`arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName`
`DeleteWorkforce`	`sagemaker:DeleteWorkforce`	`arn:aws:sagemaker:region:account-id:workforce/*`
`DeleteWorkteam`	`sagemaker:DeleteWorkteam`	`arn:aws:sagemaker:region:account-id:workteam/private-crowd/*`
`DescribeApp`	`sagemaker:DescribeApp`	`arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName`
`DescribeAppImageConfig`	`sagemaker:DescribeAppImageConfig`	`arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName`
`DescribeAutoMLJob`	`sagemaker:DescribeAutoMLJob`	`arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName`
`DescribeAutoMLJobV2`	`sagemaker:DescribeAutoMLJobV2`	`arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName`
`DescribeDomain`	`sagemaker:DescribeDomain`	`arn:aws:sagemaker:region:account-id:domain/domainId`
`DescribeEndpoint`	`sagemaker:DescribeEndpoint`	`arn:aws:sagemaker:region:account-id:endpoint/endpointName`
`DescribeEndpointConfig`	`sagemaker:DescribeEndpointConfig`	`arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName`
`DescribeFlowDefinition`	`sagemaker:DescribeFlowDefinition`	`arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName`
`DescribeHumanLoop`	`sagemaker:DescribeHumanLoop`	`arn:aws:sagemaker:region:account-id:human-loop/humanLoopName`
`DescribeHumanTaskUi`	`sagemaker:DescribeHumanTaskUi`	`arn:aws:sagemaker:region:account-id:human-task-ui/humanTaskUiName`
`DescribeHyperParameterTuningJob`	`sagemaker:DescribeHyperParameterTuningJob`	`arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob`
`DescribeImage`	`sagemaker:DescribeImage`	`arn:aws:sagemaker:region:account-id:image/imageName`
`DescribeImageVersion`	`sagemaker:DescribeImageVersion`	`arn:aws:sagemaker:region:account-id:image-version/imageName/versionNumber`
`DescribeLabelingJob`	`sagemaker:DescribeLabelingJob`	`arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName`
`DescribeModel`	`sagemaker:DescribeModel`	`arn:aws:sagemaker:region:account-id:model/modelName`
`DescribeModelPackage`	`sagemaker:DescribeModelPackage`	`arn:aws:sagemaker:region:account-id:model-package/modelPackageName`
`DescribeModelPackageGroup`	`sagemaker:DescribeModelPackageGroup`	`arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName`
`DescribeNotebookInstance`	`sagemaker:DescribeNotebookInstance`	`arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName`
`DescribePipeline`	`sagemaker:DescribePipeline`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name`
`DescribePipelineDefinitionForExecution`	`sagemaker:DescribePipelineDefinitionForExecution`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id`
`DescribePipelineExecution`	`sagemaker:DescribePipelineExecution`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id`
`DescribeProcessingJob`	`sagemaker:DescribeProcessingJob`	`arn:aws:sagemaker:region:account-id:processing-job/processingjobname`
`DescribeSpace`	`sagemaker:DescribeSpace`	`arn:aws:sagemaker:region:account-id:space/domain-id/spaceName`
`DescribeSubscribedWorkteam`	`sagemaker:DescribeSubscribedWorkteam` `aws-marketplace:ViewSubscriptions`	`arn:aws:sagemaker:region:account-id:workteam/vendor-crowd/*`
`DescribeTrainingJob`	`sagemaker:DescribeTrainingJob`	`arn:aws:sagemaker:region:account-id:training-job/trainingjobname`
`DescribeTransformJob`	`sagemaker:DescribeTransformJob`	`arn:aws:sagemaker:region:account-id:transform-job/transformjobname`
`DescribeUserProfile`	`sagemaker:DescribeUserProfile`	`arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName`
