# Configure security in Amazon SageMaker AI
Cloud security at AWS is the highest priority. As an AWS customer, you benefit from a data center and network architecture that is built to meet the requirements of the most security-sensitive organizations.
Security is a shared responsibility between AWS and you. The [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) describes this as security *of* the cloud and security *in* the cloud:
+ **Security of the cloud** – AWS is responsible for protecting the infrastructure that runs AWS services in the AWS Cloud. AWS also provides you with services that you can use securely. Third-party auditors regularly test and verify the effectiveness of our security as part of the [AWS compliance programs](https://aws.amazon.com/compliance/programs/). To learn about the compliance programs that apply to Amazon SageMaker AI, see [AWS Services in Scope by Compliance Program](https://aws.amazon.com/compliance/services-in-scope/).
+ **Security in the cloud** – Your responsibility is determined by the AWS service that you use. You are also responsible for other factors including the sensitivity of your data, your company’s requirements, and applicable laws and regulations.
This documentation helps you understand how to apply the shared responsibility model when using SageMaker AI. The following topics show you how to configure SageMaker AI to meet your security and compliance objectives. You also learn how to use other AWS services that help you to monitor and secure your SageMaker AI resources.
**Topics**
+ [
# Data Privacy in Amazon SageMaker AI
](data-privacy.md)
+ [
# Data Protection in Amazon SageMaker AI
](data-protection.md)
+ [
# AWS Identity and Access Management for Amazon SageMaker AI
](security-iam.md)
+ [
# Logging and Monitoring
](sagemaker-incident-response.md)
+ [
# Compliance validation for Amazon SageMaker AI
](sagemaker-compliance.md)
+ [
# Resilience in Amazon SageMaker AI
](disaster-recovery-resiliency.md)
+ [
# Infrastructure Security in Amazon SageMaker AI
](infrastructure-security.md)
# Data Privacy in Amazon SageMaker AI
Amazon SageMaker AI collects aggregate information about the use of AWS-owned and open source libraries used during training. SageMaker AI uses this aggregate metadata to improve services and customer experience.
The following sections provide explanations for the type of metadata that SageMaker AI collects and how to opt out of metadata collection.
## Types of information collected
**Usage Information**
Metadata from AWS-owned and open source libraries that are used with SageMaker training, such as those used for distributed training, compilation, and quantization.
**Errors**
Errors from unexpected behavior including failures, crashes, cascades, and failures that result from interacting with the SageMaker training platform.
## How to opt out of metadata collection
You can opt out of sharing aggregated metadata with SageMaker training when creating a training job using the `CreateTrainingJob` API. If you are using the console to create training jobs, metadata collection is disabled by default.
**Important**
You must choose to opt out of metadata collection for each training job that you submit. You must also choose to opt out in an API call as shown in the following examples. You cannot choose to opt out inside a training script.
The following section shows how you can opt out of metadata collection using the AWS CLI, AWS SDK for Python (Boto3), or the SageMaker Python SDK.
### Opt out of metadata collection using the AWS Command Line Interface (AWS CLI)
To opt out of metadata collection using the AWS CLI, set the environment variable `OPT_OUT_TRACKING` to `1` in the `create-training-job` API as shown in the following code example.
```
aws sagemaker create-training-job \
--training-job-name your_job_name \
--algorithm-specification AlgorithmName=your_algorithm_name\
--output-data-config S3OutputPath=s3://bucket-name/key-name-prefix \
--resource-config InstanceType=ml.c5.xlarge, InstanceCount=1 \
--stopping-condition MaxRuntimeInSeconds=100 \
--environment OPT_OUT_TRACKING=1
```
### Opt out of metadata collection using the AWS SDK for Python (Boto3)
To opt out of metadata collection using the SDK for Python (Boto3), set the environment variable `OPT_OUT_TRACKING` to `1` in the `create_training_job` API as shown in the following code example.
```
boto3.client('sagemaker').create_training_job(
TrainingJobName='your_training_job',
AlgorithmSpecification={
'AlgorithmName': 'your_algorithm_name',
'TrainingInputMode': 'File',
},
RoleArn='your_arn',
OutputDataConfig={
'S3OutputPath': 's3://bucket-name/key-name-prefix',
},
ResourceConfig={
'InstanceType': 'ml.m4.xlarge',
'InstanceCount': 1,
'VolumeSizeInGB': 123,
},
StoppingCondition={
'MaxRuntimeInSeconds': 123,
},
Environment={
'OPT_OUT_TRACKING': '1'
},
)
```
### Opt out of metadata collection using the SageMaker Python SDK
To opt out of metadata collection using the SageMaker Python SDK, set the environment variable `OPT_OUT_TRACKING` to `1` inside a SageMaker AI estimator as shown in the following code example.
```
sagemaker.estimator(
image_uri='path_to_container',
role='rolearn',
instance_count=1,
instance_type='ml.c5.xlarge',
environment={
'OPT_OUT_TRACKING': '1'
},
)
```
### Opt out of metadata collection account-wide
If you want to opt-out of metadata collection for several accounts, you can set an environment variable to opt-out of tracking account-wide. You must use the SageMaker AI Python SDK to opt out of metadata collection at an account level.
The following code example shows how opt out of tracking account-wide.
```
SchemaVersion: '1.0'
SageMaker:
TrainingJob:
Environment:
'OPT_OUT_TRACKING': '1'
```
For more information about how to opt out of tracking account-wide, see [Configuring and using defaults with the SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable/overview.html#id22).
## Additional information
**If your downstream service depends on SageMaker AI training**
If you operate a service that relies on SageMaker training, it is highly recommended that you inform your customer about aggregate metadata collection in the SageMaker Training platform and present them with the choice to opt out. Alternatively, you can opt out of metadata collection on behalf of your customer.
**If you are a client or a customer of a service that uses SageMaker AI training**
If you are a client or customer of a service that uses SageMaker training, use your preferred method in the previous section to opt out of metadata collection.
# Data Protection in Amazon SageMaker AI
The AWS [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) applies to data protection in Amazon SageMaker AI. As described in this model, AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. You are also responsible for the security configuration and management tasks for the AWS services that you use. For more information about data privacy, see the [Data Privacy FAQ](https://aws.amazon.com/compliance/data-privacy-faq/). For information about data protection in Europe, see the [AWS Shared Responsibility Model and GDPR](https://aws.amazon.com/blogs/security/the-aws-shared-responsibility-model-and-gdpr/) blog post on the *AWS Security Blog*.
For data protection purposes, we recommend that you protect AWS account credentials and set up individual users with AWS IAM Identity Center or AWS Identity and Access Management (IAM). That way, each user is given only the permissions necessary to fulfill their job duties. We also recommend that you secure your data in the following ways:
+ Use multi-factor authentication (MFA) with each account.
+ Use SSL/TLS to communicate with AWS resources. We require TLS 1.2 and recommend TLS 1.3.
+ Set up API and user activity logging with AWS CloudTrail. For information about using CloudTrail trails to capture AWS activities, see [Working with CloudTrail trails](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-trails.html) in the *AWS CloudTrail User Guide*.
+ Use AWS encryption solutions, along with all default security controls within AWS services.
+ Use advanced managed security services such as Amazon Macie, which assists in discovering and securing sensitive data that is stored in Amazon S3.
+ If you require FIPS 140-3 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint. For more information about the available FIPS endpoints, see [Federal Information Processing Standard (FIPS) 140-3](https://aws.amazon.com/compliance/fips/).
We strongly recommend that you never put confidential or sensitive information, such as your customers' email addresses, into tags or free-form text fields such as a **Name** field. This includes when you work with Amazon SageMaker AI or other AWS services using the console, API, AWS CLI, or AWS SDKs. Any data that you enter into tags or free-form text fields used for names may be used for billing or diagnostic logs. If you provide a URL to an external server, we strongly recommend that you do not include credentials information in the URL to validate your request to that server.
**Topics**
+ [
# Protect Data at Rest Using Encryption
](encryption-at-rest.md)
+ [
# Protecting Data in Transit with Encryption
](encryption-in-transit.md)
+ [
# Key Management
](key-management.md)
+ [
# Internetwork Traffic Privacy
](inter-network-privacy.md)
# Protect Data at Rest Using Encryption
Amazon SageMaker AI automatically encrypts your data using an AWS managed key for Amazon S3 (SSE-S3) by default for the following features: Studio notebooks, notebook instances, model-building data, model artifacts, and output from Training, Batch Transform, and Processing jobs.
For cross-account access, you must specify your own customer managed key when creating SageMaker AI resources, as the default AWS managed key for Amazon S3 can't be shared across accounts. For data output to Amazon S3 Express One Zone, the data is encrypted using server-side encryption with Amazon S3 managed keys (SSE-S3). Additionally, data output to Amazon S3 directory buckets can't be encrypted with server-side encryption using AWS Key Management Service keys (SSE-KMS). For more information on AWS KMS, see [What is AWS Key Management Service?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html)
**Topics**
+ [
# Studio notebooks
](encryption-at-rest-studio.md)
+ [
# Notebook instances, SageMaker AI jobs, and Endpoints
](encryption-at-rest-nbi.md)
+ [
# SageMaker geospatial capabilities
](geospatial-encryption-at-rest.md)
# Studio notebooks
In Amazon SageMaker Studio, your SageMaker Studio notebooks and data can be stored in the following locations:
+ An S3 bucket – When you onboard to Studio and enable shareable notebook resources, SageMaker AI shares notebook snapshots and metadata in an Amazon Simple Storage Service (Amazon S3) bucket.
+ An EFS volume – When you onboard to Studio, SageMaker AI attaches an Amazon Elastic File System (Amazon EFS) volume to your domain for storing your Studio notebooks and data files. The EFS volume persists after the domain is deleted.
+ An EBS volume – When you open a notebook in Studio, an Amazon Elastic Block Store (Amazon EBS) is attached to the instance that the notebook runs on. The EBS volume persists for the duration of the instance.
SageMaker AI uses the AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and both volumes. By default, it uses a KMS key managed in an AWS service account. For more control, you can specify your own customer managed key when you onboard to Studio or through the SageMaker API. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md) and [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html).
In the `CreateDomain` API, you use the `S3KmsKeyId` parameter to specify the customer managed key for shareable notebooks. You use the `KmsKeyId` parameter to specify the customer managed key for the EFS and EBS volumes. The same customer managed key is used for both volumes. The customer managed key for shareable notebooks can be the same customer managed key as used for the volumes or a different customer managed key.
**Important**
The working directory of your users within the storage volume is `/home/sagemaker-user`. If you specify your own AWS KMS key, everything in the working directory is encrypted using your customer managed key. If you don't specify a AWS KMS key, the data inside `/home/sagemaker-user` is encrypted with an AWS managed key. Regardless of whether you specify an AWS KMS key, all of the data outside of the working directory is encrypted with an AWS Managed Key.
# Notebook instances, SageMaker AI jobs, and Endpoints
To encrypt the machine learning (ML) storage volume that is attached to notebooks, processing jobs, training jobs, hyperparameter tuning jobs, batch transform jobs, and endpoints, you can pass a AWS KMS key to SageMaker AI. If you don't specify a KMS key, SageMaker AI encrypts storage volumes with a transient key and discards it immediately after encrypting the storage volume. For notebook instances, if you don't specify a KMS key, SageMaker AI encrypts both OS volumes and ML data volumes with a system-managed KMS key.
You can use an AWS managed AWS KMS key to encrypt all instance OS volumes. You can encrypt all ML data volumes for all SageMaker AI instances with a AWS KMS key that you specify. ML storage volumes are mounted as follows:
+ Notebooks - `/home/ec2-user/SageMaker`
+ Processing - `/opt/ml/processing` and `/tmp/`
+ Training - `/opt/ml/` and `/tmp/`
+ Batch - `/opt/ml/` and `/tmp/`
+ Endpoints - `/opt/ml/` and `/tmp/`
Processing, batch transform, and training job containers and their storage are ephemeral in nature. When the job completes, output is uploaded to Amazon S3 using AWS KMS encryption with an optional AWS KMS key that you specify and the instance is torn down. If an AWS KMS Key is not provided in the job request, SageMaker AI uses the default AWS KMS key for Amazon S3 for your role's account. If the output data is stored in Amazon S3 Express One Zone, it is encrypted with server-side encryption with Amazon S3 managed keys (SSE-S3). Server-side encryption with AWS KMS keys (SSE-KMS) is not currently supported for storing SageMaker AI output data in Amazon S3 directory buckets.
**Note**
The key policy for an AWS Managed Key for Amazon S3 cannot be edited, so cross-account permissions cannot be granted for these key policies. If the output Amazon S3 bucket for the request is from another account, specify your own AWS KMS Customer Key in the job request and ensure that the job's execution role has permissions to encrypt data with it.
**Important**
Sensitive data that needs to be encrypted with a KMS key for compliance reasons should be stored in the ML storage volume or in Amazon S3, both of which can be encrypted using a KMS key you specify.
When you open a notebook instance, SageMaker AI saves it and any files associated with it in the SageMaker AI folder in the ML storage volume by default. When you stop a notebook instance, SageMaker AI creates a snapshot of the ML storage volume. Any customizations to the operating system of the stopped instance, such as installed custom libraries or operating system level settings, that are saved outside of the folder `/home/ec2-user/SageMaker` are lost. Consider using a lifecycle configuration to automate customizations of the default notebook instance. When you terminate an instance, the snapshot and the ML storage volume are deleted. Any data that you need to persist beyond the lifespan of the notebook instance should be transferred to an Amazon S3 bucket.
If the notebook instance isn't updated and is running unsecure software, SageMaker AI might periodically update the instance as part of regular maintenance. During these updates, data outside of the folder `/home/ec2-user/SageMaker` is not persisted. For information about maintenance and security patches, see [Maintenance](nbi.md#nbi-maintenance).
**Note**
Certain Nitro-based SageMaker AI instances include local storage, depending on the instance type. Local storage volumes are encrypted using a hardware module on the instance. You can't use a KMS key on an instance type with local storage. For a list of instance types that support local instance storage, see [Instance Store Volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes). For more information about storage volumes on Nitro-based instances, see [Amazon EBS and NVMe on Linux Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html).
For more information about local instance storage encryption, see [SSD Instance Store Volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ssd-instance-store.html).
# SageMaker geospatial capabilities
You can protect your data at rest using encryption for SageMaker geospatial.
**Server-Side Encryption with Amazon SageMaker geospatial owned key (Default)**
Amazon SageMaker geospatial capabilities encrypts all your data, including computational results from your `EarthObservationJobs` and `VectorEnrichmentJobs` along with all your service metadata. There is no data that is stored within Amazon SageMaker AI unencrypted. It uses a default AWS owned key to encrypt all your data.
**Server-Side Encryption with KMS Keys Stored in AWS Key Management Service (SSE-KMS)**
Amazon SageMaker geospatial capabilities supports encryption using a customer-owned KMS key. For more information, see [Use AWS KMS Permissions for Amazon SageMaker geospatial capabilities](https://docs.aws.amazon.com/sagemaker/latest/dg/geospatial-kms.html).
# Protecting Data in Transit with Encryption
All internetwork data in transit supports TLS 1.2 encryption. We recommend that you use TLS 1.3.
With Amazon SageMaker AI, machine learning (ML) model artifacts and other system artifacts are encrypted in transit and at rest. Requests to the SageMaker AI API and console are made over a secure (SSL) connection. You pass AWS Identity and Access Management roles to SageMaker AI to provide permissions to access resources on your behalf for training and deployment.
Some intranetwork data in transit (inside the service platform) is unencrypted. This includes:
+ Command and control communications between the service control plane and training job instances (not customer data).
+ Communications between nodes in distributed processing jobs (intranetwork).
+ Communications between nodes in distributed training jobs (intranetwork).
There are no inter-node communications for batch processing.
You can choose to encrypt communication between nodes in a training job cluster and processing job cluster.
**Note**
For use cases in the healthcare sector, the best practice for security is to encrypt communication between the nodes.
For information about how to encrypt communication, see the next topic at [Protect Communications Between ML Compute Instances in a Distributed Training Job](train-encrypt.md).
**Note**
Encrypting inter-container traffic can increase training time, especially if you use distributed deep learning algorithms. For affected algorithms, this additional level of security also increases cost. The training time for most SageMaker AI built-in algorithms, such as XGBoost, DeepAR, and linear learner, typically aren't affected.
FIPS validated endpoints are available for the SageMaker AI API and request router for hosted models (runtime). For information about FIPS compliant endpoints, see [Federal Information Processing Standard (FIPS) 140-2](https://aws.amazon.com/compliance/fips/).
## Protect Communications with RStudio on Amazon SageMaker AI
RStudio on Amazon SageMaker AI provides encryption for all communications that involve SageMaker AI components. However, the previous version did not support encryption between the RStudioServerPro and RSession apps.
RStudio released version 2022.02.2-485.pro2 in April 2022. This version supports encryption between RStudioServerPro and RSession apps to enable end-to-end encryption. The version upgrade, however, is not completely backward compatible. As a result, you must update all of your RStudioServerPro and RSession apps. For information about how to update your apps, see [RStudio Versioning](rstudio-version.md).
# Protect Communications Between ML Compute Instances in a Distributed Training Job
By default, Amazon SageMaker AI runs training jobs in an Amazon Virtual Private Cloud (Amazon VPC) to help keep your data secure. You can add another level of security to protect your training containers and data by configuring a *private* VPC. Distributed ML frameworks and algorithms usually transmit information that is directly related to the model, such as weights, not the training dataset. When performing distributed training, you can further protect data that is transmitted between instances. This can help you to comply with regulatory requirements. To do this, use inter-container traffic encryption.
**Note**
For use cases in the healthcare sector, the best practice for security is to encrypt communication between the nodes.
Enabling inter-container traffic encryption can increase training time, especially if you are using distributed deep learning algorithms. Enabling inter-container traffic encryption doesn't affect training jobs with a single compute instance. However, for training jobs with several compute instances, the effect on training time depends on the amount of communication between compute instances. For affected algorithms, adding this additional level of security also increases cost. The training time for most SageMaker AI built-in algorithms, such as XGBoost, DeepAR, and linear learner, typically aren't affected.
You can enable inter-container traffic encryption for training jobs or hyperparameter tuning jobs. You can use SageMaker APIs or console to enable inter-container traffic encryption.
For information about running training jobs in a private VPC, see [Give SageMaker AI Training Jobs Access to Resources in Your Amazon VPC](train-vpc.md).
## Enable Inter-container Traffic Encryption (API)
Before enabling inter-container traffic encryption on training or hyperparameter tuning jobs with APIs, add inbound and outbound rules to your private VPC's security group.
**To enable inter-container traffic encryption (API)**
1. Add the following inbound and outbound rules in the security group for your private VPC:
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/train-encrypt.html)
1. When you send a request to the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html) or [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html) API, specify `True` for the `EnableInterContainerTrafficEncryption` parameter.
**Note**
For the `ESP 50` protocol, the AWS Security Group Console might display the port range as "All". However, Amazon EC2 ignores the specified port range because it is not applicable for the ESP 50 IP protocol.
## Enable Inter-container Traffic Encryption (Console)
### Enable Inter-container Traffic Encryption in a Training Job
**To enable inter-container traffic encryption in a training job**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. In the navigation pane, choose **Training**, then choose **Training jobs**.
1. Choose **Create training job**.
1. Under **Network**, choose a **VPC**. You can use the default VPC or one that you have created.
1. Choose **Enable inter-container traffic encryption**.
After you enable inter-container traffic encryption, finish creating the training job. For more information, see [Train a Model](ex1-train-model.md).
### Enable Inter-container Traffic Encryption in a Hyperparameter Tuning Job
**To enable inter-container traffic encryption in a hyperparameter tuning job**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. In the navigation pane, choose **Training**, then choose **Hyperparameter tuning jobs**.
1. Choose **Create hyperparameter tuning job**.
1. Under **Network**, choose a **VPC**. You can use the default VPC or one that you created.
1. Choose **Enable inter-container traffic encryption**.
After enabling inter-container traffic encryption, finish creating the hyperparameter tuning job. For more information, see [Configure and Launch a Hyperparameter Tuning Job](automatic-model-tuning-ex-tuning-job.md).
# Key Management
Customers can specify AWS KMS keys, including bring your own keys (BYOK), to use for envelope encryption with Amazon S3 input/output buckets and machine learning (ML) Amazon EBS volumes. ML volumes for notebook instances and for processing, training, and hosted model Docker containers can be optionally encrypted by using AWS KMS customer-owned keys. All instance OS volumes are encrypted with an AWS-managed AWS KMS key.
**Note**
Certain Nitro-based instances include local storage, dependent on the instance type. Local storage volumes are encrypted using a hardware module on the instance. You can't request a `VolumeKmsKeyId` when using an instance type with local storage.
For a list of instance types that support local instance storage, see [Instance Store Volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes).
For more information about local instance storage encryption, see [SSD Instance Store Volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ssd-instance-store.html).
For more information about storage volumes on nitro-based instances, see [Amazon EBS and NVMe on Linux Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html).
For information about AWS KMS keys see [What is AWS Key Management Service?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the *AWS Key Management Service Developer Guide*.
# Internetwork Traffic Privacy
This topic describes how Amazon SageMaker AI secures connections from the service to other locations.
Internetwork communications support TLS 1.2 encryption between all components and clients. We recommend TLS 1.3.
Instances can be connected to Customer VPC, providing access to S3 VPC endpoints or customer repositories. Internet egress can be managed through this interface by the customer if service platform internet egress is disabled for notebooks. For training and hosting, egress through the service platform is not available when connected to the customer's VPC.
By default, API calls made to published endpoints traverse the public network to the request router. SageMaker AI supports Amazon Virtual Private Cloud interface endpoints powered by AWS PrivateLink for private connectivity between the customer's VPC and the request router to access hosted model endpoints. For information about Amazon VPC, see [Connect to SageMaker AI Within your VPC](interface-vpc-endpoint.md)
# AWS Identity and Access Management for Amazon SageMaker AI
AWS Identity and Access Management (IAM) is an AWS service that helps an administrator securely control access to AWS resources. IAM administrators control who can be *authenticated* (signed in) and *authorized* (have permissions) to use SageMaker AI resources. IAM is an AWS service that you can use with no additional charge.
**Topics**
+ [
## Audience
](#security_iam_audience)
+ [
## Authenticating with identities
](#security_iam_authentication)
+ [
## Managing access using policies
](#security_iam_access-manage)
+ [
# How Amazon SageMaker AI works with IAM
](security_iam_service-with-iam.md)
+ [
# Amazon SageMaker AI identity-based policy examples
](security_iam_id-based-policy-examples.md)
+ [
# Cross-service confused deputy prevention
](security-confused-deputy-prevention.md)
+ [
# How to use SageMaker AI execution roles
](sagemaker-roles.md)
+ [
# Amazon SageMaker Role Manager
](role-manager.md)
+ [
# Access control for notebooks
](security-access-control.md)
+ [
# Amazon SageMaker AI API Permissions: Actions, Permissions, and Resources Reference
](api-permissions-reference.md)
+ [
# AWS managed policies for Amazon SageMaker AI
](security-iam-awsmanpol.md)
+ [
# Troubleshooting Amazon SageMaker AI Identity and Access
](security_iam_troubleshoot.md)
## Audience
How you use AWS Identity and Access Management (IAM) differs based on your role:
+ **Service user** - request permissions from your administrator if you cannot access features (see [Troubleshooting Amazon SageMaker AI Identity and Access](security_iam_troubleshoot.md))
+ **Service administrator** - determine user access and submit permission requests (see [How Amazon SageMaker AI works with IAM](security_iam_service-with-iam.md))
+ **IAM administrator** - write policies to manage access (see [Amazon SageMaker AI identity-based policy examples](security_iam_id-based-policy-examples.md))
## Authenticating with identities
Authentication is how you sign in to AWS using your identity credentials. You must be authenticated as the AWS account root user, an IAM user, or by assuming an IAM role.
You can sign in as a federated identity using credentials from an identity source like AWS IAM Identity Center (IAM Identity Center), single sign-on authentication, or Google/Facebook credentials. For more information about signing in, see [How to sign in to your AWS account](https://docs.aws.amazon.com/signin/latest/userguide/how-to-sign-in.html) in the *AWS Sign-In User Guide*.
For programmatic access, AWS provides an SDK and CLI to cryptographically sign requests. For more information, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) in the *IAM User Guide*.
### AWS account root user
When you create an AWS account, you begin with one sign-in identity called the AWS account *root user* that has complete access to all AWS services and resources. We strongly recommend that you don't use the root user for everyday tasks. For tasks that require root user credentials, see [Tasks that require root user credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks) in the *IAM User Guide*.
### Federated identity
As a best practice, require human users to use federation with an identity provider to access AWS services using temporary credentials.
A *federated identity* is a user from your enterprise directory, web identity provider, or Directory Service that accesses AWS services using credentials from an identity source. Federated identities assume roles that provide temporary credentials.
For centralized access management, we recommend AWS IAM Identity Center. For more information, see [What is IAM Identity Center?](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the *AWS IAM Identity Center User Guide*.
### IAM Users and Groups
An *[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)* is an identity with specific permissions for a single person or application. We recommend using temporary credentials instead of IAM users with long-term credentials. For more information, see [Require human users to use federation with an identity provider to access AWS using temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) in the *IAM User Guide*.
An [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) specifies a collection of IAM users and makes permissions easier to manage for large sets of users. For more information, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the *IAM User Guide*.
### IAM Roles
An *[IAM role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)* is an identity with specific permissions that provides temporary credentials. You can assume a role by [switching from a user to an IAM role (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-console.html) or by calling an AWS CLI or AWS API operation. For more information, see [Methods to assume a role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage-assume.html) in the *IAM User Guide*.
IAM roles are useful for federated user access, temporary IAM user permissions, cross-account access, cross-service access, and applications running on Amazon EC2. For more information, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the *IAM User Guide*.
## Managing access using policies
You control access in AWS by creating policies and attaching them to AWS identities or resources. A policy defines permissions when associated with an identity or resource. AWS evaluates these policies when a principal makes a request. Most policies are stored in AWS as JSON documents. For more information about JSON policy documents, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json) in the *IAM User Guide*.
Using policies, administrators specify who has access to what by defining which **principal** can perform **actions** on what **resources**, and under what **conditions**.
By default, users and roles have no permissions. An IAM administrator creates IAM policies and adds them to roles, which users can then assume. IAM policies define permissions regardless of the method used to perform the operation.
### Identity-based policies
Identity-based policies are JSON permissions policy documents that you attach to an identity (user, group, or role). These policies control what actions identities can perform, on which resources, and under what conditions. To learn how to create an identity-based policy, see [Define custom IAM permissions with customer managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide*.
Identity-based policies can be *inline policies* (embedded directly into a single identity) or *managed policies* (standalone policies attached to multiple identities). To learn how to choose between managed and inline policies, see [Choose between managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-choosing-managed-or-inline.html) in the *IAM User Guide*.
### Resource-based policies
Resource-based policies are JSON policy documents that you attach to a resource. Examples include IAM *role trust policies* and Amazon S3 *bucket policies*. In services that support resource-based policies, service administrators can use them to control access to a specific resource. You must [specify a principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html) in a resource-based policy.
Resource-based policies are inline policies that are located in that service. You can't use AWS managed policies from IAM in a resource-based policy.
### Access control lists (ACLs)
Access control lists (ACLs) control which principals (account members, users, or roles) have permissions to access a resource. ACLs are similar to resource-based policies, although they do not use the JSON policy document format.
Amazon S3, AWS WAF, and Amazon VPC are examples of services that support ACLs. To learn more about ACLs, see [Access control list (ACL) overview](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html) in the *Amazon Simple Storage Service Developer Guide*.
### Other policy types
AWS supports additional policy types that can set the maximum permissions granted by more common policy types:
+ **Permissions boundaries** – Set the maximum permissions that an identity-based policy can grant to an IAM entity. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
+ **Service control policies (SCPs)** – Specify the maximum permissions for an organization or organizational unit in AWS Organizations. For more information, see [Service control policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) in the *AWS Organizations User Guide*.
+ **Resource control policies (RCPs)** – Set the maximum available permissions for resources in your accounts. For more information, see [Resource control policies (RCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps.html) in the *AWS Organizations User Guide*.
+ **Session policies** – Advanced policies passed as a parameter when creating a temporary session for a role or federated user. For more information, see [Session policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) in the *IAM User Guide*.
### Multiple policy types
When multiple types of policies apply to a request, the resulting permissions are more complicated to understand. To learn how AWS determines whether to allow a request when multiple policy types are involved, see [Policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide*.
# How Amazon SageMaker AI works with IAM
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
Before you use IAM to manage access to SageMaker AI, you should understand what IAM features are available to use with SageMaker AI. To get a high-level view of how SageMaker AI and other AWS services work with IAM, see [AWS Services That Work with IAM](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_aws-services-that-work-with-iam.html) in the *Service Authorization Reference*.
**Topics**
+ [
## Identity-based policies for Amazon SageMaker AI
](#security_iam_service-with-iam-id-based-policies)
+ [
## Resource-based policies within Amazon SageMaker AI
](#security_iam_service-with-iam-resource-based-policies)
+ [
## Policy actions for Amazon SageMaker AI
](#security_iam_service-with-iam-id-based-policies-actions)
+ [
## Policy resources for Amazon SageMaker AI
](#security_iam_service-with-iam-id-based-policies-resources)
+ [
## Policy condition keys for Amazon SageMaker AI
](#security_iam_service-with-iam-id-based-policies-conditionkeys)
+ [
## Authorization based on SageMaker AI tags
](#security_iam_service-with-iam-tags)
+ [
## SageMaker AI IAM roles
](#security_iam_service-with-iam-roles)
## Identity-based policies for Amazon SageMaker AI
With IAM identity-based policies, you can specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied. SageMaker AI supports specific actions, resources, and condition keys. To learn about all of the elements that you use in a JSON policy, see [IAM JSON Policy Elements Reference](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_elements.html) in the *Service Authorization Reference*.
## Resource-based policies within Amazon SageMaker AI
**Supports resource-based policies:** No
Resource-based policies are JSON policy documents that you attach to a resource. Examples of resource-based policies are IAM *role trust policies* and Amazon S3 *bucket policies*. In services that support resource-based policies, service administrators can use them to control access to a specific resource. For the resource where the policy is attached, the policy defines what actions a specified principal can perform on that resource and under what conditions. You must [specify a principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html) in a resource-based policy. Principals can include accounts, users, roles, federated users, or AWS services.
To enable cross-account access, you can specify an entire account or IAM entities in another account as the principal in a resource-based policy. Adding a cross-account principal to a resource-based policy is only half of establishing the trust relationship. When the principal and the resource are in different AWS accounts, an IAM administrator in the trusted account must also grant the principal entity (user or role) permission to access the resource. They grant permission by attaching an identity-based policy to the entity. However, if a resource-based policy grants access to a principal in the same account, no additional identity-based policy is required. For more information, see [Cross account resource access in IAM](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the *IAM User Guide*.
**Note**
Use [AWS Resource Access Manager](https://docs.aws.amazon.com/ram/latest/userguide/what-is.html) for securely sharing supported SageMaker AI resources. To find the list of sharable resources, see [shareable Amazon SageMaker AI resources](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html#shareable-sagemaker).
## Policy actions for Amazon SageMaker AI
Administrators can use AWS JSON policies to specify who has access to what. That is, which **principal** can perform **actions** on what **resources**, and under what **conditions**.
The `Action` element of a JSON policy describes the actions that you can use to allow or deny access in a policy. Include actions in a policy to grant permissions to perform the associated operation.
Policy actions in SageMaker AI use the following prefix before the action: `sagemaker:`. For example, to grant someone permission to run a SageMaker AI training job with the SageMaker AI `CreateTrainingJob` API operation, you include the `sagemaker:CreateTrainingJob` action in their policy. Policy statements must include either an `Action` or `NotAction` element. SageMaker AI defines its own set of actions that describe tasks that you can perform with this service.
To specify multiple actions in a single statement, separate them with commas as follows:
```
"Action": [
"sagemaker:action1",
"sagemaker:action2"
]
```
You can specify multiple actions using wildcards (\$1). For example, to specify all actions that begin with the word `Describe`, include the following action:
```
"Action": "sagemaker:Describe*"
```
To see a list of SageMaker AI actions, see [Actions, resources, and condition keys for Amazon SageMaker AI](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemaker.html) in the *Service Authorization Reference*.
## Policy resources for Amazon SageMaker AI
**Supports policy resources:** Yes
Administrators can use AWS JSON policies to specify who has access to what. That is, which **principal** can perform **actions** on what **resources**, and under what **conditions**.
The `Resource` JSON policy element specifies the object or objects to which the action applies. Statements must include either a `Resource` or a `NotResource` element. As a best practice, specify a resource using its [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html). You can do this for actions that support a specific resource type, known as *resource-level permissions*.
For actions that don't support resource-level permissions, such as listing operations, use a wildcard (\$1) to indicate that the statement applies to all resources.
```
"Resource": "*"
```
To see a list of Amazon SageMaker AI resource types and their ARNs, see the following references for actions, resource types, and condition keys defined by Amazon SageMaker AI in the *Service Authorization Reference*.
+ [Amazon SageMaker AI](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemaker.html)
+ [Amazon SageMaker geospatial capabilities](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemakergeospatialcapabilities.html)
+ [Amazon SageMaker Ground Truth Synthetic](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemakergroundtruthsynthetic.html)
+ [Amazon SageMaker AI with MLflow](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemakerwithmlflow.html)
To learn with which actions you can specify the ARN of each resource, see [Actions defined by Amazon SageMaker AI](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemaker.html#amazonsagemaker-actions-as-permissions).
## Policy condition keys for Amazon SageMaker AI
Administrators can use AWS JSON policies to specify who has access to what. That is, which **principal** can perform **actions** on what **resources**, and under what **conditions**.
The `Condition` element specifies when statements execute based on defined criteria. You can create conditional expressions that use [condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html), such as equals or less than, to match the condition in the policy with values in the request. To see all AWS global condition keys, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) in the *IAM User Guide*.
SageMaker AI defines its own set of condition keys and also supports using some global condition keys. To see all AWS global condition keys, see [AWS Global Condition Context Keys](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_condition-keys.html) in the *Service Authorization Reference*.
SageMaker AI supports a number of service-specific condition keys that you can use for fine-grained access control for the following operations:
+ [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob.html)
+ [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html)
+ [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html)
+ [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateEndpointConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateEndpointConfig.html)
+ [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTransformJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTransformJob.html)
+ [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html)
+ [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateLabelingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateLabelingJob.html)
+ [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html)
+ [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html)
To see a list of SageMaker AI condition keys, see [Condition keys for Amazon SageMaker AI ](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemaker.html#amazonsagemaker-policy-keys) in the *Service Authorization Reference*. To learn with which actions and resources you can use a condition key, see [Actions defined by Amazon SageMaker AI](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemaker.html#amazonsagemaker-actions-as-permissions).
For examples of using SageMaker AI condition keys, see the following: [Control creation of SageMaker AI resources with condition keys](security_iam_id-based-policy-examples.md#sagemaker-condition-examples).
### Examples
To view examples of SageMaker AI identity-based policies, see [Amazon SageMaker AI identity-based policy examples](security_iam_id-based-policy-examples.md).
## Authorization based on SageMaker AI tags
You can attach tags to SageMaker AI resources or pass tags in a request to SageMaker AI. To control access based on tags, you provide tag information in the [condition element](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_elements_condition.html) of a policy using the `sagemaker:ResourceTag/key-name`, `aws:RequestTag/key-name`, or `aws:TagKeys` condition keys. For more information about tagging SageMaker AI resources, see [Control access to SageMaker AI resources by using tags](security_iam_id-based-policy-examples.md#access-tag-policy).
To view an example identity-based policy for limiting access to a resource based on the tags on that resource, see [Control access to SageMaker AI resources by using tags](security_iam_id-based-policy-examples.md#access-tag-policy).
## SageMaker AI IAM roles
An [IAM role](https://docs.aws.amazon.com/service-authorization/latest/reference/id_roles.html) is an entity within your AWS account that has specific permissions.
### Using temporary credentials with SageMaker AI
You can use temporary credentials to sign in with federation, assume an IAM role, or to assume a cross-account role. You obtain temporary security credentials by calling AWS STS API operations such as [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) or [GetFederationToken](https://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html).
SageMaker AI supports using temporary credentials.
### Service-linked roles
SageMaker AI partially supports [service-linked roles](https://docs.aws.amazon.com/service-authorization/latest/reference/id_roles_terms-and-concepts.html#iam-term-service-linked-role). Service-linked roles are currently available for SageMaker Studio Classic.
### Service roles
This feature allows a service to assume a [service role](https://docs.aws.amazon.com/service-authorization/latest/reference/id_roles_terms-and-concepts.html#iam-term-service-role) on your behalf. This role allows the service to access resources in other services to complete an action on your behalf. Service roles appear in your IAM account and are owned by the account. This means that an IAM administrator can change the permissions for this role. However, doing so might break the functionality of the service.
SageMaker AI supports service roles.
### Choosing an IAM role in SageMaker AI
When you create a notebook instance, processing job, training job, hosted endpoint, or batch transform job resource in SageMaker AI, you must choose a role to allow SageMaker AI to access SageMaker AI on your behalf. If you have previously created a service role or service-linked role, then SageMaker AI provides you with a list of roles to choose from. It's important to choose a role that allows access to the AWS operations and resources you need. For more information, see [How to use SageMaker AI execution roles](sagemaker-roles.md).
# Amazon SageMaker AI identity-based policy examples
By default, IAM users and roles don't have permission to create or modify SageMaker AI resources. They also can't perform tasks using the AWS Management Console, AWS CLI, or AWS API. An IAM administrator must create IAM policies that grant users and roles permission to perform specific API operations on the specified resources they need. The administrator must then attach those policies to the IAM users or groups that require those permissions. To learn how to attach policies to an IAM user or group, see [Adding and Removing IAM Identity Permissions](https://docs.aws.amazon.com/service-authorization/latest/reference/access_policies_manage-attach-detach.html) in the *Service Authorization Reference*.
To learn how to create an IAM identity-based policy using these example JSON policy documents, see [Creating Policies on the JSON Tab](https://docs.aws.amazon.com/service-authorization/latest/reference/access_policies_create.html#access_policies_create-json-editor).
**Topics**
+ [
## Policy best practices
](#security_iam_service-with-iam-policy-best-practices)
+ [
## Using the SageMaker AI console
](#security_iam_id-based-policy-examples-console)
+ [
## Allow users to view their own permissions
](#security_iam_id-based-policy-examples-view-own-permissions)
+ [
## Control creation of SageMaker AI resources with condition keys
](#sagemaker-condition-examples)
+ [
## Control access to the SageMaker AI API by using identity-based policies
](#api-access-policy)
+ [
## Limit access to SageMaker AI API and runtime calls by IP address
](#api-ip-filter)
+ [
## Limit access to a notebook instance by IP address
](#nbi-ip-filter)
+ [
## Control access to SageMaker AI resources by using tags
](#access-tag-policy)
+ [
## Provide permissions for tagging SageMaker AI resources
](#grant-tagging-permissions)
+ [
## Limit access to searchable resources with visibility conditions
](#limit-access-to-searchable-resources)
## Policy best practices
Identity-based policies determine whether someone can create, access, or delete SageMaker AI resources in your account. These actions can incur costs for your AWS account. When you create or edit identity-based policies, follow these guidelines and recommendations:
+ **Get started with AWS managed policies and move toward least-privilege permissions** – To get started granting permissions to your users and workloads, use the *AWS managed policies* that grant permissions for many common use cases. They are available in your AWS account. We recommend that you reduce permissions further by defining AWS customer managed policies that are specific to your use cases. For more information, see [AWS managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) or [AWS managed policies for job functions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html) in the *IAM User Guide*.
+ **Apply least-privilege permissions** – When you set permissions with IAM policies, grant only the permissions required to perform a task. You do this by defining the actions that can be taken on specific resources under specific conditions, also known as *least-privilege permissions*. For more information about using IAM to apply permissions, see [ Policies and permissions in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the *IAM User Guide*.
+ **Use conditions in IAM policies to further restrict access** – You can add a condition to your policies to limit access to actions and resources. For example, you can write a policy condition to specify that all requests must be sent using SSL. You can also use conditions to grant access to service actions if they are used through a specific AWS service, such as CloudFormation. For more information, see [ IAM JSON policy elements: Condition](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) in the *IAM User Guide*.
+ **Use IAM Access Analyzer to validate your IAM policies to ensure secure and functional permissions** – IAM Access Analyzer validates new and existing policies so that the policies adhere to the IAM policy language (JSON) and IAM best practices. IAM Access Analyzer provides more than 100 policy checks and actionable recommendations to help you author secure and functional policies. For more information, see [Validate policies with IAM Access Analyzer](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html) in the *IAM User Guide*.
+ **Require multi-factor authentication (MFA)** – If you have a scenario that requires IAM users or a root user in your AWS account, turn on MFA for additional security. To require MFA when API operations are called, add MFA conditions to your policies. For more information, see [ Secure API access with MFA](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html) in the *IAM User Guide*.
For more information about best practices in IAM, see [Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) in the *IAM User Guide*.
## Using the SageMaker AI console
To access the Amazon SageMaker AI console, you must have a minimum set of permissions. These permissions must allow you to list and view details about the SageMaker AI resources in your AWS account. If you create an identity-based policy more restrictive than the minimum required permissions, the console won't function properly for entities with that policy. This include users or roles with that policy.
To ensure that those entities can still use the SageMaker AI console, you must also attach the following AWS managed policy to the entities. For more information, see [Adding Permissions to a User](https://docs.aws.amazon.com/service-authorization/latest/reference/id_users_change-permissions.html#users_change_permissions-add-console) in the *Service Authorization Reference*:
You don't need to allow minimum console permissions for users that are making calls only to the AWS CLI or the AWS API. Instead, allow access to only the actions that match the API operation that you're trying to perform.
**Topics**
+ [
### Permissions required to use the Amazon SageMaker AI console
](#console-permissions)
+ [
### Permissions required to use the Amazon SageMaker Ground Truth console
](#groundtruth-console-policy)
+ [
### Permissions required to use the Amazon Augmented AI (Preview) console
](#amazon-augmented-ai-console-policy)
### Permissions required to use the Amazon SageMaker AI console
The permissions reference table lists the Amazon SageMaker AI API operations and shows the required permissions for each operation. For more information about Amazon SageMaker AI API operations, see [Amazon SageMaker AI API Permissions: Actions, Permissions, and Resources Reference](api-permissions-reference.md).
