Setting up permissions
You must give users, groups, or roles permission to interact with Amazon Personalize resources. And you must give Amazon Personalize permission to access the resources you create in Amazon Personalize and to perform tasks on your behalf.
To set up permissions
-
Give your users, groups, or roles permission to interact with Amazon Personalize resources and pass a role to Amazon Personalize. See Giving users permission to access Amazon Personalize.
-
Give Amazon Personalize permission to access your resources in Amazon Personalize and permission to perform tasks on your behalf. See Giving Amazon Personalize permission to access your resources.
-
Modify your Amazon Personalize service role's trust policy so it prevents the confused deputy problem. For a trust relationship policy example, see Cross-service confused deputy prevention. For information modifying a role's trust policy, see Modifying a role.
-
If you use AWS Key Management Service (AWS KMS) for encryption, you must grant Amazon Personalize and your Amazon Personalize IAM service role permission to use your key. For more information, see Giving Amazon Personalize permission to use your AWS KMS key.
-
Complete the steps in Giving Amazon Personalize access to Amazon S3 resources to use IAM and Amazon S3 bucket policies to give Amazon Personalize access to your Amazon S3 resources.