`DescribeWorkforce`	`sagemaker:DescribeWorkforce`	`arn:aws:sagemaker:region:account-id:workforce/*`
`DescribeWorkteam`	`sagemaker:DescribeWorkteam`	`arn:aws:sagemaker:region:account-id:workteam/private-crowd/*`
`GetModelPackageGroupPolicy`	`sagemaker:GetModelPackageGroupPolicy`	`arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName`
`InvokeEndpoint`	`sagemaker:InvokeEndpoint`	`arn:aws:sagemaker:region:account-id:endpoint/endpointName`
`ListAppImageConfigs`	`sagemaker:ListAppImageConfigs`	`arn:aws:sagemaker:region:account-id:app-image-config/*`
`ListApps`	`sagemaker:ListApps`	`arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/*`
`ListDomains`	`sagemaker:ListDomains`	`arn:aws:sagemaker:region:account-id:domain/*`
`ListEndpointConfigs`	`sagemaker:ListEndpointConfigs`	`*`
`ListEndpoints`	`sagemaker:ListEndpoints`	`*`
`ListFlowDefinitions`	`sagemaker:ListFlowDefinitions`	`*`
`ListHumanLoops`	`sagemaker:ListHumanLoops`	`*`
`ListHumanTaskUis`	`sagemaker:ListHumanTaskUis`	`*`
`ListHyperParameterTuningJobs`	`sagemaker:ListHyperParameterTuningJobs`	`arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob`
`ListImages`	`sagemaker:ListImages`	`*`
`ListImageVersions`	`sagemaker:ListImageVersions`	`arn:aws:sagemaker:region:account-id:image/*`
`ListLabelingJobs`	`sagemaker:ListLabelingJobs`	`*`
`ListLabelingJobsForWorkteam`	`sagemaker:ListLabelingJobForWorkteam`	`*`
`ListModelPackageGroups`	`sagemaker:ListModelPackageGroups`	`arn:aws:sagemaker:region:account-id :model-package-group/ModelPackageGroupName`
`ListModelPackages`	`sagemaker:ListModelPackages`	`arn:aws:sagemaker:region:account-id :model-package/ModelPackageName`
`ListModels`	`sagemaker:ListModels`	`*`
`ListNotebookInstances`	`sagemaker:ListNotebookInstances`	`*`
`ListPipelineExecutions`	`sagemaker:ListPipelineExecutions`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name`
`ListPipelineExecutionSteps`	`sagemaker:ListPipelineExecutionSteps`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id`
`ListPipelineParametersForExecution`	`sagemaker:ListPipelineParametersForExecution`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id`
`ListPipelines`	`sagemaker:ListPipelines`	`*`
`ListProcessingJobs`	`sagemaker:ListProcessingJobs`	`*`
`ListSpaces`	`sagemaker:ListSpaces`	`arn:aws:sagemaker:region:account-id:space/domain-id/*`
`ListSubscribedWorkteams`	`sagemaker:ListSubscribedWorkteams` `aws-marketplace:ViewSubscriptions`	`*`
`ListTags`	`sagemaker:ListTags`	`arn:aws:sagemaker:region:account-id:*`
`ListTrainingJobs`	`sagemaker:ListTrainingJobs`	`*`
`ListTrainingJobsForHyperParameterTuningJob`	`sagemaker:ListTrainingJobsForHyperParameterTuningJob`	`arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob`
`ListTransformJobs`	`sagemaker:ListTransformJobs`	`*`
`ListUserProfiles`	`sagemaker:ListUserProfiles`	`arn:aws:sagemaker:region:account-id:user-profile/domain-id/*`
`ListWorkforces`	`sagemaker:ListWorkforces`	`*`
`ListWorkteams`	`sagemaker:ListWorkteams`	`*`
`PutModelPackageGroupPolicy`	`sagemaker:PutModelPackageGroupPolicy`	`arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName`
`RetryPipelineExecution`	`sagemaker:RetryPipelineExecution`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id`
`Search`	`sagemaker:Search`	`*`
`SendPipelineExecutionStepFailure`	`sagemaker:SendPipelineExecutionStepFailure`	`*`
`SendPipelineExecutionStepSuccess`	`sagemaker:SendPipelineExecutionStepSuccess`	`*`
`StartHumanLoop`	`sagemaker:StartHumanLoop`	`arn:aws:sagemaker:region:account-id:human-loop/humanLoopName`