To use the Amazon SageMaker AI console, you need to grant permissions for additional actions. Specifically, the console needs permissions that allow the `ec2` actions to display subnets, VPCs, and security groups. Optionally, the console needs permission to create *execution roles* for tasks such as `CreateNotebook`, `CreateTrainingJob`, and `CreateModel`. Grant these permissions with the following permissions policy:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "SageMakerApis",
"Effect": "Allow",
"Action": [
"sagemaker:*"
],
"Resource": "*"
},
{
"Sid": "VpcConfigurationForCreateForms",
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
},
{
"Sid":"KmsKeysForCreateForms",
"Effect":"Allow",
"Action":[
"kms:DescribeKey",
"kms:ListAliases"
],
"Resource":"*"
},
{
"Sid": "AccessAwsMarketplaceSubscriptions",
"Effect": "Allow",
"Action": [
"aws-marketplace:ViewSubscriptions"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"codecommit:BatchGetRepositories",
"codecommit:CreateRepository",
"codecommit:GetRepository",
"codecommit:ListRepositories",
"codecommit:ListBranches",
"secretsmanager:CreateSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecrets"
],
"Resource": "*"
},
{
"Sid":"ListAndCreateExecutionRoles",
"Effect":"Allow",
"Action":[
"iam:ListRoles",
"iam:CreateRole",
"iam:CreatePolicy",
"iam:AttachRolePolicy"
],
"Resource":"*"
},
{
"Sid": "DescribeECRMetaData",
"Effect": "Allow",
"Action": [
"ecr:Describe*"
],
"Resource": "*"
},
{
"Sid": "PassRoleForExecutionRoles",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "sagemaker.amazonaws.com"
}
}
}
]
}
```
------
### Permissions required to use the Amazon SageMaker Ground Truth console
To use the Amazon SageMaker Ground Truth console, you need to grant permissions for additional resources. Specifically, the console needs permissions for:
+ the AWS Marketplace to view subscriptions,
+ Amazon Cognito operations to manage your private workforce
+ Amazon S3 actions for access to your input and output files
+ AWS Lambda actions to list and invoke functions
Grant these permissions with the following permissions policy:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "GroundTruthConsole",
"Effect": "Allow",
"Action": [
"aws-marketplace:ViewSubscriptions",
"cognito-idp:AdminAddUserToGroup",
"cognito-idp:AdminCreateUser",
"cognito-idp:AdminDeleteUser",
"cognito-idp:AdminDisableUser",
"cognito-idp:AdminEnableUser",
"cognito-idp:AdminRemoveUserFromGroup",
"cognito-idp:CreateGroup",
"cognito-idp:CreateUserPool",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:CreateUserPoolDomain",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:ListGroups",
"cognito-idp:ListIdentityProviders",
"cognito-idp:ListUsers",
"cognito-idp:ListUsersInGroup",
"cognito-idp:ListUserPoolClients",
"cognito-idp:ListUserPools",
"cognito-idp:UpdateUserPool",
"cognito-idp:UpdateUserPoolClient",
"groundtruthlabeling:DescribeConsoleJob",
"groundtruthlabeling:ListDatasetObjects",
"groundtruthlabeling:RunGenerateManifestByCrawlingJob",
"lambda:InvokeFunction",
"lambda:ListFunctions",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "*"
}
]
}
```
------
### Permissions required to use the Amazon Augmented AI (Preview) console
To use the Augmented AI console, you need to grant permissions for additional resources. Grant these permissions with the following permissions policy:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sagemaker:*Algorithm",
"sagemaker:*Algorithms",
"sagemaker:*App",
"sagemaker:*Apps",
"sagemaker:*AutoMLJob",
"sagemaker:*AutoMLJobs",
"sagemaker:*CodeRepositories",
"sagemaker:*CodeRepository",
"sagemaker:*CompilationJob",
"sagemaker:*CompilationJobs",
"sagemaker:*Endpoint",
"sagemaker:*EndpointConfig",
"sagemaker:*EndpointConfigs",
"sagemaker:*EndpointWeightsAndCapacities",
"sagemaker:*Endpoints",
"sagemaker:*Experiment",
"sagemaker:*Experiments",
"sagemaker:*FlowDefinitions",
"sagemaker:*HumanLoop",
"sagemaker:*HumanLoops",
"sagemaker:*HumanTaskUi",
"sagemaker:*HumanTaskUis",
"sagemaker:*HyperParameterTuningJob",
"sagemaker:*HyperParameterTuningJobs",
"sagemaker:*LabelingJob",
"sagemaker:*LabelingJobs",
"sagemaker:*Metrics",
"sagemaker:*Model",
"sagemaker:*ModelPackage",
"sagemaker:*ModelPackages",
"sagemaker:*Models",
"sagemaker:*MonitoringExecutions",
"sagemaker:*MonitoringSchedule",
"sagemaker:*MonitoringSchedules",
"sagemaker:*NotebookInstance",
"sagemaker:*NotebookInstanceLifecycleConfig",
"sagemaker:*NotebookInstanceLifecycleConfigs",
"sagemaker:*NotebookInstanceUrl",
"sagemaker:*NotebookInstances",
"sagemaker:*ProcessingJob",
"sagemaker:*ProcessingJobs",
"sagemaker:*RenderUiTemplate",
"sagemaker:*Search",
"sagemaker:*SearchSuggestions",
"sagemaker:*Tags",
"sagemaker:*TrainingJob",
"sagemaker:*TrainingJobs",
"sagemaker:*TransformJob",
"sagemaker:*TransformJobs",
"sagemaker:*Trial",
"sagemaker:*TrialComponent",
"sagemaker:*TrialComponents",
"sagemaker:*Trials",
"sagemaker:*Workteam",
"sagemaker:*Workteams"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"sagemaker:*FlowDefinition"
],
"Resource": "*",
"Condition": {
"StringEqualsIfExists": {
"sagemaker:WorkteamType": [
"private-crowd",
"vendor-crowd"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeleteScheduledAction",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:RegisterScalableTarget",
"aws-marketplace:ViewSubscriptions",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:PutMetricData",
"codecommit:BatchGetRepositories",
"codecommit:CreateRepository",
"codecommit:GetRepository",
"codecommit:ListBranches",
"codecommit:ListRepositories",
"cognito-idp:AdminAddUserToGroup",
"cognito-idp:AdminCreateUser",
"cognito-idp:AdminDeleteUser",
"cognito-idp:AdminDisableUser",
"cognito-idp:AdminEnableUser",
"cognito-idp:AdminRemoveUserFromGroup",
"cognito-idp:CreateGroup",
"cognito-idp:CreateUserPool",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:CreateUserPoolDomain",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:ListGroups",
"cognito-idp:ListIdentityProviders",
"cognito-idp:ListUserPoolClients",
"cognito-idp:ListUserPools",
"cognito-idp:ListUsers",
"cognito-idp:ListUsersInGroup",
"cognito-idp:UpdateUserPool",
"cognito-idp:UpdateUserPoolClient",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreateVpcEndpoint",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CreateRepository",
"ecr:Describe*",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"fsx:DescribeFileSystems",
"glue:CreateJob",
"glue:DeleteJob",
"glue:GetJob",
"glue:GetJobRun",
"glue:GetJobRuns",
"glue:GetJobs",
"glue:ResetJobBookmark",
"glue:StartJobRun",
"glue:UpdateJob",
"groundtruthlabeling:*",
"iam:ListRoles",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:ListFunctions",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:PutLogEvents",
"sns:ListTopics"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:DeleteLogDelivery",
"logs:DescribeResourcePolicies",
"logs:GetLogDelivery",
"logs:ListLogDeliveries",
"logs:PutResourcePolicy",
"logs:UpdateLogDelivery"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ecr:SetRepositoryPolicy",
"ecr:CompleteLayerUpload",
"ecr:BatchDeleteImage",
"ecr:UploadLayerPart",
"ecr:DeleteRepositoryPolicy",
"ecr:InitiateLayerUpload",
"ecr:DeleteRepository",
"ecr:PutImage"
],
"Resource": "arn:aws:ecr:*:*:repository/*sagemaker*"
},
{
"Effect": "Allow",
"Action": [
"codecommit:GitPull",
"codecommit:GitPush"
],
"Resource": [
"arn:aws:codecommit:*:*:*sagemaker*",
"arn:aws:codecommit:*:*:*SageMaker*",
"arn:aws:codecommit:*:*:*Sagemaker*"
]
},
{
"Effect": "Allow",
"Action": [
"secretsmanager:ListSecrets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret"
],
"Resource": [
"arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*"
]
},
{
"Effect": "Allow",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"secretsmanager:ResourceTag/SageMaker": "true"
}
}
},
{
"Effect": "Allow",
"Action": [
"robomaker:CreateSimulationApplication",
"robomaker:DescribeSimulationApplication",
"robomaker:DeleteSimulationApplication"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"robomaker:CreateSimulationJob",
"robomaker:DescribeSimulationJob",
"robomaker:CancelSimulationJob"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:GetBucketCors",
"s3:PutBucketCors"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*",
"arn:aws:s3:::*aws-glue*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "*",
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/SageMaker": "true"
}
}
},
{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": [
"arn:aws:lambda:*:*:function:*SageMaker*",
"arn:aws:lambda:*:*:function:*sagemaker*",
"arn:aws:lambda:*:*:function:*Sagemaker*",
"arn:aws:lambda:*:*:function:*LabelingFunction*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "sagemaker.application-autoscaling.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "robomaker.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"sns:Subscribe",
"sns:CreateTopic"
],
"Resource": [
"arn:aws:sns:*:*:*SageMaker*",
"arn:aws:sns:*:*:*Sagemaker*",
"arn:aws:sns:*:*:*sagemaker*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::*:role/*",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"sagemaker.amazonaws.com",
"glue.amazonaws.com",
"robomaker.amazonaws.com",
"states.amazonaws.com"
]
}
}
}
]
}
```
------
## Allow users to view their own permissions
This example shows how you might create a policy that allows IAM users to view the inline and managed policies that are attached to their user identity. This policy includes permissions to complete this action on the console or programmatically using the AWS CLI or AWS API.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ViewOwnUserInfo",
"Effect": "Allow",
"Action": [
"iam:GetUserPolicy",
"iam:ListGroupsForUser",
"iam:ListAttachedUserPolicies",
"iam:ListUserPolicies",
"iam:GetUser"
],
"Resource": ["arn:aws:iam::*:user/${aws:username}"]
},
{
"Sid": "NavigateInConsole",
"Effect": "Allow",
"Action": [
"iam:GetGroupPolicy",
"iam:GetPolicyVersion",
"iam:GetPolicy",
"iam:ListAttachedGroupPolicies",
"iam:ListGroupPolicies",
"iam:ListPolicyVersions",
"iam:ListPolicies",
"iam:ListUsers"
],
"Resource": "*"
}
]
}
```
## Control creation of SageMaker AI resources with condition keys
Control fine-grained access to allow the creation of SageMaker AI resources by using SageMaker AI-specific condition keys. For information about using condition keys in IAM policies, see [IAM JSON Policy Elements: Condition](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_elements_condition.html) in the *IAM User Guide*.
The condition keys, related API actions, and links to relevant documentation are listed in [Condition Keys for SageMaker AI](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemaker.html#amazonsagemaker-policy-keys) in the *Service Authorization Reference*.
The following examples show how to use the SageMaker AI condition keys to control access.
**Topics**
+ [
### Control access to SageMaker AI resources by using file system condition keys
](#access-fs-condition-keys)
+ [
### Restrict training to a specific VPC
](#sagemaker-condition-vpc)
+ [
### Restrict access to workforce types for Ground Truth labeling jobs and Amazon A2I Human Review workflows
](#sagemaker-condition-keys-labeling)
+ [
### Enforce encryption of input data
](#sagemaker-condition-kms)
+ [
### Enforce network isolation for training jobs
](#sagemaker-condition-isolation)
+ [
### Enforce a specific instance type for training jobs
](#sagemaker-condition-instance)
+ [
### Enforce disabling internet access and root access for creating notebook instances
](#sagemaker-condition-nbi-lockdown)
### Control access to SageMaker AI resources by using file system condition keys
SageMaker AI training provides a secure infrastructure for the training algorithm to run in, but for some cases you may want increased defense in depth. For example, you minimize the risk of running untrusted code in your algorithm, or you have specific security mandates in your organization. For these scenarios, you can use the service-specific condition keys in the Condition element of an IAM policy to scope down the user to:
+ specific file systems
+ directories
+ access modes (read-write, read-only)
+ security groups
**Topics**
+ [
#### Restrict an IAM user to specific directories and access modes
](#access-fs-condition-keys-ex-dirs)
+ [
#### Restrict a user to a specific file system
](#access-fs-condition-keys-ex-fs)
#### Restrict an IAM user to specific directories and access modes
The following policy restricts a user to the `/sagemaker/xgboost-dm/train` and `/sagemaker/xgboost-dm/validation` directories of an EFS file system to `ro` (read-only) AccessMode:
**Note**
When a directory is allowed, all of its subdirectories are also accessible by the training algorithm. POSIX permissions are ignored.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AccessToElasticFileSystem",
"Effect": "Allow",
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateHyperParameterTuningJob"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:FileSystemId": "fs-12345678",
"sagemaker:FileSystemAccessMode": "ro",
"sagemaker:FileSystemType": "EFS",
"sagemaker:FileSystemDirectoryPath": "/sagemaker/xgboost-dm/train"
}
}
},
{
"Sid": "AccessToElasticFileSystemValidation",
"Effect": "Allow",
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateHyperParameterTuningJob"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:FileSystemId": "fs-12345678",
"sagemaker:FileSystemAccessMode": "ro",
"sagemaker:FileSystemType": "EFS",
"sagemaker:FileSystemDirectoryPath": "/sagemaker/xgboost-dm/validation"
}
}
}
]
}
```
------
#### Restrict a user to a specific file system
To prevent a malicious algorithm using a user space client from accessing any file system directly in your account, you can restrict networking traffic. To restrict this traffic, allow ingress only from a specific security group. In the following example, the user can only use the specified security group to access the file system:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AccessToLustreFileSystem",
"Effect": "Allow",
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateHyperParameterTuningJob"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:FileSystemId": "fs-12345678",
"sagemaker:FileSystemAccessMode": "ro",
"sagemaker:FileSystemType": "FSxLustre",
"sagemaker:FileSystemDirectoryPath": "/fsx/sagemaker/xgboost/train"
},
"ForAllValues:StringEquals": {
"sagemaker:VpcSecurityGroupIds": [
"sg-12345678"
]
}
}
}
]
}
```
------
This example can restrict an algorithm to a specific file system. However, it does not prevent an algorithm from accessing any directory within that file system using the user space client. To mitigate this, you can:
+ Ensure that the file system only contains data that you trust your users to access
+ Create an IAM role that restricts your users to launching training jobs with algorithms from approved ECR repositories
For more information on how to use roles with SageMaker AI, see [SageMaker AI Roles](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html).
### Restrict training to a specific VPC
Restrict an AWS user to creating training jobs from within a Amazon VPC. When a training job is created within a VPC, use VPC flow logs to monitor all traffic to and from the training cluster. For information about using VPC flow logs, see [VPC Flow Logs](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html) in the *Amazon Virtual Private Cloud User Guide*.
The following policy enforces that a training job is created by a user calling [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html) from within a VPC:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowFromVpc",
"Effect": "Allow",
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateHyperParameterTuningJob"
],
"Resource": "*",
"Condition": {
"ForAllValues:StringEquals": {
"sagemaker:VpcSubnets": ["subnet-a1234"],
"sagemaker:VpcSecurityGroupIds": ["sg12345", "sg-67890"]
},
"Null": {
"sagemaker:VpcSubnets": "false",
"sagemaker:VpcSecurityGroupIds": "false"
}
}
}
]
}
```
------
### Restrict access to workforce types for Ground Truth labeling jobs and Amazon A2I Human Review workflows
Amazon SageMaker Ground Truth and Amazon Augmented AI work teams fall into one of three [workforce types](https://docs.aws.amazon.com/sagemaker/latest/dg/sms-workforce-management.html):
+ public (with Amazon Mechanical Turk)
+ private
+ vendor
You can restrict user access to a specific work team using one of these types or the work team ARN. To do so, use the `sagemaker:WorkteamType` and/or the `sagemaker:WorkteamArn` condition keys. For the `sagemaker:WorkteamType` condition key, use [string condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String). For the `sagemaker:WorkteamArn` condition key, use [Amazon Resource Name (ARN) condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_ARN). If the user attempts to create a labeling job with a restricted work team, SageMaker AI returns an access denied error.
The following policies show different ways to use the `sagemaker:WorkteamType` and `sagemaker:WorkteamArn` condition keys with appropriate condition operators and valid condition values.
The following example uses the `sagemaker:WorkteamType` condition key with the `StringEquals` condition operator to restrict access to a public work team. It accepts condition values in the following format: `workforcetype-crowd`, where *workforcetype* can equal `public`, `private`, or `vendor`.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "RestrictWorkteamType",
"Effect": "Deny",
"Action": "sagemaker:CreateLabelingJob",
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:WorkteamType": "public-crowd"
}
}
}
]
}
```
------
The following policies show how to restrict access to a public work team using the `sagemaker:WorkteamArn` condition key. The first shows how to use it with a valid IAM regex-variant of the work team ARN and the `ArnLike` condition operator. The second shows how to use it with the `ArnEquals` condition operator and the work team ARN.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "RestrictWorkteamType",
"Effect": "Deny",
"Action": "sagemaker:CreateLabelingJob",
"Resource": "*",
"Condition": {
"ArnLike": {
"sagemaker:WorkteamArn": "arn:aws:sagemaker:*:*:workteam/public-crowd/*"
}
}
}
]
}
```
------
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "RestrictWorkteamType",
"Effect": "Deny",
"Action": "sagemaker:CreateLabelingJob",
"Resource": "*",
"Condition": {
"ArnEquals": {
"sagemaker:WorkteamArn": "arn:aws:sagemaker:us-west-2:394669845002:workteam/public-crowd/default"
}
}
}
]
}
```
------
### Enforce encryption of input data
The following policy restricts a user to specify a AWS KMS key to encrypt input data using the `sagemaker:VolumeKmsKey` condition key when creating:
+ training
+ hyperparameter tuning
+ labeling jobs
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnforceEncryption",
"Effect": "Allow",
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateHyperParameterTuningJob",
"sagemaker:CreateLabelingJob",
"sagemaker:CreateFlowDefinition"
],
"Resource": "*",
"Condition": {
"ArnEquals": {
"sagemaker:VolumeKmsKey": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
}
}
]
}
```
------
### Enforce network isolation for training jobs
The following policy restricts a user to enable network isolation when creating training jobs by using the `sagemaker:NetworkIsolation` condition key:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnforceIsolation",
"Effect": "Allow",
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateHyperParameterTuningJob"
],
"Resource": "*",
"Condition": {
"Bool": {
"sagemaker:NetworkIsolation": "true"
}
}
}
]
}
```
------
### Enforce a specific instance type for training jobs
The following policy restricts a user to use a specific instance type when creating training jobs by using the `sagemaker:InstanceTypes` condition key:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnforceInstanceType",
"Effect": "Allow",
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateHyperParameterTuningJob"
],
"Resource": "*",
"Condition": {
"ForAllValues:StringLike": {
"sagemaker:InstanceTypes": ["ml.c5.*"]
}
}
}
]
}
```
------
### Enforce disabling internet access and root access for creating notebook instances
You can disable both internet access and root access to notebook instances to help make them more secure. For information about controlling root access to a notebook instance, see [Control root access to a SageMaker notebook instance](nbi-root-access.md). For information about disabling internet access for a notebook instance, see [Connect a Notebook Instance in a VPC to External Resources](appendix-notebook-and-internet-access.md).
The following policy requires a user to disable network access when creating instance, and disable root access when creating or updating a notebook instance.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "LockDownCreateNotebookInstance",
"Effect": "Allow",
"Action": [
"sagemaker:CreateNotebookInstance"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:DirectInternetAccess": "Disabled",
"sagemaker:RootAccess": "Disabled"
},
"Null": {
"sagemaker:VpcSubnets": "false",
"sagemaker:VpcSecurityGroupIds": "false"
}
}
},
{
"Sid": "LockDownUpdateNotebookInstance",
"Effect": "Allow",
"Action": [
"sagemaker:UpdateNotebookInstance"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:RootAccess": "Disabled"
}
}
}
]
}
```
------
## Control access to the SageMaker AI API by using identity-based policies
To control access to SageMaker AI API calls and calls to SageMaker AI hosted endpoints, use identity-based IAM policies.
**Topics**
+ [
### Restrict access to SageMaker AI API and runtime to calls from within your VPC
](#api-access-policy-vpc)
### Restrict access to SageMaker AI API and runtime to calls from within your VPC
If you set up an interface endpoint in your VPC, individuals outside the VPC can connect to the SageMaker AI API and runtime over the internet. To prevent this, attach an IAM policy that restricts access to calls coming from within the VPC. These calls must be restricted to all users and groups that have access to your SageMaker AI resources. For information about creating a VPC interface endpoint for the SageMaker AI API and runtime, see [Connect to SageMaker AI Within your VPC](interface-vpc-endpoint.md).
**Important**
If you apply an IAM policy similar to one of the following, users can't access the specified SageMaker AI APIs through the console.
To restrict access to only connections made from within your VPC, create an AWS Identity and Access Management policy that restricts access. This access must be restricted to only calls that come from within your VPC. Then add that policy to every AWS Identity and Access Management user, group, or role used to access the SageMaker AI API or runtime.
**Note**
This policy allows connections only to callers within a subnet where you created an interface endpoint.
------
#### [ JSON ]
****
```
{
"Id": "api-example-1",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnableAPIAccess",
"Effect": "Allow",
"Action": [
"sagemaker:*"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:SourceVpc": "vpc-111bbaaa"
}
}
}
]
}
```
------
To restrict access to the API to only calls made using the interface endpoint, use the `aws:SourceVpce` condition key instead of `aws:SourceVpc`:
------
#### [ JSON ]
****
```
{
"Id": "api-example-1",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnableAPIAccess",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedNotebookInstanceUrl"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:sourceVpce": [
"vpce-111bbccc",
"vpce-111bbddd"
]
}
}
}
]
}
```
------
## Limit access to SageMaker AI API and runtime calls by IP address
You can allow access to SageMaker AI API calls and runtime invocations only from IP addresses in a list that you specify. To do so, create an IAM policy that denies access to the API unless the call comes from an IP address in the list. Then attach that policy to every AWS Identity and Access Management user, group, or role used to access the API or runtime. For information about creating IAM policies, see [Creating IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *AWS Identity and Access Management User Guide*.
To specify the list of IP addresses that have access to the API call, use the:
+ `IpAddress` condition operator
+ `aws:SourceIP` condition context key
For information about IAM condition operators, see [IAM JSON Policy Elements: Condition Operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) in the *AWS Identity and Access Management User Guide*. For information about IAM condition context keys, see [AWS Global Condition Context Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html).
For example, the following policy allows access to the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html) only from IP addresses in the ranges `192.0.2.0`-`192.0.2.255` and `203.0.113.0`-`203.0.113.255`:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sagemaker:CreateTrainingJob",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.0.2.0/24",
"203.0.113.0/24"
]
}
}
}
]
}
```
------
## Limit access to a notebook instance by IP address
You can allow access to a notebook instance only from IP addresses in a list that you specify. To do so, create an IAM policy that denies access to [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html) unless the call comes from an IP address in the list. Then, attach this policy to every AWS Identity and Access Management user, group, or role used to access the notebook instance. For information about creating IAM policies, see [Creating IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *AWS Identity and Access Management User Guide*.
To specify the list of IP addresses that you want to have access to the notebook instance, use the:
+ `IpAddress` condition operator
+ `aws:SourceIP` condition context key
For information about IAM condition operators, see [IAM JSON Policy Elements: Condition Operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) in the *AWS Identity and Access Management User Guide*. For information about IAM condition context keys, see [AWS Global Condition Context Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html).
For example, the following policy allows access to a notebook instance only from IP addresses in the ranges `192.0.2.0`-`192.0.2.255` and `203.0.113.0`-`203.0.113.255`:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sagemaker:CreatePresignedNotebookInstanceUrl",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.0.2.0/24",
"203.0.113.0/24"
]
}
}
}
]
}
```
------
The policy restricts access to both the call to `CreatePresignedNotebookInstanceUrl` and to the URL that the call returns. The policy also restricts access to opening a notebook instance in the console. It is enforced for every HTTP request and WebSocket frame that attempts to connect to the notebook instance.
**Note**
Using this method to filter by IP address is incompatible when [connecting to SageMaker AI through a VPC interface endpoint.](https://docs.aws.amazon.com/sagemaker/latest/dg/interface-vpc-endpoint.html). For information about restricting access to a notebook instance when connecting through a VPC interface endpoint, see [Connect to a Notebook Instance Through a VPC Interface Endpoint](notebook-interface-endpoint.md).
## Control access to SageMaker AI resources by using tags
Specify tags within an IAM policy to control access to groups of SageMaker AI resources. Use tags to implement attribute based access control (ABAC). Using tags helps you partition access to resources to specific groups of users. You can have one team with access to one group of resources and a different team with access to another set of resources. You can provide `ResourceTag` conditions in IAM policies to provide access for each group.
**Note**
Tag-based policies don't work to restrict the following API calls:
DeleteImageVersion
DescribeImageVersion
ListAlgorithms
ListCodeRepositories
ListCompilationJobs
ListEndpointConfigs
ListEndpoints
ListFlowDefinitions
ListHumanTaskUis
ListHyperparameterTuningJobs
ListLabelingJobs
ListLabelingJobsForWorkteam
ListModelPackages
ListModels
ListNotebookInstanceLifecycleConfigs
ListNotebookInstances
ListSubscribedWorkteams
ListTags
ListProcessingJobs
ListTrainingJobs
ListTrainingJobsForHyperParameterTuningJob
ListTransformJobs
ListWorkteams
Search
A simple example can help you understand how you can use tags to partition resources. Suppose that you've defined two different IAM groups, named `DevTeam1` and `DevTeam2`, in your AWS account. You've created 10 notebook instances as well. You're using 5 of the notebook instances for one project. You're using the other 5 for a second project. You can provide `DevTeam1` with permissions to make API calls on the notebook instances that you're using for the first project. You can provide `DevTeam2` to make API calls on notebook instances used for the second project.
The following procedure provides a simple example that helps you understand the concept of adding tags. You can use it to implement the solution described in the preceding paragraph.
**To control access to API calls (example)**
1. Add a tag with the key `Project` and value `A` to the notebook instances used for the first project. For information about adding tags to SageMaker AI resources, see [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_AddTags.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_AddTags.html).
1. Add a tag with the key `Project` and value `B` to the notebook instances used for the second project.
1. Create an IAM policy with a `ResourceTag` condition that denies access to the notebook instances used for the second project. Then, attach that policy to `DevTeam1`. The following example policy denies all API calls on any notebook instance with a tag with a key of `Project` and a value of `B`:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sagemaker:*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "sagemaker:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:ResourceTag/Project": "B"
}
}
},
{
"Effect": "Deny",
"Action": [
"sagemaker:AddTags",
"sagemaker:DeleteTags"
],
"Resource": "*"
}
]
}
```
------
For information about creating IAM policies and attaching them to identities, see [Controlling Access Using Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_controlling.html) in the *AWS Identity and Access Management User Guide*.
1. Create an IAM policy with a `ResourceTag` condition that denies access to the notebook instances used for the first project. Then, attach that policy to `DevTeam2`. The following example policy denies all API calls on any notebook instance with a tag with a key of `Project` and a value of `A`:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sagemaker:*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "sagemaker:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:ResourceTag/Project": "A"
}
}
},
{
"Effect": "Deny",
"Action": [
"sagemaker:AddTags",
"sagemaker:DeleteTags"
],
"Resource": "*"
}
]
}
```
------
## Provide permissions for tagging SageMaker AI resources
[Tags](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/what-are-tags.html) are metadata labels that you can attach to certain AWS resources. A tag consists of a key-value pair that provides a flexible way to annotate resources with metadata attributes for various [tagging use cases](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-use-cases.html) including:
+ search
+ security
+ [cost attribution](https://docs.aws.amazon.com/whitepapers/latest/sagemaker-studio-admin-best-practices/cost-attribution.html)
+ access control
+ automation
They can be used in permissions and policies, service quotas, and integrations with other AWS services. Tags can be user-defined or AWS generated when creating resources. This depends on whether a user manually specifies custom tags or an AWS service automatically generates a tag.
+ *User-defined tags* in SageMaker AI: Users can add tags when they create SageMaker AI resources using SageMaker SDKs, the AWS CLI CLI, SageMaker APIs, SageMaker AI Console, or CloudFormation templates.
**Note**
User-defined tags can be overridden if a resource is later updated and the tag value is changed or replaced. For example, a training job created with \$1Team: A\$1 could be improperly updated and retagged as \$1Team: B\$1. As a result, the allowed permissions may be improperly assigned. Therefore, care should be given when allowing users or groups to add tags, as they may be able to override existing tag values. It's best practice to tightly scope tag permissions and use IAM conditions to control tagging abilities.
+ *AWS generated tags* in SageMaker AI: SageMaker AI automatically tags certain resources it creates. For example, Studio and Studio Classic automatically assign the `sagemaker:domain-arn` tag to SageMaker AI resources that they create. Tagging new resources with the domain ARN provides traceability into how SageMaker AI resources such as training jobs, models, and endpoints originate. For finer control and tracking, new resources receive additional tags such as:
+ `sagemaker:user-profile-arn` - The ARN of the user profile that created the resource. This allows tracking resources created by specific users.
+ `sagemaker:space-arn` - The ARN of the space in which the resource was created. This allows grouping and isolating resources per space.
**Note**
AWS generated tags cannot be changed by users.
For general information on tagging AWS resources and best practices, see [Tagging your AWS resources](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html). For information on the main tagging use cases, see [Tagging use cases](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-use-cases.html).
### Grant permission to add tags when creating SageMaker AI resources
You can allow users (*User-defined tags*) or Studio and Studio Classic (*AWS generated tags*) to add tags on new SageMaker AI resources at creation time. To do so, their IAM permissions must include both:
+ The base SageMaker AI create permission for that resource type.
+ The `sagemaker:AddTags` permission.
For example, allowing a user to create a SageMaker training job and tag it would require granting permissions for `sagemaker:CreateTrainingJob` and `sagemaker:AddTags`.
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker AI resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources.
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker AI resources already include permissions to add tags while creating those resources.
Administrators attach these IAM permissions to either:
+ AWS IAM roles assigned to the user for user-defined tags
+ the execution role used by Studio or Studio Classic for AWS generated tags
For instructions on creating and applying custom IAM policies, see [Creating IAM policies (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html).
**Note**
The list of SageMaker AI resource create operations can be found in the [SageMaker API documentation](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_Operations_Amazon_SageMaker_Service.html) by searching for actions beginning with `Create`. These create actions, such as `CreateTrainingJob` and `CreateEndpoint`, are the operations that create new SageMaker AI resources.
**Add tag permissions to certain create actions **
You grant the `sagemaker:AddTags` permission with constraints by attaching an additional IAM policy to the original resource creation policy. The following example policy allows `sagemaker:AddTags`, but restricts it to only certain SageMaker AI resource create actions such as `CreateTrainingJob`.
```
{
"Sid": "AllowAddTagsForCreateOperations",
"Effect": "Allow",
"Action": [
"sagemaker:AddTags"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:TaggingAction": "CreateTrainingJob"
}
}
}
```
The policy condition limits `sagemaker:AddTags` to being used alongside specific create actions. In this approach, the create permission policy remains intact while an extra policy provides restricted `sagemaker:AddTags` access. The condition prevents blanket `sagemaker:AddTags` permission by scoping it narrowly to creation actions that need tagging. This implements least privilege for `sagemaker:AddTags` by only permitting it for specific SageMaker AI resource creation use cases.
**Example: Allow tag permission globally and restrict create actions to a domain**
In this example of a custom IAM policy, the first two statements illustrate using tags to track resource creation. It allows the `sagemaker:CreateModel` action on all resources and tagging of those resources when that action is used. The third statement demonstrates how tag values can be used to control operations on resources. In this case, it prevents creating any SageMaker AI resources tagged with a specific domain ARN, restricting access based on the tag value.
In particular:
+ The first statement allows the `CreateModel` action on any resource (`*`).
+ The second statement allows the `sagemaker:AddTags` action, but only when the `sagemaker:TaggingAction` condition key equals `CreateModel`. This restricts the `sagemaker:AddTags` action to only when it's being used to tag a newly created model.
+ The third statement denies any SageMaker AI create action (`Create*`) on any resource (`*`), but only when the resource has a tag `sagemaker:domain-arn` equal to a specific domain ARN, `domain-arn`.
```
{
"Statement":[
{
"Effect":"Allow",
"Action":[
"sagemaker:CreateModel"
],
"Resource":"*"
},
{
"Effect":"Allow",
"Action":[
"sagemaker:AddTags"
],
"Resource":"*",
"Condition":{
"String":{
"sagemaker:TaggingAction":[
"CreateModel"
]
}
}
},
{
"Sid":"IsolateDomain",
"Effect":"Deny",
"Resource":"*",
"Action":[
"sagemaker:Create*"
],
"Condition":{
"StringEquals":{
"aws:ResourceTag/sagemaker:domain-arn":"domain-arn"
}
}
}
]
}
```
## Limit access to searchable resources with visibility conditions
Use visibility conditions to limit the access of your users to specific tagged resources within an AWS account. Your users can access only those resources for which they have permissions. When your users are searching through their resources, they can limit the search results to specific resources.
You might want your users to only see and interact with the resources associated with specific Amazon SageMaker Studio or Amazon SageMaker Studio Classic domains. You can use visibility conditions to limit their access to a single domain or multiple domains.
```
{
"Sid": "SageMakerApis",
"Effect": "Allow",
"Action": "sagemaker:Search",
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:SearchVisibilityCondition/Tags.sagemaker:example-domain-arn/EqualsIfExists": "arn:aws:sagemaker:AWS Region:111122223333:domain/example-domain-1",
"sagemaker:SearchVisibilityCondition/Tags.sagemaker:example-domain-arn/EqualsIfExists": "arn:aws:sagemaker:AWS Region:111122223333:domain/example-domain-2"
}
}
}
```
The general format of a visibility condition is `"sagemaker:SearchVisibilityCondition/Tags.key": "value"`. You can provide the key-value pair for any tagged resource.
```
{
"MaxResults": number,
"NextToken": "string",
"Resource": "string", # Required Parameter
"SearchExpression": {
"Filters": [
{
"Name": "string",
"Operator": "string",
"Value": "string"
}
],
"NestedFilters": [
{
"Filters": [
{
"Name": "string",
"Operator": "string",
"Value": "string"
}
],
"NestedPropertyName": "string"
}
],
"Operator": "string",
"SubExpressions": [
"SearchExpression"
]
},
"IsCrossAccount": "string",
"VisibilityConditions" : [ List of conditions for visibility
{"Key": "Tags.sagemaker:example-domain-arn", "Value": "arn:aws:sagemaker:AWS Region:111122223333:domain/example-domain-1"},
{"Key": "Tags.sagemaker:example-domain-arn", "Value": "arn:aws:sagemaker:AWS Region:111122223333:domain/example-domain-2"}
]
],
"SortBy": "string",
"SortOrder": "string"
}
```
The visibility condition within uses the same `"sagemaker:SearchVisibilityCondition/Tags.key": "value"` formatting specified in the policy. Your users can specify the key-value pairs used for any tagged resource.
If a user includes the `VisibilityConditions` parameter in their [Search](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_Search.html) request, but the access policy that applies to that user doesn't contain any matching conditions keys that were specified in `VisibilityConditions`, the `Search` request is still allowed and will run.
If a `VisibilityConditions` parameter is not specified in the user's [Search](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_Search.html) API request, but the access policy that applies to that user contains condition keys related to `VisibilityConditions`, that user's `Search` request is denied.
# Cross-service confused deputy prevention
The [confused deputy problem](https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy) is a security issue where an entity that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. In AWS, the confused deputy problem can arise due to cross-service impersonation. Cross-service impersonation can occur when one service (the *calling service*) invokes another service (the *called service*) and leverages the called service's elevated permissions to act on resources the calling service has no authorization to access. To prevent unauthorized access through the confused deputy problem, AWS provides tools to help secure your data across services. These tools help you control the permissions granted to service principals, limiting their access to only the resources in your account that are required. By carefully managing the access privileges of service principals, you can help mitigate the risk of services improperly accessing data or resources to which they should not have permissions.
Read on for general guidance or navigate to an example for a specific SageMaker AI feature:
**Topics**
+ [
## Limit Permissions With Global Condition Keys
](#security-confused-deputy-context-keys)
+ [
## SageMaker Edge Manager
](#security-confused-deputy-edge-manager)
+ [
## SageMaker Images
](#security-confused-deputy-images)
+ [
## SageMaker AI Inference
](#security-confused-deputy-inference)
+ [
## SageMaker AI Batch Transform Jobs
](#security-confused-deputy-batch)
+ [
## SageMaker AI Marketplace
](#security-confused-deputy-marketplace)
+ [
## SageMaker Neo
](#security-confused-deputy-neo)
+ [
## SageMaker Pipelines
](#security-confused-deputy-pipelines)
+ [
## SageMaker Processing Jobs
](#security-confused-deputy-processing-job)
+ [
## SageMaker Studio
](#security-confused-deputy-studio)
+ [
## SageMaker Training Jobs
](#security-confused-deputy-training-job)
## Limit Permissions With Global Condition Keys
We recommend using the `[aws:SourceArn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn)` and `[aws:SourceAccount](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount)` global condition keys in resource policies to limit the permissions to the resource that Amazon SageMaker AI gives another service. If you use both global condition keys and the `aws:SourceArn` value contains the account ID, the `aws:SourceAccount` value and the account in the `aws:SourceArn` value must use the same account ID when used in the same policy statement. Use `aws:SourceArn` if you want only one resource to be associated with the cross-service access. Use `aws:SourceAccount` if you want to allow any resource in that account to be associated with the cross-service use.
The most effective way to protect against the confused deputy problem is to use the `aws:SourceArn` global condition key with the full ARN of the resource. If you don't know the full ARN of the resource or if you are specifying multiple resources, use the `aws:SourceArn` global condition key with wildcards (`*`) for the unknown portions of the ARN. For example, `arn:aws:sagemaker:*:123456789012:*`.
The following example shows how you can use the `aws:SourceArn` and `aws:SourceAccount` global condition keys in SageMaker AI to prevent the confused deputy problem.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": {
"Sid": "ConfusedDeputyPreventionExamplePolicy",
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sagemaker:StartSession",
"Resource": "arn:aws:sagemaker:us-east-1:123456789012:ResourceName/*",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-east-1:123456789012:*"
},
"StringEquals": {
"aws:SourceAccount": "123456789012"
}
}
}
}
```
------
## SageMaker Edge Manager
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for SageMaker Edge Manager created by account number *123456789012* in the *us-west-2* Region.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": { "Service": "sagemaker.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-west-2:123456789012:*"
}
}
}
}
```
------
You can replace the `aws:SourceArn` in this template with the full ARN of one specific packaging job to further limit permissions.
## SageMaker Images
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for [SageMaker Images](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-byoi.html). Use this template with either `[Image](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_Image.html)` or `[ImageVersion](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ImageVersion.html)`. This example uses an `ImageVersion` record ARN with the account number *123456789012*. Note that because the account number is part of the `aws:SourceArn` value, you do not need to specify an `aws:SourceAccount` value.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-east-2:123456789012:image-version/*"
}
}
}
}
```
------
Do not replace the `aws:SourceArn` in this template with the full ARN of a specific image or image version. The ARN must be in the format provided above and specify either `image` or `image-version`. The `partition` placeholder should designate either an AWS commercial partition (`aws`) or an AWS in China partition (`aws-cn`), depending on where the image or image version is running. Similarly, the `region` placeholder in the ARN can be any [valid Region](https://docs.aws.amazon.com/sagemaker/latest/dg/regions-quotas.html) where SageMaker images are available.
## SageMaker AI Inference
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for SageMaker AI [real-time](https://docs.aws.amazon.com/sagemaker/latest/dg/realtime-endpoints), [serverless](https://docs.aws.amazon.com/sagemaker/latest/dg/serverless-endpoints), and [asynchronous](https://docs.aws.amazon.com/sagemaker/latest/dg/async-inference) inference. Note that because the account number is part of the `aws:SourceArn` value, you do not need to specify an `aws:SourceAccount` value.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": { "Service": "sagemaker.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-west-2:123456789012:*"
}
}
}
}
```
------
Do not replace the `aws:SourceArn` in this template with the full ARN of a specific model or endpoint. The ARN must be in the format provided above. The asterisk in the ARN template does not stand for wildcard and should not be changed.
## SageMaker AI Batch Transform Jobs
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for SageMaker AI [batch transform jobs](https://docs.aws.amazon.com/sagemaker/latest/dg/batch-transform.html) created by account number *123456789012* in the *us-west-2* Region. Note that because the account number is in the ARN, you do not need to specify an `aws:SourceAccount` value.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-west-2:123456789012:transform-job/*"
}
}
}
]
}
```
------
You can replace the `aws:SourceArn` in this template with the full ARN of one specific batch transform job to further limit permissions.
## SageMaker AI Marketplace
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for SageMaker AI Marketplace resources created by account number *123456789012* in the *us-west-2* Region. Note that because the account number is in the ARN, you do not need to specify an `aws:SourceAccount` value.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-west-2:123456789012:*"
}
}
}
]
}
```
------
Do not replace the `aws:SourceArn` in this template with the full ARN of a specific algorithm or model package. The ARN must be in the format provided above. The asterisk in the ARN template does stand for wildcard and covers all training jobs, models, and batch transform jobs from validation steps, as well as algorithm and model packages published to SageMaker AI Marketplace.
## SageMaker Neo
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for SageMaker Neo compilation jobs created by account number *123456789012* in the *us-west-2* Region. Note that because the account number is in the ARN, you do not need to specify an `aws:SourceAccount` value.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-west-2:123456789012:compilation-job/*"
}
}
}
]
}
```
------
You can replace the `aws:SourceArn` in this template with the full ARN of one specific compilation job to further limit permissions.
## SageMaker Pipelines
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for [SageMaker Pipelines](https://docs.aws.amazon.com/sagemaker/latest/dg/pipelines-overview.html) using pipeline execution records from one or more pipelines. Note that because the account number is in the ARN, you do not need to specify an `aws:SourceAccount` value.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-east-1:123456789012:pipeline/mypipeline/*"
}
}
}
]
}
```
------
Do not replace the `aws:SourceArn` in this template with the full ARN of a specific pipeline execution. The ARN must be in the format provided above. The `partition` placeholder should designate either an AWS commercial partition (`aws`) or an AWS in China partition (`aws-cn`), depending on where the pipeline is running. Similarly, the `region` placeholder in the ARN can be any [valid Region](https://docs.aws.amazon.com/sagemaker/latest/dg/regions-quotas.html) where SageMaker Pipelines is available.
The asterisk in the ARN template does stand for wildcard and covers all pipeline executions of a pipeline named `mypipeline`. If you want to allow the `AssumeRole` permissions for all pipelines in account `123456789012` rather than one specific pipeline, then the `aws:SourceArn` would be `arn:aws:sagemaker:*:123456789012:pipeline/*`.
## SageMaker Processing Jobs
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for SageMaker Processing jobs created by account number *123456789012* in the *us-west-2* Region. Note that because the account number is in the ARN, you do not need to specify an `aws:SourceAccount` value.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-west-2:123456789012:processing-job/*"
}
}
}
]
}
```
------
You can replace the `aws:SourceArn` in this template with the full ARN of one specific processing job to further limit permissions.
## SageMaker Studio
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for SageMaker Studio created by account number *123456789012* in the *us-west-2* Region. Note that because the account number is part of the `aws:SourceArn` value, you do not need to specify an `aws:SourceAccount` value.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-west-2:123456789012:*"
}
}
}
]
}
```
------
Do not replace the `aws:SourceArn` in this template with the full ARN of a specific Studio application, user profile, or domain. The ARN must be in the format provided in the previous example. The asterisk in the ARN template does not stand for wildcard and should not be changed.
## SageMaker Training Jobs
The following example shows how you can use the `aws:SourceArn` global condition key to prevent the cross-service confused deputy problem for SageMaker training jobs created by account number *123456789012* in the *us-west-2* Region. Note that because the account number is in the ARN, you do not need to specify an `aws:SourceAccount` value.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sagemaker:us-west-2:123456789012:training-job/*"
}
}
}
]
}
```
------
You can replace the `aws:SourceArn` in this template with the full ARN of one specific training job to further limit permissions.
**Next Up**
For more information on managing execution roles, see [SageMaker AI Roles](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles).
# How to use SageMaker AI execution roles
Amazon SageMaker AI performs operations on your behalf using other AWS services. You must grant SageMaker AI permissions to use these services and the resources they act upon. You grant SageMaker AI these permissions using an AWS Identity and Access Management (IAM) execution role. For more information on IAM roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html).
To create and use an execution role, you can use the following procedures.
## Create execution role
Use the following procedure to create an execution role with the IAM managed policy, `AmazonSageMakerFullAccess`, attached. If your use case requires more granular permissions, use other sections on this page to create an execution role that meets your business needs. You can create an execution role using the SageMaker AI console or the AWS CLI.
**Important**
The IAM managed policy, `AmazonSageMakerFullAccess`, used in the following procedure only grants the execution role permission to perform certain Amazon S3 actions on buckets or objects with `SageMaker`, `Sagemaker`, `sagemaker`, or `aws-glue` in the name. To learn how to add an additional policy to an execution role to grant it access to other Amazon S3 buckets and objects, see [Add Additional Amazon S3 Permissions to a SageMaker AI Execution Role](#sagemaker-roles-get-execution-role-s3).
**Note**
You can create an execution role directly when you create a SageMaker AI domain or a notebook instance.
For information on how to create a SageMaker AI domain, see [Guide to getting set up with Amazon SageMaker AI](gs.md).
For information on how to create a notebook instance, see [Create an Amazon SageMaker Notebook Instance for the tutorial](gs-setup-working-env.md).
**To create a new execution role from the SageMaker AI console**
1. Open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Choose **Roles** and then choose **Create role**.
1. Keep **AWS service** as the **Trusted entity type** and then use the down arrow to find **SageMaker AI** in **Use cases for other AWS services**.
1. Choose **SageMaker AI – Execution** and then choose **Next**.
1. The IAM managed policy, `AmazonSageMakerFullAccess`, is automatically attached to the role. To see the permissions included in this policy, choose the plus (**\$1**) sign next to the policy name. Choose **Next**.
1. Enter a **Role name** and a **Description**.
1. (Optional) Add additional permissions and tags to the role.
1. Choose **Create role**.
1. On the **Roles** section of the IAM console, find the role you just created. If needed, use the text box to search for the role using the role name.
1. On the role summary page, make note of the ARN.
**To create a new execution role from the AWS CLI**
Before you create an execution role using the AWS CLI, make sure to update and configure it by following the instructions in [(Optional) Configure the AWS CLI](gs-set-up.md#gs-cli-prereq), then continue with the instructions in [Custom setup using the AWS CLI](onboard-custom.md#onboard-custom-instructions-cli).
