Adding the SageMaker geospatial service principal to an existing SageMaker execution role

To use the SageMaker geospatial specific API operations your SageMaker execution role must include the SageMaker geospatial service principal, sagemaker-geospatial.amazonaws.com in the execution role's trust policy. This allows the SageMaker execution role to perform actions in your AWS account on your behalf.

Actions like passing a role between services are common within SageMaker. For more details,

To add the SageMaker geospatial service principal to an existing SageMaker execution role update the existing policy to include the SageMaker geospatial service principal as shown in the following trust policy. By attaching the service principal to the trust policy a SageMaker execution role can now run the SageMaker geospatial specific APIs on your behalf.

To learn more about SageMaker geospatial specific IAM actions, resources, and conditions, see Actions, Resources, and Condition Keys for SageMaker in the IAM User Guide.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "sagemaker-geospatial.amazonaws.com",
                    "sagemaker.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Creating an new SageMaker execution role

StartEarthObservationJob API: Execution role permissions