`StartNotebookInstance`	`sagemaker:StartNotebookInstance` Izin berikut hanya diperlukan jika Anda menentukan VPC saat Anda membuat instance buku catatan: `ec2:CreateNetworkInterface` `ec2:DescribeNetworkInterfaces` `ec2:DescribeSecurityGroups` `ec2:DescribeSubnets` `ec2:DescribeVpcs` Izin berikut hanya diperlukan jika Anda menetapkan kunci enkripsi saat membuat instance notebook: `kms:DescribeKey` `kms:CreateGrant` Izin berikut hanya diperlukan jika Anda menetapkan AWS rahasia Secrets Manager untuk mengakses repositori Git pribadi saat Anda membuat instance notebook: `secretsmanager:GetSecretValue`	`arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName`
`StartPipelineExecution`	`sagemaker:StartPipelineExecution`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name`
`StopHumanLoop`	`sagemaker:StopHumanLoop`	`arn:aws:sagemaker:region:account-id:human-loop/humanLoopName`
`StopHyperParameterTuningJob`	`sagemaker:StopHyperParameterTuningJob`	`arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob`
`StopLabelingJob`	`sagemaker:StopLabelingJob`	`arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName`
`StopNotebookInstance`	`sagemaker:StopNotebookInstance`	`arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName`
`StopPipelineExecution`	`sagemaker:StopPipelineExecution`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id`
`StopProcessingJob`	`sagemaker:StopProcessingJob`	`arn:aws:sagemaker:region:account-id:processing-job/processingJobName`
`StopTrainingJob`	`sagemaker:StopTrainingJob`	`arn:aws:sagemaker:region:account-id:training-job/trainingJobName`
`StopTransformJob`	`sagemaker:StopTransformJob`	`arn:aws:sagemaker:region:account-id:transform-job/transformJobName`
`UpdateAppImageConfig`	`sagemaker:UpdateAppImageConfig`	`arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName`
`UpdateDomain`	`sagemaker:UpdateDomain`	`arn:aws:sagemaker:region:account-id:domain/domainId`
`UpdateEndpoint`	`sagemaker:UpdateEndpoint`	`arn:aws:sagemaker:region:account-id:endpoint/endpointName`
`UpdateEndpointWeightsAndCapacities`	`sagemaker:UpdateEndpointWeightsAndCapacities`	`arn:aws:sagemaker:region:account-id:endpoint/endpointName`
`UpdateImage`	`sagemaker:UpdateImage` `iam:PassRole`	`arn:aws:sagemaker:region:account-id:image/imageName`
`UpdateModelPackage`	`sagemaker:UpdateModelPackage`	`arn:aws:sagemaker:region:account-id:model-package/modelPackageName`
`UpdateNotebookInstance`	`sagemaker:UpdateNotebookInstance` `iam:PassRole`	`arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName`
`UpdatePipeline`	`sagemaker:UpdatePipeline` `iam:PassRole`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name` `arn:aws-partition:iam::account-id:role/role-name`
`UpdatePipelineExecution`	`sagemaker:UpdatePipelineExecution`	`arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id`
`UpdateSpace`	`sagemaker:UpdateSpace`	`arn:aws:sagemaker:region:account-id:space/domain-id/spaceName`
`UpdateUserProfile`	`sagemaker:UpdateUserProfile`	`arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName`
`UpdateWorkforce`	`sagemaker:UpdateWorkforce`	`arn:aws:sagemaker:region:account-id:workforce/*`
`UpdateWorkteam`	`sagemaker:UpdateWorkteam`	`arn:aws:sagemaker:region:account-id:workteam/private-crowd/*`

Awas Javascript dinonaktifkan atau tidak tersedia di browser Anda.

Untuk menggunakan Dokumentasi AWS, Javascript harus diaktifkan. Lihat halaman Bantuan browser Anda untuk petunjuk.

Konvensi Dokumen

Kontrol akses root ke instance Notebook

AWS Kebijakan Terkelola untuk SageMaker