Once you have created an execution role, you can associate it with a SageMaker AI domain, a user profile, or with a Jupyter notebook instance.
+ To learn about how to associate an execution role with an existing SageMaker AI domain, see [Edit domain settings](domain-edit.md).
+ To learn about how to associate an execution role with an existing user profile, see [Add user profiles](domain-user-profile-add.md).
+ To learn about how to associate an execution role with an existing notebook instance, see [Update a Notebook Instance](nbi-update.md).
You can also pass the ARN of an execution role to your API call. For example, using [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable), you can pass the ARN of your execution role to an estimator. In the code sample that follows, we create an estimator using the XGBoost algorithm container and pass the ARN of the execution role as a parameter. For the full example on GitHub, see [Customer Churn Prediction with XGBoost](https://github.com/aws/amazon-sagemaker-examples/blob/89c54681b7e0f83ce137b34b879388cf5960af93/introduction_to_applying_machine_learning/xgboost_customer_churn/xgboost_customer_churn.ipynb).
```
import sagemaker, boto3
from sagemaker import image_uris
sess = sagemaker.Session()
region = sess.boto_region_name
bucket = sess.default_bucket()
prefix = "sagemaker/DEMO-xgboost-churn"
container = sagemaker.image_uris.retrieve("xgboost", region, "1.7-1")
xgb = sagemaker.estimator.Estimator(
container,
execution-role-ARN,
instance_count=1,
instance_type="ml.m4.xlarge",
output_path="s3://{}/{}/output".format(bucket, prefix),
sagemaker_session=sess,
)
...
```
### Add Additional Amazon S3 Permissions to a SageMaker AI Execution Role
When you use a SageMaker AI feature with resources in Amazon S3, such as input data, the execution role you specify in your request (for example `CreateTrainingJob`) is used to access these resources.
If you attach the IAM managed policy, `AmazonSageMakerFullAccess`, to an execution role, that role has permission to perform certain Amazon S3 actions on buckets or objects with `SageMaker`, `Sagemaker`, `sagemaker`, or `aws-glue` in the name. It also has permission to perform the following actions on any Amazon S3 resource:
```
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketCors",
"s3:PutBucketCors"
```
To give an execution role permissions to access one or more specific buckets in Amazon S3, you can attach a policy similar to the following to the role. This policy grants an IAM role permission to perform all actions that `AmazonSageMakerFullAccess` allows but restricts this access to the buckets amzn-s3-demo-bucket1 and amzn-s3-demo-bucket2. Refer to the security documentation for the specific SageMaker AI feature you are using to learn more about the Amazon S3 permissions required for that feature.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::amzn-s3-demo-bucket1/*",
"arn:aws:s3:::amzn-s3-demo-bucket2/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketCors",
"s3:PutBucketCors"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketAcl",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::amzn-s3-demo-bucket1",
"arn:aws:s3:::amzn-s3-demo-bucket2"
]
}
]
}
```
------
## Get your execution role
You can use the [SageMaker AI console](https://console.aws.amazon.com/sagemaker), [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable), or the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html) to retrieve the ARN and name of the execution role attached to a SageMaker AI domain, space, or user profile.
**Topics**
+ [
### Get domain execution role
](#sagemaker-roles-get-execution-role-domain)
+ [
### Get space execution role
](#sagemaker-roles-get-execution-role-space)
+ [
### Get user execution role
](#sagemaker-roles-get-execution-role-user)
### Get domain execution role
The following provides instructions on finding your domain’s execution role.
#### Get domain execution role (console)
**Find the execution role attached to your domain**
1. Open the SageMaker AI console, [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/)
1. On the left navigation pane, choose **Domains** under **Admin configurations**.
1. Choose the link corresponding to your domain.
1. Choose the **Domain settings** tab.
1. In the **General settings** section, the execution role ARN is listed under **Execution role**.
The execution role name is after the last `/` in the execution role ARN.
### Get space execution role
The following provides instructions on finding your space’s execution role.
#### Get space execution role (console)
**Find the execution role attached to your space**
1. Open the SageMaker AI console, [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/)
1. On the left navigation pane, choose **Domains** under **Admin configurations**.
1. Choose the link corresponding to your domain.
1. Choose the **Space management** tab.
1. In the **Details** section, the execution role ARN is listed under **Execution role**.
The execution role name is after the last `/` in the execution role ARN.
#### Get space execution role (SDK for Python)
**Note**
The following code is meant to be run in a SageMaker AI environment, like any of the IDEs in Amazon SageMaker Studio. You will receive an error if you run `get_execution_role` outside of a SageMaker AI environment.
The following [https://sagemaker.readthedocs.io/en/stable/api/utility/session.html#sagemaker.session.get_execution_role](https://sagemaker.readthedocs.io/en/stable/api/utility/session.html#sagemaker.session.get_execution_role) [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable) command retrieves the ARN of the execution role attached to the space.
```
from sagemaker import get_execution_role
role = get_execution_role()
print(role)
```
The execution role name is after the last `/` in the execution role ARN.
### Get user execution role
The following provides instructions on finding a user’s execution role.
#### Get user execution role (console)
**Find the execution role attached to a user**
1. Open the SageMaker AI console, [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/)
1. On the left navigation pane, choose **Domains** under **Admin configurations**.
1. Choose the link corresponding to your domain.
1. Choose the **User profiles** tab.
1. Choose the link corresponding to your user.
1. In the **Details** section, the execution role ARN is listed under **Execution role**.
The execution role name is after the last `/` in the execution role ARN.
#### Get space execution role (AWS CLI)
**Note**
To use the following examples, you must have the AWS Command Line Interface (AWS CLI) installed and configured. For information, see [Get started with the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) in the *AWS Command Line Interface User Guide for Version 2*.
The following [https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-caller-identity.html](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-caller-identity.html) AWS CLI command displays information about the IAM identity used to authenticate the request. The caller is an IAM user.
```
aws sts get-caller-identity
```
The execution role name is after the last `/` in the execution role ARN.
## Change your execution role
An execution role is an IAM role that a SageMaker AI identity (like a SageMaker AI user, space, or domain) assumes. Changing the IAM role changes the permissions for all of the identities assuming that role.
When you change an execution role the corresponding space's execution role will also change. The effects of the change may take some time to propagate.
+ When you change a *user's execution role*, the *private spaces* created by that user will assume the changed execution role.
+ When you change a *space's default execution role*, the *shared spaces* in the domain will assume the changed execution role.
For more information on execution roles and spaces, see [Understanding domain space permissions and execution roles](execution-roles-and-spaces.md).
You can change the execution role for a identity to a different IAM role by using one of the following instructions.
If, instead, you want to *modify* a role that an identity is assuming, see [Modify permissions to execution role](#sagemaker-roles-modify-to-execution-role).
**Topics**
+ [
### Change the domain default execution role
](#sagemaker-roles-change-execution-role-domain)
+ [
### Change space default execution role
](#sagemaker-roles-change-execution-role-space)
+ [
### Change user profile execution role
](#sagemaker-roles-change-execution-role-user)
### Change the domain default execution role
The following provides instructions on changing your domain’s default execution role.
#### Change the domain default execution role (console)
**Change the default execution role attached to your domain**
1. Open the SageMaker AI console, [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/)
1. On the left navigation pane, choose **Domains** under **Admin configurations**.
1. Choose the link corresponding to your domain.
1. Choose the **Domain settings** tab.
1. In the **General settings** section, choose **Edit**.
1. In the **Permissions** section, under **Default execution role** expand the drop-down list.
1. In the drop-down list you can choose an existing role, enter a custom IAM role ARN, or create a new role.
If you wish to create a new role, you can choose **Create role using the role creation wizard** option.
1. Choose Next in the following steps and choose Submit on the last step.
### Change space default execution role
The following provides instructions on changing your space’s default execution role. Changing this execution role will change the role assumed by all of the shared spaces in the domain.
#### Change space default execution role (console)
**Change the space default execution role for when you create a new space**
1. Open the SageMaker AI console, [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/)
1. On the left navigation pane, choose **Domains** under **Admin configurations**.
1. Choose the link corresponding to your domain.
1. Choose the **Domain settings** tab.
1. In the **General settings** section, choose **Edit**.
1. In the **Permissions** section, under **Space default execution role** expand the drop-down list.
1. In the drop-down list you can choose an existing role, enter a custom IAM role ARN, or create a new role.
If you wish to create a new role, you can choose **Create role using the role creation wizard** option.
1. Choose **Next** in the following steps and choose **Submit** on the last step.
### Change user profile execution role
The following provides instructions on changing a user’s execution role. Changing this execution role will change the role assumed by all of the private spaces created by this user.
#### Change user profile execution role (console)
**Change the execution role attached to a user**
1. Open the SageMaker AI console, [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/)
1. On the left navigation pane, choose **Domains** under **Admin configurations**.
1. Choose the link corresponding to your domain.
1. Choose the **User profiles** tab.
1. Choose the link corresponding to the user profile name.
1. Choose **Edit**.
1. In the drop-down list you can choose an existing role, enter a custom IAM role ARN, or create a new role.
If you wish to create a new role, you can choose **Create role using the role creation wizard** option.
1. Choose **Next** in the following steps and choose **Submit** on the last step.
## Modify permissions to execution role
You can modify existing permissions to the execution role of an identity (like a SageMaker AI user, space, or domain). This is done by finding the appropriate IAM role that the identity is assuming, then modifying that IAM role. The following will provide instructions on achieving this through the console.
When you modify an execution role the corresponding space's execution role will also change. The effects of the change may not be immediate.
+ When you modify a *user's execution role*, the *private spaces* created by that user will assume the modified execution role.
+ When you modify a *space's default execution role*, the *shared spaces* in the domain will assume the modified execution role.
For more information on execution roles and spaces, see [Understanding domain space permissions and execution roles](execution-roles-and-spaces.md).
If, instead, you want to *change* a role that an identity is assuming, see [Change your execution role](#sagemaker-roles-change-execution-role).
### Modify permissions to execution role (console)
**To modify permissions to your execution roles**
1. First get name of the identity you would like to modify.
+ [Get domain execution role](#sagemaker-roles-get-execution-role-domain)
+ [Get space execution role](#sagemaker-roles-get-execution-role-space)
+ [Get user execution role](#sagemaker-roles-get-execution-role-user)
1. To modify a role that an identity is assuming, see [Modifying a role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_modify.html) in the *AWS Identity and Access Management User Guide*.
For more information and instructions on adding permissions to IAM identities, see [Add or remove identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) in the *AWS Identity and Access Management User Guide*.
## Passing Roles
Actions like passing a role between services are a common function within SageMaker AI. You can find more details on [Actions, Resources, and Condition Keys for SageMaker AI](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemaker.html#amazonsagemaker-actions-as-permissions) in the *Service Authorization Reference*.
You pass the role (`iam:PassRole`) when making these API calls: [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAutoMLJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAutoMLJob.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateCompilationJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateCompilationJob.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateFeatureGroup.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateFeatureGroup.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateFlowDefinition.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateFlowDefinition.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateImage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateImage.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateLabelingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateLabelingJob.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateMonitoringSchedule.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateMonitoringSchedule.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_RenderUiTemplate.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_RenderUiTemplate.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateImage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateImage.html), and [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html).
You attach the following trust policy to the IAM role which grants SageMaker AI principal permissions to assume the role, and is the same for all of the execution roles:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
```
------
The permissions that you need to grant to the role vary depending on the API that you call. The following sections explain these permissions.
**Note**
Instead of managing permissions by crafting a permission policy, you can use the AWS-managed `AmazonSageMakerFullAccess` permission policy. The permissions in this policy are fairly broad, to allow for any actions you might want to perform in SageMaker AI. For a listing of the policy including information about the reasons for adding many of the permissions, see [AWS managed policy: AmazonSageMakerFullAccess](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonSageMakerFullAccess). If you prefer to create custom policies and manage permissions to scope the permissions only to the actions you need to perform with the execution role, see the following topics.
**Important**
If you're running into issues, see [Troubleshooting Amazon SageMaker AI Identity and Access](security_iam_troubleshoot.md).
For more information about IAM roles, see [IAM Roles](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *Service Authorization Reference*.
**Topics**
+ [
## Create execution role
](#sagemaker-roles-create-execution-role)
+ [
## Get your execution role
](#sagemaker-roles-get-execution-role)
+ [
## Change your execution role
](#sagemaker-roles-change-execution-role)
+ [
## Modify permissions to execution role
](#sagemaker-roles-modify-to-execution-role)
+ [
## Passing Roles
](#sagemaker-roles-pass-role)
+ [
## CreateAutoMLJob and CreateAutoMLJobV2 API: Execution Role Permissions
](#sagemaker-roles-autopilot-perms)
+ [
## CreateDomain API: Execution Role Permissions
](#sagemaker-roles-createdomain-perms)
+ [
## CreateImage and UpdateImage APIs: Execution Role Permissions
](#sagemaker-roles-createimage-perms)
+ [
## CreateNotebookInstance API: Execution Role Permissions
](#sagemaker-roles-createnotebookinstance-perms)
+ [
## CreateHyperParameterTuningJob API: Execution Role Permissions
](#sagemaker-roles-createhyperparametertiningjob-perms)
+ [
## CreateProcessingJob API: Execution Role Permissions
](#sagemaker-roles-createprocessingjob-perms)
+ [
## CreateTrainingJob API: Execution Role Permissions
](#sagemaker-roles-createtrainingjob-perms)
+ [
## CreateModel API: Execution Role Permissions
](#sagemaker-roles-createmodel-perms)
+ [
# SageMaker geospatial capabilities roles
](sagemaker-geospatial-roles.md)
## CreateAutoMLJob and CreateAutoMLJobV2 API: Execution Role Permissions
For an execution role that you can pass in a `CreateAutoMLJob` or `CreateAutoMLJobV2` API request, you can attach the following minimum permission policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "sagemaker.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeModel",
"sagemaker:InvokeEndpoint",
"sagemaker:ListTags",
"sagemaker:DescribeEndpoint",
"sagemaker:CreateModel",
"sagemaker:CreateEndpointConfig",
"sagemaker:CreateEndpoint",
"sagemaker:DeleteModel",
"sagemaker:DeleteEndpointConfig",
"sagemaker:DeleteEndpoint",
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": "*"
}
]
}
```
------
If you specify a private VPC for your AutoML job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
]
}
```
If your input is encrypted using server-side encryption with an AWS KMS–managed key (SSE-KMS), add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
]
}
```
If you specify a KMS key in the output configuration of your AutoML job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:Encrypt"
]
}
```
If you specify a volume KMS key in the resource configuration of your AutoML job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:CreateGrant"
]
}
```
## CreateDomain API: Execution Role Permissions
The execution role for domains with IAM Identity Center and the user/execution role for IAM domains need the following permissions when you pass an AWS KMS customer managed key as the `KmsKeyId` in the `CreateDomain` API request. The permissions are enforced during the `CreateApp` API call.
For an execution role that you can pass in the `CreateDomain` API request, you can attach the following permission policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:CreateGrant",
"kms:DescribeKey"
],
"Resource": "arn:aws:kms:us-east-1:111122223333:key/kms-key-id"
}
]
}
```
------
Alternatively, if the permissions are specified in a KMS policy, you can attach the following policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "Allow use of the key",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::111122223333:role/ExecutionRole"
]
},
"Action": [
"kms:CreateGrant",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
```
------
## CreateImage and UpdateImage APIs: Execution Role Permissions
For an execution role that you can pass in a `CreateImage` or `UpdateImage` API request, you can attach the following permission policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
],
"Resource": "*"
}
]
}
```
------
## CreateNotebookInstance API: Execution Role Permissions
The permissions that you grant to the execution role for calling the `CreateNotebookInstance` API depend on what you plan to do with the notebook instance. If you plan to use it to invoke SageMaker AI APIs and pass the same role when calling the `CreateTrainingJob` and `CreateModel` APIs, attach the following permissions policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sagemaker:*",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:SetRepositoryPolicy",
"ecr:CompleteLayerUpload",
"ecr:BatchDeleteImage",
"ecr:UploadLayerPart",
"ecr:DeleteRepositoryPolicy",
"ecr:InitiateLayerUpload",
"ecr:DeleteRepository",
"ecr:PutImage",
"ecr:CreateRepository",
"cloudwatch:PutMetricData",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:GetLogEvents",
"s3:CreateBucket",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"robomaker:CreateSimulationApplication",
"robomaker:DescribeSimulationApplication",
"robomaker:DeleteSimulationApplication",
"robomaker:CreateSimulationJob",
"robomaker:DescribeSimulationJob",
"robomaker:CancelSimulationJob",
"ec2:CreateVpcEndpoint",
"ec2:DescribeRouteTables",
"elasticfilesystem:DescribeMountTargets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"codecommit:GitPull",
"codecommit:GitPush"
],
"Resource": [
"arn:aws:codecommit:*:*:*sagemaker*",
"arn:aws:codecommit:*:*:*SageMaker*",
"arn:aws:codecommit:*:*:*Sagemaker*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "sagemaker.amazonaws.com"
}
}
}
]
}
```
------
To tighten the permissions, limit them to specific Amazon S3 and Amazon ECR resources, by restricting `"Resource": "*"`, as follows:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sagemaker:*",
"ecr:GetAuthorizationToken",
"cloudwatch:PutMetricData",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:GetLogEvents"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "sagemaker.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::inputbucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::inputbucket/object1",
"arn:aws:s3:::outputbucket/path",
"arn:aws:s3:::inputbucket/object2",
"arn:aws:s3:::inputbucket/object3"
]
},
{
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": [
"arn:aws:ecr:us-east-1:111122223333:repository/my-repo1",
"arn:aws:ecr:us-east-1:111122223333:repository/my-repo2",
"arn:aws:ecr:us-east-1:111122223333:repository/my-repo3"
]
}
]
}
```
------
If you plan to access other resources, such as Amazon DynamoDB or Amazon Relational Database Service, add the relevant permissions to this policy.
In the preceding policy, you scope the policy as follows:
+ Scope the `s3:ListBucket` permission to the specific bucket that you specify as `InputDataConfig.DataSource.S3DataSource.S3Uri` in a `CreateTrainingJob` request.
+ Scope `s3:GetObject `, `s3:PutObject`, and `s3:DeleteObject` permissions as follows:
+ Scope to the following values that you specify in a `CreateTrainingJob` request:
`InputDataConfig.DataSource.S3DataSource.S3Uri`
`OutputDataConfig.S3OutputPath`
+ Scope to the following values that you specify in a `CreateModel` request:
`PrimaryContainer.ModelDataUrl`
`SuplementalContainers.ModelDataUrl`
+ Scope `ecr` permissions as follows:
+ Scope to the `AlgorithmSpecification.TrainingImage` value that you specify in a `CreateTrainingJob` request.
+ Scope to the `PrimaryContainer.Image` value that you specify in a `CreateModel` request:
The `cloudwatch` and `logs` actions are applicable for "\$1" resources. For more information, see [CloudWatch Resources and Operations](http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-access-control-overview-cw.html#CloudWatch_ARN_Format) in the Amazon CloudWatch User Guide.
## CreateHyperParameterTuningJob API: Execution Role Permissions
For an execution role that you can pass in a `CreateHyperParameterTuningJob` API request, you can attach the following permission policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": "*"
}
]
}
```
------
Instead of the specifying `"Resource": "*"`, you could scope these permissions to specific Amazon S3, Amazon ECR, and Amazon CloudWatch Logs resources:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::inputbucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::inputbucket/object",
"arn:aws:s3:::outputbucket/path"
]
},
{
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": "arn:aws:ecr:us-east-1:111122223333:repository/my-repo"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:DescribeLogStreams"
],
"Resource": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/sagemaker/TrainingJobs*"
}
]
}
```
------
If the training container associated with the hyperparameter tuning job needs to access other data sources, such as DynamoDB or Amazon RDS resources, add relevant permissions to this policy.
In the preceding policy, you scope the policy as follows:
+ Scope the `s3:ListBucket` permission to a specific bucket that you specify as the `InputDataConfig.DataSource.S3DataSource.S3Uri` in a `CreateTrainingJob` request.
+ Scope the `s3:GetObject `and `s3:PutObject` permissions to the following objects that you specify in the input and output data configuration in a `CreateHyperParameterTuningJob` request:
`InputDataConfig.DataSource.S3DataSource.S3Uri`
`OutputDataConfig.S3OutputPath`
+ Scope Amazon ECR permissions to the registry path (`AlgorithmSpecification.TrainingImage`) that you specify in a `CreateHyperParameterTuningJob` request.
+ Scope Amazon CloudWatch Logs permissions to log group of SageMaker training jobs.
The `cloudwatch` actions are applicable for "\$1" resources. For more information, see [ CloudWatch Resources and Operations](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format) in the Amazon CloudWatch User Guide.
If you specify a private VPC for your hyperparameter tuning job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
]
}
```
If your input is encrypted using server-side encryption with an AWS KMS–managed key (SSE-KMS), add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
]
}
```
If you specify a KMS key in the output configuration of your hyperparameter tuning job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:Encrypt"
]
}
```
If you specify a volume KMS key in the resource configuration of your hyperparameter tuning job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:CreateGrant"
]
}
```
## CreateProcessingJob API: Execution Role Permissions
For an execution role that you can pass in a `CreateProcessingJob` API request, you can attach the following permission policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": "*"
}
]
}
```
------
Instead of the specifying `"Resource": "*"`, you could scope these permissions to specific Amazon S3 and Amazon ECR resources:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::inputbucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::inputbucket/object",
"arn:aws:s3:::outputbucket/path"
]
},
{
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": "arn:aws:ecr:us-east-1:111122223333:repository/my-repo"
}
]
}
```
------
If `CreateProcessingJob.AppSpecification.ImageUri` needs to access other data sources, such as DynamoDB or Amazon RDS resources, add relevant permissions to this policy.
In the preceding policy, you scope the policy as follows:
+ Scope the `s3:ListBucket` permission to a specific bucket that you specify as the `ProcessingInputs` in a `CreateProcessingJob` request.
+ Scope the `s3:GetObject `and `s3:PutObject` permissions to the objects that will be downloaded or uploaded in the `ProcessingInputs` and `ProcessingOutputConfig` in a `CreateProcessingJob` request.
+ Scope Amazon ECR permissions to the registry path (`AppSpecification.ImageUri`) that you specify in a `CreateProcessingJob` request.
The `cloudwatch` and `logs` actions are applicable for "\$1" resources. For more information, see [CloudWatch Resources and Operations](http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-access-control-overview-cw.html#CloudWatch_ARN_Format) in the Amazon CloudWatch User Guide.
If you specify a private VPC for your processing job, add the following permissions. Don't scope in the policy with any conditions or resource filters. Otherwise, the validation checks that occur during the creation of the processing job fail.
```
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
]
}
```
If your input is encrypted using server-side encryption with an AWS KMS–managed key (SSE-KMS), add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
]
}
```
If you specify a KMS key in the output configuration of your processing job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:Encrypt"
]
}
```
If you specify a volume KMS key in the resource configuration of your processing job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:CreateGrant"
]
}
```
## CreateTrainingJob API: Execution Role Permissions
For an execution role that you can pass in a `CreateTrainingJob` API request, you can attach the following permission policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": "*"
}
]
}
```
------
Instead of the specifying `"Resource": "*"`, you could scope these permissions to specific Amazon S3 and Amazon ECR resources:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::inputbucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::inputbucket/object",
"arn:aws:s3:::outputbucket/path"
]
},
{
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": "arn:aws:ecr:us-east-1:111122223333:repository/my-repo"
}
]
}
```
------
If `CreateTrainingJob.AlgorithSpecifications.TrainingImage` needs to access other data sources, such as DynamoDB or Amazon RDS resources, add relevant permissions to this policy.
If you specify an algorithm resource by using the `AlgorithmSpecification.AlgorithmArn` parameter, the execution role must also have the following permission:
```
{
"Effect": "Allow",
"Action": [
"sagemaker:DescribeAlgorithm"
],
"Resource": "arn:aws:sagemaker:*:*:algorithm/*"
}
```
In the preceding policy, you scope the policy as follows:
+ Scope the `s3:ListBucket` permission to a specific bucket that you specify as the `InputDataConfig.DataSource.S3DataSource.S3Uri` in a `CreateTrainingJob` request.
+ Scope the `s3:GetObject `and `s3:PutObject` permissions to the following objects that you specify in the input and output data configuration in a `CreateTrainingJob` request:
`InputDataConfig.DataSource.S3DataSource.S3Uri`
`OutputDataConfig.S3OutputPath`
+ Scope Amazon ECR permissions to the registry path (`AlgorithmSpecification.TrainingImage`) that you specify in a `CreateTrainingJob` request.
The `cloudwatch` and `logs` actions are applicable for "\$1" resources. For more information, see [CloudWatch Resources and Operations](http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-access-control-overview-cw.html#CloudWatch_ARN_Format) in the Amazon CloudWatch User Guide.
If you specify a private VPC for your training job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
]
}
```
If your input is encrypted using server-side encryption with an AWS KMS–managed key (SSE-KMS), add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
]
}
```
If you specify a KMS key in the output configuration of your training job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:Encrypt"
]
}
```
If you specify a volume KMS key in the resource configuration of your training job, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"kms:CreateGrant"
]
}
```
## CreateModel API: Execution Role Permissions
For an execution role that you can pass in a `CreateModel` API request, you can attach the following permission policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"s3:GetObject",
"s3:ListBucket",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": "*"
}
]
}
```
------
Instead of the specifying `"Resource": "*"`, you can scope these permissions to specific Amazon S3 and Amazon ECR resources:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::inputbucket/object"
]
},
{
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": [
"arn:aws:ecr:us-east-1:111122223333:repository/my-repo",
"arn:aws:ecr:us-east-1:111122223333:repository/my-repo"
]
}
]
}
```
------
If `CreateModel.PrimaryContainer.Image` need to access other data sources, such as Amazon DynamoDB or Amazon RDS resources, add relevant permissions to this policy.
In the preceding policy, you scope the policy as follows:
+ Scope S3 permissions to objects that you specify in the `PrimaryContainer.ModelDataUrl` in a [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html) request.
+ Scope Amazon ECR permissions to a specific registry path that you specify as the `PrimaryContainer.Image` and `SecondaryContainer.Image` in a `CreateModel` request.
The `cloudwatch` and `logs` actions are applicable for "\$1" resources. For more information, see [CloudWatch Resources and Operations](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/iam-access-control-overview-cw.html#CloudWatch_ARN_Format) in the Amazon CloudWatch User Guide.
**Note**
If you plan to use the [SageMaker AI deployment guardrails feature](https://docs.aws.amazon.com/sagemaker/latest/dg/deployment-guardrails.html) for model deployment in production, ensure that your execution role has permission to perform the `cloudwatch:DescribeAlarms` action on your auto-rollback alarms.
If you specify a private VPC for your model, add the following permissions:
```
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
]
}
```
# SageMaker geospatial capabilities roles
As a managed service, Amazon SageMaker geospatial capabilities performs operations on your behalf on the AWS hardware that is managed by SageMaker AI. Use AWS Identity and Access Management to grant users, groups, and roles access to SageMaker geospatial.
An IAM Administrator can grant these permissions to user, group, or role using the AWS Management Console, AWS CLI, or one of the AWS SDKs.
**To use SageMaker geospatial you need the following IAM permissions.**
1. **An SageMaker AI execution role.**
To use the SageMaker geospatial specific API operations your SageMaker AI execution role must include the SageMaker geospatial service principal, `sagemaker-geospatial.amazonaws.com` in the execution role's trust policy. This allows the SageMaker AI execution role to perform actions in your AWS account on your behalf.
1. **A user, group, or role that has access Amazon SageMaker Studio Classic and SageMaker geospatial**
To get started with SageMaker geospatial you can use the AWS managed policy: `AmazonSageMakerGeospatialFullAccess`. This grants will grant a user, group, or role full access to SageMaker geospatial. To see the policy and learn more about which actions, resources, and conditions are available, see [AWS managed policy: AmazonSageMakerFullAccess](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonSageMakerFullAccess).
To get started with Studio Classic and creating a Amazon SageMaker AI domain, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
Use the following topics to create a new SageMaker AI execution role, update an existing SageMaker AI execution role, and learn how to manage permissions using SageMaker geospatial specific IAM actions, resources, and conditions.
**Topics**
+ [
# Creating an new SageMaker AI execution role
](sagemaker-geospatial-roles-create-execution-role.md)
+ [
# Adding the SageMaker geospatial service principal to an existing SageMaker AI execution role
](sagemaker-geospatial-roles-pass-role.md)
+ [
# `StartEarthObservationJob` API: Execution role permissions
](sagemaker-roles-start-eoj-perms.md)
+ [
# `StartVectorEnrichmentJob` API: Execution role permissions
](sagemaker-roles-start-vej-perms.md)
+ [
# `ExportEarthObservationJob` API: Execution role permissions
](sagemaker-roles-export-eoj-perms.md)
+ [
# `ExportVectorEnrichmentJob` API: Execution Role Permissions
](sagemaker-roles-export-vej-perms.md)
# Creating an new SageMaker AI execution role
To work with SageMaker geospatial capabilities, you must set up a user, group, or role, and an execution role. A user role is an AWS identity with permissions policies that determine what the user can and cannot do within AWS. An execution role is an IAM role that grants the service permission to access your AWS resources. An execution role consists of permissions and trust policy. The trust policy specifies which principals have the permission to assume the role.
SageMaker geospatial also requires a different service principal, `sagemaker-geospatial.amazonaws.com`. If you are an existing SageMaker AI customer, you must add this additional service principal to your trust policy.
Use the following procedure to create an new execution role with the IAM managed policy, `AmazonSageMakerGeospatialFullAccess`, attached. If your use case requires more granular permissions, use other sections of this guide to create an execution role that meets your business needs.
**Important**
The IAM managed policy, `AmazonSageMakerGeospatialFullAccess`, used in the following procedure, only grants the execution role permission to perform certain Amazon S3 actions on buckets or objects with `SageMaker`, `Sagemaker`, `sagemaker`, or `aws-glue` in the name. To learn how to update the execution role's policy to grant it access to other Amazon S3 buckets and objects, see [Add Additional Amazon S3 Permissions to a SageMaker AI Execution Role](sagemaker-roles.md#sagemaker-roles-get-execution-role-s3).
**To create a new role**
1. Open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Select **Roles** and then select **Create role**.
1. Select **SageMaker**.
1. Select **Next: Permissions**.
1. The IAM managed policy, `AmazonSageMakerGeospatialFullAccess` is automatically attached to this role. To see the permissions included in this policy, select the sideways arrow next to the policy name. Select **Next: Tags**.
1. (Optional) Add tags and select **Next: Review**.
1. Give the role a name in the text field under **Role name** and select **Create role**.
1. In the **Roles** section of the IAM console, select the role you just created in step 7. If needed, use the text box to search for the role using the role name you entered in step 7.
1. On the role summary page, make note of the ARN.
# Adding the SageMaker geospatial service principal to an existing SageMaker AI execution role
To use the SageMaker geospatial specific API operations your SageMaker AI execution role must include the SageMaker geospatial service principal, `sagemaker-geospatial.amazonaws.com` in the execution role's trust policy. This allows the SageMaker AI execution role to perform actions in your AWS account on your behalf.
Actions like passing a role between services are common within SageMaker AI. For more details,
To add the SageMaker geospatial service principal to an existing SageMaker AI execution role update the existing policy to include the SageMaker geospatial service principal as shown in the following trust policy. By attaching the service principal to the trust policy a SageMaker AI execution role can now run the SageMaker geospatial specific APIs on your behalf.
To learn more about SageMaker geospatial specific IAM actions, resources, and conditions, see [Actions, Resources, and Condition Keys for SageMaker AI](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsagemaker.html#amazonsagemaker-actions-as-permissions) in the *IAM User Guide*.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"sagemaker-geospatial.amazonaws.com",
"sagemaker.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
```
------
# `StartEarthObservationJob` API: Execution role permissions
For an execution role that you can pass in a `StartEarthObservationJob` API request, you can attach the following minimum permissions policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Effect": "Allow",
"Action": "sagemaker-geospatial:GetEarthObservationJob",
"Resource": "arn:aws:sagemaker-geospatial:*:*:earth-observation-job/*"
},
{
"Effect": "Allow",
"Action": "sagemaker-geospatial:GetRasterDataCollection",
"Resource": "arn:aws:sagemaker-geospatial:*:*:raster-data-collection/*"
}
]
}
```
------
If your input Amazon S3 bucket is encrypted using server-side encryption with an AWS KMS managed key (SSE-KMS), see [Using Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html) for more information.
# `StartVectorEnrichmentJob` API: Execution role permissions
For an execution role that you can pass in a `StartVectorEnrichmentJob` API request, you can attach the following minimum permissions policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Effect": "Allow",
"Action": "sagemaker-geospatial:GetVectorEnrichmentJob",
"Resource": "arn:aws:sagemaker-geospatial:*:*:vector-enrichment-job/*"
}
]
}
```
------
If your input Amazon S3 bucket is encrypted using server-side encryption with an AWS KMS managed key (SSE-KMS), see [Using Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html) for more information.
# `ExportEarthObservationJob` API: Execution role permissions
For an execution role that you can pass in a `ExportEarthObservationJob` API request, you can attach the following minimum permissions policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Effect": "Allow",
"Action": "sagemaker-geospatial:GetEarthObservationJob",
"Resource": "arn:aws:sagemaker-geospatial:*:*:earth-observation-job/*"
}
]
}
```
------
If your input Amazon S3 bucket is encrypted using server-side encryption with an AWS KMS managed key (SSE-KMS), see [Using Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html) for more information.
# `ExportVectorEnrichmentJob` API: Execution Role Permissions
For an execution role that you can pass in a `ExportVectorEnrichmentJob` API request, you can attach the following minimum permissions policy to the role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Effect": "Allow",
"Action": "sagemaker-geospatial:GetVectorEnrichmentJob",
"Resource": "arn:aws:sagemaker-geospatial:*:*:vector-enrichment-job/*"
}
]
}
```
------
If your input Amazon S3 bucket is encrypted using server-side encryption with an AWS KMS managed key (SSE-KMS), see [Using Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html).
# Amazon SageMaker Role Manager
Machine learning (ML) administrators striving for least-privilege permissions with Amazon SageMaker AI must account for a diversity of industry perspectives, including the unique least-privilege access needs required for personas such as data scientists, machine learning operation (MLOps) engineers, and more. Use Amazon SageMaker Role Manager to build and manage persona-based IAM roles for common machine learning needs directly through the Amazon SageMaker AI console.
Amazon SageMaker Role Manager provides 3 preconfigured role personas and predefined permissions for common ML activities. Explore the provided personas and their suggested policies, or create and maintain roles for personas unique to your business needs. If you require additional customization, specify networking and encryption permissions for [Amazon Virtual Private Cloud](https://aws.amazon.com/vpc/) resources and [AWS Key Management Service](https://aws.amazon.com/kms/) encryption keys in [Step 1. Enter role information](role-manager-tutorial.md#role-manager-tutorial-enter-role-information) of the Amazon SageMaker Role Manager.
**Topics**
+ [
# Using the role manager (console)
](role-manager-tutorial.md)
+ [
# Using the role manager (AWS CDK)
](role-manager-tutorial-cdk.md)
+ [
# Persona reference
](role-manager-personas.md)
+ [
# ML activity reference
](role-manager-ml-activities.md)
+ [
# Launch Studio Classic
](role-manager-launch-notebook.md)
+ [
# Role Manager FAQs
](role-manager-faqs.md)
# Using the role manager (console)
You can use the Amazon SageMaker Role Manager from the following locations on the left-hand navigation of the Amazon SageMaker AI console:
+ **Getting started** – Quickly add permissions policies for your users.
+ **domains** – Add permissions policies for users within a Amazon SageMaker AI domain.
+ **Notebooks** – Add least permissions for users who create and run notebooks.
+ **Training** – Add least permissions for users who create and manage training jobs.
+ **Inference** – Add least permissions for users who deploy and manage models for inference.
You can use the following are procedures to start the process of creating a role from different locations in the SageMaker AI console.
## Getting started
If you're using SageMaker AI for the first time, we recommend creating a role from the **Getting started** section.
To create a role using Amazon SageMaker Role Manager, do the following.
1. Open the Amazon SageMaker AI console.
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Role manager**.
1. Choose **Create a role**.
## domains
You can create a role using Amazon SageMaker Role Manager when you start the process of creating a Amazon SageMaker AI domain.
To create a role using Amazon SageMaker Role Manager, do the following.
1. Open the Amazon SageMaker AI console.
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Choose **Create domain**.
1. Choose **Create role using the role creation wizard**.
## Notebook
You can create a role using Amazon SageMaker Role Manager when you start the process of creating a notebook.
To create a role using Amazon SageMaker Role Manager, do the following.
1. Open the Amazon SageMaker AI console.
1. On the left-hand navigation, select **Notebook**.
1. Choose **Notebook instances**.
1. Choose **Create notebook instance**.
1. Choose **Create role using the role creation wizard**.
## Training
You can create a role using Amazon SageMaker Role Manager when you start the process of creating a training job.
To create a role using Amazon SageMaker Role Manager, do the following.
1. Open the Amazon SageMaker AI console.
1. On the left-hand navigation, choose **Training**.
1. Select **Training jobs**.
1. Choose **Create training job**.
1. Choose **Create role using the role creation wizard**.
## Inference
You can create a role using Amazon SageMaker Role Manager when you start the process of deploying a model for inference.
To create a role using Amazon SageMaker Role Manager, do the following.
1. Open the Amazon SageMaker AI console.
1. On the left-hand navigation, choose **Inference**.
1. Select **Models**.
1. Choose **Create model**.
1. Choose **Create role using the role creation wizard**.
After you've completed one of the preceding procedures, use the information in the following sections to help you create the role.
## Prerequisites
To use Amazon SageMaker Role Manager, you must have permission to create an IAM role. This permission is usually available to ML administrators and roles with least-privilege permissions for ML practitioners.
You can temporarily assume an IAM role in the AWS Management Console by [switching roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-console.html). For more information about methods for using roles, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
## Step 1. Enter role information
Provide a name to use as the unique suffix of your new SageMaker AI role. By default, the prefix `"sagemaker-"` is added to every role name for easier search in the IAM console. For example, if you name your role `test-123` during role creation, your role shows up as `sagemaker-test-123` in the IAM console. You can optionally add a description of your role to provide additional details.
Then, choose from one of the available personas to get suggested permissions for personas such as data scientists, data engineers, or machine learning operations (MLOps) engineers. For information on available personas and their suggested permissions, see [Persona reference](role-manager-personas.md). To create a role without any suggested permissions to guide you, choose **Custom Role Settings**.
**Note**
We recommend that you first use the role manager to create a SageMaker AI Compute Role so that SageMaker AI compute resources have the ability to perform tasks such as training and inference. Use the SageMaker AI Compute Role persona to create this role with the role manager. After creating a SageMaker AI Compute Role, take note of its ARN for future use.
### Network and encryption conditions
We recommend that you activate VPC customization to use VPC configurations, subnets, and security groups with IAM policies associated with your new role. When VPC customization is activated, IAM policies for ML activities that interact with VPC resources are scoped down for least-privilege access. VPC customization is not activated by default. For more details on recommended networking architecture, see [Networking architecture](https://docs.aws.amazon.com/whitepapers/latest/build-secure-enterprise-ml-platform/networking-architecture.html) in the *AWS Technical Guide*.
You can also use a KMS key to encrypt, decrypt, and re-encrypt data for regulated workloads with highly sensitive data. When AWS KMS customization is activated, IAM policies for ML activities that support custom encryption keys are scoped down for least-privilege access. For more information, see [Encryption with AWS KMS](https://docs.aws.amazon.com/whitepapers/latest/build-secure-enterprise-ml-platform/encryption-with-kms.html) in the *AWS Technical Guide*.
## Step 2. Configure ML activities
Each Amazon SageMaker Role Manager ML activity includes suggested IAM permissions to provide access to relevant AWS resources. Some ML activities require that you add service role ARNs to complete setup. For information on predefined ML activities and their permissions, see [ML activity reference](role-manager-ml-activities.md). For information on adding service roles, see [Service roles](#role-manager-tutorial-configure-ml-activities-service-roles).
Based on the chosen persona, certain ML activities are already selected. You can deselect any suggested ML activities or select additional activities to create your own role. If you selected the Custom Role Settings persona, then no ML activities are preselected in this step.
You can add any additional AWS or customer-managed IAM policies to your role in [Step 3: Add additional policies and tags](#role-manager-tutorial-add-policies-and-tags).
### Service roles
Some AWS services require a service role to perform actions on your behalf. If the ML activity that you selected requires you to pass a service role, then you must provide the ARN for that service role.
You can either create a new service role or use an existing one, such as a service role created with the SageMaker AI Compute Role persona. You can find the ARN of an existing role by selecting the role name in the Roles section of the [IAM console](https://console.aws.amazon.com/iamv2/). To learn more about service roles, see [Creating a role for an AWS service](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html).
## Step 3: Add additional policies and tags
You can add any existing AWS or customer-managed IAM policies to your new role. For information on existing SageMaker AI policies, see [AWS Managed Policies for Amazon SageMaker AI](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol.html). You can also check your existing policies in the **Roles** section of the [IAM console](https://console.aws.amazon.com/iamv2/).
Optionally, use tag-based policy conditions to assign metadata information to categorize and manage AWS resources. Each tag is represented by a key-value pair. For more information, see [Controlling access to AWS resources using tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html).
## Review role
Take the time to review all of the information associated with your new role. Choose **Previous** to go back and edit any of the information. When you are ready to create your role, choose **Create role**. This generates a role with permissions for your selected ML activities. You can view your new role in the **Roles** section of the [IAM console](https://console.aws.amazon.com/iamv2/).
# Using the role manager (AWS CDK)
Use the AWS Cloud Development Kit (AWS CDK) with Amazon SageMaker Role Manager to programmatically create roles and set permissions. You can use the AWS CDK to accomplish any task that you could perform using the AWS Management Console. The programmatic access of the CDK makes it easier to provide permissions that give your users access to specific resources. For more information about the AWS CDK, see [What is AWS CDK?](https://docs.aws.amazon.com/cdk/v2/guide/home.html)
**Important**
You must use the SageMaker AI Compute Role persona to create a SageMaker AI Compute Role. For more information about the compute persona, see [SageMaker AI compute persona](role-manager-personas.md#role-manager-personas-compute). For code that you can use to create the compute role within the AWS CDK, see [Grant permissions to a Compute persona](#role-manager-cdk-compute-persona).
The following are examples of tasks that you can perform in the AWS CDK:
+ Create IAM roles with granular permissions for machine learning (ML) personas, such as Data Scientists and MLOps Engineers.
+ Grant permissions to CDK constructs from ML personas or ML activities.
+ Set ML activity condition parameters.
+ Enable global Amazon VPC and AWS Key Management Service conditions and set values for them.
+ Choose from all versions of the ML activities for your users without causing disruptions in their access.
There are common AWS tasks related to machine learning (ML) with SageMaker AI that require specific IAM permissions. The permissions to perform the tasks are defined as ML activities in Amazon SageMaker Role Manager. ML activities specify a set of permissions that are linked to the IAM role. For example, the ML activity for Amazon SageMaker Studio Classic has all of the permissions that a user needs to access Studio Classic. For more information about ML activities, see [ML activity reference](role-manager-ml-activities.md).
When you're creating roles, you first define the constructs for the ML persona or the ML activity. A construct is a resource within the AWS CDK stack. For example, a construct could be an Amazon S3 bucket, an Amazon VPC subnet, or an IAM role.
As you're creating the persona or activity, you can limit the permissions associated with that persona or activity to specific resources. For example, you can customize the activity to only provide permissions for a specific subnet within an Amazon VPC.
After you've defined permissions, you can create roles and then pass those roles to create other resources, such as SageMaker notebook instances.
The following are code examples in Typescript for tasks that you can accomplish using the CDK. When you create an activity, you specify an ID and the options for the activity's construct. The options are dictionaries that specify the required parameters for the activities, such as an Amazon S3. You pass an empty dictionary for activities that don't have required parameters.
## Grant permissions to a Compute persona
The following code creates a Data Scientist ML persona with a set of ML activities specific to the persona. The permissions from ML activities only apply to the Amazon VPC and AWS KMS configurations specified in the persona construct. The following code creates a class for a Data Scientist persona. The ML activities are defined in the activities list. The VPC permissions and the KMS permissions are defined as optional parameters outside of the activities list.
After you’ve defined the class, you can create a role as a construct within the AWS CDK stack. You can also create a notebook instance. The person who is using the IAM role that you’ve created in the following code can access the notebook instance when they log in to their AWS account.
```
export class myCDKStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const persona = new Persona(this, 'example-persona-id', {
activities: [
Activity.accessAwsServices(this, 'example-id1', {})
]
});
const role = persona.createRole(this, 'example-IAM-role-id', 'example-IAM-role-name');
}
}
```
## Grant permissions to a Data Scientist persona
The following code creates a Data Scientist ML persona with a set of ML activities specific to the persona. The permissions from ML activities only apply to the VPC and KMS configurations specified in the persona construct. The following code creates a class for a Data Scientist persona. The ML activities are defined in the activities list. The Amazon VPC permissions and the AWS KMS permissions are defined as optional parameters outside of the activities list.
