AmazonSageMakerDomainExecution role

The AmazonSageMakerDomainExecution role has the AWS policy: SageMakerStudioDomainExecutionRolePolicy attached. This is an IAM role that Amazon SageMaker Unified Studio requires to call APIs on behalf of authorized users, including those logged in to Amazon SageMaker Unified Studio.

The default AmazonSageMakerDomainExecution role has the following trust policy attached:



{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Principal": {
              "Service": "datazone.amazonaws.com"
          },
          "Action": [
              "sts:AssumeRole",
              "sts:TagSession",
              "sts:SetContext"
          ],
          "Condition": {
              "StringEquals": {
                  "aws:SourceAccount": "{{source_account_id}}"
              },
              "ForAllValues:StringLike": {
                  "aws:TagKeys": "datazone*"
              }
          }
      }
  ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

IAM roles for Amazon SageMaker Unified Studio

AmazonSageMakerDomainService role