After you’ve defined the class, you can create a role as a construct within the AWS CDK stack. You can also create a notebook instance. The person who is using the IAM role that you’ve created in the following code can access the notebook instance when they log in to their AWS account.
```
export class myCDKStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const persona = new Persona(this, 'example-persona-id', {
activities: [
Activity.runStudioAppsV2(this, 'example-id1', {}),
Activity.manageJobs(this, 'example-id2', {rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')]}),
Activity.manageModels(this, 'example-id3', {rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')]}),
Activity.manageExperiments(this, 'example-id4', {}),
Activity.visualizeExperiments(this, 'example-id5', {}),
Activity.accessS3Buckets(this, 'example-id6', {s3buckets: [s3.S3Bucket.fromBucketName('amzn-s3-demo-bucket')]})
],
// optional: to configure VPC permissions
subnets: [ec2.Subnet.fromSubnetId('example-VPC-subnet-id')],
securityGroups: [ec2.SecurityGroup.fromSecurityGroupId('example-VPC-security-group-id')],
// optional: to configure KMS permissions
dataKeys: [kms.Key.fromKeyArn('example-KMS-key-ARN')],
volumeKeys: [kms.Key.fromKeyArn('example-KMS-key-ARN')],
});
const role = persona.createRole(this, 'example-IAM-role-id', 'example-IAM-role-name');
const notebookInstance = new CfnNotebookInstance(this, 'example-notebook-instance-name', { RoleArn: role.RoleArn, ...});
}
}
```
## Grant permissions to an ML Ops persona
The following code creates an ML Ops persona with a set of ML activities specific to the persona. The permissions from ML activities only apply to the Amazon VPC and AWS KMS configurations specified in the persona construct. The following code creates a class for an ML Ops persona. The ML activities are defined in the activities list. The VPC permissions and the KMS permissions are defined as optional parameters outside of the activities list.
After you’ve defined the class, you can create a role as a construct within the AWS CDK stack. You can also create an Amazon SageMaker Studio Classic user profile. The person who is using the IAM role that you’ve created in the following code can open SageMaker Studio Classic when they log in to their AWS account.
```
export class myCDKStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const persona = new Persona(this, 'example-persona-id', {
activities: [
Activity.runStudioAppsV2(this, 'example-id1', {}),
Activity.manageModels(this, 'example-id2', {rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')]}),
Activity.manageEndpoints(this, 'example-id3',{rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')]}),
Activity.managePipelines(this, 'example-id4', {rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')]}),
Activity.visualizeExperiments(this, 'example-id5', {})
],
subnets: [ec2.Subnet.fromSubnetId('example-VPC-subnet-id')],
securityGroups: [ec2.SecurityGroup.fromSecurityGroupId('example-VPC-security-group-id')],
dataKeys: [kms.Key.fromKeyArn('example-KMS-key-ARN')],
volumeKeys: [kms.Key.fromKeyArn('example-KMS-key-ARN')],
});
const role = persona.createRole(this, 'example-IAM-role-id', 'example-IAM-role-name');
let userProfile = new CfnNUserProfile(this, 'example-Studio Classic-profile-name', { RoleName: role.RoleName, ... });
}
}
```
## Grant permissions to a construct
The following code creates an ML Ops persona with a set of ML activities specific to the persona. The following code creates a class for a ML Ops persona. The ML activities are defined in the activities list.
After you’ve defined the class, you can create a role as a construct within the AWS CDK stack. You can also create a notebook instance. The code grants permissions from the ML activities to the IAM role of the Lambda function.
```
export class myCDKStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const persona = new Persona(this, 'example-persona-id', {
activities: [
Activity.runStudioAppsV2(this, 'example-id1', {}),
Activity.manageModels(this, 'example-id2', {rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')]}),
Activity.manageEndpoints(this, 'example-id3',{rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')]}),
Activity.managePipelines(this, 'example-id4', {rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')]}),
Activity.visualizeExperiments(this, 'example-id5', {})
],
});
const lambdaFn = lambda.Function.fromFunctionName('example-lambda-function-name');
persona.grantPermissionsTo(lambdaFn);
}
}
```
## Grant permissions for a single ML activity
The following code creates an ML activity and creates a role from the activity. The permissions from the activity only apply to the VPC and KMS configuration that you specify for the user.
```
export class myCDKStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const activity = Activity.manageJobs(this, 'example-activity-id', {
rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')],
subnets: [ec2.Subnet.fromSubnetId('example-VPC-subnet-id')],
securityGroups: [ec2.SecurityGroup.fromSecurityGroupId('example-VPC-security-group-id')],
dataKeys: [kms.Key.fromKeyArn('example-KMS-key-ARN')],
volumeKeys: [kms.Key.fromKeyArn('example-KMS-key-ARN')],
});
const role = activity.createRole(this, 'example-IAM-role-id', 'example-IAM-role-name');
}
}
```
## Create a role and give it permissions for a single activity
The following code creates an IAM role for a single ML activity.
```
export class myCDKStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const activity = Activity.manageJobs(this, 'example-activity-id', {
rolesToPass: [iam.Role.fromRoleName('example-IAM-role-name')],
});
activity.create_role(this, 'example-IAM-role-id', 'example-IAM-role-name')
}
}
```
# Persona reference
Amazon SageMaker Role Manager provides suggested permissions for a number of ML personas. These include user execution roles for common ML practitioner responsibilities as well as service execution roles for common AWS service interactions needed to work with SageMaker AI.
Each persona has suggested permissions in the form of selected ML activities. For information on predefined ML activities and their permissions, see [ML activity reference](role-manager-ml-activities.md).
## Data scientist persona
Use this persona to configure permissions to perform general machine learning development and experimentation in a SageMaker AI environment. This persona includes the following preselected ML activities:
+ Run Studio Classic Applications
+ Manage ML Jobs
+ Manage Models
+ Manage AWS Glue Tables
+ Canvas AI Services
+ Canvas MLOps
+ Canvas Kendra Access
+ Use MLflow
+ Access required to AWS Services for MLflow
+ Run Studio EMR Serverless Applications
## MLOps persona
Choose this persona to configure permissions for operational activities. This persona includes the following preselected ML activities:
+ Run Studio Classic Applications
+ Manage Models
+ Manage Pipelines
+ Search and visualize experiments
+ Amazon S3 Full Access
## SageMaker AI compute persona
**Note**
We recommend that you first use the role manager to create a SageMaker AI Compute Role so that SageMaker AI compute resources can perform tasks such as training and inference. Use the SageMaker AI Compute Role persona to create this role with the role manager. After creating a SageMaker AI Compute Role, take note of its ARN for future use.
This persona includes the following preselected ML activity:
+ Access Required AWS Services
# ML activity reference
ML activities are common AWS tasks related to machine learning with SageMaker AI that require specific IAM permissions. Each [persona](https://docs.aws.amazon.com/sagemaker/latest/dg/role-manager-personas.html) suggests related ML activities when creating a role with Amazon SageMaker Role Manager. You can select any additional ML activities or deselect any suggested ML activities to create a role that meets your unique business needs.
Amazon SageMaker Role Manager provides predefined permissions for the following ML activities:
****
| **ML activity** | **Description** |
| --- | --- |
| Access Required AWS Services | Permissions to access Amazon S3, Amazon ECR, Amazon CloudWatch, and Amazon EC2. Required for execution roles for jobs and endpoints. |
| Run Studio Classic Applications | Permissions to operate within a Studio Classic environment. Required for domain and user profile execution roles. |
| Manage ML Jobs | Permissions to audit, query lineage, and visualize experiments. |
| Manage Models | Permissions to manage SageMaker AI jobs across their lifecycles. |
| Manage Pipelines | Permissions to manage SageMaker pipelines and pipeline executions. |
| Search and visualize experiments | Permissions to audit, query lineage, and visualize SageMaker AI experiments. |
| Manage Model Monitoring | Permissions to manage monitoring schedules for SageMaker AI Model Monitor. |
| Amazon S3 Full Access | Permissions to perform all Amazon S3 operations. |
| Amazon S3 Bucket Access | Permissions to perform operations on specified Amazon S3 buckets. |
| Query Athena Workgroups | Permissions to run and manage Amazon Athena queries. |
| Manage AWS Glue Tables | Permissions to create and manage AWS Glue tables for SageMaker AI Feature Store and Data Wrangler. |
| SageMaker Canvas Core Access | Permissions to perform experimentation in SageMaker Canvas (i.e, basic data prep, model build, validation). |
| SageMaker Canvas Data Preparation (powered by Data Wrangler) | Permissions to perform end-to-end data preparation in SageMaker Canvas (i.e, aggregate, transform and analyze data, create and schedule data preparation jobs on large datasets). |
| SageMaker Canvas AI Services | Permissions to access ready-to-use models from Amazon Bedrock, Amazon Textract, Amazon Rekognition, and Amazon Comprehend. Additionally, user can fine-tune foundation models from Amazon Bedrock and Amazon SageMaker JumpStart. |
| SageMaker Canvas MLOps | Permission for SageMaker Canvas users to directly deploy model to endpoint. |
| SageMaker Canvas Kendra Access | Permission for SageMaker Canvas to access Amazon Kendra for enterprise document search. The permission is only given to your selected index names in Amazon Kendra. |
| Use MLflow | Permissions to manage experiments, runs, and models in MLflow. |
| Manage MLflow Tracking Servers | Permissions to manage, start, and stop MLflow Tracking Servers. |
| Access required to AWS Services for MLflow | Permissions for MLflow Tracking Servers to access S3, Secrets Manager, and Model Registry. |
| Run Studio EMR Serverless Applications | Permissions to Create and Manage EMR Serverless Applications on Amazon SageMaker Studio. |
# Launch Studio Classic
Use your persona-focused roles to launch Studio Classic. If you are an administrator, you can give your users access to Studio Classic and have them assume their persona role either directly through the AWS Management Console or through the AWS IAM Identity Center.
## Launch Studio Classic with AWS Management Console
For data scientists or other users to assume their given persona through the AWS Management Console, they require a console role to get to the Studio Classic environment.
You cannot use Amazon SageMaker Role Manager to create a role that grants permissions to the AWS Management Console. However, after creating a service role in the role manager, you can go to the IAM console to edit the role and add a user access role. The following is an example of a role that provides user access to the AWS Management Console:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "DescribeCurrentDomain",
"Effect": "Allow",
"Action": "sagemaker:DescribeDomain",
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:domain/"
},
{
"Sid": "RemoveErrorMessagesFromConsole",
"Effect": "Allow",
"Action": [
"servicecatalog:ListAcceptedPortfolioShares",
"sagemaker:GetSagemakerServicecatalogPortfolioStatus",
"sagemaker:ListModels",
"sagemaker:ListTrainingJobs",
"servicecatalog:ListPrincipalsForPortfolio",
"sagemaker:ListNotebookInstances",
"sagemaker:ListEndpoints"
],
"Resource": "*"
},
{
"Sid": "RequiredForAccess",
"Effect": "Allow",
"Action": [
"sagemaker:ListDomains",
"sagemaker:ListUserProfiles"
],
"Resource": "*"
},
{
"Sid": "CreatePresignedURLForAccessToDomain",
"Effect": "Allow",
"Action": "sagemaker:CreatePresignedDomainUrl",
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:user-profile//"
}
]
}
```
------
In the Studio Classic control panel, choose **Add User** to create a new user. In the **General Settings** section, give your user a name and set the **Default execution role** for the user to be the role that you created using Amazon SageMaker Role Manager.
On the next screen, choose the appropriate Jupyter Lab version, and whether to turn on SageMaker JumpStart and SageMaker AI Project templates. Then choose **Next**. On the SageMaker Canvas settings page, choose whether to turn on SageMaker Canvas support, and additionally whether to allow for timeseries forecasting in SageMaker Canvas. Then choose **Submit**.
Your new user should now be visible in the Studio Classic control panel. To test this user, choose **Studio** from the **Launch app** dropdown list in the same row as the user’s name.
## Launch Studio Classic with IAM Identity Center
To assign IAM Identity Center users to execution roles, the user must first exist in the IAM Identity Center directory. For more information, see [Manage identities in IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-sso.html) in the *AWS IAM Identity Center*.
**Note**
Your IAM Identity Center Authentication directory and Studio Classic domain must be in the same AWS Region.
1. To assign IAM Identity Center users to your Studio Classic domain, choose **Assign users and Groups** in the Studio Classic control panel. On the **Assign users and groups** screen select your data scientist user, and then choose **Assign Users and Groups**.
1. After the user is added to the Studio Classic control panel, choose the user to open the user details screen.
1. On the **User details** screen, choose **Edit**.
1. On the **Edit user profile** screen, under **General settings**, modify the **Default execution role** to match the user execution role you’ve created for your data scientists.
1. Choose **Next** through the rest of the settings pages, and choose **Submit** to save your changes.
When your data scientist or other user logs into the IAM Identity Center portal, they see a tile for this Studio Classic domain. Choosing that tile logs them into Studio Classic with their assigned user execution role.
# Role Manager FAQs
Refer to the following FAQ items for answers to commonly asked questions about Amazon SageMaker Role Manager.
## Q. How can I access Amazon SageMaker Role Manager?
A: You can access Amazon SageMaker Role Manager through multiple location in the Amazon SageMaker AI console. For information about accessing role manager and using it to create a role, see [Using the role manager (console)](role-manager-tutorial.md).
## Q. What are personas?
A: Personas are preconfigured groups of permissions based on common machine learning (ML) responsibitilies. For example, the data science persona suggests permissions for general machine learning development and experimentation in a SageMaker AI environment, while the MLOps persona suggests permissions for ML activities related to operations.
## Q. What are ML activities?
A: ML activities are common AWS tasks related to machine learning with SageMaker AI that require specific IAM permissions. Each persona suggests related ML activities when creating a role with Amazon SageMaker Role Manager. ML activities include tasks such as Amazon S3 full access or searching and visualizing experiments. For more information, see [ML activity reference](role-manager-ml-activities.md).
## Q. Are the roles that I create with the role manager AWS Identity and Access Management (IAM) roles?
A: Yes. Roles created using the Amazon SageMaker Role Manager are IAM roles with customized access policies. You can view created roles in the **Roles** section of the [IAM console](https://console.aws.amazon.com/iamv2/).
## Q. How can I view the roles that I created using Amazon SageMaker Role Manager?
A: You can view created roles in the **Roles** section of the [IAM console](https://console.aws.amazon.com/iamv2/). By default, the prefix `"sagemaker-"` is added to every role name for easier search in the IAM console. For example, if you named your role `test-123` during role creation, your role shows up as `sagemaker-test-123` in the IAM console.
## Q. Can I modify a role made with Amazon SageMaker Role Manager once it is created?
A: Yes. You can modify the roles and policies created by Amazon SageMaker Role Manager through the [IAM console](https://console.aws.amazon.com/iamv2/). For more information, see [Modifying a role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_modify.html) in the *AWS Identity and Access Management User Guide*.
## Q. Can I attach my own policies to roles created using Amazon SageMaker Role Manager?
A: Yes. You can attach any AWS or customer-managed IAM policies from your account to the role that you create using Amazon SageMaker Role Manager.
## Q. How many policies can I add to a role that I create with Amazon SageMaker Role Manager?
A: The maximum limit for attaching managed policies to an IAM role or user is 20. The maximum character size limit for managed policies is 6,144. For more information, see [IAM object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entities) and [IAM and AWS Security Token Service quotas name requirements, and character limits](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html).
## Q. Can I add conditions to ML activities?
A: Any conditions that you provide in [Step 1. Enter role information](role-manager-tutorial.md#role-manager-tutorial-enter-role-information) of the Amazon SageMaker Role Manager, such as subnets, security groups, or KMS keys, are automatically passed to any ML activities selected in [Step 2. Configure ML activities](role-manager-tutorial.md#role-manager-tutorial-configure-ml-activities). You can also add additional conditions to ML activities if necessary. For example, you might also add `InstanceTypes` or `IntercontainerTrafficEncryption` conditions to the Manage Training Jobs activity.
## Q. Can I use tagging to manage access to any AWS resource?
A:****You can add tags to your role in [Step 3: Add additional policies and tags](role-manager-tutorial.md#role-manager-tutorial-add-policies-and-tags) of the Amazon SageMaker Role Manager. To successfully manage AWS resources using tags, you must add the same tag to both the role and any associated policies. For example, you can add a tag to a role and to an Amazon S3 bucket. Then, because the role passes the tag to the SageMaker AI session, only a user with that role can access that S3 bucket. You can add tags to a policy through the [IAM console](https://console.aws.amazon.com/iamv2/). For more information, see [Tagging IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags_roles.html) in the *AWS Identity and Access Management User Guide*.
## Q. Can I use Amazon SageMaker Role Manager to create a role to access the AWS Management Console?
A: No. However, after creating a service role in the role manager, you can go to the IAM console to edit the role and add a human access role in IAM console.
## Q. What is difference between a user federation role and a SageMaker AI execution role?
A: A user federation role is directly assumed by a user to access AWS resources such as access to the AWS Management Console. A SageMaker AI execution role is assumed by the SageMaker AI service to perform a function on behalf of a user or an automation tool. For example, when a user opens a Studio Classic instance, Studio Classic assumes the execution role associated with the user profile in order to access AWS resources on the behalf of the user. If the user profile does not specify an execution role, then the execution role is specified at the Amazon SageMaker AI domain level.
## Q. If I am using a custom web application that accesses Studio Classic through a presigned url, what role is used?
A: If you use a custom web application to access Studio Classic, then you have a hybrid user federation role and SageMaker AI execution role. Be sure that this role has least privilege permissions for both what the user can do and what Studio Classic can do on the associated user’s behalf.
## Q: Can I use Amazon SageMaker Role Manager with AWS IAM Identity Center authentication for my Studio Classic domain?
A: AWS IAM Identity Center Studio Classic Cloud Applications use a Studio Classic execution role to grant permissions to federated users. This execution role can be specified at the Studio Classic IAM Identity Center user profile level or the default domain level. User identities and groups must be synchronized into IAM Identity Center and the Studio Classic user profile must be created with IAM Identity Center user assignment using [CreateUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html). For more information, see [Launch Studio Classic with IAM Identity Center](role-manager-launch-notebook.md#role-manager-launch-notebook-iam-identity-center).
# Access control for notebooks
You must use different procedures to control access to Amazon SageMaker Studio Classic notebooks and SageMaker notebook instances because they have different runtime environments. Studio Classic uses file system permissions and containers to control access to Studio Classic notebooks and isolation of users. A SageMaker notebook instance gives users that login to the notebook instance default root access. The following topics describe how to change permissions for both kinds of notebooks.
**Topics**
+ [
# Access control and setting permissions for SageMaker Studio notebooks
](security-access-control-studio-nb.md)
+ [
# Control root access to a SageMaker notebook instance
](nbi-root-access.md)
# Access control and setting permissions for SageMaker Studio notebooks
Amazon SageMaker Studio uses filesystem and container permissions for access control and isolation of Studio users and notebooks. This is one of the major differences between Studio notebooks and SageMaker notebook instances. This topic describes how permissions are set up to avoid security threats, what SageMaker AI does by default, and how the customer can customize the permissions. For more information about Studio notebooks and their runtime environment, see [Use Amazon SageMaker Studio Classic Notebooks](notebooks.md).
**SageMaker AI app permissions**
A *run-as user* is a POSIX user/group which is used to run the JupyterServer app and KernelGateway apps inside the container.
The run-as user for the JupyterServer app is sagemaker-user (1000) by default. This user has sudo permissions to enable the installation of dependencies such as yum packages.
The run-as user for the KernelGateway apps is root (0) by default. This user is able to install dependencies using pip/apt-get/conda.
Due to user remapping, neither user is able to access resources or make changes to the host instance.
**User remapping**
SageMaker AI performs user-remapping to map a user inside the container to a user on the host instance outside the container. The range of user IDs (0 - 65535) in the container are mapped to non-privileged user IDs above 65535 on the instance. For example, sagemaker-user (1000) inside the container might map to user (200001) on the instance, where the number in parentheses is the user ID. If the customer creates a new user/group inside the container, it won't be privileged on the host instance regardless of the user/group ID. The root user of the container is also mapped to a non-privileged user on the instance. For more information, see [Isolate containers with a user namespace](https://docs.docker.com/engine/security/userns-remap/).
**Note**
Files created by the user sagemaker-user may look like they are owned by sagemaker-studio (uid 65534). This is a side effect of a fast app creation mode where SageMaker AI container images are pre-pulled, allowing applications to start in under a minute. If your application requires the file owner uid and the process owner uid to match, ask the customer service to remove your account number from the image pre-pull feature.
**Custom image permissions**
Customers can bring their own custom SageMaker images. These images can specify a different run-as user/group to launch the KernelGateway app. The customer can implement fine grained permission control inside the image, for example, to disable root access or perform other actions. The same user remapping applies here. For more information, see [Custom Images in Amazon SageMaker Studio Classic](studio-byoi.md).
**Container isolation**
Docker keeps a list of default capabilities that the container can use. SageMaker AI doesn’t add additional capabilities. SageMaker AI adds specific route rules to block requests to Amazon EFS and the [ instance metadata service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service) (IMDS) from the container. Customers can’t change these route rules from the container. For more information, see [Runtime privilege and Linux capabilities](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities).
**App metadata access**
Metadata used by running apps are mounted to the container with read-only permission. Customers aren’t able to modify this metadata from the container. For the available metadata, see [Get Amazon SageMaker Studio Classic Notebook and App Metadata](notebooks-run-and-manage-metadata.md).
**User isolation on EFS**
When you onboard to Studio, SageMaker AI creates an Amazon Elastic File System (EFS) volume for your domain that is shared by all Studio users in the domain. Each user gets their own private home directory on the EFS volume. This home directory is used to store the user's notebooks, Git repositories, and other data. To prevent other users in the domain from accessing the user's data, SageMaker AI creates a globally unique user ID for the user's profile and applies it as a POSIX user/group ID for the user’s home directory.
**EBS access**
An Amazon Elastic Block Store (Amazon EBS) volume is attached to the host instance and shared across all images. It's used for the root volume of the notebooks and stores temporary data that's generated inside the container. The storage isn't persisted when the instance running the notebooks is deleted. The root user inside the container can't access the EBS volume.
**IMDS access**
Due to security concerns, access to the Amazon Elastic Compute Cloud (Amazon EC2) Instance Metadata Service (IMDS) is unavailable in SageMaker Studio. For more information on IMDS, see [Instance metadata and user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html).
# Control root access to a SageMaker notebook instance
By default, when you create a notebook instance, users that log into that notebook instance have root access. Data science is an iterative process that might require the data scientist to test and use different software tools and packages, so many notebook instance users need to have root access to be able to install these tools and packages. Because users with root access have administrator privileges, users can access and edit all files on a notebook instance with root access enabled.
If you don't want users to have root access to a notebook instance, when you call [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html) or [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html) operations, set the `RootAccess` field to `Disabled`. You can also disable root access for users when you create or update a notebook instance in the Amazon SageMaker AI console. For information, see [Create an Amazon SageMaker Notebook Instance for the tutorial](gs-setup-working-env.md).
**Note**
Lifecycle configurations need root access to be able to set up a notebook instance. Because of this, lifecycle configurations associated with a notebook instance always run with root access even if you disable root access for users.
**Note**
For security reasons, Rootless Docker is installed on root-disabled notebook instances instead of regular Docker. For more information, see [Run the Docker daemon as a non-root user (Rootless mode)](https://docs.docker.com/engine/security/rootless/)
## Security considerations
Lifecycle configuration scripts execute with root access and inherit the full privileges of the notebook instance's IAM execution role. Anyone (including Administrators) who has permissions to create or modify lifecycle configurations and manage notebook instances can execute code with the execution role's credentials hence please follow below best practices.
Best practices:
+ Restrict administrative access: Grant lifecycle configuration permissions only to trusted administrators who understand the security implications.
+ Apply least-privilege principles: Define notebook instance execution roles with only the minimum permissions required for legitimate workloads.
+ Enable monitoring: Review CloudWatch Logs regularly for lifecycle configuration executions in log group `/aws/sagemaker/NotebookInstances` to detect unexpected activity.
+ Implement change controls: Establish approval processes for lifecycle configuration changes in production environments.
# Amazon SageMaker AI API Permissions: Actions, Permissions, and Resources Reference
When you are setting up access control and writing a permissions policy that you can attach to an IAM identity (an identity-based policy), use the following table as a reference. The table lists each Amazon SageMaker AI API operation, the corresponding actions for which you can grant permissions to perform the action, and the AWS resource for which you can grant the permissions. You specify the actions in the policy's `Action` field, and you specify the resource value in the policy's `Resource` field.
**Note**
Except for the `ListTags` API, resource-level restrictions are not available on `List-` calls . Any user calling a `List-` API will see all resources of that type in the account.
To express conditions in your Amazon SageMaker AI policies, you can use AWS-wide condition keys. For a complete list of AWS-wide keys, see [Available Keys](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_elements.html#AvailableKeys) in the *Service Authorization Reference*.
**Warning**
Some SageMaker API actions may still be accessible through the`[Search API](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_Search.html)`. For example, if a user has an IAM policy that denies permissions to a `Describe` call for a particular SageMaker AI resource, that user can still access the description information through the Search API. To fully restrict user access to `Describe` calls, you must also restrict access to the Search API. For a list of SageMaker AI resources that are accessible through the Search API, see the [SageMaker AI Search AWS CLI Command Reference](https://docs.aws.amazon.com/cli/latest/reference/sagemaker/search.html#options).
Use the scroll bars to see the rest of the table.
Amazon SageMaker AI API Operations and Required Permissions for Actions
****
| Amazon SageMaker AI API Operations | Required Permissions (API Actions) | Resources |
| --- | --- | --- |
| `[ DeleteEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_DeleteEarthObservationJob.html)` | `sagemaker-geospatial:DeleteEarthObservationJob` | `arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` |
| `[ DeleteVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_DeleteVectorEnrichmentJob.html)` | `sagemaker-geospatial:DeleteVectorEnrichmentJob` | `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id` |
| `[ ExportEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ExportEarthObservationJob.html)` | `sagemaker-geospatial:ExportEarthObservationJob` | `arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` |
| `[ ExportVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ExportVectorEnrichmentJob.html)` | `sagemaker-geospatial:ExportVectorEnrichmentJob` | `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id` |
| `[ GetEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_GetEarthObservationJob.html)` | `sagemaker-geospatial:GetEarthObservationJob` | `arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` |
| `[ GetRasterDataCollection](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_DeleteEarthObservationJob.html)` | `sagemaker-geospatial:GetRasterDataCollection` | `arn:aws:sagemaker-geospatial:region:account-id:raster-data-collection/public/id` |
| `[ GetTile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_GetTile.html)` | `sagemaker-geospatial:GetTile` | `arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` |
| `[ GetVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_GetVectorEnrichmentJob.html)` | `sagemaker-geospatial:GetVectorEnrichmentJob` | `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id` |
| `[ ListEarthObservationJobs](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListEarthObservationJobs.html)` | `sagemaker-geospatial:ListEarthObservationJobs` | `*` |
| `[ ListRasterDataCollections](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListRasterDataCollections.html)` | `sagemaker-geospatial:ListRasterDataCollections` | `*` |
| `[ ListTagsForResource](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListTagsForResource.html)` | `sagemaker-geospatial:ListTagsForResource` | `arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id` |
| `[ ListVectorEnrichmentJobs](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListVectorEnrichmentJobs.html)` | `sagemaker-geospatial:ListVectorEnrichmentJobs` | `*` |
| `[ SearchRasterDataCollection](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_SearchRasterDataCollection.html)` | `sagemaker-geospatial:SearchRasterDataCollection` | `arn:aws:sagemaker-geospatial:region:account-id:raster-data-collection/public/id` |
| `[ StartEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StartEarthObservationJob.html)` | `sagemaker-geospatial:StartEarthObservationJob` | `arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` |
| `[ StartVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StartVectorEnrichmentJob.html)` | `sagemaker-geospatial:StartVectorEnrichmentJob` | `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id` |
| `[ StopEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StopEarthObservationJob.html)` | `sagemaker-geospatial:StopEarthObservationJob` | `arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` |
| `[ StopVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StopVectorEnrichmentJob.html)` | `sagemaker-geospatial:StopVectorEnrichmentJob` | `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id` |
| `[ TagResource](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_TagResource.html)` | `sagemaker-geospatial:TagResource` | `arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id` |
| `[ UntagResource](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_UntagResource.html)` | `sagemaker-geospatial:UntagResource` | `arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id` `arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id` |
| `[ AddTags](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_AddTags.html)` | `sagemaker:AddTags` | `arn:aws:sagemaker:region:account-id:*` |
| `[ CreateApp](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateApp.html)` | `sagemaker:CreateApp` | `arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName` |
| `[ CreateAppImageConfig](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAppImageConfig.html)` | `sagemaker:CreateAppImageConfig` | `arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName` |
| `[ CreateAutoMLJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAutoMLJob.html)` | `sagemaker:CreateAutoMLJob` `iam:PassRole` The following permission is required only if any of the associated `ResourceConfig` have a specified `VolumeKmsKeyId `and the associated role does not have a policy that permits this action: `kms:CreateGrant` | arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAutoMLJobV2.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAutoMLJobV2.html) | `sagemaker:CreateAutoMLJobV2` `iam:PassRole` The following permission is required only if any of the associated `ResourceConfig` have a specified `VolumeKmsKeyId `and the associated role does not have a policy that permits this action: `kms:CreateGrant` | arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName |
| `[ CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html)` | `sagemaker:CreateDomain` `iam:CreateServiceLinkedRole` `iam:PassRole` Required if a KMS customer managed key is specified for `KmsKeyId`: `elasticfilesystem:CreateFileSystem` `kms:CreateGrant` `kms:Decrypt` `kms:DescribeKey` `kms:GenerateDataKeyWithoutPlainText` Required to create a domain that supports RStudio: `sagemaker:CreateApp` | `arn:aws:sagemaker:region:account-id:domain/domain-id` |
| `[ CreateEndpoint](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateEndpoint.html)` | `sagemaker:CreateEndpoint` `kms:CreateGrant` (required only if the associated `EndPointConfig` has a `KmsKeyId` specified) | `arn:aws:sagemaker:region:account-id:endpoint/endpointName` `arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateEndpointConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateEndpointConfig.html) | `sagemaker:CreateEndpointConfig` | `arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateFlowDefinition.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateFlowDefinition.html) | `sagemaker:CreateFlowDefinition` `iam:PassRole` | `arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHumanTaskUi.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHumanTaskUi.html) | `sagemaker:CreateHumanTaskUi` | `arn:aws:sagemaker:region:account-id:human-task-ui/humanTaskUiName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateInferenceRecommendationsJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateInferenceRecommendationsJob.html) | `sagemaker:CreateInferenceRecommendationsJob` `iam:PassRole` The following permissions are required only if you specify an encryption key: `kms:CreateGrant` `kms:Decrypt` `kms:DescribeKey` `kms:GenerateDataKey` | `arn:aws:sagemaker:region:account-id:inference-recommendations-job/inferenceRecommendationsJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html) | `sagemaker:CreateHyperParameterTuningJob` `iam:PassRole` The following permission is required only if any of the associated `ResourceConfig` have a specified `VolumeKmsKeyId `and the associated role does not have a policy that permits this action: `kms:CreateGrant` | `arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateImage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateImage.html) | `sagemaker:CreateImage` `iam:PassRole` | `arn:aws:sagemaker:region:account-id:image/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateImageVersion.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateImageVersion.html) | `sagemaker:CreateImageVersion` | `arn:aws:sagemaker:region:account-id:image-version/imageName/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateLabelingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateLabelingJob.html) | sagemaker:CreateLabelingJob iam:PassRole | `arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html) | `sagemaker:CreateModel` `iam:PassRole` | `arn:aws:sagemaker:region:account-id:model/modelName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModelPackage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModelPackage.html) | `sagemaker:CreateModelPackage` | `arn:aws:sagemaker:region:account-id:model-package/modelPackageName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModelPackageGroup.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModelPackageGroup.html) | `sagemaker:CreateModelPackageGroup` | `arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html) | `sagemaker:CreateNotebookInstance` `iam:PassRole` The following permissions are required only if you specify a VPC for your notebook instance: `ec2:CreateNetworkInterface` `ec2:DescribeSecurityGroups` `ec2:DescribeSubnets` `ec2:DescribeVpcs` The following permissions are required only if you specify an encryption key: `kms:DescribeKey` `kms:CreateGrant` The following permission is required only if you specify an AWS Secrets Manager secret to access a private Git repository: `secretsmanager:GetSecretValue` | `arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePipeline.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePipeline.html) | `sagemaker:CreatePipeline` `iam:PassRole` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name` `arn:aws-partition:iam::account-id:role/role-name` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedDomainUrl.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedDomainUrl.html) | `sagemaker:CreatePresignedDomainUrl` | `arn:aws:sagemaker:region:account-id:app/domain-id/userProfileName`/\$1 |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html) | `sagemaker:CreatePresignedNotebookInstanceUrl` | `arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob.html) | `sagemaker:CreateProcessingJob` `iam:PassRole` `kms:CreateGrant` (required only if the associated `ProcessingResources` has a specified `VolumeKmsKeyId` and the associated role does not have a policy that permits this action) `ec2:CreateNetworkInterface` (required only if you specify a VPC) | `arn:aws:sagemaker:region:account-id:processing-job/processingJobName` |
| `[ CreateSpace](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateSpace.html)` | `sagemaker:CreateSpace` | `arn:aws:sagemaker:region:account-id:space/domain-id/spaceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateStudioLifecycleConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateStudioLifecycleConfig.html) | `sagemaker:CreateStudioLifecycleConfig` | `arn:aws:sagemaker:region:account-id:studio-lifecycle-config/.*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html) | `sagemaker:CreateTrainingJob` `iam:PassRole` `kms:CreateGrant` (required only if the associated `ResourceConfig` has a specified `VolumeKmsKeyId` and the associated role does not have a policy that permits this action) | `arn:aws:sagemaker:region:account-id:training-job/trainingJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingPlan.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingPlan.html) | `sagemaker:CreateTrainingPlan` `sagemaker:CreateReservedCapacity` `sagemaker:AddTags` | `arn:aws:sagemaker:region:account-id:training-plan/*"` `arn:aws:sagemaker:region:account-id:reserved-capacity/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTransformJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTransformJob.html) | `sagemaker:CreateTransformJob` `kms:CreateGrant` (required only if the associated `TransformResources` has a specified `VolumeKmsKeyId` and the associated role does not have a policy that permits this action) | `arn:aws:sagemaker:region:account-id:transform-job/transformJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html) | `sagemaker:CreateUserProfile` `iam:PassRole` | `arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateWorkforce.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateWorkforce.html) | `sagemaker:CreateWorkforce` `cognito-idp:DescribeUserPoolClient` `cognito-idp:UpdateUserPool` `cognito-idp:DescribeUserPool` `cognito-idp:UpdateUserPoolClient` | arn:aws:sagemaker:region:account-id:workforce/\$1 |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateWorkteam.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateWorkteam.html) | `sagemaker:CreateWorkteam` `cognito-idp:DescribeUserPoolClient` `cognito-idp:UpdateUserPool` `cognito-idp:DescribeUserPool` `cognito-idp:UpdateUserPoolClient` | `arn:aws:sagemaker:region:account-id:workteam/private-crowd/work team name` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteApp.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteApp.html) | `sagemaker:DeleteApp` | `arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteAppImageConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteAppImageConfig.html) | `sagemaker:DeleteAppImageConfig` | `arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteDomain.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteDomain.html) | `sagemaker:DeleteDomain` | `arn:aws:sagemaker:region:account-id:domain/domainId` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteEndpoint.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteEndpoint.html) | `sagemaker:DeleteEndpoint` | `arn:aws:sagemaker:region:account-id:endpoint/endpointName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteEndpointConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteEndpointConfig.html) | `sagemaker:DeleteEndpointConfig` | `arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteFlowDefinition.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteFlowDefinition.html) | `sagemaker:DeleteFlowDefinition` | `arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName` |
| `[DeleteHumanLoop](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_DeleteHumanLoop.html)` | `sagemaker:DeleteHumanLoop` | `arn:aws:sagemaker:region:account-id:human-loop/humanLoopName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteImage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteImage.html) | `sagemaker:DeleteImage` | `arn:aws:sagemaker:region:account-id:image/imageName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteImageVersion.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteImageVersion.html) | `sagemaker:DeleteImageVersion` | `arn:aws:sagemaker:region:account-id:image-version/imageName/versionNumber` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModel.html) | `sagemaker:DeleteModel` | `arn:aws:sagemaker:region:account-id:model/modelName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModelPackage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModelPackage.html) | `sagemaker:DeleteModelPackage` | `arn:aws:sagemaker:region:account-id:model-package/modelPackageName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModelPackageGroup.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModelPackageGroup.html) | `sagemaker:DeleteModelPackageGroup` | `arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModelPackageGroupPolicy.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModelPackageGroupPolicy.html) | `sagemaker:DeleteModelPackageGroupPolicy` | `arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteNotebookInstance.html) | `sagemaker:DeleteNotebookInstance` The following permission is required only if you specified a VPC for your notebook instance: `ec2:DeleteNetworkInterface` The following permissions are required only if you specified an encryption key when you created the notebook instance: `kms:DescribeKey` | `arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeletePipeline.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeletePipeline.html) | `sagemaker:DeletePipeline` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name` |
| `[DeleteSpace](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteSpace.html)` | `sagemaker:DeleteSpace` | `arn:aws:sagemaker:region:account-id:space/domain-id/spaceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteTags.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteTags.html) | `sagemaker:DeleteTags` | `arn:aws:sagemaker:region:account-id:*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteUserProfile.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteUserProfile.html) | `sagemaker:DeleteUserProfile` | `arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteWorkforce.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteWorkforce.html) | `sagemaker:DeleteWorkforce` | `arn:aws:sagemaker:region:account-id:workforce/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteWorkteam.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteWorkteam.html) | `sagemaker:DeleteWorkteam` | `arn:aws:sagemaker:region:account-id:workteam/private-crowd/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeApp.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeApp.html) | `sagemaker:DescribeApp` | `arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeAppImageConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeAppImageConfig.html) | `sagemaker:DescribeAppImageConfig` | `arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeAutoMLJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeAutoMLJob.html) | `sagemaker:DescribeAutoMLJob` | arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeAutoMLJobV2.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeAutoMLJobV2.html) | `sagemaker:DescribeAutoMLJobV2` | arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeDomain.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeDomain.html) | `sagemaker:DescribeDomain` | `arn:aws:sagemaker:region:account-id:domain/domainId` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeEndpoint.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeEndpoint.html) | `sagemaker:DescribeEndpoint` | `arn:aws:sagemaker:region:account-id:endpoint/endpointName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeEndpointConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeEndpointConfig.html) | `sagemaker:DescribeEndpointConfig` | `arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeFlowDefinition.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeFlowDefinition.html) | `sagemaker:DescribeFlowDefinition` | `arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName` |
| `[DescribeHumanLoop](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_DescribeHumanLoop.html)` | `sagemaker:DescribeHumanLoop` | `arn:aws:sagemaker:region:account-id:human-loop/humanLoopName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeHumanTaskUi.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeHumanTaskUi.html) | `sagemaker:DescribeHumanTaskUi` | `arn:aws:sagemaker:region:account-id:human-task-ui/humanTaskUiName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeHyperParameterTuningJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeHyperParameterTuningJob.html) | `sagemaker:DescribeHyperParameterTuningJob` | `arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeImage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeImage.html) | `sagemaker:DescribeImage` | `arn:aws:sagemaker:region:account-id:image/imageName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeImageVersion.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeImageVersion.html) | `sagemaker:DescribeImageVersion` | `arn:aws:sagemaker:region:account-id:image-version/imageName/versionNumber` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeLabelingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeLabelingJob.html) | `sagemaker:DescribeLabelingJob` | `arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeModel.html) | `sagemaker:DescribeModel` | `arn:aws:sagemaker:region:account-id:model/modelName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeModelPackage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeModelPackage.html) | `sagemaker:DescribeModelPackage` | `arn:aws:sagemaker:region:account-id:model-package/modelPackageName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeModelPackageGroup.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeModelPackageGroup.html) | `sagemaker:DescribeModelPackageGroup` | `arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeNotebookInstance.html) | `sagemaker:DescribeNotebookInstance ` | `arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribePipeline.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribePipeline.html) | `sagemaker:DescribePipeline` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribePipelineDefinitionForExecution.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribePipelineDefinitionForExecution.html) | `sagemaker:DescribePipelineDefinitionForExecution` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribePipelineExecution.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribePipelineExecution.html) | `sagemaker:DescribePipelineExecution` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeProcessingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeProcessingJob.html) | `sagemaker:DescribeProcessingJob` | `arn:aws:sagemaker:region:account-id:processing-job/processingjobname` |
| `[DescribeSpace](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeSpace.html)` | `sagemaker:DescribeSpace` | `arn:aws:sagemaker:region:account-id:space/domain-id/spaceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeSubscribedWorkteam.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeSubscribedWorkteam.html) | `sagemaker:DescribeSubscribedWorkteam` `aws-marketplace:ViewSubscriptions` | `arn:aws:sagemaker:region:account-id:workteam/vendor-crowd/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeTrainingJob.html) | `sagemaker:DescribeTrainingJob` | `arn:aws:sagemaker:region:account-id:training-job/trainingjobname` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeTransformJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeTransformJob.html) | `sagemaker:DescribeTransformJob` | `arn:aws:sagemaker:region:account-id:transform-job/transformjobname` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeUserProfile.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeUserProfile.html) | `sagemaker:DescribeUserProfile` | `arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeWorkforce.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeWorkforce.html) | `sagemaker:DescribeWorkforce` | `arn:aws:sagemaker:region:account-id:workforce/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeWorkteam.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeWorkteam.html) | `sagemaker:DescribeWorkteam` | `arn:aws:sagemaker:region:account-id:workteam/private-crowd/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_GetModelPackageGroupPolicy.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_GetModelPackageGroupPolicy.html) | `sagemaker:GetModelPackageGroupPolicy` | `arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpoint.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpoint.html) | `sagemaker:InvokeEndpoint` | `arn:aws:sagemaker:region:account-id:endpoint/endpointName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListAppImageConfigs.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListAppImageConfigs.html) | `sagemaker:ListAppImageConfigs` | `arn:aws:sagemaker:region:account-id:app-image-config/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListApps.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListApps.html) | `sagemaker:ListApps` | `arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListDomains.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListDomains.html) | `sagemaker:ListDomains` | `arn:aws:sagemaker:region:account-id:domain/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListEndpointConfigs.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListEndpointConfigs.html) | `sagemaker:ListEndpointConfigs` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListEndpoints.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListEndpoints.html) | `sagemaker:ListEndpoints` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListFlowDefinitions.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListFlowDefinitions.html) | `sagemaker:ListFlowDefinitions` | `*` |
| `[ListHumanLoops](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_ListHumanLoops.html)` | `sagemaker:ListHumanLoops` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListHumanTaskUis.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListHumanTaskUis.html) | `sagemaker:ListHumanTaskUis` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListHyperParameterTuningJobs.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListHyperParameterTuningJobs.html) | `sagemaker:ListHyperParameterTuningJobs` | `arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListImages.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListImages.html) | `sagemaker:ListImages` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListImageVersions.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListImageVersions.html) | `sagemaker:ListImageVersions` | `arn:aws:sagemaker:region:account-id:image/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListLabelingJobs.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListLabelingJobs.html) | `sagemaker:ListLabelingJobs` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListLabelingJobsForWorkteam.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListLabelingJobsForWorkteam.html) | `sagemaker:ListLabelingJobForWorkteam` | `*` |
| `[ ListModelPackageGroups](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModelPackageGroups.html)` | `sagemaker:ListModelPackageGroups` | `arn:aws:sagemaker:region:account-id :model-package-group/ModelPackageGroupName` |
| `[ ListModelPackages](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModelPackages.html)` | `sagemaker:ListModelPackages` | `arn:aws:sagemaker:region:account-id :model-package/ModelPackageName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModels.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModels.html) | `sagemaker:ListModels` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListNotebookInstances.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListNotebookInstances.html) | `sagemaker:ListNotebookInstances` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelineExecutions.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelineExecutions.html) | `sagemaker:ListPipelineExecutions` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelineExecutionSteps.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelineExecutionSteps.html) | `sagemaker:ListPipelineExecutionSteps` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelineParametersForExecution.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelineParametersForExecution.html) | `sagemaker:ListPipelineParametersForExecution` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelines.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelines.html) | `sagemaker:ListPipelines` | \$1 |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListProcessingJobs.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListProcessingJobs.html) | `sagemaker:ListProcessingJobs` | `*` |
| `[ListSpaces](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListSpaces.html)` | `sagemaker:ListSpaces` | `arn:aws:sagemaker:region:account-id:space/domain-id/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListSubscribedWorkteams.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListSubscribedWorkteams.html) | `sagemaker:ListSubscribedWorkteams` `aws-marketplace:ViewSubscriptions` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTags.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTags.html) | `sagemaker:ListTags` | `arn:aws:sagemaker:region:account-id:*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTrainingJobs.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTrainingJobs.html) | `sagemaker:ListTrainingJobs` | `*` |
| `[ ListTrainingJobsForHyperParameterTuningJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTrainingJobsForHyperParameterTuningJob.html)` | `sagemaker:ListTrainingJobsForHyperParameterTuningJob` | `arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTransformJobs.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTransformJobs.html) | `sagemaker:ListTransformJobs` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListUserProfiles.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListUserProfiles.html) | `sagemaker:ListUserProfiles` | `arn:aws:sagemaker:region:account-id:user-profile/domain-id/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListWorkforces.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListWorkforces.html) | `sagemaker:ListWorkforces` | \$1 |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListWorkteams.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListWorkteams.html) | `sagemaker:ListWorkteams` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_PutModelPackageGroupPolicy.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_PutModelPackageGroupPolicy.html) | `sagemaker:PutModelPackageGroupPolicy` | `arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_RetryPipelineExecution.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_RetryPipelineExecution.html) | `sagemaker:RetryPipelineExecution` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_Search.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_Search.html) | `sagemaker:Search` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_SendPipelineExecutionStepFailure.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_SendPipelineExecutionStepFailure.html) | `sagemaker:SendPipelineExecutionStepFailure` | `*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_SendPipelineExecutionStepSuccess.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_SendPipelineExecutionStepSuccess.html) | `sagemaker:SendPipelineExecutionStepSuccess` | `*` |
| `[StartHumanLoop](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_StartHumanLoop.html)` | `sagemaker:StartHumanLoop` | `arn:aws:sagemaker:region:account-id:human-loop/humanLoopName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StartNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StartNotebookInstance.html) | `sagemaker:StartNotebookInstance` The following permissions are required only if you specified a VPC when you created your notebook instance: `ec2:CreateNetworkInterface` `ec2:DescribeNetworkInterfaces` `ec2:DescribeSecurityGroups` `ec2:DescribeSubnets` `ec2:DescribeVpcs` The following permissions are required only if you specified an encryption key when you created the notebook instance: `kms:DescribeKey` `kms:CreateGrant` The following permission is required only if you specified an AWS Secrets Manager secret to access a private Git repository when you created the notebook instance: `secretsmanager:GetSecretValue` | `arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StartPipelineExecution.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StartPipelineExecution.html) | `sagemaker:StartPipelineExecution` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name` |
| `[StopHumanLoop](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_StopHumanLoop.html)` | `sagemaker:StopHumanLoop` | `arn:aws:sagemaker:region:account-id:human-loop/humanLoopName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopHyperParameterTuningJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopHyperParameterTuningJob.html) | `sagemaker:StopHyperParameterTuningJob` | `arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopLabelingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopLabelingJob.html) | `sagemaker:StopLabelingJob` | `arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopNotebookInstance.html) | `sagemaker:StopNotebookInstance` | `arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopPipelineExecution.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopPipelineExecution.html) | `sagemaker:StopPipelineExecution` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopProcessingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopProcessingJob.html) | `sagemaker:StopProcessingJob` | `arn:aws:sagemaker:region:account-id:processing-job/processingJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopTrainingJob.html) | `sagemaker:StopTrainingJob` | `arn:aws:sagemaker:region:account-id:training-job/trainingJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopTransformJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopTransformJob.html) | `sagemaker:StopTransformJob` | `arn:aws:sagemaker:region:account-id:transform-job/transformJobName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateAppImageConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateAppImageConfig.html) | `sagemaker:UpdateAppImageConfig` | `arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateDomain.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateDomain.html) | `sagemaker:UpdateDomain` | `arn:aws:sagemaker:region:account-id:domain/domainId` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateEndpoint.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateEndpoint.html) | `sagemaker:UpdateEndpoint` | `arn:aws:sagemaker:region:account-id:endpoint/endpointName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateEndpointWeightsAndCapacities.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateEndpointWeightsAndCapacities.html) | `sagemaker:UpdateEndpointWeightsAndCapacities` | `arn:aws:sagemaker:region:account-id:endpoint/endpointName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateImage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateImage.html) | `sagemaker:UpdateImage` `iam:PassRole` | `arn:aws:sagemaker:region:account-id:image/imageName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateModelPackage.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateModelPackage.html) | `sagemaker:UpdateModelPackage` | `arn:aws:sagemaker:region:account-id:model-package/modelPackageName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html) | `sagemaker:UpdateNotebookInstance` `iam:PassRole` | `arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdatePipeline.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdatePipeline.html) | `sagemaker:UpdatePipeline` `iam:PassRole` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name` `arn:aws-partition:iam::account-id:role/role-name` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdatePipelineExecution.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdatePipelineExecution.html) | `sagemaker:UpdatePipelineExecution` | `arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id` |
| `[UpdateSpace](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateSpace.html)` | `sagemaker:UpdateSpace` | `arn:aws:sagemaker:region:account-id:space/domain-id/spaceName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateUserProfile.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateUserProfile.html) | `sagemaker:UpdateUserProfile` | `arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateWorkforce.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateWorkforce.html) | `sagemaker:UpdateWorkforce` | `arn:aws:sagemaker:region:account-id:workforce/*` |
| [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateWorkteam.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateWorkteam.html) | `sagemaker:UpdateWorkteam` | `arn:aws:sagemaker:region:account-id:workteam/private-crowd/*` |
# AWS managed policies for Amazon SageMaker AI
To add permissions to users, groups, and roles, it is easier to use AWS managed policies than to write policies yourself. It takes time and expertise to [create IAM customer managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html) that provide your team with only the permissions they need. To get started quickly, you can use our AWS managed policies. These policies cover common use cases and are available in your AWS account. For more information about AWS managed policies, see [AWS managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) in the *IAM User Guide*.
AWS services maintain and update AWS managed policies. You can't change the permissions in AWS managed policies. Services occasionally add additional permissions to an AWS managed policy to support new features. This type of update affects all identities (users, groups, and roles) to which the policy is attached. Services are most likely to update an AWS managed policy when a new feature is launched or when new operations become available. Services do not remove permissions from an AWS managed policy, so policy updates won't break your existing permissions.
Additionally, AWS supports managed policies for job functions that span multiple services. For example, the `ReadOnlyAccess` AWS managed policy provides read-only access to all AWS services and resources. When a service launches a new feature, AWS adds read-only permissions for new operations and resources. For a list and descriptions of job function policies, see [AWS managed policies for job functions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html) in the *IAM User Guide*.
**Important**
We recommend that you use the most restricted policy that allows you to perform your use case.
The following AWS managed policies, which you can attach to users in your account, are specific to Amazon SageMaker AI:
+ **`AmazonSageMakerFullAccess`** – Grants full access to Amazon SageMaker AI and SageMaker AI geospatial resources and the supported operations. This does not provide unrestricted Amazon S3 access, but supports buckets and objects with specific `sagemaker` tags. This policy allows all IAM roles to be passed to Amazon SageMaker AI, but only allows IAM roles with "AmazonSageMaker" in them to be passed to the AWS Glue, AWS Step Functions, and AWS RoboMaker services.
+ **`AmazonSageMakerReadOnly`** – Grants read-only access to Amazon SageMaker AI resources.
The following AWS managed policies can be attached to users in your account but are not recommended:
+ [http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator](http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator) – Grants all actions for all AWS services and for all resources in the account.
+ [http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_data-scientist](http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_data-scientist) – Grants a wide range of permissions to cover most of the use cases (primarily for analytics and business intelligence) encountered by data scientists.
You can review these permissions policies by signing in to the IAM console and searching for them.
You can also create your own custom IAM policies to allow permissions for Amazon SageMaker AI actions and resources as you need them. You can attach these custom policies to the users or groups that require them.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerFullAccess
](#security-iam-awsmanpol-AmazonSageMakerFullAccess)
+ [
## AWS managed policy: AmazonSageMakerReadOnly
](#security-iam-awsmanpol-AmazonSageMakerReadOnly)
+ [
# AWS managed policies for Amazon SageMaker Canvas
](security-iam-awsmanpol-canvas.md)
+ [
# AWS managed policies for Amazon SageMaker Feature Store
](security-iam-awsmanpol-feature-store.md)
+ [
# AWS managed policies for Amazon SageMaker geospatial
](security-iam-awsmanpol-geospatial.md)
+ [
# AWS Managed Policies for Amazon SageMaker Ground Truth
](security-iam-awsmanpol-ground-truth.md)
+ [
# AWS managed policies for Amazon SageMaker HyperPod
](security-iam-awsmanpol-hyperpod.md)
+ [
# AWS Managed Policies for SageMaker AI Model Governance
](security-iam-awsmanpol-governance.md)
+ [
# AWS Managed Policies for Model Registry
](security-iam-awsmanpol-model-registry.md)
+ [
# AWS Managed Policies for SageMaker Notebooks
](security-iam-awsmanpol-notebooks.md)
+ [
# AWS managed policies for Amazon SageMaker Partner AI Apps
](security-iam-awsmanpol-partner-apps.md)
+ [
# AWS Managed Policies for SageMaker Pipelines
](security-iam-awsmanpol-pipelines.md)
+ [
# AWS managed policies for SageMaker training plans
](security-iam-awsmanpol-training-plan.md)
+ [
# AWS Managed Policies for SageMaker Projects and JumpStart
](security-iam-awsmanpol-sc.md)
+ [
## SageMaker AI Updates to AWS Managed Policies
](#security-iam-awsmanpol-updates)
## AWS managed policy: AmazonSageMakerFullAccess
This policy grants administrative permissions that allow a principal full access to all Amazon SageMaker AI and SageMaker AI geospatial resources and operations. The policy also provides select access to related services. This policy allows all IAM roles to be passed to Amazon SageMaker AI, but only allows IAM roles with "AmazonSageMaker" in them to be passed to the AWS Glue, AWS Step Functions, and AWS RoboMaker services. This policy does not include permissions to create an Amazon SageMaker AI domain. For information on the policy needed to create a domain, see [Complete Amazon SageMaker AI prerequisites](gs-set-up.md).
**Permissions details**
This policy includes the following permissions.
+ `application-autoscaling` – Allows principals to automatically scale a SageMaker AI real-time inference endpoint.
+ `athena` – Allows principals to query a list of data catalogs, databases, and table metadata from Amazon Athena.
+ `aws-marketplace` – Allows principals to view AWS AI Marketplace subscriptions. You need this if you want to access SageMaker AI software subscribed in AWS Marketplace.
+ `cloudformation` – Allows principals to get AWS CloudFormation templates for using SageMaker AI JumpStart solutions and Pipelines. SageMaker AI JumpStart creates resources necessary to run end-to-end machine learning solutions that tie SageMaker AI to other AWS services. SageMaker AI Pipelines creates new projects that are backed by Service Catalog.
+ `cloudwatch` – Allows principals to post CloudWatch metrics, interact with alarms, and upload logs to CloudWatch Logs in your account.
+ `codebuild` – Allows principals to store AWS CodeBuild artifacts for SageMaker AI Pipeline and Projects.
+ `codecommit` – Needed for AWS CodeCommit integration with SageMaker AI notebook instances.
+ `cognito-idp` – Needed for Amazon SageMaker Ground Truth to define private workforce and work teams.
+ `ec2` – Needed for SageMaker AI to manage Amazon EC2 resources and network interfaces when you specify an Amazon VPC for your SageMaker AI jobs, models, endpoints, and notebook instances.
+ `ecr` – Needed to pull and store Docker artifacts for Amazon SageMaker Studio Classic (custom images), training, processing, batch inference, and inference endpoints. This is also required to use your own container in SageMaker AI. Additional permissions for SageMaker AI JumpStart solutions are required to create and remove custom images on behalf of users.
+ `elasticfilesystem` – Allows principals to access Amazon Elastic File System. This is needed for SageMaker AI to use data sources in Amazon Elastic File System for training machine learning models.
+ `fsx` – Allows principals to access Amazon FSx. This is needed for SageMaker AI to use data sources in Amazon FSx for training machine learning models.
+ `glue` – Needed for inference pipeline pre-processing from within SageMaker AI notebook instances.
+ `groundtruthlabeling` – Needed for Ground Truth labeling jobs. The `groundtruthlabeling` endpoint is accessed by the Ground Truth console.
+ `iam` – Needed to give the SageMaker AI console access to available IAM roles and create service-linked roles.
+ `kms` – Needed to give the SageMaker AI console access to available AWS KMS keys and retrieve them for any specified AWS KMS aliases in jobs and endpoints.
+ `lambda` – Allows principals to invoke and get a list of AWS Lambda functions.
+ `logs` – Needed to allow SageMaker AI jobs and endpoints to publish log streams.
+ `redshift` – Allows principals to access Amazon Redshift cluster credentials.
+ `redshift-data` – Allows principals to use data from Amazon Redshift to run, describe, and cancel statements; get statement results; and list schemas and tables.
+ `robomaker` – Allows principals to have full access to create, get descriptions, and delete AWS RoboMaker simulation applications and jobs. This is also needed to run reinforcement learning examples on notebook instances.
+ `s3, s3express` – Allows principals to have full access to Amazon S3 and Amazon S3 Express resources pertaining to SageMaker AI, but not all of Amazon S3 or Amazon S3 Express.
+ `sagemaker` – Allows principals to list tags on SageMaker AI user profiles, and add tags to SageMaker AI apps and spaces. Allows access only to SageMaker AI flow-definitions of sagemaker:WorkteamType "private-crowd" or "vendor-crowd". Allows the use and description of SageMaker AI training plans and reserved capacity in SageMaker training jobs, and SageMaker HyperPod clusters, across all AWS Regions where the training plans feature is accessible.
+ `sagemaker` and `sagemaker-geospatial` – Allows principals read-only access to SageMaker AI domains and user profiles.
+ `secretsmanager` – Allows principals to have full access to AWS Secrets Manager. The principals can securely encrypt, store, and retrieve credentials for databases and other services. This is also needed for SageMaker AI notebook instances with SageMaker AI code repositories that use GitHub.
+ `servicecatalog` – Allows principals to use Service Catalog. The principals can create, get a list of, update, or terminate provisioned products, such as servers, databases, websites, or applications deployed using AWS resources. This is needed for SageMaker AI JumpStart and Projects to find and read service catalog products and launch AWS resources in users.
+ `sns` – Allows principals to get a list of Amazon SNS topics. This is needed for endpoints with Async Inference enabled for notifying users that their inference has completed.
+ `states` – Needed for SageMaker AI JumpStart and Pipelines to use a service catalog to create step function resources.
+ `tag` – Needed for SageMaker AI Pipelines to render in Studio Classic. Studio Classic needs resources tagged with particular `sagemaker:project-id` tag-key. This requires the `tag:GetResources` permission.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowAllNonAdminSageMakerActions",
"Effect": "Allow",
"Action": [
"sagemaker:*",
"sagemaker-geospatial:*"
],
"NotResource": [
"arn:aws:sagemaker:*:*:domain/*",
"arn:aws:sagemaker:*:*:user-profile/*",
"arn:aws:sagemaker:*:*:app/*",
"arn:aws:sagemaker:*:*:space/*",
"arn:aws:sagemaker:*:*:partner-app/*",
"arn:aws:sagemaker:*:*:flow-definition/*",
"arn:aws:sagemaker:*:*:training-plan/*",
"arn:aws:sagemaker:*:*:reserved-capacity/*"
]
},
{
"Sid": "AllowAddTagsForSpace",
"Effect": "Allow",
"Action": [
"sagemaker:AddTags"
],
"Resource": [
"arn:aws:sagemaker:*:*:space/*"
],
"Condition": {
"StringEquals": {
"sagemaker:TaggingAction": "CreateSpace"
}
}
},
{
"Sid": "AllowAddTagsForApp",
"Effect": "Allow",
"Action": [
"sagemaker:AddTags"
],
"Resource": [
"arn:aws:sagemaker:*:*:app/*"
]
},
{
"Sid": "AllowUseOfTrainingPlanResources",
"Effect": "Allow",
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateCluster",
"sagemaker:UpdateCluster",
"sagemaker:DescribeTrainingPlan"
],
"Resource": [
"arn:aws:sagemaker:*:*:training-plan/*",
"arn:aws:sagemaker:*:*:reserved-capacity/*"
]
},
{
"Sid": "AllowStudioActions",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:DescribeDomain",
"sagemaker:ListDomains",
"sagemaker:DescribeUserProfile",
"sagemaker:ListUserProfiles",
"sagemaker:DescribeSpace",
"sagemaker:ListSpaces",
"sagemaker:DescribeApp",
"sagemaker:ListApps"
],
"Resource": "*"
},
{
"Sid": "AllowAppActionsForUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:*:*:app/*/*/*/*",
"Condition": {
"Null": {
"sagemaker:OwnerUserProfileArn": "true"
}
}
},
{
"Sid": "AllowAppActionsForSharedSpaces",
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*",
"Condition": {
"StringEquals": {
"sagemaker:SpaceSharingType": [
"Shared"
]
}
}
},
{
"Sid": "AllowMutatingActionsOnSharedSpacesWithoutOwner",
"Effect": "Allow",
"Action": [
"sagemaker:CreateSpace",
"sagemaker:UpdateSpace",
"sagemaker:DeleteSpace"
],
"Resource": "arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*",
"Condition": {
"Null": {
"sagemaker:OwnerUserProfileArn": "true"
}
}
},
{
"Sid": "RestrictMutatingActionsOnSpacesToOwnerUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreateSpace",
"sagemaker:UpdateSpace",
"sagemaker:DeleteSpace"
],
"Resource": "arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*",
"Condition": {
"ArnLike": {
"sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}"
},
"StringEquals": {
"sagemaker:SpaceSharingType": [
"Private",
"Shared"
]
}
}
},
{
"Sid": "RestrictMutatingActionsOnPrivateSpaceAppsToOwnerUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*",
"Condition": {
"ArnLike": {
"sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}"
},
"StringEquals": {
"sagemaker:SpaceSharingType": [
"Private"
]
}
}
},
{
"Sid": "AllowFlowDefinitionActions",
"Effect": "Allow",
"Action": "sagemaker:*",
"Resource": [
"arn:aws:sagemaker:*:*:flow-definition/*"
],
"Condition": {
"StringEqualsIfExists": {
"sagemaker:WorkteamType": [
"private-crowd",
"vendor-crowd"
]
}
}
},
{
"Sid": "AllowAWSServiceActions",
"Effect": "Allow",
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeleteScheduledAction",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:RegisterScalableTarget",
"aws-marketplace:ViewSubscriptions",
"cloudformation:GetTemplateSummary",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:PutMetricData",
"codecommit:BatchGetRepositories",
"codecommit:CreateRepository",
"codecommit:GetRepository",
"codecommit:List*",
"cognito-idp:AdminAddUserToGroup",
"cognito-idp:AdminCreateUser",
"cognito-idp:AdminDeleteUser",
"cognito-idp:AdminDisableUser",
"cognito-idp:AdminEnableUser",
"cognito-idp:AdminRemoveUserFromGroup",
"cognito-idp:CreateGroup",
"cognito-idp:CreateUserPool",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:CreateUserPoolDomain",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:List*",
"cognito-idp:UpdateUserPool",
"cognito-idp:UpdateUserPoolClient",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreateVpcEndpoint",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CreateRepository",
"ecr:Describe*",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:StartImageScan",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"fsx:DescribeFileSystems",
"glue:CreateJob",
"glue:DeleteJob",
"glue:GetJob*",
"glue:GetTable*",
"glue:GetWorkflowRun",
"glue:ResetJobBookmark",
"glue:StartJobRun",
"glue:StartWorkflowRun",
"glue:UpdateJob",
"groundtruthlabeling:*",
"iam:ListRoles",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:ListFunctions",
"logs:CreateLogDelivery",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogDelivery",
"logs:Describe*",
"logs:GetLogDelivery",
"logs:GetLogEvents",
"logs:ListLogDeliveries",
"logs:PutLogEvents",
"logs:PutResourcePolicy",
"logs:UpdateLogDelivery",
"robomaker:CreateSimulationApplication",
"robomaker:DescribeSimulationApplication",
"robomaker:DeleteSimulationApplication",
"robomaker:CreateSimulationJob",
"robomaker:DescribeSimulationJob",
"robomaker:CancelSimulationJob",
"secretsmanager:ListSecrets",
"servicecatalog:Describe*",
"servicecatalog:List*",
"servicecatalog:ScanProvisionedProducts",
"servicecatalog:SearchProducts",
"servicecatalog:SearchProvisionedProducts",
"sns:ListTopics",
"tag:GetResources"
],
"Resource": "*"
},
{
"Sid": "AllowECRActions",
"Effect": "Allow",
"Action": [
"ecr:SetRepositoryPolicy",
"ecr:CompleteLayerUpload",
"ecr:BatchDeleteImage",
"ecr:UploadLayerPart",
"ecr:DeleteRepositoryPolicy",
"ecr:InitiateLayerUpload",
"ecr:DeleteRepository",
"ecr:PutImage"
],
"Resource": [
"arn:aws:ecr:*:*:repository/*sagemaker*"
]
},
{
"Sid": "AllowCodeCommitActions",
"Effect": "Allow",
"Action": [
"codecommit:GitPull",
"codecommit:GitPush"
],
"Resource": [
"arn:aws:codecommit:*:*:*sagemaker*",
"arn:aws:codecommit:*:*:*SageMaker*",
"arn:aws:codecommit:*:*:*Sagemaker*"
]
},
{
"Sid": "AllowCodeBuildActions",
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Resource": [
"arn:aws:codebuild:*:*:project/sagemaker*",
"arn:aws:codebuild:*:*:build/*"
],
"Effect": "Allow"
},
{
"Sid": "AllowStepFunctionsActions",
"Action": [
"states:DescribeExecution",
"states:GetExecutionHistory",
"states:StartExecution",
"states:StopExecution",
"states:UpdateStateMachine"
],
"Resource": [
"arn:aws:states:*:*:statemachine:*sagemaker*",
"arn:aws:states:*:*:execution:*sagemaker*:*"
],
"Effect": "Allow"
},
{
"Sid": "AllowSecretManagerActions",
"Effect": "Allow",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret"
],
"Resource": [
"arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*"
]
},
{
"Sid": "AllowReadOnlySecretManagerActions",
"Effect": "Allow",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"secretsmanager:ResourceTag/SageMaker": "true"
}
}
},
{
"Sid": "AllowServiceCatalogProvisionProduct",
"Effect": "Allow",
"Action": [
"servicecatalog:ProvisionProduct"
],
"Resource": "*"
},
{
"Sid": "AllowServiceCatalogTerminateUpdateProvisionProduct",
"Effect": "Allow",
"Action": [
"servicecatalog:TerminateProvisionedProduct",
"servicecatalog:UpdateProvisionedProduct"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"servicecatalog:userLevel": "self"
}
}
},
{
"Sid": "AllowS3ObjectActions",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*",
"arn:aws:s3:::*aws-glue*"
]
},
{
"Sid": "AllowS3GetObjectWithSageMakerExistingObjectTag",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*"
],
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/SageMaker": "true"
}
}
},
{
"Sid": "AllowS3GetObjectWithServiceCatalogProvisioningExistingObjectTag",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*"
],
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/servicecatalog:provisioning": "true"
}
}
},
{
"Sid": "AllowS3BucketActions",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketCors",
"s3:PutBucketCors"
],
"Resource": "*"
},
{
"Sid": "AllowS3BucketACL",
"Effect": "Allow",
"Action": [
"s3:GetBucketAcl",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Sid": "AllowLambdaInvokeFunction",
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": [
"arn:aws:lambda:*:*:function:*SageMaker*",
"arn:aws:lambda:*:*:function:*sagemaker*",
"arn:aws:lambda:*:*:function:*Sagemaker*",
"arn:aws:lambda:*:*:function:*LabelingFunction*"
]
},
{
"Sid": "AllowCreateServiceLinkedRoleForSageMakerApplicationAutoscaling",
"Action": "iam:CreateServiceLinkedRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "sagemaker.application-autoscaling.amazonaws.com"
}
}
},
{
"Sid": "AllowCreateServiceLinkedRoleForRobomaker",
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "robomaker.amazonaws.com"
}
}
},
{
"Sid": "AllowSNSActions",
"Effect": "Allow",
"Action": [
"sns:Subscribe",
"sns:CreateTopic",
"sns:Publish"
],
"Resource": [
"arn:aws:sns:*:*:*SageMaker*",
"arn:aws:sns:*:*:*Sagemaker*",
"arn:aws:sns:*:*:*sagemaker*"
]
},
{
"Sid": "AllowPassRoleForSageMakerRoles",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::*:role/*AmazonSageMaker*",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"glue.amazonaws.com",
"robomaker.amazonaws.com",
"states.amazonaws.com"
]
}
}
},
{
"Sid": "AllowPassRoleToSageMaker",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::*:role/*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "sagemaker.amazonaws.com"
}
}
},
{
"Sid": "AllowAthenaActions",
"Effect": "Allow",
"Action": [
"athena:ListDataCatalogs",
"athena:ListDatabases",
"athena:ListTableMetadata",
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:StartQueryExecution",
"athena:StopQueryExecution"
],
"Resource": [
"*"
]
},
{
"Sid": "AllowGlueCreateTable",
"Effect": "Allow",
"Action": [
"glue:CreateTable"
],
"Resource": [
"arn:aws:glue:*:*:table/*/sagemaker_tmp_*",
"arn:aws:glue:*:*:table/sagemaker_featurestore/*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*"
]
},
{
"Sid": "AllowGlueUpdateTable",
"Effect": "Allow",
"Action": [
"glue:UpdateTable"
],
"Resource": [
"arn:aws:glue:*:*:table/sagemaker_featurestore/*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/sagemaker_featurestore"
]
},
{
"Sid": "AllowGlueDeleteTable",
"Effect": "Allow",
"Action": [
"glue:DeleteTable"
],
"Resource": [
"arn:aws:glue:*:*:table/*/sagemaker_tmp_*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*"
]
},
{
"Sid": "AllowGlueGetTablesAndDatabases",
"Effect": "Allow",
"Action": [
"glue:GetDatabases",
"glue:GetTable",
"glue:GetTables"
],
"Resource": [
"arn:aws:glue:*:*:table/*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*"
]
},
{
"Sid": "AllowGlueGetAndCreateDatabase",
"Effect": "Allow",
"Action": [
"glue:CreateDatabase",
"glue:GetDatabase"
],
"Resource": [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/sagemaker_featurestore",
"arn:aws:glue:*:*:database/sagemaker_processing",
"arn:aws:glue:*:*:database/default",
"arn:aws:glue:*:*:database/sagemaker_data_wrangler"
]
},
{
"Sid": "AllowRedshiftDataActions",
"Effect": "Allow",
"Action": [
"redshift-data:ExecuteStatement",
"redshift-data:DescribeStatement",
"redshift-data:CancelStatement",
"redshift-data:GetStatementResult",
"redshift-data:ListSchemas",
"redshift-data:ListTables"
],
"Resource": [
"*"
]
},
{
"Sid": "AllowRedshiftGetClusterCredentials",
"Effect": "Allow",
"Action": [
"redshift:GetClusterCredentials"
],
"Resource": [
"arn:aws:redshift:*:*:dbuser:*/sagemaker_access*",
"arn:aws:redshift:*:*:dbname:*"
]
},
{
"Sid": "AllowListTagsForUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:ListTags"
],
"Resource": [
"arn:aws:sagemaker:*:*:user-profile/*"
]
},
{
"Sid": "AllowCloudformationListStackResources",
"Effect": "Allow",
"Action": [
"cloudformation:ListStackResources"
],
"Resource": "arn:aws:cloudformation:*:*:stack/SC-*"
},
{
"Sid": "AllowS3ExpressObjectActions",
"Effect": "Allow",
"Action": [
"s3express:CreateSession"
],
"Resource": [
"arn:aws:s3express:*:*:bucket/*SageMaker*",
"arn:aws:s3express:*:*:bucket/*Sagemaker*",
"arn:aws:s3express:*:*:bucket/*sagemaker*",
"arn:aws:s3express:*:*:bucket/*aws-glue*"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "AllowS3ExpressCreateBucketActions",
"Effect": "Allow",
"Action": [
"s3express:CreateBucket"
],
"Resource": [
"arn:aws:s3express:*:*:bucket/*SageMaker*",
"arn:aws:s3express:*:*:bucket/*Sagemaker*",
"arn:aws:s3express:*:*:bucket/*sagemaker*"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "AllowS3ExpressListBucketActions",
"Effect": "Allow",
"Action": [
"s3express:ListAllMyDirectoryBuckets"
],
"Resource": "*"
}
]
}
```
------
## AWS managed policy: AmazonSageMakerReadOnly
This policy grants read-only access to Amazon SageMaker AI through the AWS Management Console and SDK.
**Permissions details**
This policy includes the following permissions.
+ `application-autoscaling` – Allows users to browse descriptions of scalable SageMaker AI real-time inference endpoints.
+ `aws-marketplace` – Allows users to view AWS AI Marketplace subscriptions.
+ `cloudwatch` – Allows users to receive CloudWatch alarms.
+ `cognito-idp` – Needed for Amazon SageMaker Ground Truth to browse descriptions and lists of private workforce and work teams.
+ `ecr` – Needed to read Docker artifacts for training and inference.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sagemaker:Describe*",
"sagemaker:List*",
"sagemaker:BatchGetMetrics",
"sagemaker:GetDeviceRegistration",
"sagemaker:GetDeviceFleetReport",
"sagemaker:GetSearchSuggestions",
"sagemaker:BatchGetRecord",
"sagemaker:GetRecord",
"sagemaker:Search",
"sagemaker:QueryLineage",
"sagemaker:GetLineageGroupPolicy",
"sagemaker:BatchDescribeModelPackage",
"sagemaker:GetModelPackageGroupPolicy"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"aws-marketplace:ViewSubscriptions",
"cloudwatch:DescribeAlarms",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:ListGroups",
"cognito-idp:ListIdentityProviders",
"cognito-idp:ListUserPoolClients",
"cognito-idp:ListUserPools",
"cognito-idp:ListUsers",
"cognito-idp:ListUsersInGroup",
"ecr:Describe*"
],
"Resource": "*"
}
]
}
```
------
# AWS managed policies for Amazon SageMaker Canvas
These AWS managed policies add permissions required to use Amazon SageMaker Canvas. The policies are available in your AWS account and are used by execution roles created from the SageMaker AI console.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerCanvasFullAccess
](#security-iam-awsmanpol-AmazonSageMakerCanvasFullAccess)
+ [
## AWS managed policy: AmazonSageMakerCanvasDataPrepFullAccess
](#security-iam-awsmanpol-AmazonSageMakerCanvasDataPrepFullAccess)
+ [
## AWS managed policy: AmazonSageMakerCanvasDirectDeployAccess
](#security-iam-awsmanpol-AmazonSageMakerCanvasDirectDeployAccess)
+ [
## AWS managed policy: AmazonSageMakerCanvasAIServicesAccess
](#security-iam-awsmanpol-AmazonSageMakerCanvasAIServicesAccess)
+ [
## AWS managed policy: AmazonSageMakerCanvasBedrockAccess
](#security-iam-awsmanpol-AmazonSageMakerCanvasBedrockAccess)
+ [
## AWS managed policy: AmazonSageMakerCanvasForecastAccess
](#security-iam-awsmanpol-AmazonSageMakerCanvasForecastAccess)
+ [
## AWS managed policy: AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerCanvasSMDataScienceAssistantAccess
](#security-iam-awsmanpol-AmazonSageMakerCanvasSMDataScienceAssistantAccess)
+ [
## Amazon SageMaker AI updates to Amazon SageMaker Canvas managed policies
](#security-iam-awsmanpol-canvas-updates)
## AWS managed policy: AmazonSageMakerCanvasFullAccess
This policy grants permissions that allow full access to Amazon SageMaker Canvas through the AWS Management Console and SDK. The policy also provides select access to related services [for example, Amazon Simple Storage Service (Amazon S3), AWS Identity and Access Management (IAM), Amazon Virtual Private Cloud (Amazon VPC), Amazon Elastic Container Registry (Amazon ECR), Amazon CloudWatch Logs, Amazon Redshift, AWS Secrets Manager, Amazon SageMaker Autopilot, SageMaker Model Registry, and Amazon Forecast].
This policy is intended to help customers experiment and get started with all the capabilities of SageMaker Canvas. For more fine-grained control, we suggest customers build their own scoped down versions as they move to production workloads. For more information, see [IAM policy types: How and when to use them](https://aws.amazon.com/blogs/security/iam-policy-types-how-and-when-to-use-them/).
**Permissions details**
This AWS managed policy includes the following permissions.
+ `sagemaker` – Allows principals to create and host SageMaker AI models on resources whose ARN contains "Canvas", "canvas", or "model-compilation-". Additionally, users can register their SageMaker Canvas model to SageMaker AI Model Registry in the same AWS account. Also allows principals to create and manage SageMaker training, transform, and AutoML jobs.
+ `application-autoscaling` – Allows principals to automatically scale a SageMaker AI inference endpoint.
+ `athena` – Allows principals to query a list of data catalogs, databases, and table metadata from Amazon Athena, and access the tables in the catalogs.
+ `cloudwatch` – Allows principals to create and manage Amazon CloudWatch alarms.
+ `ec2` – Allows principals to create Amazon VPC endpoints.
+ `ecr` – Allows principals to get information about a container image.
+ `emr-serverless` – Allows principals to create and manage Amazon EMR Serverless applications and job runs. Also allows principals to tag SageMaker Canvas resources.
+ `forecast` – Allows principals to use Amazon Forecast.
+ `glue` – Allows principals to retrieve the tables, databases, and partitions in the AWS Glue catalog.
+ `iam` – Allows principals to pass an IAM role to Amazon SageMaker AI, Amazon Forecast, and Amazon EMR Serverless. Also allows principals to create a service-linked role.
+ `kms` – Allows principals to read an AWS KMS key that is tagged with `Source:SageMakerCanvas`.
+ `logs` – Allows principals to publish logs from training jobs and endpoints.
+ `quicksight` – Allows principals to list the namespaces in the Quick account.
+ `rds` – Allows principals to return information about provisioned Amazon RDS instances.
+ `redshift` – Allows principals to get credentials for a "sagemaker\$1access\$1" dbuser on any Amazon Redshift cluster if that user exists.
+ `redshift-data` – Allows principals to run queries on Amazon Redshift using the Amazon Redshift Data API. This only provides access to the Redshift Data APIs themselves and does not directly provide access to your Amazon Redshift clusters. For more information, see [Using the Amazon Redshift Data API](https://docs.aws.amazon.com/redshift/latest/mgmt/data-api.html).
+ `s3` – Allows principals to add and retrieve objects from Amazon S3 buckets. These objects are limited to those whose name includes "SageMaker", "Sagemaker", or "sagemaker". Also allows principals to retrieve objects from Amazon S3 buckets whose ARN starts with "jumpstart-cache-prod-" in specific regions.
+ `secretsmanager` – Allows principals to store customer credentials to connect to a Snowflake database using Secrets Manager.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "SageMakerUserDetailsAndPackageOperations",
"Effect": "Allow",
"Action": [
"sagemaker:DescribeDomain",
"sagemaker:DescribeUserProfile",
"sagemaker:ListTags",
"sagemaker:ListModelPackages",
"sagemaker:ListModelPackageGroups",
"sagemaker:ListEndpoints"
],
"Resource": "*"
},
{
"Sid": "SageMakerPackageGroupOperations",
"Effect": "Allow",
"Action": [
"sagemaker:CreateModelPackageGroup",
"sagemaker:CreateModelPackage",
"sagemaker:DescribeModelPackageGroup",
"sagemaker:DescribeModelPackage"
],
"Resource": [
"arn:aws:sagemaker:*:*:model-package/*",
"arn:aws:sagemaker:*:*:model-package-group/*"
]
},
{
"Sid": "SageMakerTrainingOperations",
"Effect": "Allow",
"Action": [
"sagemaker:CreateCompilationJob",
"sagemaker:CreateEndpoint",
"sagemaker:CreateEndpointConfig",
"sagemaker:CreateModel",
"sagemaker:CreateProcessingJob",
"sagemaker:CreateAutoMLJob",
"sagemaker:CreateAutoMLJobV2",
"sagemaker:CreateTrainingJob",
"sagemaker:CreateTransformJob",
"sagemaker:DeleteEndpoint",
"sagemaker:DescribeCompilationJob",
"sagemaker:DescribeEndpoint",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeModel",
"sagemaker:DescribeProcessingJob",
"sagemaker:DescribeAutoMLJob",
"sagemaker:DescribeAutoMLJobV2",
"sagemaker:DescribeTrainingJob",
"sagemaker:DescribeTransformJob",
"sagemaker:ListCandidatesForAutoMLJob",
"sagemaker:StopAutoMLJob",
"sagemaker:StopTrainingJob",
"sagemaker:StopTransformJob",
"sagemaker:AddTags",
"sagemaker:DeleteApp"
],
"Resource": [
"arn:aws:sagemaker:*:*:*Canvas*",
"arn:aws:sagemaker:*:*:*canvas*",
"arn:aws:sagemaker:*:*:*model-compilation-*"
]
},
{
"Sid": "SageMakerHostingOperations",
"Effect": "Allow",
"Action": [
"sagemaker:DeleteEndpointConfig",
"sagemaker:DeleteModel",
"sagemaker:InvokeEndpoint",
"sagemaker:UpdateEndpointWeightsAndCapacities",
"sagemaker:InvokeEndpointAsync"
],
"Resource": [
"arn:aws:sagemaker:*:*:*Canvas*",
"arn:aws:sagemaker:*:*:*canvas*"
]
},
{
"Sid": "EC2VPCOperation",
"Effect": "Allow",
"Action": [
"ec2:CreateVpcEndpoint",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServices"
],
"Resource": "*"
},
{
"Sid": "ECROperations",
"Effect": "Allow",
"Action": [
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
},
{
"Sid": "IAMGetOperations",
"Effect": "Allow",
"Action": [
"iam:GetRole"
],
"Resource": "arn:aws:iam::*:role/*"
},
{
"Sid": "IAMPassOperation",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::*:role/*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "sagemaker.amazonaws.com"
}
}
},
{
"Sid": "LoggingOperation",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*"
},
{
"Sid": "S3Operations",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:CreateBucket",
"s3:GetBucketCors",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Sid": "ReadSageMakerJumpstartArtifacts",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::jumpstart-cache-prod-us-west-2/*",
"arn:aws:s3:::jumpstart-cache-prod-us-east-1/*",
"arn:aws:s3:::jumpstart-cache-prod-us-east-2/*",
"arn:aws:s3:::jumpstart-cache-prod-eu-west-1/*",
"arn:aws:s3:::jumpstart-cache-prod-eu-central-1/*",
"arn:aws:s3:::jumpstart-cache-prod-ap-south-1/*",
"arn:aws:s3:::jumpstart-cache-prod-ap-northeast-2/*",
"arn:aws:s3:::jumpstart-cache-prod-ap-northeast-1/*",
"arn:aws:s3:::jumpstart-cache-prod-ap-southeast-1/*",
"arn:aws:s3:::jumpstart-cache-prod-ap-southeast-2/*"
]
},
{
"Sid": "S3ListOperations",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Sid": "GlueOperations",
"Effect": "Allow",
"Action": "glue:SearchTables",
"Resource": [
"arn:aws:glue:*:*:table/*/*",
"arn:aws:glue:*:*:database/*",
"arn:aws:glue:*:*:catalog"
]
},
{
"Sid": "SecretsManagerARNBasedOperation",
"Effect": "Allow",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret",
"secretsmanager:PutResourcePolicy"
],
"Resource": [
"arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*"
]
},
{
"Sid": "SecretManagerTagBasedOperation",
"Effect": "Allow",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"secretsmanager:ResourceTag/SageMaker": "true"
}
}
},
{
"Sid": "RedshiftOperations",
"Effect": "Allow",
"Action": [
"redshift-data:ExecuteStatement",
"redshift-data:DescribeStatement",
"redshift-data:CancelStatement",
"redshift-data:GetStatementResult",
"redshift-data:ListSchemas",
"redshift-data:ListTables",
"redshift-data:DescribeTable"
],
"Resource": "*"
},
{
"Sid": "RedshiftGetCredentialsOperation",
"Effect": "Allow",
"Action": [
"redshift:GetClusterCredentials"
],
"Resource": [
"arn:aws:redshift:*:*:dbuser:*/sagemaker_access*",
"arn:aws:redshift:*:*:dbname:*"
]
},
{
"Sid": "ForecastOperations",
"Effect": "Allow",
"Action": [
"forecast:CreateExplainabilityExport",
"forecast:CreateExplainability",
"forecast:CreateForecastEndpoint",
"forecast:CreateAutoPredictor",
"forecast:CreateDatasetImportJob",
"forecast:CreateDatasetGroup",
"forecast:CreateDataset",
"forecast:CreateForecast",
"forecast:CreateForecastExportJob",
"forecast:CreatePredictorBacktestExportJob",
"forecast:CreatePredictor",
"forecast:DescribeExplainabilityExport",
"forecast:DescribeExplainability",
"forecast:DescribeAutoPredictor",
"forecast:DescribeForecastEndpoint",
"forecast:DescribeDatasetImportJob",
"forecast:DescribeDataset",
"forecast:DescribeForecast",
"forecast:DescribeForecastExportJob",
"forecast:DescribePredictorBacktestExportJob",
"forecast:GetAccuracyMetrics",
"forecast:InvokeForecastEndpoint",
"forecast:GetRecentForecastContext",
"forecast:DescribePredictor",
"forecast:TagResource",
"forecast:DeleteResourceTree"
],
"Resource": [
"arn:aws:forecast:*:*:*Canvas*"
]
},
{
"Sid": "RDSOperation",
"Effect": "Allow",
"Action": "rds:DescribeDBInstances",
"Resource": "*"
},
{
"Sid": "IAMPassOperationForForecast",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::*:role/*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "forecast.amazonaws.com"
}
}
},
{
"Sid": "AutoscalingOperations",
"Effect": "Allow",
"Action": [
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget"
],
"Resource": "arn:aws:application-autoscaling:*:*:scalable-target/*",
"Condition": {
"StringEquals": {
"application-autoscaling:service-namespace": "sagemaker",
"application-autoscaling:scalable-dimension": "sagemaker:variant:DesiredInstanceCount"
}
}
},
{
"Sid": "AsyncEndpointOperations",
"Effect": "Allow",
"Action": [
"cloudwatch:DescribeAlarms",
"sagemaker:DescribeEndpointConfig"
],
"Resource": "*"
},
{
"Sid": "DescribeScalingOperations",
"Effect": "Allow",
"Action": [
"application-autoscaling:DescribeScalingActivities"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "SageMakerCloudWatchUpdate",
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms"
],
"Resource": [
"arn:aws:cloudwatch:*:*:alarm:TargetTracking*"
],
"Condition": {
"StringEquals": {
"aws:CalledViaLast": "application-autoscaling.amazonaws.com"
}
}
},
{
"Sid": "AutoscalingSageMakerEndpointOperation",
"Action": "iam:CreateServiceLinkedRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "sagemaker.application-autoscaling.amazonaws.com"
}
}
},
{
"Sid": "AthenaOperation",
"Action": [
"athena:ListTableMetadata",
"athena:ListDataCatalogs",
"athena:ListDatabases"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "GlueOperation",
"Action": [
"glue:GetDatabases",
"glue:GetPartitions",
"glue:GetTables"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:table/*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "QuicksightOperation",
"Action": [
"quicksight:ListNamespaces"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "AllowUseOfKeyInAccount",
"Effect": "Allow",
"Action": [
"kms:DescribeKey"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Source": "SageMakerCanvas",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessCreateApplicationOperation",
"Effect": "Allow",
"Action": "emr-serverless:CreateApplication",
"Resource": "arn:aws:emr-serverless:*:*:/*",
"Condition": {
"StringEquals": {
"aws:RequestTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessListApplicationOperation",
"Effect": "Allow",
"Action": "emr-serverless:ListApplications",
"Resource": "arn:aws:emr-serverless:*:*:/*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessApplicationOperations",
"Effect": "Allow",
"Action": [
"emr-serverless:UpdateApplication",
"emr-serverless:StopApplication",
"emr-serverless:GetApplication",
"emr-serverless:StartApplication"
],
"Resource": "arn:aws:emr-serverless:*:*:/applications/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessStartJobRunOperation",
"Effect": "Allow",
"Action": "emr-serverless:StartJobRun",
"Resource": "arn:aws:emr-serverless:*:*:/applications/*",
"Condition": {
"StringEquals": {
"aws:RequestTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessListJobRunOperation",
"Effect": "Allow",
"Action": "emr-serverless:ListJobRuns",
"Resource": "arn:aws:emr-serverless:*:*:/applications/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessJobRunOperations",
"Effect": "Allow",
"Action": [
"emr-serverless:GetJobRun",
"emr-serverless:CancelJobRun"
],
"Resource": "arn:aws:emr-serverless:*:*:/applications/*/jobruns/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessTagResourceOperation",
"Effect": "Allow",
"Action": "emr-serverless:TagResource",
"Resource": "arn:aws:emr-serverless:*:*:/*",
"Condition": {
"StringEquals": {
"aws:RequestTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "IAMPassOperationForEMRServerless",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::*:role/service-role/AmazonSageMakerCanvasEMRSExecutionAccess-*",
"arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "emr-serverless.amazonaws.com",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
```
## AWS managed policy: AmazonSageMakerCanvasDataPrepFullAccess
This policy grants permissions that allow full access to the data preparation functionality of Amazon SageMaker Canvas. The policy also provides least privilege permissions for the services that integrate with the data preparation functionality [for example, Amazon Simple Storage Service (Amazon S3), AWS Identity and Access Management (IAM), Amazon EMR, Amazon EventBridge, Amazon Redshift, AWS Key Management Service (AWS KMS) and AWS Secrets Manager].
**Permissions details**
This AWS managed policy includes the following permissions.
+ `sagemaker` – Allows principals to access processing jobs, training jobs, inference pipelines, AutoML jobs, and feature groups.
+ `athena` – Allows principals to query a list of data catalogs, databases, and table metadata from Amazon Athena.
+ `elasticmapreduce` – Allows principals to read and list Amazon EMR clusters.
+ `emr-serverless` – Allows principals to create and manage Amazon EMR Serverless applications and job runs. Also allows principals to tag SageMaker Canvas resources.
+ `events` – Allows principals to create, read, update, and add targets to Amazon EventBridge rules for scheduled jobs.
+ `glue` – Allows principals to get and search tables from databases in the AWS Glue catalog.
+ `iam` – Allows principals to pass an IAM role to Amazon SageMaker AI, EventBridge, and Amazon EMR Serverless. Also allows principals to create a service-linked role.
+ `kms` – Allows principals to retrieve AWS KMS aliases stored in jobs and endpoints, and access the associated KMS key.
+ `logs` – Allows principals to publish logs from training jobs and endpoints.
+ `redshift` – Allows principals to get credentials to access an Amazon Redshift database.
+ `redshift-data` – Allows principals to run, cancel, describe, list, and get the results of Amazon Redshift queries. Also allows principals to list Amazon Redshift schemas and tables.
+ `s3` – Allows principals to add and retrieve objects from Amazon S3 buckets. These objects are limited to those whose name includes "SageMaker", "Sagemaker", or "sagemaker"; or is tagged with "SageMaker", case-insensitive.
+ `secretsmanager` – Allows principals to store and retrieve customer database credentials using Secrets Manager.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "SageMakerListFeatureGroupOperation",
"Effect": "Allow",
"Action": "sagemaker:ListFeatureGroups",
"Resource": "*"
},
{
"Sid": "SageMakerFeatureGroupOperations",
"Effect": "Allow",
"Action": [
"sagemaker:CreateFeatureGroup",
"sagemaker:DescribeFeatureGroup"
],
"Resource": "arn:aws:sagemaker:*:*:feature-group/*"
},
{
"Sid": "SageMakerProcessingJobOperations",
"Effect": "Allow",
"Action": [
"sagemaker:CreateProcessingJob",
"sagemaker:DescribeProcessingJob",
"sagemaker:AddTags"
],
"Resource": "arn:aws:sagemaker:*:*:processing-job/*canvas-data-prep*"
},
{
"Sid": "SageMakerProcessingJobListOperation",
"Effect": "Allow",
"Action": "sagemaker:ListProcessingJobs",
"Resource": "*"
},
{
"Sid": "SageMakerPipelineOperations",
"Effect": "Allow",
"Action": [
"sagemaker:DescribePipeline",
"sagemaker:CreatePipeline",
"sagemaker:UpdatePipeline",
"sagemaker:DeletePipeline",
"sagemaker:StartPipelineExecution",
"sagemaker:ListPipelineExecutionSteps",
"sagemaker:DescribePipelineExecution"
],
"Resource": "arn:aws:sagemaker:*:*:pipeline/*canvas-data-prep*"
},
{
"Sid": "KMSListOperations",
"Effect": "Allow",
"Action": "kms:ListAliases",
"Resource": "*"
},
{
"Sid": "KMSOperations",
"Effect": "Allow",
"Action": "kms:DescribeKey",
"Resource": "arn:aws:kms:*:*:key/*"
},
{
"Sid": "S3Operations",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:GetBucketCors",
"s3:GetBucketLocation",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "S3GetObjectOperation",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::*",
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/SageMaker": "true"
},
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "S3ListOperations",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Sid": "IAMListOperations",
"Effect": "Allow",
"Action": "iam:ListRoles",
"Resource": "*"
},
{
"Sid": "IAMGetOperations",
"Effect": "Allow",
"Action": "iam:GetRole",
"Resource": "arn:aws:iam::*:role/*"
},
{
"Sid": "IAMPassOperation",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "arn:aws:iam::*:role/*",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"sagemaker.amazonaws.com",
"events.amazonaws.com"
]
}
}
},
{
"Sid": "EventBridgePutOperation",
"Effect": "Allow",
"Action": [
"events:PutRule"
],
"Resource": "arn:aws:events:*:*:rule/*",
"Condition": {
"StringEquals": {
"aws:RequestTag/sagemaker:is-canvas-data-prep-job": "true"
}
}
},
{
"Sid": "EventBridgeOperations",
"Effect": "Allow",
"Action": [
"events:DescribeRule",
"events:PutTargets"
],
"Resource": "arn:aws:events:*:*:rule/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker:is-canvas-data-prep-job": "true"
}
}
},
{
"Sid": "EventBridgeTagBasedOperations",
"Effect": "Allow",
"Action": [
"events:TagResource"
],
"Resource": "arn:aws:events:*:*:rule/*",
"Condition": {
"StringEquals": {
"aws:RequestTag/sagemaker:is-canvas-data-prep-job": "true",
"aws:ResourceTag/sagemaker:is-canvas-data-prep-job": "true"
}
}
},
{
"Sid": "EventBridgeListTagOperation",
"Effect": "Allow",
"Action": "events:ListTagsForResource",
"Resource": "*"
},
{
"Sid": "GlueOperations",
"Effect": "Allow",
"Action": [
"glue:GetDatabases",
"glue:GetTable",
"glue:GetTables",
"glue:SearchTables"
],
"Resource": [
"arn:aws:glue:*:*:table/*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*"
]
},
{
"Sid": "EMROperations",
"Effect": "Allow",
"Action": [
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListInstanceGroups"
],
"Resource": "arn:aws:elasticmapreduce:*:*:cluster/*"
},
{
"Sid": "EMRListOperation",
"Effect": "Allow",
"Action": "elasticmapreduce:ListClusters",
"Resource": "*"
},
{
"Sid": "AthenaListDataCatalogOperation",
"Effect": "Allow",
"Action": "athena:ListDataCatalogs",
"Resource": "*"
},
{
"Sid": "AthenaQueryExecutionOperations",
"Effect": "Allow",
"Action": [
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:StartQueryExecution",
"athena:StopQueryExecution"
],
"Resource": "arn:aws:athena:*:*:workgroup/*"
},
{
"Sid": "AthenaDataCatalogOperations",
"Effect": "Allow",
"Action": [
"athena:ListDatabases",
"athena:ListTableMetadata"
],
"Resource": "arn:aws:athena:*:*:datacatalog/*"
},
{
"Sid": "RedshiftOperations",
"Effect": "Allow",
"Action": [
"redshift-data:DescribeStatement",
"redshift-data:CancelStatement",
"redshift-data:GetStatementResult"
],
"Resource": "*"
},
{
"Sid": "RedshiftArnBasedOperations",
"Effect": "Allow",
"Action": [
"redshift-data:ExecuteStatement",
"redshift-data:ListSchemas",
"redshift-data:ListTables"
],
"Resource": "arn:aws:redshift:*:*:cluster:*"
},
{
"Sid": "RedshiftGetCredentialsOperation",
"Effect": "Allow",
"Action": "redshift:GetClusterCredentials",
"Resource": [
"arn:aws:redshift:*:*:dbuser:*/sagemaker_access*",
"arn:aws:redshift:*:*:dbname:*"
]
},
{
"Sid": "SecretsManagerARNBasedOperation",
"Effect": "Allow",
"Action": "secretsmanager:CreateSecret",
"Resource": "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*"
},
{
"Sid": "SecretManagerTagBasedOperation",
"Effect": "Allow",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue"
],
"Resource": "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/SageMaker": "true",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "RDSOperation",
"Effect": "Allow",
"Action": "rds:DescribeDBInstances",
"Resource": "*"
},
{
"Sid": "LoggingOperation",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/studio:*"
},
{
"Sid": "EMRServerlessCreateApplicationOperation",
"Effect": "Allow",
"Action": "emr-serverless:CreateApplication",
"Resource": "arn:aws:emr-serverless:*:*:/*",
"Condition": {
"StringEquals": {
"aws:RequestTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessListApplicationOperation",
"Effect": "Allow",
"Action": "emr-serverless:ListApplications",
"Resource": "arn:aws:emr-serverless:*:*:/*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessApplicationOperations",
"Effect": "Allow",
"Action": [
"emr-serverless:UpdateApplication",
"emr-serverless:GetApplication"
],
"Resource": "arn:aws:emr-serverless:*:*:/applications/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessStartJobRunOperation",
"Effect": "Allow",
"Action": "emr-serverless:StartJobRun",
"Resource": "arn:aws:emr-serverless:*:*:/applications/*",
"Condition": {
"StringEquals": {
"aws:RequestTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessListJobRunOperation",
"Effect": "Allow",
"Action": "emr-serverless:ListJobRuns",
"Resource": "arn:aws:emr-serverless:*:*:/applications/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessJobRunOperations",
"Effect": "Allow",
"Action": [
"emr-serverless:GetJobRun",
"emr-serverless:CancelJobRun"
],
"Resource": "arn:aws:emr-serverless:*:*:/applications/*/jobruns/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "EMRServerlessTagResourceOperation",
"Effect": "Allow",
"Action": "emr-serverless:TagResource",
"Resource": "arn:aws:emr-serverless:*:*:/*",
"Condition": {
"StringEquals": {
"aws:RequestTag/sagemaker:is-canvas-resource": "True",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "IAMPassOperationForEMRServerless",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::*:role/service-role/AmazonSageMakerCanvasEMRSExecutionAccess-*",
"arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "emr-serverless.amazonaws.com",
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
```
## AWS managed policy: AmazonSageMakerCanvasDirectDeployAccess
This policy grants permissions needed for Amazon SageMaker Canvas to create and manage Amazon SageMaker AI endpoints.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `sagemaker` – Allows principals to create and manage SageMaker AI endpoints with an ARN resource name that starts with "Canvas" or "canvas".
+ `cloudwatch` – Allows principals to retrieve Amazon CloudWatch metric data.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "SageMakerEndpointPerms",
"Effect": "Allow",
"Action": [
"sagemaker:CreateEndpoint",
"sagemaker:CreateEndpointConfig",
"sagemaker:DeleteEndpoint",
"sagemaker:DescribeEndpoint",
"sagemaker:DescribeEndpointConfig",
"sagemaker:InvokeEndpoint",
"sagemaker:UpdateEndpoint"
],
"Resource": [
"arn:aws:sagemaker:*:*:Canvas*",
"arn:aws:sagemaker:*:*:canvas*"
]
},
{
"Sid": "ReadCWInvocationMetrics",
"Effect": "Allow",
"Action": "cloudwatch:GetMetricData",
"Resource": "*"
}
]
}
```
------
## AWS managed policy: AmazonSageMakerCanvasAIServicesAccess
This policy grants permissions for Amazon SageMaker Canvas to use Amazon Textract, Amazon Rekognition, Amazon Comprehend, and Amazon Bedrock.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `textract` – Allows principals to use Amazon Textract to detect documents, expenses, and identities within an image.
+ `rekognition` – Allows principals to use Amazon Rekognition to detect labels and text within an image.
+ `comprehend` – Allows principals to use Amazon Comprehend to detect sentiment and dominant language, and named and personally identifiable information (PII) entities within a text document.
+ `bedrock` – Allows principals to use Amazon Bedrock to list and invoke foundation models.
+ `iam` – Allows principals to pass an IAM role to Amazon Bedrock.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "Textract",
"Effect": "Allow",
"Action": [
"textract:AnalyzeDocument",
"textract:AnalyzeExpense",
"textract:AnalyzeID",
"textract:StartDocumentAnalysis",
"textract:StartExpenseAnalysis",
"textract:GetDocumentAnalysis",
"textract:GetExpenseAnalysis"
],
"Resource": "*"
},
{
"Sid": "Rekognition",
"Effect": "Allow",
"Action": [
"rekognition:DetectLabels",
"rekognition:DetectText"
],
"Resource": "*"
},
{
"Sid": "Comprehend",
"Effect": "Allow",
"Action": [
"comprehend:BatchDetectDominantLanguage",
"comprehend:BatchDetectEntities",
"comprehend:BatchDetectSentiment",
"comprehend:DetectPiiEntities",
"comprehend:DetectEntities",
"comprehend:DetectSentiment",
"comprehend:DetectDominantLanguage"
],
"Resource": "*"
},
{
"Sid": "Bedrock",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel",
"bedrock:ListFoundationModels",
"bedrock:InvokeModelWithResponseStream"
],
"Resource": "*"
},
{
"Sid": "CreateBedrockResourcesPermission",
"Effect": "Allow",
"Action": [
"bedrock:CreateModelCustomizationJob",
"bedrock:CreateProvisionedModelThroughput",
"bedrock:TagResource"
],
"Resource": [
"arn:aws:bedrock:*:*:model-customization-job/*",
"arn:aws:bedrock:*:*:custom-model/*",
"arn:aws:bedrock:*:*:provisioned-model/*"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": [
"SageMaker",
"Canvas"
]
},
"StringEquals": {
"aws:RequestTag/SageMaker": "true",
"aws:RequestTag/Canvas": "true",
"aws:ResourceTag/SageMaker": "true",
"aws:ResourceTag/Canvas": "true"
}
}
},
{
"Sid": "GetStopAndDeleteBedrockResourcesPermission",
"Effect": "Allow",
"Action": [
"bedrock:GetModelCustomizationJob",
"bedrock:GetCustomModel",
"bedrock:GetProvisionedModelThroughput",
"bedrock:StopModelCustomizationJob",
"bedrock:DeleteProvisionedModelThroughput"
],
"Resource": [
"arn:aws:bedrock:*:*:model-customization-job/*",
"arn:aws:bedrock:*:*:custom-model/*",
"arn:aws:bedrock:*:*:provisioned-model/*"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/SageMaker": "true",
"aws:ResourceTag/Canvas": "true"
}
}
},
{
"Sid": "FoundationModelPermission",
"Effect": "Allow",
"Action": [
"bedrock:CreateModelCustomizationJob"
],
"Resource": [
"arn:aws:bedrock:*::foundation-model/*"
]
},
{
"Sid": "BedrockFineTuningPassRole",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/*"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "bedrock.amazonaws.com"
}
}
}
]
}
```
## AWS managed policy: AmazonSageMakerCanvasBedrockAccess
This policy grants permissions commonly needed to use Amazon SageMaker Canvas with Amazon Bedrock.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `s3` – Allows principals to add and retrieve objects from Amazon S3 buckets in the "sagemaker-\$1/Canvas" directory.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "S3CanvasAccess",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::sagemaker-*/Canvas",
"arn:aws:s3:::sagemaker-*/Canvas/*"
]
},
{
"Sid": "S3BucketAccess",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::sagemaker-*"
]
}
]
}
```
------
## AWS managed policy: AmazonSageMakerCanvasForecastAccess
This policy grants permissions commonly needed to use Amazon SageMaker Canvas with Amazon Forecast.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `s3` – Allows principals to add and retrieve objects from Amazon S3 buckets. These objects are limited to those whose name starts with "sagemaker-".
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::sagemaker-*/Canvas",
"arn:aws:s3:::sagemaker-*/canvas"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::sagemaker-*"
]
}
]
}
```
------
## AWS managed policy: AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy
This policy grants permissions to Amazon EMR Serverless for AWS services, such as Amazon S3, used by Amazon SageMaker Canvas for large data processing.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `s3` – Allows principals to add and retrieve objects from Amazon S3 buckets. These objects are limited to those whose name includes "SageMaker" or "sagemaker"; or is tagged with "SageMaker", case-insensitive.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "S3Operations",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:GetBucketCors",
"s3:GetBucketLocation",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*sagemaker*"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "S3GetObjectOperation",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::*",
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/SageMaker": "true"
},
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "S3ListOperations",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
```
------
## AWS managed policy: AmazonSageMakerCanvasSMDataScienceAssistantAccess
This policy grants permissions for users in Amazon SageMaker Canvas to start conversations with Amazon Q Developer. This feature requires permissions to both Amazon Q Developer and the SageMaker AI Data Science Assistant service.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `q` – Allows principals to send prompts to Amazon Q Developer.
+ `sagemaker-data-science-assistant` – Allows principals to send prompts to the SageMaker Canvas Data Science Assistant service.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "SageMakerDataScienceAssistantAccess",
"Effect": "Allow",
"Action": [
"sagemaker-data-science-assistant:SendConversation"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "AmazonQDeveloperAccess",
"Effect": "Allow",
"Action": [
"q:SendMessage",
"q:StartConversation"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
```
------
## Amazon SageMaker AI updates to Amazon SageMaker Canvas managed policies
View details about updates to AWS managed policies for SageMaker Canvas since this service began tracking these changes.
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerCanvasSMDataScienceAssistantAccess](#security-iam-awsmanpol-AmazonSageMakerCanvasSMDataScienceAssistantAccess) - Update to an existing policy | 2 | Add `q:StartConversation` permission. | January 14, 2025 |
| [AmazonSageMakerCanvasSMDataScienceAssistantAccess](#security-iam-awsmanpol-AmazonSageMakerCanvasSMDataScienceAssistantAccess) - New policy | 1 | Initial policy | December 4, 2024 |
| [AmazonSageMakerCanvasDataPrepFullAccess](#security-iam-awsmanpol-AmazonSageMakerCanvasDataPrepFullAccess) - Update to an existing policy | 4 | Add resource to `IAMPassOperationForEMRServerless` permission. | August 16, 2024 |
| [AmazonSageMakerCanvasFullAccess](#security-iam-awsmanpol-AmazonSageMakerCanvasFullAccess) - Update to an existing policy | 11 | Add resource to `IAMPassOperationForEMRServerless` permission. | August 15, 2024 |
| [AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy](#security-iam-awsmanpol-AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy) - New policy | 1 | Initial policy | July 26, 2024 |
| AmazonSageMakerCanvasDataPrepFullAccess - Update to an existing policy | 3 | Add `emr-serverless:CreateApplication`, `emr-serverless:ListApplications`, `emr-serverless:UpdateApplication`, `emr-serverless:GetApplication`, `emr-serverless:StartJobRun`, `emr-serverless:ListJobRuns`, `emr-serverless:GetJobRun`, `emr-serverless:CancelJobRun`, and `emr-serverless:TagResource` permissions. | July 18, 2024 |
| AmazonSageMakerCanvasFullAccess - Update to an existing policy | 10 | Add `application-autoscaling:DescribeScalingActivities` `iam:PassRole`, `kms:DescribeKey`, and `quicksight:ListNamespaces` permissions. Add `sagemaker:CreateTrainingJob`, `sagemaker:CreateTransformJob`, `sagemaker:DescribeTrainingJob`, `sagemaker:DescribeTransformJob`, `sagemaker:StopAutoMLJob`, `sagemaker:StopTrainingJob`, and `sagemaker:StopTransformJob` permissions. Add `athena:ListTableMetadata`, `athena:ListDataCatalogs`, and `athena:ListDatabases` permissions. Add `glue:GetDatabases`, `glue:GetPartitions`, and `glue:GetTables` permissions. Add `emr-serverless:CreateApplication`, `emr-serverless:ListApplications`, `emr-serverless:UpdateApplication`, `emr-serverless:StopApplication`, `emr-serverless:GetApplication`, `emr-serverless:StartApplication`, `emr-serverless:StartJobRun`, `emr-serverless:ListJobRuns`, `emr-serverless:GetJobRun`, `emr-serverless:CancelJobRun`, and `emr-serverless:TagResource` permissions. | July 9, 2024 |
| [AmazonSageMakerCanvasBedrockAccess](#security-iam-awsmanpol-AmazonSageMakerCanvasBedrockAccess) - New policy | 1 | Initial policy | February 2, 2024 |
| AmazonSageMakerCanvasFullAccess - Update to an existing policy | 9 | Add `sagemaker:ListEndpoints` permission. | January 24, 2024 |
| AmazonSageMakerCanvasFullAccess - Update to an existing policy | 8 | Add `sagemaker:UpdateEndpointWeightsAndCapacities`, `sagemaker:DescribeEndpointConfig`, `sagemaker:InvokeEndpointAsync`, `athena:ListDataCatalogs`, `athena:GetQueryExecution`, `athena:GetQueryResults`, `athena:StartQueryExecution`, `athena:StopQueryExecution`, `athena:ListDatabases`, `cloudwatch:DescribeAlarms`, `cloudwatch:PutMetricAlarm`, `cloudwatch:DeleteAlarms`, and `iam:CreateServiceLinkedRole` permissions. | December 8, 2023 |
| AmazonSageMakerCanvasDataPrepFullAccess - Update to an existing policy | 2 | Small update to enforce the intents of the previous policy, version 1; no permissions added or deleted. | December 7, 2023 |
| [AmazonSageMakerCanvasAIServicesAccess](#security-iam-awsmanpol-AmazonSageMakerCanvasAIServicesAccess) - Update to an existing policy | 3 | Add `bedrock:InvokeModelWithResponseStream`, `bedrock:GetModelCustomizationJob`, `bedrock:StopModelCustomizationJob`, `bedrock:GetCustomModel`, `bedrock:GetProvisionedModelThroughput`, `bedrock:DeleteProvisionedModelThroughput`, `bedrock:TagResource`, `bedrock:CreateModelCustomizationJob`, `bedrock:CreateProvisionedModelThroughput`, and `iam:PassRole` permissions. | November 29, 2023 |
| AmazonSageMakerCanvasDataPrepFullAccess - New policy | 1 | Initial policy | October 26, 2023 |
| [AmazonSageMakerCanvasDirectDeployAccess](#security-iam-awsmanpol-AmazonSageMakerCanvasDirectDeployAccess) - New policy | 1 | Initial policy | October 6, 2023 |
| AmazonSageMakerCanvasFullAccess - Update to an existing policy | 7 | Add `sagemaker:DeleteEndpointConfig`, `sagemaker:DeleteModel`, and `sagemaker:InvokeEndpoint` permissions. Also add `s3:GetObject` permission for JumpStart resources in specific regions. | September 29, 2023 |
| AmazonSageMakerCanvasAIServicesAccess - Update to an existing policy | 2 | Add `bedrock:InvokeModel` and `bedrock:ListFoundationModels` permissions. | September 29, 2023 |
| AmazonSageMakerCanvasFullAccess - Update to an existing policy | 6 | Add `rds:DescribeDBInstances` permission. | August 29, 2023 |
| AmazonSageMakerCanvasFullAccess - Update to an existing policy | 5 | Add `application-autoscaling:PutScalingPolicy` and `application-autoscaling:RegisterScalableTarget` permissions. | July 24, 2023 |
| AmazonSageMakerCanvasFullAccess - Update to an existing policy | 4 | Add `sagemaker:CreateModelPackage`, `sagemaker:CreateModelPackageGroup`, `sagemaker:DescribeModelPackage`, `sagemaker:DescribeModelPackageGroup`, `sagemaker:ListModelPackages`, and `sagemaker:ListModelPackageGroups` permissions. | May 4, 2023 |
| AmazonSageMakerCanvasFullAccess - Update to an existing policy | 3 | Add `sagemaker:CreateAutoMLJobV2`, `sagemaker:DescribeAutoMLJobV2`, and `glue:SearchTables` permissions. | March 24, 2023 |
| AmazonSageMakerCanvasAIServicesAccess - New policy | 1 | Initial policy | March 23, 2023 |
| AmazonSageMakerCanvasFullAccess - Update to an existing policy | 2 | Add `forecast:DeleteResourceTree` permission. | December 6, 2022 |
| AmazonSageMakerCanvasFullAccess - New policy | 1 | Initial policy | September 8, 2022 |
| [AmazonSageMakerCanvasForecastAccess](#security-iam-awsmanpol-AmazonSageMakerCanvasForecastAccess) - New policy | 1 | Initial policy | August 24, 2022 |
# AWS managed policies for Amazon SageMaker Feature Store
These AWS managed policies add permissions required to use Feature Store. The policies are available in your AWS account and are used by execution roles created from the SageMaker AI console.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerFeatureStoreAccess
](#security-iam-awsmanpol-AmazonSageMakerFeatureStoreAccess)
+ [
## Amazon SageMaker AI updates to Amazon SageMaker Feature Store managed policies
](#security-iam-awsmanpol-feature-store-updates)
## AWS managed policy: AmazonSageMakerFeatureStoreAccess
This policy grants permissions required to enable the offline store for an Amazon SageMaker Feature Store feature group.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `s3` – Allows principals to write data into an offline store Amazon S3 bucket. These buckets are limited to those whose name includes "SageMaker", "Sagemaker", or "sagemaker".
+ `s3` – Allows principals to read existing manifest files maintained in the `metadata` folder of an offline store S3 bucket.
+ `glue` – Allows principals to read and update AWS Glue tables. These permissions are limited to tables in the `sagemaker_featurestore` folder.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetBucketAcl",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*SageMaker*/metadata/*",
"arn:aws:s3:::*Sagemaker*/metadata/*",
"arn:aws:s3:::*sagemaker*/metadata/*"
]
},
{
"Effect": "Allow",
"Action": [
"glue:GetTable",
"glue:UpdateTable"
],
"Resource": [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/sagemaker_featurestore",
"arn:aws:glue:*:*:table/sagemaker_featurestore/*"
]
}
]
}
```
------
## Amazon SageMaker AI updates to Amazon SageMaker Feature Store managed policies
View details about updates to AWS managed policies for Feature Store since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the SageMaker AI [Document history page.](doc-history.md)
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerFeatureStoreAccess](#security-iam-awsmanpol-AmazonSageMakerFeatureStoreAccess) - Update to an existing policy | 3 | Add `s3:GetObject`, `glue:GetTable`, and `glue:UpdateTable` permissions. | December 5, 2022 |
| AmazonSageMakerFeatureStoreAccess - Update to an existing policy | 2 | Add `s3:PutObjectAcl` permission. | February 23, 2021 |
| AmazonSageMakerFeatureStoreAccess - New policy | 1 | Initial policy | December 1, 2020 |
# AWS managed policies for Amazon SageMaker geospatial
These AWS managed policies add permissions required to use SageMaker geospatial. The policies are available in your AWS account and are used by execution roles created from the SageMaker AI console.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerGeospatialFullAccess
](#security-iam-awsmanpol-AmazonSageMakerGeospatialFullAccess)
+ [
## AWS managed policy: AmazonSageMakerGeospatialExecutionRole
](#security-iam-awsmanpol-AmazonSageMakerGeospatialExecutionRole)
+ [
## Amazon SageMaker AI updates to Amazon SageMaker geospatial managed policies
](#security-iam-awsmanpol-geospatial-updates)
## AWS managed policy: AmazonSageMakerGeospatialFullAccess
This policy grants permissions that allow full access to Amazon SageMaker geospatial through the AWS Management Console and SDK.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `sagemaker-geospatial` – Allows principals full access to all SageMaker geospatial resources.
+ `iam` – Allows principals to pass an IAM role to SageMaker geospatial.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sagemaker-geospatial:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": ["iam:PassRole"],
"Resource": "arn:aws:iam::*:role/*",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"sagemaker-geospatial.amazonaws.com"
]
}
}
}
]
}
```
------
## AWS managed policy: AmazonSageMakerGeospatialExecutionRole
This policy grants permissions commonly needed to use SageMaker geospatial.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `s3` – Allows principals to add and retrieve objects from Amazon S3 buckets. These objects are limited to those whose name contains "SageMaker", "Sagemaker", or "sagemaker".
+ `sagemaker-geospatial` – Allows principals to access Earth observation jobs through the `GetEarthObservationJob` API.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Effect": "Allow",
"Action": "sagemaker-geospatial:GetEarthObservationJob",
"Resource": "arn:aws:sagemaker-geospatial:*:*:earth-observation-job/*"
},
{
"Effect": "Allow",
"Action": "sagemaker-geospatial:GetRasterDataCollection",
"Resource": "arn:aws:sagemaker-geospatial:*:*:raster-data-collection/*"
}
]
}
```
------
## Amazon SageMaker AI updates to Amazon SageMaker geospatial managed policies
View details about updates to AWS managed policies for SageMaker geospatial since this service began tracking these changes.
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerGeospatialExecutionRole](#security-iam-awsmanpol-AmazonSageMakerGeospatialExecutionRole) - Updated policy | 2 | Add `sagemaker-geospatial:GetRasterDataCollection` permission. | May 10, 2023 |
| [AmazonSageMakerGeospatialFullAccess](#security-iam-awsmanpol-AmazonSageMakerGeospatialFullAccess) - New policy | 1 | Initial policy | November 30, 2022 |
| AmazonSageMakerGeospatialExecutionRole - New policy | 1 | Initial policy | November 30, 2022 |
# AWS Managed Policies for Amazon SageMaker Ground Truth
These AWS managed policies add permissions required to use SageMaker AI Ground Truth. The policies are available in your AWS account and are used by execution roles created from the SageMaker AI console.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerGroundTruthExecution
](#security-iam-awsmanpol-gt-AmazonSageMakerGroundTruthExecution)
+ [
## Amazon SageMaker AI updates to SageMaker AI Ground Truth managed policies
](#security-iam-awsmanpol-groundtruth-updates)
## AWS managed policy: AmazonSageMakerGroundTruthExecution
This AWS managed policy grants permissions commonly needed to use SageMaker AI Ground Truth.
**Permissions details**
This policy includes the following permissions.
+ `lambda` – Allows principals to invoke Lambda functions whose name includes "sagemaker" (case-insensitive), "GtRecipe", or "LabelingFunction".
+ `s3` – Allows principals to add and retrieve objects from Amazon S3 buckets. These objects are limited to those whose case-insensitive name contains "groundtruth" or "sagemaker", or are tagged with "SageMaker".
+ `cloudwatch` – Allows principals to post CloudWatch metrics.
+ `logs` – Allows principals to create and access log streams, and post log events.
+ `sqs` – Allows principals to create Amazon SQS queues, and send and receive Amazon SQS messages. These permissions are limited to queues whose name includes "GroundTruth".
+ `sns` – Allows principals to subscribe to and publish messages to Amazon SNS topics whose case-insensitive name contains "groundtruth" or "sagemaker".
+ `ec2` – Allows principals to create, describe, and delete Amazon VPC endpoints whose VPC endpoint service name contains "sagemaker-task-resources" or "labeling".
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "CustomLabelingJobs",
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": [
"arn:aws:lambda:*:*:function:*GtRecipe*",
"arn:aws:lambda:*:*:function:*LabelingFunction*",
"arn:aws:lambda:*:*:function:*SageMaker*",
"arn:aws:lambda:*:*:function:*sagemaker*",
"arn:aws:lambda:*:*:function:*Sagemaker*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::*GroundTruth*",
"arn:aws:s3:::*Groundtruth*",
"arn:aws:s3:::*groundtruth*",
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "*",
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/SageMaker": "true"
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": "*"
},
{
"Sid": "CloudWatch",
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Resource": "*"
},
{
"Sid": "StreamingQueue",
"Effect": "Allow",
"Action": [
"sqs:CreateQueue",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:SetQueueAttributes"
],
"Resource": "arn:aws:sqs:*:*:*GroundTruth*"
},
{
"Sid": "StreamingTopicSubscribe",
"Effect": "Allow",
"Action": "sns:Subscribe",
"Resource": [
"arn:aws:sns:*:*:*GroundTruth*",
"arn:aws:sns:*:*:*Groundtruth*",
"arn:aws:sns:*:*:*groundTruth*",
"arn:aws:sns:*:*:*groundtruth*",
"arn:aws:sns:*:*:*SageMaker*",
"arn:aws:sns:*:*:*Sagemaker*",
"arn:aws:sns:*:*:*sageMaker*",
"arn:aws:sns:*:*:*sagemaker*"
],
"Condition": {
"StringEquals": {
"sns:Protocol": "sqs"
},
"StringLike": {
"sns:Endpoint": "arn:aws:sqs:*:*:*GroundTruth*"
}
}
},
{
"Sid": "StreamingTopic",
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"arn:aws:sns:*:*:*GroundTruth*",
"arn:aws:sns:*:*:*Groundtruth*",
"arn:aws:sns:*:*:*groundTruth*",
"arn:aws:sns:*:*:*groundtruth*",
"arn:aws:sns:*:*:*SageMaker*",
"arn:aws:sns:*:*:*Sagemaker*",
"arn:aws:sns:*:*:*sageMaker*",
"arn:aws:sns:*:*:*sagemaker*"
]
},
{
"Sid": "StreamingTopicUnsubscribe",
"Effect": "Allow",
"Action": [
"sns:Unsubscribe"
],
"Resource": "*"
},
{
"Sid": "WorkforceVPC",
"Effect": "Allow",
"Action": [
"ec2:CreateVpcEndpoint",
"ec2:DescribeVpcEndpoints",
"ec2:DeleteVpcEndpoints"
],
"Resource": "*",
"Condition": {
"StringLikeIfExists": {
"ec2:VpceServiceName": [
"*sagemaker-task-resources*",
"aws.sagemaker*labeling*"
]
}
}
}
]
}
```
------
## Amazon SageMaker AI updates to SageMaker AI Ground Truth managed policies
View details about updates to AWS managed policies for Amazon SageMaker AI Ground Truth since this service began tracking these changes.
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerGroundTruthExecution](#security-iam-awsmanpol-gt-AmazonSageMakerGroundTruthExecution) - Update to an existing policy | 3 | Add `ec2:CreateVpcEndpoint`, `ec2:DescribeVpcEndpoints`, and `ec2:DeleteVpcEndpoints` permissions. | April 29, 2022 |
| AmazonSageMakerGroundTruthExecution - Update to an existing policy | 2 | Remove `sqs:SendMessageBatch` permission. | April 11, 2022 |
| AmazonSageMakerGroundTruthExecution - New policy | 1 | Initial policy | July 20, 2020 |
# AWS managed policies for Amazon SageMaker HyperPod
The following AWS managed policies add permissions required to use Amazon SageMaker HyperPod. The policies are available in your AWS account and are used by execution roles created from the SageMaker AI console or the HyperPod service-linked role.
**Topics**
+ [
# AWS managed policy: AmazonSageMakerHyperPodTrainingOperatorAccess
](security-iam-awsmanpol-AmazonSageMakerHyperPodTrainingOperatorAccess.md)
+ [
# AWS managed policy: AmazonSageMakerHyperPodObservabilityAdminAccess
](security-iam-awsmanpol-AmazonSageMakerHyperPodObservabilityAdminAccess.md)
+ [
# AWS managed policy: AmazonSageMakerHyperPodServiceRolePolicy
](security-iam-awsmanpol-AmazonSageMakerHyperPodServiceRolePolicy.md)
+ [
# AWS managed policy: AmazonSageMakerClusterInstanceRolePolicy
](security-iam-awsmanpol-AmazonSageMakerClusterInstanceRolePolicy.md)
+ [
## Amazon SageMaker AI updates to SageMaker HyperPod managed policies
](#security-iam-awsmanpol-hyperpod-updates)
# AWS managed policy: AmazonSageMakerHyperPodTrainingOperatorAccess
This policy provides administrative permissions required to set up the SageMaker HyperPod training operator. It enables access to SageMaker HyperPod and Amazon EKS add-ons. The policy includes permissions to describe the SageMaker HyperPod resources in your account.
**Permission details**
This policy includes the following permissions:
+ `sagemaker:DescribeClusterNode` - Allows users to return information about a HyperPod cluster.
To view the permissions for this policy, see [AmazonSageMakerHyperPodTrainingOperatorAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerHyperPodTrainingOperatorAccess.html) in the AWS Managed Policy Reference.
# AWS managed policy: AmazonSageMakerHyperPodObservabilityAdminAccess
This policy provides administrative privileges required for setting up Amazon SageMaker HyperPod observability. It enables access to Amazon Managed Service for Prometheus, Amazon Managed Grafana and Amazon Elastic Kubernetes Service add-ons. The policy also includes broad access to Grafana HTTP APIs through ServiceAccountTokens across all Amazon Managed Grafana workspaces in your account.
**Permission details**
The following list provides an overview of the permissions that are included in this policy.
+ `prometheus` – Create and manage Amazon Managed Service for Prometheus workspaces and rule groups
+ `grafana` – Creates and manages Amazon Managed Grafana workspaces and service accounts
+ `eks` – Creates and manages the `amazon-sagemaker-hyperpod-observability` Amazon EKS add-on
+ `iam` – Passes specific IAM service roles to Amazon Managed Grafana and Amazon EKS
+ `sagemaker` – Lists and describes SageMaker HyperPod clusters
+ `sso` – Creates and manages IAM Identity Center application instances for Amazon Managed Grafana setup
+ `tag` – Tags Amazon Managed Service for Prometheus, Amazon Managed Grafana, and Amazon EKS add-on resources
To view the policy JSON, see [AmazonSageMakerHyperPodObservabilityAdminAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerHyperPodObservabilityAdminAccess.html).
# AWS managed policy: AmazonSageMakerHyperPodServiceRolePolicy
SageMaker HyperPod creates and uses the service-linked role named `AWSServiceRoleForSageMakerHyperPod` with the `AmazonSageMakerHyperPodServiceRolePolicy` attached to the role. This policy grants Amazon SageMaker HyperPod permissions to related AWS services such as Amazon EKS and Amazon CloudWatch.
The service-linked role makes setting up SageMaker HyperPod easier because you don’t have to manually add the necessary permissions. SageMaker HyperPod defines the permissions of its service-linked roles, and unless defined otherwise, only SageMaker HyperPod can assume its roles. The defined permissions include the trust policy and the permissions policy, and that permissions policy cannot be attached to any other IAM entity.
You can delete a service-linked role only after first deleting their related resources. This protects your SageMaker HyperPod resources because you can't inadvertently remove permission to access the resources.
For information about other services that support service-linked roles, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) and look for the services that have **Yes** in the **Service-linked roles** column. Choose a **Yes** with a link to view the service-linked role documentation for that service.
The `AmazonSageMakerHyperPodServiceRolePolicy` allows SageMaker HyperPod to complete the following actions on the specified resources on your behalf.
**Permissions details**
This service-linked role policy includes the following permissions.
+ `eks` – Allows principals to read Amazon Elastic Kubernetes Service (EKS) cluster information.
+ `logs` – Allows principals to publish Amazon CloudWatch log streams to `/aws/sagemaker/Clusters`.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EKSClusterDescribePermissions",
"Effect": "Allow",
"Action": "eks:DescribeCluster",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "CloudWatchLogGroupPermissions",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "CloudWatchLogStreamPermissions",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*:log-stream:*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
```
------
You must configure permissions to allow your users, groups, or roles to create, edit, or delete a service-linked role. For more information, see [Service-linked role permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#service-linked-role-permissions) in the *IAM User Guide*.
## Creating a service-linked role for SageMaker HyperPod
You don't need to manually create a service-linked role. When you create a SageMaker HyperPod cluster using the SageMaker AI console, the AWS CLI, or the AWS SDKs, SageMaker HyperPod creates the service-linked role for you.
If you delete this service-linked role but need to create it again, you can use the same process (create a new SageMaker HyperPod cluster) to recreate the role in your account.
## Editing a service-linked role for SageMaker HyperPod
SageMaker HyperPod does not allow you to edit the `AWSServiceRoleForSageMakerHyperPod` service-linked role. After you create a service-linked role, you cannot change the name of the role because various entities might reference the role. However, you can edit the description of the role using IAM. For more information, see [Editing a service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#edit-service-linked-role) in the *IAM User Guide*.
## Deleting a service-linked role for SageMaker HyperPod
If you no longer need to use a feature or service that requires a service-linked role, we recommend that you delete that role. That way you don’t have an unused entity that is not actively monitored or maintained. However, you must clean up the resources for your service-linked role before you can manually delete it.
**To delete SageMaker HyperPod cluster resources using the service-linked role**
Use one of the following options to delete SageMaker HyperPod cluster resources.
+ [Delete a SageMaker HyperPod cluster](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-operate-slurm-console-ui.html#sagemaker-hyperpod-operate-slurm-console-ui-delete-cluster) using the SageMaker AI console
+ [Delete a SageMaker HyperPod cluster](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-operate-slurm-cli-command.html#sagemaker-hyperpod-operate-slurm-cli-command-delete-cluster) using the AWS CLI
**Note**
If the SageMaker HyperPod service is using the role when you try to delete the resources, then the deletion might fail. If that happens, wait for a few minutes and try the operation again.
**To manually delete the service-linked role using IAM**
Use the IAM console, the AWS CLI, or the AWS API to delete the `AWSServiceRoleForSageMakerHyperPod` service-linked role. For more information, see [Deleting a service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#delete-service-linked-role) in the *IAM User Guide*.
## Supported Regions for SageMaker HyperPod service-linked roles
SageMaker HyperPod supports using service-linked roles in all of the Regions where the service is available. For more information, see [Prerequisites for SageMaker HyperPod](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites.html).
# AWS managed policy: AmazonSageMakerClusterInstanceRolePolicy
This policy grants permissions commonly needed to use Amazon SageMaker HyperPod.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `cloudwatch` – Allows principals to post Amazon CloudWatch metrics.
+ `logs` – Allows principals to publish CloudWatch log streams.
+ `s3` – Allows principals to list and retrieve lifecycle script files from an Amazon S3 bucket in your account. These buckets are limited to those whose name starts with "sagemaker-".
+ `ssmmessages` – Allows principals to open a connection to AWS Systems Manager.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement" : [
{
"Sid" : "CloudwatchLogStreamPublishPermissions",
"Effect" : "Allow",
"Action" : [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:DescribeLogStreams"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*:log-stream:*"
]
},
{
"Sid" : "CloudwatchLogGroupCreationPermissions",
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*"
]
},
{
"Sid" : "CloudwatchPutMetricDataAccess",
"Effect" : "Allow",
"Action" : [
"cloudwatch:PutMetricData"
],
"Resource" : [
"*"
],
"Condition" : {
"StringEquals" : {
"cloudwatch:namespace" : "/aws/sagemaker/Clusters"
}
}
},
{
"Sid" : "DataRetrievalFromS3BucketPermissions",
"Effect" : "Allow",
"Action" : [
"s3:ListBucket",
"s3:GetObject"
],
"Resource" : [
"arn:aws:s3:::sagemaker-*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "SSMConnectivityPermissions",
"Effect" : "Allow",
"Action" : [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource" : "*"
}
]
}
```
------
## Amazon SageMaker AI updates to SageMaker HyperPod managed policies
View details about updates to AWS managed policies for SageMaker HyperPod since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the SageMaker AI [Document history page.](doc-history.md)
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerHyperPodTrainingOperatorAccess](security-iam-awsmanpol-AmazonSageMakerHyperPodTrainingOperatorAccess.md) - New policy | 1 | Initial policy | August 22, 2025 |
| [AmazonSageMakerHyperPodObservabilityAdminAccess](security-iam-awsmanpol-AmazonSageMakerHyperPodObservabilityAdminAccess.md) - Updated policy | 2 | Updated the policy to fix the role scope-down to include the `service-role` prefix. Also added permissions for `eks:DeletePodIdentityAssociation` and `eks:UpdatePodIdentityAssociation` that are required for end-to-end administrative actions. | August 19, 2025 |
| [AmazonSageMakerHyperPodObservabilityAdminAccess](security-iam-awsmanpol-AmazonSageMakerHyperPodObservabilityAdminAccess.md) - New policy | 1 | Initial policy | July 10, 2025 |
| [AmazonSageMakerHyperPodServiceRolePolicy](security-iam-awsmanpol-AmazonSageMakerHyperPodServiceRolePolicy.md) - New policy | 1 | Initial policy | September 9, 2024 |
| [AmazonSageMakerClusterInstanceRolePolicy](security-iam-awsmanpol-AmazonSageMakerClusterInstanceRolePolicy.md) - New policy | 1 | Initial policy | November 29, 2023 |
# AWS Managed Policies for SageMaker AI Model Governance
This AWS managed policy adds permissions required to use SageMaker AI Model Governance. The policy is available in your AWS account and is used by execution roles created from the SageMaker AI console.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerModelGovernanceUseAccess
](#security-iam-awsmanpol-governance-AmazonSageMakerModelGovernanceUseAccess)
+ [
## Amazon SageMaker AI updates to SageMaker AI Model Governance managed policies
](#security-iam-awsmanpol-governance-updates)
## AWS managed policy: AmazonSageMakerModelGovernanceUseAccess
This AWS managed policy grants permissions needed to use all Amazon SageMaker AI Governance features. The policy is available in your AWS account.
This policy includes the following permissions.
+ `s3` – Retrieve objects from Amazon S3 buckets. Retrievable objects are limited to those whose case-insensitive name contains the string `"sagemaker"`.
+ `kms` – List the AWS KMS keys to use for content encryption.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowSMMonitoringModelCards",
"Effect": "Allow",
"Action": [
"sagemaker:ListMonitoringAlerts",
"sagemaker:ListMonitoringExecutions",
"sagemaker:UpdateMonitoringAlert",
"sagemaker:StartMonitoringSchedule",
"sagemaker:StopMonitoringSchedule",
"sagemaker:ListMonitoringAlertHistory",
"sagemaker:DescribeModelPackage",
"sagemaker:DescribeModelPackageGroup",
"sagemaker:CreateModelCard",
"sagemaker:DescribeModelCard",
"sagemaker:UpdateModelCard",
"sagemaker:DeleteModelCard",
"sagemaker:ListModelCards",
"sagemaker:ListModelCardVersions",
"sagemaker:CreateModelCardExportJob",
"sagemaker:DescribeModelCardExportJob",
"sagemaker:ListModelCardExportJobs"
],
"Resource": "*"
},
{
"Sid": "AllowSMTrainingModelsSearchTags",
"Effect": "Allow",
"Action": [
"sagemaker:ListTrainingJobs",
"sagemaker:DescribeTrainingJob",
"sagemaker:ListModels",
"sagemaker:DescribeModel",
"sagemaker:Search",
"sagemaker:AddTags",
"sagemaker:DeleteTags",
"sagemaker:ListTags"
],
"Resource": "*"
},
{
"Sid": "AllowKMSActions",
"Effect": "Allow",
"Action": [
"kms:ListAliases"
],
"Resource": "*"
},
{
"Sid": "AllowS3Actions",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:CreateBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Sid": "AllowS3ListActions",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Resource": "*"
}
]
}
```
------
## Amazon SageMaker AI updates to SageMaker AI Model Governance managed policies
View details about updates to AWS managed policies for SageMaker AI Model Governance since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the SageMaker AI [Document history page.](doc-history.md)
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerModelGovernanceUseAccess](#security-iam-awsmanpol-governance-AmazonSageMakerModelGovernanceUseAccess) - Update to an existing policy | 3 | Add statement IDs (`Sid`). | June 4, 2024 |
| AmazonSageMakerModelGovernanceUseAccess - Update to an existing policy | 2 | Add `sagemaker:DescribeModelPackage` and `DescribeModelPackageGroup` permissions. | July 17, 2023 |
| AmazonSageMakerModelGovernanceUseAccess - New policy | 1 | Initial policy | November 30, 2022 |
# AWS Managed Policies for Model Registry
These AWS managed policies adds permissions required to use Model Registry. The policies are available in your AWS account and are used by execution roles created from the Amazon SageMaker AI console.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerModelRegistryFullAccess
](#security-iam-awsmanpol-model-registry-AmazonSageMakerModelRegistryFullAccess)
+ [
## Amazon SageMaker AI updates to Model Registry managed policies
](#security-iam-awsmanpol-model-registry-updates)
## AWS managed policy: AmazonSageMakerModelRegistryFullAccess
This AWS managed policy grants permissions needed to use all Model Registry features inside an Amazon SageMaker AI domain. This policy is attached to an execution role when configuring Model Registry settings to enable Model Registry permissions.
This policy includes the following permissions.
+ `ecr` – Allows principals to retrieve information, including metadata, about Amazon Elastic Container Registry (Amazon ECR) images.
+ `iam` – Allows principals to pass the execution role to the Amazon SageMaker AI service.
+ `resource-groups` – Allows principals to create, list, tag, and delete AWS Resource Groups.
+ `s3` – Allows principals to retrieve objects from the Amazon Simple Storage Service (Amazon S3) buckets where model versions are stored. Retrievable objects are limited to those whose case-insensitive name contains the string `"sagemaker"`.
+ `sagemaker` – Allows principals to catalog, manage, and deploy models using the SageMaker Model Registry.
+ `kms` – Allows only the SageMaker AI service principal to add a grant, generate data keys, decrypt, and read AWS KMS keys, and only keys that are tagged for "sagemaker" use.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AmazonSageMakerModelRegistrySageMakerReadPermission",
"Effect": "Allow",
"Action": [
"sagemaker:DescribeAction",
"sagemaker:DescribeInferenceRecommendationsJob",
"sagemaker:DescribeModelPackage",
"sagemaker:DescribeModelPackageGroup",
"sagemaker:DescribePipeline",
"sagemaker:DescribePipelineExecution",
"sagemaker:ListAssociations",
"sagemaker:ListArtifacts",
"sagemaker:ListModelMetadata",
"sagemaker:ListModelPackages",
"sagemaker:Search",
"sagemaker:GetSearchSuggestions"
],
"Resource": "*"
},
{
"Sid": "AmazonSageMakerModelRegistrySageMakerWritePermission",
"Effect": "Allow",
"Action": [
"sagemaker:AddTags",
"sagemaker:CreateModel",
"sagemaker:CreateModelPackage",
"sagemaker:CreateModelPackageGroup",
"sagemaker:CreateEndpoint",
"sagemaker:CreateEndpointConfig",
"sagemaker:CreateInferenceRecommendationsJob",
"sagemaker:DeleteModelPackage",
"sagemaker:DeleteModelPackageGroup",
"sagemaker:DeleteTags",
"sagemaker:UpdateModelPackage"
],
"Resource": "*"
},
{
"Sid": "AmazonSageMakerModelRegistryS3GetPermission",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Sid": "AmazonSageMakerModelRegistryS3ListPermission",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Sid": "AmazonSageMakerModelRegistryECRReadPermission",
"Effect": "Allow",
"Action": [
"ecr:BatchGetImage",
"ecr:DescribeImages"
],
"Resource": "*"
},
{
"Sid": "AmazonSageMakerModelRegistryIAMPassRolePermission",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::*:role/*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "sagemaker.amazonaws.com"
}
}
},
{
"Sid": "AmazonSageMakerModelRegistryTagReadPermission",
"Effect": "Allow",
"Action": [
"tag:GetResources"
],
"Resource": "*"
},
{
"Sid": "AmazonSageMakerModelRegistryResourceGroupGetPermission",
"Effect": "Allow",
"Action": [
"resource-groups:GetGroupQuery"
],
"Resource": "arn:aws:resource-groups:*:*:group/*"
},
{
"Sid": "AmazonSageMakerModelRegistryResourceGroupListPermission",
"Effect": "Allow",
"Action": [
"resource-groups:ListGroupResources"
],
"Resource": "*"
},
{
"Sid": "AmazonSageMakerModelRegistryResourceGroupWritePermission",
"Effect": "Allow",
"Action": [
"resource-groups:CreateGroup",
"resource-groups:Tag"
],
"Resource": "arn:aws:resource-groups:*:*:group/*",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": "sagemaker:collection"
}
}
},
{
"Sid": "AmazonSageMakerModelRegistryResourceGroupDeletePermission",
"Effect": "Allow",
"Action": "resource-groups:DeleteGroup",
"Resource": "arn:aws:resource-groups:*:*:group/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker:collection": "true"
}
}
},
{
"Sid": "AmazonSageMakerModelRegistryResourceKMSPermission",
"Effect": "Allow",
"Action": [
"kms:CreateGrant",
"kms:DescribeKey",
"kms:GenerateDataKey",
"kms:Decrypt"
],
"Resource": "arn:aws:kms:*:*:key/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/sagemaker" : "true"
},
"StringLike": {
"kms:ViaService": "sagemaker.*.amazonaws.com"
}
}
}
]
}
```
------
## Amazon SageMaker AI updates to Model Registry managed policies
View details about updates to AWS managed policies for Model Registry since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the SageMaker AI [Document history page.](doc-history.md)
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerModelRegistryFullAccess](#security-iam-awsmanpol-model-registry-AmazonSageMakerModelRegistryFullAccess) - Update to an existing policy | 2 | Add `kms:CreateGrant`, `kms:DescribeKey`, `kms:GenerateDataKey`, and `kms:Decrypt` permissions. | June 6, 2024 |
| AmazonSageMakerModelRegistryFullAccess - New policy | 1 | Initial policy | April 12, 2023 |
# AWS Managed Policies for SageMaker Notebooks
These AWS managed policies add permissions required to use SageMaker Notebooks. The policies are available in your AWS account and are used by execution roles created from the SageMaker AI console.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerNotebooksServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerNotebooksServiceRolePolicy)
+ [
## Amazon SageMaker AI updates to SageMaker AI Notebooks managed policies
](#security-iam-awsmanpol-notebooks-updates)
## AWS managed policy: AmazonSageMakerNotebooksServiceRolePolicy
This AWS managed policy grants permissions commonly needed to use Amazon SageMaker Notebooks. The policy is added to the `AWSServiceRoleForAmazonSageMakerNotebooks` that is created when you onboard to Amazon SageMaker Studio Classic. For more information on service-linked roles, see [Service-linked roles](security_iam_service-with-iam.md#security_iam_service-with-iam-roles-service-linked). For more information, see [AmazonSageMakerNotebooksServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerNotebooksServiceRolePolicy.html)
**Permissions details**
This policy includes the following permissions.
+ `elasticfilesystem` – Allows principals to create and delete Amazon Elastic File System (EFS) file systems, access points, and mount targets. These are limited to those tagged with the key *ManagedByAmazonSageMakerResource*. Allows principals to describe all EFS file systems, access points, and mount targets. Allows principals to create or overwrite tags for EFS access points and mount targets.
+ `ec2` – Allows principals to create network interfaces and security groups for Amazon Elastic Compute Cloud (EC2) instances. Also allows principals to create and overwrite tags for these resources.
+ `sso` – Allows principals to add and delete managed application instances to AWS IAM Identity Center.
+ `sagemaker` – Allows principals to create and read SageMaker AI user profiles and SageMaker AI spaces; delete SageMaker AI spaces and SageMaker AI apps; and add and list tags.
+ `fsx` – Allows principals to describe Amazon FSx for Lustre file system, and use the metadata to mount it on notebook.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowFSxDescribe",
"Effect": "Allow",
"Action": [
"fsx:DescribeFileSystems"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Sid": "AllowSageMakerDeleteApp",
"Effect": "Allow",
"Action": [
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:*:*:app/*"
},
{
"Sid": "AllowEFSAccessPointCreation",
"Effect": "Allow",
"Action": "elasticfilesystem:CreateAccessPoint",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*",
"Condition": {
"StringLike": {
"aws:ResourceTag/ManagedByAmazonSageMakerResource": "*",
"aws:RequestTag/ManagedByAmazonSageMakerResource": "*"
}
}
},
{
"Sid": "AllowEFSAccessPointDeletion",
"Effect": "Allow",
"Action": [
"elasticfilesystem:DeleteAccessPoint"
],
"Resource": "arn:aws:elasticfilesystem:*:*:access-point/*",
"Condition": {
"StringLike": {
"aws:ResourceTag/ManagedByAmazonSageMakerResource": "*"
}
}
},
{
"Sid": "AllowEFSCreation",
"Effect": "Allow",
"Action": "elasticfilesystem:CreateFileSystem",
"Resource": "*",
"Condition": {
"StringLike": {
"aws:RequestTag/ManagedByAmazonSageMakerResource": "*"
}
}
},
{
"Sid": "AllowEFSMountWithDeletion",
"Effect": "Allow",
"Action": [
"elasticfilesystem:CreateMountTarget",
"elasticfilesystem:DeleteFileSystem",
"elasticfilesystem:DeleteMountTarget"
],
"Resource": "*",
"Condition": {
"StringLike": {
"aws:ResourceTag/ManagedByAmazonSageMakerResource": "*"
}
}
},
{
"Sid": "AllowEFSDescribe",
"Effect": "Allow",
"Action": [
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets"
],
"Resource": "*"
},
{
"Sid": "AllowEFSTagging",
"Effect": "Allow",
"Action": "elasticfilesystem:TagResource",
"Resource": [
"arn:aws:elasticfilesystem:*:*:access-point/*",
"arn:aws:elasticfilesystem:*:*:file-system/*"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/ManagedByAmazonSageMakerResource": "*"
}
}
},
{
"Sid": "AllowEC2Tagging",
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*"
]
},
{
"Sid": "AllowEC2Operations",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute"
],
"Resource": "*"
},
{
"Sid": "AllowEC2AuthZ",
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/ManagedByAmazonSageMakerResource": "*"
}
}
},
{
"Sid": "AllowIdcOperations",
"Effect": "Allow",
"Action": [
"sso:CreateManagedApplicationInstance",
"sso:DeleteManagedApplicationInstance",
"sso:GetManagedApplicationInstance"
],
"Resource": "*"
},
{
"Sid": "AllowSagemakerProfileCreation",
"Effect": "Allow",
"Action": [
"sagemaker:CreateUserProfile",
"sagemaker:DescribeUserProfile"
],
"Resource": "*"
},
{
"Sid": "AllowSagemakerSpaceOperationsForCanvasManagedSpaces",
"Effect": "Allow",
"Action": [
"sagemaker:CreateSpace",
"sagemaker:DescribeSpace",
"sagemaker:DeleteSpace",
"sagemaker:ListTags"
],
"Resource": "arn:aws:sagemaker:*:*:space/*/CanvasManagedSpace-*"
},
{
"Sid": "AllowSagemakerAddTagsForAppManagedSpaces",
"Effect": "Allow",
"Action": [
"sagemaker:AddTags"
],
"Resource": "arn:aws:sagemaker:*:*:space/*/CanvasManagedSpace-*",
"Condition": {
"StringEquals": {
"sagemaker:TaggingAction": "CreateSpace"
}
}
}
]
}
```
------
## Amazon SageMaker AI updates to SageMaker AI Notebooks managed policies
View details about updates to AWS managed policies for Amazon SageMaker AI since this service began tracking these changes.
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerNotebooksServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerNotebooksServiceRolePolicy) - Update to an existing policy | 10 | Add `fsx:DescribeFileSystems` permission. | November 14, 2024 |
| [AmazonSageMakerNotebooksServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerNotebooksServiceRolePolicy) - Update to an existing policy | 9 | Add `sagemaker:DeleteApp` permission. | July 24, 2024 |
| AmazonSageMakerNotebooksServiceRolePolicy - Update to an existing policy | 8 | Add `sagemaker:CreateSpace`, `sagemaker:DescribeSpace`, `sagemaker:DeleteSpace`, `sagemaker:ListTags`, and `sagemaker:AddTags` permissions. | May 22, 2024 |
| AmazonSageMakerNotebooksServiceRolePolicy - Update to an existing policy | 7 | Add `elasticfilesystem:TagResource` permission. | March 9, 2023 |
| AmazonSageMakerNotebooksServiceRolePolicy - Update to an existing policy | 6 | Add `elasticfilesystem:CreateAccessPoint`, `elasticfilesystem:DeleteAccessPoint`, and `elasticfilesystem:DescribeAccessPoints` permissions. | January 12, 2023 |
| | | SageMaker AI started tracking changes for its AWS managed policies. | June 1, 2021 |
# AWS managed policies for Amazon SageMaker Partner AI Apps
These AWS managed policies add permissions required to use Amazon SageMaker Partner AI Apps. The policies are available in your AWS account and are used by execution roles created from the SageMaker AI console.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerPartnerAppsFullAccess
](#security-iam-awsmanpol-AmazonSageMakerPartnerAppsFullAccess)
+ [
## Amazon SageMaker AI updates to Partner AI Apps managed policies
](#security-iam-awsmanpol-partner-apps-updates)
## AWS managed policy: AmazonSageMakerPartnerAppsFullAccess
Allows full administrative access to Amazon SageMaker Partner AI Apps.
**Permissions details**
This AWS managed policy includes the following permissions.
+ `sagemaker` – Gives Amazon SageMaker Partner AI App users permission to access applications, list available applications, launch application web UIs, and connect using the application SDK.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AmazonSageMakerPartnerListAppsPermission",
"Effect": "Allow",
"Action": "sagemaker:ListPartnerApps",
"Resource": "*"
},
{
"Sid": "AmazonSageMakerPartnerAppsPermission",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePartnerAppPresignedUrl",
"sagemaker:DescribePartnerApp",
"sagemaker:CallPartnerAppApi"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
},
"Resource": "arn:aws:sagemaker:*:*:partner-app/*"
}
]
}
```
------
## Amazon SageMaker AI updates to Partner AI Apps managed policies
View details about updates to AWS managed policies for Partner AI Apps since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the SageMaker AI [Document history page.](doc-history.md)
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| AmazonSageMakerPartnerAppsFullAccess - New policy | 1 | Initial policy | January 17, 2025 |
# AWS Managed Policies for SageMaker Pipelines
These AWS managed policies add permissions required to use SageMaker Pipelines. The policies are available in your AWS account and are used by execution roles created from the SageMaker AI console.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerPipelinesIntegrations
](#security-iam-awsmanpol-AmazonSageMakerPipelinesIntegrations)
+ [
## Amazon SageMaker AI updates to SageMaker AI Pipelines managed policies
](#security-iam-awsmanpol-pipelines-updates)
## AWS managed policy: AmazonSageMakerPipelinesIntegrations
This AWS managed policy grants permissions commonly needed to use Callback steps and Lambda steps in SageMaker Pipelines. The policy is added to the `AmazonSageMaker-ExecutionRole` that is created when you onboard to Amazon SageMaker Studio Classic. The policy can be attached to any role used for authoring or executing a pipeline.
This policy grants appropriate AWS Lambda, Amazon Simple Queue Service (Amazon SQS), Amazon EventBridge, and IAM permissions needed when building pipelines that invoke Lambda functions or include callback steps, which can be used for manual approval steps or running custom workloads.
The Amazon SQS permissions allow you to create the Amazon SQS queue needed for receiving callback messages, and also to send messages to that queue.
The Lambda permissions allow you to create, read, update, and delete the Lambda functions used in the pipeline steps, and also to invoke those Lambda functions.
This policy grants the Amazon EMR permissions needed to run a pipelines Amazon EMR step.
**Permissions details**
This policy includes the following permissions.
+ `elasticmapreduce` – Read, add, and cancel steps in a running Amazon EMR cluster. Read, create, and terminate a new Amazon EMR cluster.
+ `events` – Read, create, update, and add targets to an EventBridge rule named `SageMakerPipelineExecutionEMRStepStatusUpdateRule` and `SageMakerPipelineExecutionEMRClusterStatusUpdateRule`.
+ `iam` – Pass an IAM role to the AWS Lambda service, Amazon EMR and Amazon EC2.
+ `lambda` – Create, read, update, delete, and invoke Lambda functions. These permissions are limited to functions whose name includes "sagemaker".
+ `sqs` – Create an Amazon SQS queue; send an Amazon SQS message. These permissions are limited to queues whose name includes "sagemaker".
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:InvokeFunction",
"lambda:UpdateFunctionCode"
],
"Resource": [
"arn:aws:lambda:*:*:function:*sagemaker*",
"arn:aws:lambda:*:*:function:*sageMaker*",
"arn:aws:lambda:*:*:function:*SageMaker*"
]
},
{
"Effect": "Allow",
"Action": [
"sqs:CreateQueue",
"sqs:SendMessage"
],
"Resource": [
"arn:aws:sqs:*:*:*sagemaker*",
"arn:aws:sqs:*:*:*sageMaker*",
"arn:aws:sqs:*:*:*SageMaker*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::*:role/*",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lambda.amazonaws.com",
"elasticmapreduce.amazonaws.com",
"ec2.amazonaws.com"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"events:DescribeRule",
"events:PutRule",
"events:PutTargets"
],
"Resource": [
"arn:aws:events:*:*:rule/SageMakerPipelineExecutionEMRStepStatusUpdateRule",
"arn:aws:events:*:*:rule/SageMakerPipelineExecutionEMRClusterStatusUpdateRule"
]
},
{
"Effect": "Allow",
"Action": [
"elasticmapreduce:AddJobFlowSteps",
"elasticmapreduce:CancelSteps",
"elasticmapreduce:DescribeStep",
"elasticmapreduce:RunJobFlow",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:TerminateJobFlows",
"elasticmapreduce:ListSteps"
],
"Resource": [
"arn:aws:elasticmapreduce:*:*:cluster/*"
]
}
]
}
```
------
## Amazon SageMaker AI updates to SageMaker AI Pipelines managed policies
View details about updates to AWS managed policies for Amazon SageMaker AI since this service began tracking these changes.
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerPipelinesIntegrations](#security-iam-awsmanpol-AmazonSageMakerPipelinesIntegrations) - Update to an existing policy | 3 | Added permissions for `elasticmapreduce:RunJobFlows`, `elasticmapreduce:TerminateJobFlows`, `elasticmapreduce:ListSteps`, and `elasticmapreduce:DescribeCluster`. | February 17, 2023 |
| [AmazonSageMakerPipelinesIntegrations](#security-iam-awsmanpol-AmazonSageMakerPipelinesIntegrations) - Update to an existing policy | 2 | Added permissions for `lambda:GetFunction`, `events:DescribeRule`, `events:PutRule`, `events:PutTargets`, `elasticmapreduce:AddJobFlowSteps`, `elasticmapreduce:CancelSteps`, and `elasticmapreduce:DescribeStep`. | April 20, 2022 |
| AmazonSageMakerPipelinesIntegrations - New policy | 1 | Initial policy | July 30, 2021 |
# AWS managed policies for SageMaker training plans
This AWS managed policy grants permissions needed to create and manage Amazon SageMaker training plans and Reserved Capacity in SageMaker AI. The policy can be attached to IAM roles used for creating and managing training plans and reserved capacity within SageMaker AI including your [SageMaker AI execution role](sagemaker-roles.md).
**Topics**
+ [
## AWS managed policy: AmazonSageMakerTrainingPlanCreateAccess
](#security-iam-awsmanpol-AmazonSageMakerTrainingPlanCreateAccess)
+ [
## AWS managed policy: AmazonSageMakerCapacityReservationServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerCapacityReservationServiceRolePolicy)
+ [
## Amazon SageMaker AI updates to SageMaker training plans managed policies
](#security-iam-awsmanpol-training-plan-updates)
## AWS managed policy: AmazonSageMakerTrainingPlanCreateAccess
This policy provides the necessary permissions to create, describe, search for, and list training plans in SageMaker AI. Additionally, it also allows adding tags to training plans and reserved capacity resources under specific conditions.
**Permissions details**
This policy includes the following permissions.
+ `sagemaker` – Create training plans and reserved capacity, permits adding tags to training plans and reserved capacity when the tagging action is specifically `CreateTrainingPlan` or `CreateReservedCapacity`, allows describing training plans, permits searching for training plan offerings and listing existing training plans on all resources.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "CreateTrainingPlanPermissions",
"Effect": "Allow",
"Action": [
"sagemaker:CreateTrainingPlan",
"sagemaker:CreateReservedCapacity",
"sagemaker:DescribeReservedCapacity"
],
"Resource": [
"arn:aws:sagemaker:*:*:training-plan/*",
"arn:aws:sagemaker:*:*:reserved-capacity/*"
]
},
{
"Sid": "AggTagsToTrainingPlanPermissions",
"Effect": "Allow",
"Action": [
"sagemaker:AddTags"
],
"Resource": [
"arn:aws:sagemaker:*:*:training-plan/*",
"arn:aws:sagemaker:*:*:reserved-capacity/*"
],
"Condition": {
"StringEquals": {
"sagemaker:TaggingAction": ["CreateTrainingPlan","CreateReservedCapacity"]
}
}
},
{
"Sid": "DescribeTrainingPlanPermissions",
"Effect": "Allow",
"Action": "sagemaker:DescribeTrainingPlan",
"Resource": [
"arn:aws:sagemaker:*:*:training-plan/*"
]
},
{
"Sid": "NonResourceLevelTrainingPlanPermissions",
"Effect": "Allow",
"Action": [
"sagemaker:SearchTrainingPlanOfferings",
"sagemaker:ListTrainingPlans"
],
"Resource": "*"
},
{
"Sid": "ListUltraServersByReservedCapacityPermissions",
"Effect": "Allow",
"Action": "sagemaker:ListUltraServersByReservedCapacity",
"Resource": [
"arn:aws:sagemaker:*:*:reserved-capacity/*"
]
}
]
}
```
------
## AWS managed policy: AmazonSageMakerCapacityReservationServiceRolePolicy
This policy is used by the service-linked role named AWSServiceRoleForSageMakerCapacityReservation to publish CloudWatch metrics for Reserved Capacity utilization into customer accounts. The service-linked role is created by the service principal capacityreservation.sagemaker.amazonaws.com.
**Note**
This is a service-linked role policy. You cannot attach this policy to your IAM identities. SageMaker AI creates this policy and attaches it to a service-linked role that allows SageMaker AI to perform actions on your behalf.
**Permissions details**
This policy includes the following permissions.
+ `cloudwatch` – Allows publishing metric data to CloudWatch. This permission is scoped to the `aws/sagemaker/CapacityReservations` namespace using a condition key.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CloudwatchPutMetricDataAccess",
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData"
],
"Resource": [
"*"
],
"Condition": {
"StringEquals": {
"cloudwatch:namespace": "aws/sagemaker/CapacityReservations"
}
}
}
]
}
```
For more information, see [AmazonSageMakerCapacityReservationServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCapacityReservationServiceRolePolicy.html) in the AWS Managed Policy Reference Guide.
## Amazon SageMaker AI updates to SageMaker training plans managed policies
View details about updates to AWS managed policies for Amazon SageMaker AI since this service began tracking these changes.
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerCapacityReservationServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerCapacityReservationServiceRolePolicy) – New policy | 1 | Initial policy | March 5, 2026 |
| AmazonSageMakerTrainingPlanCreateAccess - updated policy | 2 | Updated policy to add permissions to retrieve information about a specific reserved capacity and list all UltraServers in a reserved capacity. | July 29, 2024 |
| AmazonSageMakerTrainingPlanCreateAccess - New policy | 1 | Initial policy | December 4, 2024 |
# AWS Managed Policies for SageMaker Projects and JumpStart
These AWS managed policies add permissions to use built-in Amazon SageMaker AI project templates and JumpStart solutions. The policies are available in your AWS account and are used by execution roles created from the SageMaker AI console.
SageMaker Projects and JumpStart use AWS Service Catalog to provision AWS resources in customers' accounts. Some created resources need to assume an execution role. For example, if AWS Service Catalog creates a CodePipeline pipeline on behalf of a customer for a SageMaker AI machine learning CI/CD project, then that pipeline requires an IAM role.
The [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) role has the permissions required to launch the SageMaker AI portfolio of products from AWS Service Catalog. The [AmazonSageMakerServiceCatalogProductsUseRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsUseRole) role has the permissions required to use the SageMaker AI portfolio of products from AWS Service Catalog. The `AmazonSageMakerServiceCatalogProductsLaunchRole` role passes an `AmazonSageMakerServiceCatalogProductsUseRole` role to the provisioned AWS Service Catalog product resources.
**Topics**
+ [
## AWS managed policy: AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy)
+ [
## AWS managed policy: AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy)
+ [
## Amazon SageMaker AI updates to AWS Service Catalog AWS managed policies
](#security-iam-awsmanpol-sc-updates)
## AWS managed policy: AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy
This service role policy is used by the AWS Service Catalog service to provision products from the Amazon SageMaker AI portfolio. The policy grants permissions to a set of related AWS services including AWS CodePipeline, AWS CodeBuild, AWS CodeCommit, AWS Glue, AWS CloudFormation, and others.
The `AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy` policy is intended to be used by the `AmazonSageMakerServiceCatalogProductsLaunchRole` role created from the SageMaker AI console. The policy adds permissions to provision AWS resources for SageMaker Projects and JumpStart using Service Catalog to a customer's account.
**Permissions details**
This policy includes the following permissions.
+ `apigateway` – Allows the role to call API Gateway endpoints that are tagged with `sagemaker:launch-source`.
+ `cloudformation` – Allows AWS Service Catalog to create, update, and delete CloudFormation stacks. Also allows Service Catalog to tag and untag resources.
+ `codebuild` – Allows the role assumed by AWS Service Catalog and passed to CloudFormation to create, update and delete CodeBuild projects.
+ `codecommit` – Allows the role assumed by AWS Service Catalog and passed to CloudFormation to create, update and delete CodeCommit repositories.
+ `codepipeline` – Allows the role assumed by AWS Service Catalog and passed to CloudFormation to create, update and delete CodePipelines.
+ `codeconnections`, `codestar-connections` – Also allows the role to pass AWS CodeConnections and AWS CodeStar connections.
+ `cognito-idp` – Allows the role to create, update, and delete groups and user pools. Also allows tagging resources.
+ `ecr` – Allows the role assumed by AWS Service Catalog and passed to CloudFormation to create and delete Amazon ECR repositories. Also allows tagging resources.
+ `events` – Allows the role assumed by AWS Service Catalog and passed to CloudFormation to create and delete EventBridge rules. Used for tying together the various components of the CICD pipeline.
+ `firehose` – Allows the role to interact with Firehose streams.
+ `glue` – Allows the role to interact with AWS Glue.
+ `iam` – Allows the role to pass roles prepended with `AmazonSageMakerServiceCatalog`. This is needed when Projects provisions a AWS Service Catalog product, as a role needs to be passed to AWS Service Catalog.
+ `lambda` – Allows the role to interact with AWS Lambda. Also allows tagging resources.
+ `logs` – Allows the role to create, delete and access log streams.
+ `s3` – Allows the role assumed by AWS Service Catalog and passed to CloudFormation to access Amazon S3 buckets where the Project template code is stored.
+ `sagemaker` – Allows the role to interact with various SageMaker AI services. This is done both in CloudFormation during template provisioning, as well as in CodeBuild during CICD pipeline execution. Also allows tagging the following resources: endpoints, endpoint configurations, models, pipelines, projects, and model packages.
+ `states` – Allows the role to create, delete, and update Step Functions prepended with `sagemaker`.
To view the permissions for this policy, see [AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy.html) in the AWS Managed Policy Reference.
## AWS managed policy: AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy
This policy is used by Amazon API Gateway within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by API Gateway that require a role.
**Permissions details**
This policy includes the following permissions.
+ `lambda` – Invoke a function created by a partner template.
+ `sagemaker` – Invoke an endpoint created by a partner template.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:*:*:function:sagemaker-*",
"Condition": {
"Null": {
"aws:ResourceTag/sagemaker:project-name": "false",
"aws:ResourceTag/sagemaker:partner": "false"
},
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
},
{
"Effect": "Allow",
"Action": "sagemaker:InvokeEndpoint",
"Resource": "arn:aws:sagemaker:*:*:endpoint/*",
"Condition": {
"Null": {
"aws:ResourceTag/sagemaker:project-name": "false",
"aws:ResourceTag/sagemaker:partner": "false"
},
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
```
------
## AWS managed policy: AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy
This policy is used by AWS CloudFormation within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by CloudFormation that require a role.
**Permissions details**
This policy includes the following permissions.
+ `iam` – Pass the `AmazonSageMakerServiceCatalogProductsLambdaRole` and `AmazonSageMakerServiceCatalogProductsApiGatewayRole` roles.
+ `lambda` – Create, update, delete, and invoke AWS Lambda functions; retrieve, publish, and delete versions of a Lambda layer.
+ `apigateway` – Create, update, and delete Amazon API Gateway resources.
+ `s3` – Retrieve the `lambda-auth-code/layer.zip` file from an Amazon Simple Storage Service (Amazon S3) bucket.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsLambdaRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "lambda.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsApiGatewayRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "apigateway.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"lambda:DeleteFunction",
"lambda:UpdateFunctionCode",
"lambda:ListTags",
"lambda:InvokeFunction"
],
"Resource": [
"arn:aws:lambda:*:*:function:sagemaker-*"
],
"Condition": {
"Null": {
"aws:ResourceTag/sagemaker:project-name": "false",
"aws:ResourceTag/sagemaker:partner": "false"
}
}
},
{
"Effect": "Allow",
"Action": [
"lambda:CreateFunction",
"lambda:TagResource"
],
"Resource": [
"arn:aws:lambda:*:*:function:sagemaker-*"
],
"Condition": {
"Null": {
"aws:ResourceTag/sagemaker:project-name": "false",
"aws:ResourceTag/sagemaker:partner": "false"
},
"ForAnyValue:StringEquals": {
"aws:TagKeys": [
"sagemaker:project-name",
"sagemaker:partner"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"lambda:PublishLayerVersion",
"lambda:GetLayerVersion",
"lambda:DeleteLayerVersion",
"lambda:GetFunction"
],
"Resource": [
"arn:aws:lambda:*:*:layer:sagemaker-*",
"arn:aws:lambda:*:*:function:sagemaker-*"
]
},
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"apigateway:DELETE",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT"
],
"Resource": [
"arn:aws:apigateway:*::/restapis/*",
"arn:aws:apigateway:*::/restapis"
],
"Condition": {
"Null": {
"aws:ResourceTag/sagemaker:project-name": "false",
"aws:ResourceTag/sagemaker:partner": "false"
}
}
},
{
"Effect": "Allow",
"Action": [
"apigateway:POST",
"apigateway:PUT"
],
"Resource": [
"arn:aws:apigateway:*::/restapis",
"arn:aws:apigateway:*::/tags/*"
],
"Condition": {
"Null": {
"aws:ResourceTag/sagemaker:project-name": "false",
"aws:ResourceTag/sagemaker:partner": "false"
},
"ForAnyValue:StringEquals": {
"aws:TagKeys": [
"sagemaker:project-name",
"sagemaker:partner"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sagemaker-*/lambda-auth-code/layer.zip"
],
"Condition": {
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
```
------
## AWS managed policy: AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy
This policy is used by AWS Lambda within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by Lambda that require a role.
**Permissions details**
This policy includes the following permissions.
+ `secretsmanager` – Retrieve data from partner provided secrets for a partner template.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:*:*:secret:*",
"Condition": {
"Null": {
"aws:ResourceTag/sagemaker:partner": false
},
"StringEquals": {
"aws:ResourceAccount": "${aws:PrincipalAccount}"
}
}
}
]
}
```
------
## AWS managed policy: AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy
This policy is used by Amazon API Gateway within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by API Gateway that require a role.
**Permissions details**
This policy includes the following permissions.
+ `logs` – Create and read CloudWatch Logs groups, streams, and events; update events; describe various resources.
These permissions are limited to resources whose log group prefix starts with "aws/apigateway/".
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogDelivery",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:DescribeResourcePolicies",
"logs:DescribeDestinations",
"logs:DescribeExportTasks",
"logs:DescribeMetricFilters",
"logs:DescribeQueries",
"logs:DescribeQueryDefinitions",
"logs:DescribeSubscriptionFilters",
"logs:GetLogDelivery",
"logs:GetLogEvents",
"logs:PutLogEvents",
"logs:PutResourcePolicy",
"logs:UpdateLogDelivery"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/apigateway/*"
}
]
}
```
------
## AWS managed policy: AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy
This policy is used by AWS CloudFormation within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by CloudFormation that require a role.
**Permissions details**
This policy includes the following permissions.
+ `sagemaker` – Allow access to various SageMaker AI resources excluding domains, user-profiles, apps, and flow definitions.
+ `iam` – Pass the `AmazonSageMakerServiceCatalogProductsCodeBuildRole` and `AmazonSageMakerServiceCatalogProductsExecutionRole` roles.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sagemaker:AddAssociation",
"sagemaker:AddTags",
"sagemaker:AssociateTrialComponent",
"sagemaker:BatchDescribeModelPackage",
"sagemaker:BatchGetMetrics",
"sagemaker:BatchGetRecord",
"sagemaker:BatchPutMetrics",
"sagemaker:CreateAction",
"sagemaker:CreateAlgorithm",
"sagemaker:CreateApp",
"sagemaker:CreateAppImageConfig",
"sagemaker:CreateArtifact",
"sagemaker:CreateAutoMLJob",
"sagemaker:CreateCodeRepository",
"sagemaker:CreateCompilationJob",
"sagemaker:CreateContext",
"sagemaker:CreateDataQualityJobDefinition",
"sagemaker:CreateDeviceFleet",
"sagemaker:CreateDomain",
"sagemaker:CreateEdgePackagingJob",
"sagemaker:CreateEndpoint",
"sagemaker:CreateEndpointConfig",
"sagemaker:CreateExperiment",
"sagemaker:CreateFeatureGroup",
"sagemaker:CreateFlowDefinition",
"sagemaker:CreateHumanTaskUi",
"sagemaker:CreateHyperParameterTuningJob",
"sagemaker:CreateImage",
"sagemaker:CreateImageVersion",
"sagemaker:CreateInferenceRecommendationsJob",
"sagemaker:CreateLabelingJob",
"sagemaker:CreateLineageGroupPolicy",
"sagemaker:CreateModel",
"sagemaker:CreateModelBiasJobDefinition",
"sagemaker:CreateModelExplainabilityJobDefinition",
"sagemaker:CreateModelPackage",
"sagemaker:CreateModelPackageGroup",
"sagemaker:CreateModelQualityJobDefinition",
"sagemaker:CreateMonitoringSchedule",
"sagemaker:CreateNotebookInstance",
"sagemaker:CreateNotebookInstanceLifecycleConfig",
"sagemaker:CreatePipeline",
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:CreatePresignedNotebookInstanceUrl",
"sagemaker:CreateProcessingJob",
"sagemaker:CreateProject",
"sagemaker:CreateTrainingJob",
"sagemaker:CreateTransformJob",
"sagemaker:CreateTrial",
"sagemaker:CreateTrialComponent",
"sagemaker:CreateUserProfile",
"sagemaker:CreateWorkforce",
"sagemaker:CreateWorkteam",
"sagemaker:DeleteAction",
"sagemaker:DeleteAlgorithm",
"sagemaker:DeleteApp",
"sagemaker:DeleteAppImageConfig",
"sagemaker:DeleteArtifact",
"sagemaker:DeleteAssociation",
"sagemaker:DeleteCodeRepository",
"sagemaker:DeleteContext",
"sagemaker:DeleteDataQualityJobDefinition",
"sagemaker:DeleteDeviceFleet",
"sagemaker:DeleteDomain",
"sagemaker:DeleteEndpoint",
"sagemaker:DeleteEndpointConfig",
"sagemaker:DeleteExperiment",
"sagemaker:DeleteFeatureGroup",
"sagemaker:DeleteFlowDefinition",
"sagemaker:DeleteHumanLoop",
"sagemaker:DeleteHumanTaskUi",
"sagemaker:DeleteImage",
"sagemaker:DeleteImageVersion",
"sagemaker:DeleteLineageGroupPolicy",
"sagemaker:DeleteModel",
"sagemaker:DeleteModelBiasJobDefinition",
"sagemaker:DeleteModelExplainabilityJobDefinition",
"sagemaker:DeleteModelPackage",
"sagemaker:DeleteModelPackageGroup",
"sagemaker:DeleteModelPackageGroupPolicy",
"sagemaker:DeleteModelQualityJobDefinition",
"sagemaker:DeleteMonitoringSchedule",
"sagemaker:DeleteNotebookInstance",
"sagemaker:DeleteNotebookInstanceLifecycleConfig",
"sagemaker:DeletePipeline",
"sagemaker:DeleteProject",
"sagemaker:DeleteRecord",
"sagemaker:DeleteTags",
"sagemaker:DeleteTrial",
"sagemaker:DeleteTrialComponent",
"sagemaker:DeleteUserProfile",
"sagemaker:DeleteWorkforce",
"sagemaker:DeleteWorkteam",
"sagemaker:DeregisterDevices",
"sagemaker:DescribeAction",
"sagemaker:DescribeAlgorithm",
"sagemaker:DescribeApp",
"sagemaker:DescribeAppImageConfig",
"sagemaker:DescribeArtifact",
"sagemaker:DescribeAutoMLJob",
"sagemaker:DescribeCodeRepository",
"sagemaker:DescribeCompilationJob",
"sagemaker:DescribeContext",
"sagemaker:DescribeDataQualityJobDefinition",
"sagemaker:DescribeDevice",
"sagemaker:DescribeDeviceFleet",
"sagemaker:DescribeDomain",
"sagemaker:DescribeEdgePackagingJob",
"sagemaker:DescribeEndpoint",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeExperiment",
"sagemaker:DescribeFeatureGroup",
"sagemaker:DescribeFlowDefinition",
"sagemaker:DescribeHumanLoop",
"sagemaker:DescribeHumanTaskUi",
"sagemaker:DescribeHyperParameterTuningJob",
"sagemaker:DescribeImage",
"sagemaker:DescribeImageVersion",
"sagemaker:DescribeInferenceRecommendationsJob",
"sagemaker:DescribeLabelingJob",
"sagemaker:DescribeLineageGroup",
"sagemaker:DescribeModel",
"sagemaker:DescribeModelBiasJobDefinition",
"sagemaker:DescribeModelExplainabilityJobDefinition",
"sagemaker:DescribeModelPackage",
"sagemaker:DescribeModelPackageGroup",
"sagemaker:DescribeModelQualityJobDefinition",
"sagemaker:DescribeMonitoringSchedule",
"sagemaker:DescribeNotebookInstance",
"sagemaker:DescribeNotebookInstanceLifecycleConfig",
"sagemaker:DescribePipeline",
"sagemaker:DescribePipelineDefinitionForExecution",
"sagemaker:DescribePipelineExecution",
"sagemaker:DescribeProcessingJob",
"sagemaker:DescribeProject",
"sagemaker:DescribeSubscribedWorkteam",
"sagemaker:DescribeTrainingJob",
"sagemaker:DescribeTransformJob",
"sagemaker:DescribeTrial",
"sagemaker:DescribeTrialComponent",
"sagemaker:DescribeUserProfile",
"sagemaker:DescribeWorkforce",
"sagemaker:DescribeWorkteam",
"sagemaker:DisableSagemakerServicecatalogPortfolio",
"sagemaker:DisassociateTrialComponent",
"sagemaker:EnableSagemakerServicecatalogPortfolio",
"sagemaker:GetDeviceFleetReport",
"sagemaker:GetDeviceRegistration",
"sagemaker:GetLineageGroupPolicy",
"sagemaker:GetModelPackageGroupPolicy",
"sagemaker:GetRecord",
"sagemaker:GetSagemakerServicecatalogPortfolioStatus",
"sagemaker:GetSearchSuggestions",
"sagemaker:InvokeEndpoint",
"sagemaker:InvokeEndpointAsync",
"sagemaker:ListActions",
"sagemaker:ListAlgorithms",
"sagemaker:ListAppImageConfigs",
"sagemaker:ListApps",
"sagemaker:ListArtifacts",
"sagemaker:ListAssociations",
"sagemaker:ListAutoMLJobs",
"sagemaker:ListCandidatesForAutoMLJob",
"sagemaker:ListCodeRepositories",
"sagemaker:ListCompilationJobs",
"sagemaker:ListContexts",
"sagemaker:ListDataQualityJobDefinitions",
"sagemaker:ListDeviceFleets",
"sagemaker:ListDevices",
"sagemaker:ListDomains",
"sagemaker:ListEdgePackagingJobs",
"sagemaker:ListEndpointConfigs",
"sagemaker:ListEndpoints",
"sagemaker:ListExperiments",
"sagemaker:ListFeatureGroups",
"sagemaker:ListFlowDefinitions",
"sagemaker:ListHumanLoops",
"sagemaker:ListHumanTaskUis",
"sagemaker:ListHyperParameterTuningJobs",
"sagemaker:ListImageVersions",
"sagemaker:ListImages",
"sagemaker:ListInferenceRecommendationsJobs",
"sagemaker:ListLabelingJobs",
"sagemaker:ListLabelingJobsForWorkteam",
"sagemaker:ListLineageGroups",
"sagemaker:ListModelBiasJobDefinitions",
"sagemaker:ListModelExplainabilityJobDefinitions",
"sagemaker:ListModelMetadata",
"sagemaker:ListModelPackageGroups",
"sagemaker:ListModelPackages",
"sagemaker:ListModelQualityJobDefinitions",
"sagemaker:ListModels",
"sagemaker:ListMonitoringExecutions",
"sagemaker:ListMonitoringSchedules",
"sagemaker:ListNotebookInstanceLifecycleConfigs",
"sagemaker:ListNotebookInstances",
"sagemaker:ListPipelineExecutionSteps",
"sagemaker:ListPipelineExecutions",
"sagemaker:ListPipelineParametersForExecution",
"sagemaker:ListPipelines",
"sagemaker:ListProcessingJobs",
"sagemaker:ListProjects",
"sagemaker:ListSubscribedWorkteams",
"sagemaker:ListTags",
"sagemaker:ListTrainingJobs",
"sagemaker:ListTrainingJobsForHyperParameterTuningJob",
"sagemaker:ListTransformJobs",
"sagemaker:ListTrialComponents",
"sagemaker:ListTrials",
"sagemaker:ListUserProfiles",
"sagemaker:ListWorkforces",
"sagemaker:ListWorkteams",
"sagemaker:PutLineageGroupPolicy",
"sagemaker:PutModelPackageGroupPolicy",
"sagemaker:PutRecord",
"sagemaker:QueryLineage",
"sagemaker:RegisterDevices",
"sagemaker:RenderUiTemplate",
"sagemaker:Search",
"sagemaker:SendHeartbeat",
"sagemaker:SendPipelineExecutionStepFailure",
"sagemaker:SendPipelineExecutionStepSuccess",
"sagemaker:StartHumanLoop",
"sagemaker:StartMonitoringSchedule",
"sagemaker:StartNotebookInstance",
"sagemaker:StartPipelineExecution",
"sagemaker:StopAutoMLJob",
"sagemaker:StopCompilationJob",
"sagemaker:StopEdgePackagingJob",
"sagemaker:StopHumanLoop",
"sagemaker:StopHyperParameterTuningJob",
"sagemaker:StopInferenceRecommendationsJob",
"sagemaker:StopLabelingJob",
"sagemaker:StopMonitoringSchedule",
"sagemaker:StopNotebookInstance",
"sagemaker:StopPipelineExecution",
"sagemaker:StopProcessingJob",
"sagemaker:StopTrainingJob",
"sagemaker:StopTransformJob",
"sagemaker:UpdateAction",
"sagemaker:UpdateAppImageConfig",
"sagemaker:UpdateArtifact",
"sagemaker:UpdateCodeRepository",
"sagemaker:UpdateContext",
"sagemaker:UpdateDeviceFleet",
"sagemaker:UpdateDevices",
"sagemaker:UpdateDomain",
"sagemaker:UpdateEndpoint",
"sagemaker:UpdateEndpointWeightsAndCapacities",
"sagemaker:UpdateExperiment",
"sagemaker:UpdateImage",
"sagemaker:UpdateModelPackage",
"sagemaker:UpdateMonitoringSchedule",
"sagemaker:UpdateNotebookInstance",
"sagemaker:UpdateNotebookInstanceLifecycleConfig",
"sagemaker:UpdatePipeline",
"sagemaker:UpdatePipelineExecution",
"sagemaker:UpdateProject",
"sagemaker:UpdateTrainingJob",
"sagemaker:UpdateTrial",
"sagemaker:UpdateTrialComponent",
"sagemaker:UpdateUserProfile",
"sagemaker:UpdateWorkforce",
"sagemaker:UpdateWorkteam"
],
"NotResource": [
"arn:aws:sagemaker:*:*:domain/*",
"arn:aws:sagemaker:*:*:user-profile/*",
"arn:aws:sagemaker:*:*:app/*",
"arn:aws:sagemaker:*:*:flow-definition/*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodeBuildRole",
"arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole"
]
}
]
}
```
------
## AWS managed policy: AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy
This policy is used by AWS CodeBuild within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by CodeBuild that require a role.
**Permissions details**
This policy includes the following permissions.
+ `sagemaker` – Allow access to various SageMaker AI resources.
+ `codecommit` – Upload CodeCommit archives to CodeBuild pipelines, get upload status, and cancel uploads; get branch and commit information. These permissions are limited to resources whose name starts with "sagemaker-".
+ `ecr` – Create Amazon ECR repositories and container images; upload image layers. These permissions are limited to repositories whose name starts with "sagemaker-".
`ecr` – Read all resources.
+ `iam` – Pass the following roles:
+ `AmazonSageMakerServiceCatalogProductsCloudformationRole` to AWS CloudFormation.
+ `AmazonSageMakerServiceCatalogProductsCodeBuildRole` to AWS CodeBuild.
+ `AmazonSageMakerServiceCatalogProductsCodePipelineRole` to AWS CodePipeline.
+ `AmazonSageMakerServiceCatalogProductsEventsRole` to Amazon EventBridge.
+ `AmazonSageMakerServiceCatalogProductsExecutionRole` to Amazon SageMaker AI.
+ `logs` – Create and read CloudWatch Logs groups, streams, and events; update events; describe various resources.
These permissions are limited to resources whose name prefix starts with "aws/codebuild/".
+ `s3` – Create, read, and list Amazon S3 buckets. These permissions are limited to buckets whose name starts with "sagemaker-".
+ `codeconnections`, `codestar-connections` – Use AWS CodeConnections and AWS CodeStar connections.
To view the permissions for this policy, see [AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy.html) in the AWS Managed Policy Reference.
## AWS managed policy: AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy
This policy is used by AWS CodePipeline within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by CodePipeline that require a role.
**Permissions details**
This policy includes the following permissions.
+ `cloudformation` – Create, read, delete, and update CloudFormation stacks; create, read, delete, and execute change sets; set stack policy; tag and untag resources. These permissions are limited to resources whose name starts with "sagemaker-".
+ `s3` – Create, read, list, and delete Amazon S3 buckets; add, read, and delete objects from the buckets; read and set the CORS configuration; read the access control list (ACL); and read the AWS Region the bucket resides in.
These permissions are limited to buckets whose name starts with "sagemaker-" or "aws-glue-.
+ `iam` – Pass the `AmazonSageMakerServiceCatalogProductsCloudformationRole` role.
+ `codebuild` – Get CodeBuild build information and start builds. These permissions are limited to project and build resources whose name starts with "sagemaker-".
+ `codecommit` – Upload CodeCommit archives to CodeBuild pipelines, get upload status, and cancel uploads; get branch and commit information.
+ `codeconnections`, `codestar-connections` – Use AWS CodeConnections and AWS CodeStar connections.
To view the permissions for this policy, see [AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy.html) in the AWS Managed Policy Reference.
## AWS managed policy: AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy
This policy is used by Amazon EventBridge within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by EventBridge that require a role.
**Permissions details**
This policy includes the following permissions.
+ `codepipeline` – Start a CodeBuild execution. These permissions are limited to pipelines whose name starts with "sagemaker-".
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "codepipeline:StartPipelineExecution",
"Resource": "arn:aws:codepipeline:*:*:sagemaker-*"
}
]
}
```
------
## AWS managed policy: AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy
This policy is used by Amazon Data Firehose within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by Firehose that require a role.
**Permissions details**
This policy includes the following permissions.
+ `firehose` – Send Firehose records. These permissions are limited to resources whose delivery stream name starts with "sagemaker-".
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*"
}
]
}
```
------
## AWS managed policy: AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy
This policy is used by AWS Glue within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by Glue that require a role.
**Permissions details**
This policy includes the following permissions.
+ `glue` – Create, read, and delete AWS Glue partitions, tables, and table versions. These permissions are limited to those resources whose name starts with "sagemaker-". Create and read AWS Glue databases. These permissions are limited to databases whose name is "default", "global\$1temp", or starts with "sagemaker-". Get user defined functions.
+ `s3` – Create, read, list, and delete Amazon S3 buckets; add, read, and delete objects from the buckets; read and set the CORS configuration; read the access control list (ACL), and read the AWS Region the bucket resides in.
These permissions are limited to buckets whose name starts with "sagemaker-" or "aws-glue-".
+ `logs` – Create, read, and delete CloudWatch Logs log group, streams, and deliveries; and create a resource policy.
These permissions are limited to resources whose name prefix starts with "aws/glue/".
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"glue:BatchCreatePartition",
"glue:BatchDeletePartition",
"glue:BatchDeleteTable",
"glue:BatchDeleteTableVersion",
"glue:BatchGetPartition",
"glue:CreateDatabase",
"glue:CreatePartition",
"glue:CreateTable",
"glue:DeletePartition",
"glue:DeleteTable",
"glue:DeleteTableVersion",
"glue:GetDatabase",
"glue:GetPartition",
"glue:GetPartitions",
"glue:GetTable",
"glue:GetTables",
"glue:GetTableVersion",
"glue:GetTableVersions",
"glue:SearchTables",
"glue:UpdatePartition",
"glue:UpdateTable",
"glue:GetUserDefinedFunctions"
],
"Resource": [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/default",
"arn:aws:glue:*:*:database/global_temp",
"arn:aws:glue:*:*:database/sagemaker-*",
"arn:aws:glue:*:*:table/sagemaker-*",
"arn:aws:glue:*:*:tableVersion/sagemaker-*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:GetBucketAcl",
"s3:GetBucketCors",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutBucketCors"
],
"Resource": [
"arn:aws:s3:::aws-glue-*",
"arn:aws:s3:::sagemaker-*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::aws-glue-*",
"arn:aws:s3:::sagemaker-*"
]
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogDelivery",
"logs:Describe*",
"logs:GetLogDelivery",
"logs:GetLogEvents",
"logs:ListLogDeliveries",
"logs:PutLogEvents",
"logs:PutResourcePolicy",
"logs:UpdateLogDelivery"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/glue/*"
}
]
}
```
------
## AWS managed policy: AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy
This policy is used by AWS Lambda within the AWS Service Catalog provisioned products from the Amazon SageMaker AI portfolio. The policy is intended to be attached to an IAM role that the [AmazonSageMakerServiceCatalogProductsLaunchRole](https://console.aws.amazon.com/iam/home?#/roles/AmazonSageMakerServiceCatalogProductsLaunchRole) passes to the AWS resources created by Lambda that require a role.
**Permissions details**
This policy includes the following permissions.
+ `sagemaker` – Allow access to various SageMaker AI resources.
+ `ecr` – Create and delete Amazon ECR repositories; create, read, and delete container images; upload image layers. These permissions are limited to repositories whose name starts with "sagemaker-".
+ `events` – Create, read, and delete Amazon EventBridge rules; and create and remove targets. These permissions are limited to rules whose name starts with "sagemaker-".
+ `s3` – Create, read, list, and delete Amazon S3 buckets; add, read, and delete objects from the buckets; read and set the CORS configuration; read the access control list (ACL), and read the AWS Region the bucket resides in.
These permissions are limited to buckets whose name starts with "sagemaker-" or "aws-glue-".
+ `iam` – Pass the `AmazonSageMakerServiceCatalogProductsExecutionRole` role.
+ `logs` – Create, read, and delete CloudWatch Logs log group, streams, and deliveries; and create a resource policy.
These permissions are limited to resources whose name prefix starts with "aws/lambda/".
+ `codebuild` – Start and get information about AWS CodeBuild builds.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid" : "AmazonSageMakerLambdaECRPermission",
"Effect": "Allow",
"Action": [
"ecr:DescribeImages",
"ecr:BatchDeleteImage",
"ecr:CompleteLayerUpload",
"ecr:CreateRepository",
"ecr:DeleteRepository",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart"
],
"Resource": [
"arn:aws:ecr:*:*:repository/sagemaker-*"
]
},
{
"Sid" : "AmazonSageMakerLambdaEventBridgePermission",
"Effect": "Allow",
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets"
],
"Resource": [
"arn:aws:events:*:*:rule/sagemaker-*"
]
},
{
"Sid" : "AmazonSageMakerLambdaS3BucketPermission",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:GetBucketAcl",
"s3:GetBucketCors",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutBucketCors"
],
"Resource": [
"arn:aws:s3:::aws-glue-*",
"arn:aws:s3:::sagemaker-*"
]
},
{
"Sid" : "AmazonSageMakerLambdaS3ObjectPermission",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::aws-glue-*",
"arn:aws:s3:::sagemaker-*"
]
},
{
"Sid" : "AmazonSageMakerLambdaSageMakerPermission",
"Effect": "Allow",
"Action": [
"sagemaker:AddAssociation",
"sagemaker:AddTags",
"sagemaker:AssociateTrialComponent",
"sagemaker:BatchDescribeModelPackage",
"sagemaker:BatchGetMetrics",
"sagemaker:BatchGetRecord",
"sagemaker:BatchPutMetrics",
"sagemaker:CreateAction",
"sagemaker:CreateAlgorithm",
"sagemaker:CreateApp",
"sagemaker:CreateAppImageConfig",
"sagemaker:CreateArtifact",
"sagemaker:CreateAutoMLJob",
"sagemaker:CreateCodeRepository",
"sagemaker:CreateCompilationJob",
"sagemaker:CreateContext",
"sagemaker:CreateDataQualityJobDefinition",
"sagemaker:CreateDeviceFleet",
"sagemaker:CreateDomain",
"sagemaker:CreateEdgePackagingJob",
"sagemaker:CreateEndpoint",
"sagemaker:CreateEndpointConfig",
"sagemaker:CreateExperiment",
"sagemaker:CreateFeatureGroup",
"sagemaker:CreateFlowDefinition",
"sagemaker:CreateHumanTaskUi",
"sagemaker:CreateHyperParameterTuningJob",
"sagemaker:CreateImage",
"sagemaker:CreateImageVersion",
"sagemaker:CreateInferenceRecommendationsJob",
"sagemaker:CreateLabelingJob",
"sagemaker:CreateLineageGroupPolicy",
"sagemaker:CreateModel",
"sagemaker:CreateModelBiasJobDefinition",
"sagemaker:CreateModelExplainabilityJobDefinition",
"sagemaker:CreateModelPackage",
"sagemaker:CreateModelPackageGroup",
"sagemaker:CreateModelQualityJobDefinition",
"sagemaker:CreateMonitoringSchedule",
"sagemaker:CreateNotebookInstance",
"sagemaker:CreateNotebookInstanceLifecycleConfig",
"sagemaker:CreatePipeline",
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:CreatePresignedNotebookInstanceUrl",
"sagemaker:CreateProcessingJob",
"sagemaker:CreateProject",
"sagemaker:CreateTrainingJob",
"sagemaker:CreateTransformJob",
"sagemaker:CreateTrial",
"sagemaker:CreateTrialComponent",
"sagemaker:CreateUserProfile",
"sagemaker:CreateWorkforce",
"sagemaker:CreateWorkteam",
"sagemaker:DeleteAction",
"sagemaker:DeleteAlgorithm",
"sagemaker:DeleteApp",
"sagemaker:DeleteAppImageConfig",
"sagemaker:DeleteArtifact",
"sagemaker:DeleteAssociation",
"sagemaker:DeleteCodeRepository",
"sagemaker:DeleteContext",
"sagemaker:DeleteDataQualityJobDefinition",
"sagemaker:DeleteDeviceFleet",
"sagemaker:DeleteDomain",
"sagemaker:DeleteEndpoint",
"sagemaker:DeleteEndpointConfig",
"sagemaker:DeleteExperiment",
"sagemaker:DeleteFeatureGroup",
"sagemaker:DeleteFlowDefinition",
"sagemaker:DeleteHumanLoop",
"sagemaker:DeleteHumanTaskUi",
"sagemaker:DeleteImage",
"sagemaker:DeleteImageVersion",
"sagemaker:DeleteLineageGroupPolicy",
"sagemaker:DeleteModel",
"sagemaker:DeleteModelBiasJobDefinition",
"sagemaker:DeleteModelExplainabilityJobDefinition",
"sagemaker:DeleteModelPackage",
"sagemaker:DeleteModelPackageGroup",
"sagemaker:DeleteModelPackageGroupPolicy",
"sagemaker:DeleteModelQualityJobDefinition",
"sagemaker:DeleteMonitoringSchedule",
"sagemaker:DeleteNotebookInstance",
"sagemaker:DeleteNotebookInstanceLifecycleConfig",
"sagemaker:DeletePipeline",
"sagemaker:DeleteProject",
"sagemaker:DeleteRecord",
"sagemaker:DeleteTags",
"sagemaker:DeleteTrial",
"sagemaker:DeleteTrialComponent",
"sagemaker:DeleteUserProfile",
"sagemaker:DeleteWorkforce",
"sagemaker:DeleteWorkteam",
"sagemaker:DeregisterDevices",
"sagemaker:DescribeAction",
"sagemaker:DescribeAlgorithm",
"sagemaker:DescribeApp",
"sagemaker:DescribeAppImageConfig",
"sagemaker:DescribeArtifact",
"sagemaker:DescribeAutoMLJob",
"sagemaker:DescribeCodeRepository",
"sagemaker:DescribeCompilationJob",
"sagemaker:DescribeContext",
"sagemaker:DescribeDataQualityJobDefinition",
"sagemaker:DescribeDevice",
"sagemaker:DescribeDeviceFleet",
"sagemaker:DescribeDomain",
"sagemaker:DescribeEdgePackagingJob",
"sagemaker:DescribeEndpoint",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeExperiment",
"sagemaker:DescribeFeatureGroup",
"sagemaker:DescribeFlowDefinition",
"sagemaker:DescribeHumanLoop",
"sagemaker:DescribeHumanTaskUi",
"sagemaker:DescribeHyperParameterTuningJob",
"sagemaker:DescribeImage",
"sagemaker:DescribeImageVersion",
"sagemaker:DescribeInferenceRecommendationsJob",
"sagemaker:DescribeLabelingJob",
"sagemaker:DescribeLineageGroup",
"sagemaker:DescribeModel",
"sagemaker:DescribeModelBiasJobDefinition",
"sagemaker:DescribeModelExplainabilityJobDefinition",
"sagemaker:DescribeModelPackage",
"sagemaker:DescribeModelPackageGroup",
"sagemaker:DescribeModelQualityJobDefinition",
"sagemaker:DescribeMonitoringSchedule",
"sagemaker:DescribeNotebookInstance",
"sagemaker:DescribeNotebookInstanceLifecycleConfig",
"sagemaker:DescribePipeline",
"sagemaker:DescribePipelineDefinitionForExecution",
"sagemaker:DescribePipelineExecution",
"sagemaker:DescribeProcessingJob",
"sagemaker:DescribeProject",
"sagemaker:DescribeSubscribedWorkteam",
"sagemaker:DescribeTrainingJob",
"sagemaker:DescribeTransformJob",
"sagemaker:DescribeTrial",
"sagemaker:DescribeTrialComponent",
"sagemaker:DescribeUserProfile",
"sagemaker:DescribeWorkforce",
"sagemaker:DescribeWorkteam",
"sagemaker:DisableSagemakerServicecatalogPortfolio",
"sagemaker:DisassociateTrialComponent",
"sagemaker:EnableSagemakerServicecatalogPortfolio",
"sagemaker:GetDeviceFleetReport",
"sagemaker:GetDeviceRegistration",
"sagemaker:GetLineageGroupPolicy",
"sagemaker:GetModelPackageGroupPolicy",
"sagemaker:GetRecord",
"sagemaker:GetSagemakerServicecatalogPortfolioStatus",
"sagemaker:GetSearchSuggestions",
"sagemaker:InvokeEndpoint",
"sagemaker:InvokeEndpointAsync",
"sagemaker:ListActions",
"sagemaker:ListAlgorithms",
"sagemaker:ListAppImageConfigs",
"sagemaker:ListApps",
"sagemaker:ListArtifacts",
"sagemaker:ListAssociations",
"sagemaker:ListAutoMLJobs",
"sagemaker:ListCandidatesForAutoMLJob",
"sagemaker:ListCodeRepositories",
"sagemaker:ListCompilationJobs",
"sagemaker:ListContexts",
"sagemaker:ListDataQualityJobDefinitions",
"sagemaker:ListDeviceFleets",
"sagemaker:ListDevices",
"sagemaker:ListDomains",
"sagemaker:ListEdgePackagingJobs",
"sagemaker:ListEndpointConfigs",
"sagemaker:ListEndpoints",
"sagemaker:ListExperiments",
"sagemaker:ListFeatureGroups",
"sagemaker:ListFlowDefinitions",
"sagemaker:ListHumanLoops",
"sagemaker:ListHumanTaskUis",
"sagemaker:ListHyperParameterTuningJobs",
"sagemaker:ListImageVersions",
"sagemaker:ListImages",
"sagemaker:ListInferenceRecommendationsJobs",
"sagemaker:ListLabelingJobs",
"sagemaker:ListLabelingJobsForWorkteam",
"sagemaker:ListLineageGroups",
"sagemaker:ListModelBiasJobDefinitions",
"sagemaker:ListModelExplainabilityJobDefinitions",
"sagemaker:ListModelMetadata",
"sagemaker:ListModelPackageGroups",
"sagemaker:ListModelPackages",
"sagemaker:ListModelQualityJobDefinitions",
"sagemaker:ListModels",
"sagemaker:ListMonitoringExecutions",
"sagemaker:ListMonitoringSchedules",
"sagemaker:ListNotebookInstanceLifecycleConfigs",
"sagemaker:ListNotebookInstances",
"sagemaker:ListPipelineExecutionSteps",
"sagemaker:ListPipelineExecutions",
"sagemaker:ListPipelineParametersForExecution",
"sagemaker:ListPipelines",
"sagemaker:ListProcessingJobs",
"sagemaker:ListProjects",
"sagemaker:ListSubscribedWorkteams",
"sagemaker:ListTags",
"sagemaker:ListTrainingJobs",
"sagemaker:ListTrainingJobsForHyperParameterTuningJob",
"sagemaker:ListTransformJobs",
"sagemaker:ListTrialComponents",
"sagemaker:ListTrials",
"sagemaker:ListUserProfiles",
"sagemaker:ListWorkforces",
"sagemaker:ListWorkteams",
"sagemaker:PutLineageGroupPolicy",
"sagemaker:PutModelPackageGroupPolicy",
"sagemaker:PutRecord",
"sagemaker:QueryLineage",
"sagemaker:RegisterDevices",
"sagemaker:RenderUiTemplate",
"sagemaker:Search",
"sagemaker:SendHeartbeat",
"sagemaker:SendPipelineExecutionStepFailure",
"sagemaker:SendPipelineExecutionStepSuccess",
"sagemaker:StartHumanLoop",
"sagemaker:StartMonitoringSchedule",
"sagemaker:StartNotebookInstance",
"sagemaker:StartPipelineExecution",
"sagemaker:StopAutoMLJob",
"sagemaker:StopCompilationJob",
"sagemaker:StopEdgePackagingJob",
"sagemaker:StopHumanLoop",
"sagemaker:StopHyperParameterTuningJob",
"sagemaker:StopInferenceRecommendationsJob",
"sagemaker:StopLabelingJob",
"sagemaker:StopMonitoringSchedule",
"sagemaker:StopNotebookInstance",
"sagemaker:StopPipelineExecution",
"sagemaker:StopProcessingJob",
"sagemaker:StopTrainingJob",
"sagemaker:StopTransformJob",
"sagemaker:UpdateAction",
"sagemaker:UpdateAppImageConfig",
"sagemaker:UpdateArtifact",
"sagemaker:UpdateCodeRepository",
"sagemaker:UpdateContext",
"sagemaker:UpdateDeviceFleet",
"sagemaker:UpdateDevices",
"sagemaker:UpdateDomain",
"sagemaker:UpdateEndpoint",
"sagemaker:UpdateEndpointWeightsAndCapacities",
"sagemaker:UpdateExperiment",
"sagemaker:UpdateImage",
"sagemaker:UpdateModelPackage",
"sagemaker:UpdateMonitoringSchedule",
"sagemaker:UpdateNotebookInstance",
"sagemaker:UpdateNotebookInstanceLifecycleConfig",
"sagemaker:UpdatePipeline",
"sagemaker:UpdatePipelineExecution",
"sagemaker:UpdateProject",
"sagemaker:UpdateTrainingJob",
"sagemaker:UpdateTrial",
"sagemaker:UpdateTrialComponent",
"sagemaker:UpdateUserProfile",
"sagemaker:UpdateWorkforce",
"sagemaker:UpdateWorkteam"
],
"Resource": [
"arn:aws:sagemaker:*:*:action/*",
"arn:aws:sagemaker:*:*:algorithm/*",
"arn:aws:sagemaker:*:*:app-image-config/*",
"arn:aws:sagemaker:*:*:artifact/*",
"arn:aws:sagemaker:*:*:automl-job/*",
"arn:aws:sagemaker:*:*:code-repository/*",
"arn:aws:sagemaker:*:*:compilation-job/*",
"arn:aws:sagemaker:*:*:context/*",
"arn:aws:sagemaker:*:*:data-quality-job-definition/*",
"arn:aws:sagemaker:*:*:device-fleet/*/device/*",
"arn:aws:sagemaker:*:*:device-fleet/*",
"arn:aws:sagemaker:*:*:edge-packaging-job/*",
"arn:aws:sagemaker:*:*:endpoint/*",
"arn:aws:sagemaker:*:*:endpoint-config/*",
"arn:aws:sagemaker:*:*:experiment/*",
"arn:aws:sagemaker:*:*:experiment-trial/*",
"arn:aws:sagemaker:*:*:experiment-trial-component/*",
"arn:aws:sagemaker:*:*:feature-group/*",
"arn:aws:sagemaker:*:*:human-loop/*",
"arn:aws:sagemaker:*:*:human-task-ui/*",
"arn:aws:sagemaker:*:*:hyper-parameter-tuning-job/*",
"arn:aws:sagemaker:*:*:image/*",
"arn:aws:sagemaker:*:*:image-version/*/*",
"arn:aws:sagemaker:*:*:inference-recommendations-job/*",
"arn:aws:sagemaker:*:*:labeling-job/*",
"arn:aws:sagemaker:*:*:model/*",
"arn:aws:sagemaker:*:*:model-bias-job-definition/*",
"arn:aws:sagemaker:*:*:model-explainability-job-definition/*",
"arn:aws:sagemaker:*:*:model-package/*",
"arn:aws:sagemaker:*:*:model-package-group/*",
"arn:aws:sagemaker:*:*:model-quality-job-definition/*",
"arn:aws:sagemaker:*:*:monitoring-schedule/*",
"arn:aws:sagemaker:*:*:notebook-instance/*",
"arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/*",
"arn:aws:sagemaker:*:*:pipeline/*",
"arn:aws:sagemaker:*:*:pipeline/*/execution/*",
"arn:aws:sagemaker:*:*:processing-job/*",
"arn:aws:sagemaker:*:*:project/*",
"arn:aws:sagemaker:*:*:training-job/*",
"arn:aws:sagemaker:*:*:transform-job/*",
"arn:aws:sagemaker:*:*:workforce/*",
"arn:aws:sagemaker:*:*:workteam/*"
]
},
{
"Sid" : "AmazonSageMakerLambdaPassRolePermission",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole"
]
},
{
"Sid" : "AmazonSageMakerLambdaLogPermission",
"Effect": "Allow",
"Action": [
"logs:CreateLogDelivery",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogDelivery",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:DescribeResourcePolicies",
"logs:DescribeDestinations",
"logs:DescribeExportTasks",
"logs:DescribeMetricFilters",
"logs:DescribeQueries",
"logs:DescribeQueryDefinitions",
"logs:DescribeSubscriptionFilters",
"logs:GetLogDelivery",
"logs:GetLogEvents",
"logs:ListLogDeliveries",
"logs:PutLogEvents",
"logs:PutResourcePolicy",
"logs:UpdateLogDelivery"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*"
},
{
"Sid" : "AmazonSageMakerLambdaCodeBuildPermission",
"Effect": "Allow",
"Action": [
"codebuild:StartBuild",
"codebuild:BatchGetBuilds"
],
"Resource": "arn:aws:codebuild:*:*:project/sagemaker-*",
"Condition": {
"StringLike": {
"aws:ResourceTag/sagemaker:project-name": "*"
}
}
}
]
}
```
------
## Amazon SageMaker AI updates to AWS Service Catalog AWS managed policies
View details about updates to AWS managed policies for Amazon SageMaker AI since this service began tracking these changes.
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy) - Updated policy | 10 | Updated `codestar-connections:PassConnection` and `codeconnections:PassConnection` permissions. | September 27, 2025 |
| [AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy) - Updated policy | 3 | Updated `codestar-connections:UseConnection` and `codeconnections:UseConnection` permissions. | September 27, 2025 |
| [AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy) - Updated policy | 3 | Updated `codestar-connections:UseConnection` and `codeconnections:UseConnection` permissions. | September 27, 2025 |
| [AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy) - Updated policy | 9 | Add `cloudformation:TagResource`, `cloudformation:UntagResource`, and `codeconnections:PassConnection` permissions. | July 1, 2024 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy - Updated policy | 7 | Roll back the policy to version 7 (v7). Remove `cloudformation:TagResource`, `cloudformation:UntagResource`, and `codeconnections:PassConnection` permissions. | June 12, 2024 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy - Updated policy | 8 | Add `cloudformation:TagResource`, `cloudformation:UntagResource`, and `codeconnections:PassConnection` permissions. | June 11, 2024 |
| [AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy) - Updated policy | 2 | Add `codestar-connections:UseConnection` and `codeconnections:UseConnection` permissions. | June 11, 2024 |
| [AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy) - Updated policy | 2 | Add `cloudformation:TagResource`, `cloudformation:UntagResource`, `codestar-connections:UseConnection` and `codeconnections:UseConnection` permissions. | June 11, 2024 |
| [AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy) - Updated policy | 2 | Add `codebuild:StartBuild` and `codebuild:BatchGetBuilds` permissions. | June 11, 2024 |
| [AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy) | 1 | Initial policy | August 1, 2023 |
| [AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy) | 1 | Initial policy | August 1, 2023 |
| [AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy) | 1 | Initial policy | August 1, 2023 |
| [AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy) - Updated policy | 2 | Add permission for `glue:GetUserDefinedFunctions`. | August 26, 2022 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy - Updated policy | 7 | Add permission for `sagemaker:AddTags`. | August 2, 2022 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy - Updated policy | 6 | Add permission for `lambda:TagResource`. | July 14, 2022 |
| AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy | 1 | Initial policy | April 4, 2022 |
| [AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy) | 1 | Initial policy | March 24, 2022 |
| [AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy) | 1 | Initial policy | March 24, 2022 |
| AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy | 1 | Initial policy | March 24, 2022 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy - Updated policy | 5 | Add permission for `ecr-idp:TagResource`. | March 21, 2022 |
| AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy | 1 | Initial policy | February 22, 2022 |
| [AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy) | 1 | Initial policy | February 22, 2022 |
| [AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy](#security-iam-awsmanpol-AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy) | 1 | Initial policy | February 22, 2022 |
| AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy | 1 | Initial policy | February 22, 2022 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy - Updated policy | 4 | Add permissions for `cognito-idp:TagResource` and `s3:PutBucketCORS`. | February 16, 2022 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy - Updated policy | 3 | Add new permissions for `sagemaker`. Create, read, update, and delete SageMaker Images. | September 15, 2021 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy - Updated policy | 2 | Add permissions for `sagemaker` and `codestar-connections`. Create, read, update, and delete code repositories. Pass AWS CodeStar connections to AWS CodePipeline. | July 1, 2021 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy | 1 | Initial policy | November 27, 2020 |
## SageMaker AI Updates to AWS Managed Policies
View details about updates to AWS managed policies for SageMaker AI since this service began tracking these changes.
| Policy | Version | Change | Date |
| --- | --- | --- | --- |
| [AmazonSageMakerFullAccess](#security-iam-awsmanpol-AmazonSageMakerFullAccess) - Update to an existing policy | 27 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol.html) | December 4, 2024 |
| [AmazonSageMakerFullAccess](#security-iam-awsmanpol-AmazonSageMakerFullAccess) - Update to an existing policy | 26 | Add `sagemaker:AddTags` permission. | March 29, 2024 |
| AmazonSageMakerFullAccess - Update to an existing policy | 25 | Add `sagemaker:CreateApp`, `sagemaker:DescribeApp`, `sagemaker:DeleteApp`, `sagemaker:CreateSpace`, `sagemaker:UpdateSpace`, `sagemaker:DeleteSpace`, `s3express:CreateSession`, `s3express:CreateBucket`, and `s3express:ListAllMyDirectoryBuckets` permissions. | November 30, 2023 |
| AmazonSageMakerFullAccess - Update to an existing policy | 24 | Add `sagemaker-geospatial:*`, `sagemaker:AddTags`, `sagemaker-ListTags`, `sagemaker-DescribeSpace`, and `sagemaker:ListSpaces` permissions. | November 30, 2022 |
| AmazonSageMakerFullAccess - Update to an existing policy | 23 | Add `glue:UpdateTable`. | June 29, 2022 |
| AmazonSageMakerFullAccess - Update to an existing policy | 22 | Add `cloudformation:ListStackResources`. | May 1, 2022 |
| [AmazonSageMakerReadOnly](#security-iam-awsmanpol-AmazonSageMakerReadOnly) - Update to an existing policy | 11 | Add `sagemaker:QueryLineage`, `sagemaker:GetLineageGroupPolicy`, `sagemaker:BatchDescribeModelPackage`, `sagemaker:GetModelPackageGroupPolicy` permissions. | December 1, 2021 |
| AmazonSageMakerFullAccess - Update to an existing policy | 21 | Add `sns:Publish` permissions for endpoints with Async Inference enabled. | September 8, 2021 |
| AmazonSageMakerFullAccess - Update to an existing policy | 20 | Update `iam:PassRole` resources and permissions. | July 15, 2021 |
| AmazonSageMakerReadOnly - Update to an existing policy | 10 | New API `BatchGetRecord` added for SageMaker AI Feature Store. | June 10, 2021 |
| | | SageMaker AI started tracking changes for its AWS managed policies. | June 1, 2021 |
# Troubleshooting Amazon SageMaker AI Identity and Access
Use the following information to help you diagnose and fix common issues that you might encounter when working with SageMaker AI and IAM.
**Topics**
+ [
## I am not authorized to perform an action in SageMaker AI
](#security_iam_troubleshoot-no-permissions)
+ [
## I am not authorized to perform `iam:PassRole`
](#security_iam_troubleshoot-passrole)
+ [
## I want to allow people outside of my AWS account to access my SageMaker AI resources
](#security_iam_troubleshoot-cross-account-access)
## I am not authorized to perform an action in SageMaker AI
If the AWS Management Console tells you that you're not authorized to perform an action, then you must contact your administrator for assistance. Your administrator is the person that provided you with your sign-in credentials.
The following example error occurs when the `mateojackson` IAM user tries to use the console to view details about a training job but does not have `sagemaker:sagemaker:DescribeTrainingJob` permissions.
```
User: arn:aws:iam::123456789012:user/mateojackson is not
authorized to perform: sagemaker:DescribeTrainingJob on resource: my-example-widget
```
In this case, Mateo asks his administrator to update his policies to allow him to access the `TrainingJob` resource using the `sagemaker:DescribeTrainingJob` action.
## I am not authorized to perform `iam:PassRole`
If you receive an error that you're not authorized to perform the `iam:PassRole` action, your policies must be updated to allow you to pass a role to SageMaker AI.
Some AWS services allow you to pass an existing role to that service instead of creating a new service role or service-linked role. To do this, you must have permissions to pass the role to the service.
The following example error occurs when an IAM user named `marymajor` tries to use the console to perform an action in SageMaker AI. However, the action requires the service to have permissions that are granted by a service role. Mary does not have permissions to pass the role to the service.
```
User: arn:aws:iam::123456789012:user/marymajor is not authorized to perform: iam:PassRole
```
In this case, Mary's policies must be updated to allow her to perform the `iam:PassRole` action.
If you need help, contact your AWS administrator. Your administrator is the person who provided you with your sign-in credentials.
## I want to allow people outside of my AWS account to access my SageMaker AI resources
You can create a role that users in other accounts or people outside of your organization can use to access your resources. You can specify who is trusted to assume the role. For services that support resource-based policies or access control lists (ACLs), you can use those policies to grant people access to your resources.
To learn more, consult the following:
+ To learn whether SageMaker AI supports these features, see [How Amazon SageMaker AI works with IAM](security_iam_service-with-iam.md).
+ To learn how to provide access to your resources across AWS accounts that you own, see [Providing access to an IAM user in another AWS account that you own](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_aws-accounts.html) in the *IAM User Guide*.
+ To learn how to provide access to your resources to third-party AWS accounts, see [Providing access to AWS accounts owned by third parties](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html) in the *IAM User Guide*.
+ To learn how to provide access through identity federation, see [Providing access to externally authenticated users (identity federation)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_federated-users.html) in the *IAM User Guide*.
+ To learn the difference between using roles and resource-based policies for cross-account access, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the *IAM User Guide*.
# Logging and Monitoring
You can monitor Amazon SageMaker AI using Amazon CloudWatch, which collects raw data and processes it into readable, near real-time metrics. These statistics are kept for 15 months, so that you can access historical information and gain a better perspective on how your web application or service is performing. You can also set alarms that watch for certain thresholds and send notifications or take actions when those thresholds are met. For more information, see [Amazon SageMaker AI metrics in Amazon CloudWatch](monitoring-cloudwatch.md).
Amazon CloudWatch Logs enables you to monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, and other sources. You can collect and track metrics, create customized dashboards, and set alarms that notify you or take actions when a specified metric reaches a threshold that you specify. CloudWatch Logs can monitor information in the log files and notify you when certain thresholds are met. You can also archive your log data in highly durable storage. For more information, see [CloudWatch Logs for Amazon SageMaker AI](logging-cloudwatch.md).
AWS CloudTrail provides a record of actions taken by a user, role, or an AWS service in SageMaker AI. Using the information collected by CloudTrail, you can determine the request that was made to SageMaker AI, the IP address from which the request was made, who made the request, when it was made, and additional details. For more information, [Logging Amazon SageMaker AI API calls using AWS CloudTrail](logging-using-cloudtrail.md).
[Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html) is a threat detection service that continuously monitors and analyzes your CloudTrail management and event logs to identify potential security issues. When you enable GuardDuty for an AWS account, it automatically starts analyzing CloudTrail logs to detect suspicious activity in SageMaker APIs. For example, GuardDuty will detect suspicious activity when a user abnormally creates a new pre-signed or blank notebook instance that can later be used for malicious actions. GuardDuty's unique credential exfiltration detection can help a customer identify that the AWS credentials associated with the Amazon EC2 instance were exfiltrated, and then used to call SageMaker APIs from another AWS account.
You can create rules in Amazon CloudWatch Events to react to status changes in status in a SageMaker training, hyperperparameter tuning, or batch transform job. For more information, see [Events that Amazon SageMaker AI sends to Amazon EventBridge](automating-sagemaker-with-eventbridge.md).
**Note**
CloudTrail does not monitor calls to [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpoint.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpoint.html).
# Compliance validation for Amazon SageMaker AI
To learn whether an AWS service is within the scope of specific compliance programs, see [AWS services in Scope by Compliance Program](https://aws.amazon.com/compliance/services-in-scope/) and choose the compliance program that you are interested in. For general information, see [AWS Compliance Programs](https://aws.amazon.com/compliance/programs/).
You can download third-party audit reports using AWS Artifact. For more information, see [Downloading Reports in AWS Artifact](https://docs.aws.amazon.com/artifact/latest/ug/downloading-documents.html).
Your compliance responsibility when using AWS services is determined by the sensitivity of your data, your company's compliance objectives, and applicable laws and regulations. For more information about your compliance responsibility when using AWS services, see [AWS Security Documentation](https://docs.aws.amazon.com/security/).
# Resilience in Amazon SageMaker AI
The AWS global infrastructure is built around AWS Regions and Availability Zones. AWS Regions provide multiple physically separated and isolated Availability Zones, which are connected with low-latency, high-throughput, and highly redundant networking. With Availability Zones, you can design and operate applications and databases that automatically fail over between Availability Zones without interruption. Availability Zones are more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures.
For more information about AWS Regions and Availability Zones, see [AWS Global Infrastructure](https://aws.amazon.com/about-aws/global-infrastructure/).
In addition to the AWS global infrastructure, Amazon SageMaker AI offers several features to help support your data resiliency and backup needs.
# Infrastructure Security in Amazon SageMaker AI
As a managed service, Amazon SageMaker AI is protected by AWS global network security. For information about AWS security services and how AWS protects infrastructure, see [AWS Cloud Security](https://aws.amazon.com/security/). To design your AWS environment using the best practices for infrastructure security, see [Infrastructure Protection](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/infrastructure-protection.html) in *Security Pillar AWS Well‐Architected Framework*.
You use AWS published API calls to access Amazon SageMaker AI through the network. Clients must support the following:
+ Transport Layer Security (TLS). We require TLS 1.2 and recommend TLS 1.3.
+ Cipher suites with perfect forward secrecy (PFS) such as DHE (Ephemeral Diffie-Hellman) or ECDHE (Elliptic Curve Ephemeral Diffie-Hellman). Most modern systems such as Java 7 and later support these modes.
**Topics**
+ [
## SageMaker AI Scans AWS Marketplace Training and Inference Containers for Security Vulnerabilities
](#mkt-container-scan)
+ [
# Connect to Amazon SageMaker AI resources from within a VPC
](infrastructure-connect-to-resources.md)
+ [
# Run Training and Inference Containers in Internet-Free Mode
](mkt-algo-model-internet-free.md)
+ [
# Connect to SageMaker AI Within your VPC
](interface-vpc-endpoint.md)
+ [
# Give SageMaker AI Access to Resources in your Amazon VPC
](infrastructure-give-access.md)
## SageMaker AI Scans AWS Marketplace Training and Inference Containers for Security Vulnerabilities
To meet our security requirements, all the [pre-built SageMaker images](https://docs.aws.amazon.com/sagemaker/latest/dg-ecr-paths/sagemaker-algo-docker-registry-paths.html), including AWS Deep Learning Containers, the SageMaker AI machine learning framework containers, and the SageMaker AI built-in algorithm containers, and algorithms and model packages listed in AWS Marketplace are scanned for Common Vulnerabilities and Exposures (CVE). CVE is a list of publicly known information about security vulnerability and exposure. The National Vulnerability Database (NVD) provides CVE details such as severity, impact rating, and fix information. Both CVE and NVD are available for public consumption and free for security tools and services to use. For more information, see [CVE Frequently Asked Questions (FAQs)](https://www.cve.org/ResourcesSupport/FAQs).
# Connect to Amazon SageMaker AI resources from within a VPC
**Important**
The following information applies to both Amazon SageMaker Studio and Amazon SageMaker Studio Classic. The same concepts of connecting to resources within a VPC apply to both Studio and Studio Classic.
Amazon SageMaker Studio and SageMaker AI notebook instances allow direct internet access by default. SageMaker AI allows you to download popular packages and notebooks, customize your development environment, and work efficiently. However, this could provide an opening for unauthorized access to your data. For example, if you install malicious code on your computer as a publicly available notebook or source code library, it could access your data. You can restrict which traffic can access the internet by launching your Studio and SageMaker AI notebook instances in a [Amazon Virtual Private Cloud (Amazon VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html).
An Amazon Virtual Private Cloud is a virtual network dedicated to your AWS account. With an Amazon VPC, you can control the network access and internet connectivity of your Studio and notebook instances. You can remove direct internet access to add another layer of security.
The following topics describe how to connect your Studio instances and notebook instances to resources in a VPC.
**Topics**
+ [
# Connect Amazon SageMaker Studio in a VPC to External Resources
](studio-updated-and-internet-access.md)
+ [
# Connect Studio notebooks in a VPC to external resources
](studio-notebooks-and-internet-access.md)
+ [
# Connect a Notebook Instance in a VPC to External Resources
](appendix-notebook-and-internet-access.md)
# Connect Amazon SageMaker Studio in a VPC to External Resources
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
The following topic gives information on how to connect Amazon SageMaker Studio in a VPC to external resources.
**Topics**
+ [
## Default communication with the internet
](#studio-notebooks-and-internet-access-default-setting)
+ [
## `VPC only` communication with the internet
](#studio-notebooks-and-internet-access-vpc-only)
## Default communication with the internet
By default, Amazon SageMaker Studio provides a network interface that allows communication with the internet through a VPC managed by SageMaker AI. Traffic to AWS services like Amazon S3 and CloudWatch goes through an internet gateway, as does traffic that accesses the SageMaker AI API and SageMaker AI runtime. Traffic between the domain and your Amazon EFS volume goes through the VPC that you specified when you onboarded to the domain or called the [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html) API.
## `VPC only` communication with the internet
To prevent SageMaker AI from providing internet access to Studio, you can disable internet access by specifying the `VPC only` network access type when you [onboard to Studio](https://docs.aws.amazon.com/sagemaker/latest/dg/onboard-vpc.html) or call the [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html) API. As a result, you won't be able to run Studio unless your VPC has an interface endpoint to the SageMaker API and runtime, or a NAT gateway with internet access, and your security groups allow outbound connections.
**Note**
The network access type can be changed after domain creation using the `--app-network-access-type` parameter of the [update-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-domain.html) command.
### Requirements to use `VPC only` mode
When you choose `VpcOnly`, follow these steps:
1. You must use private subnets only. You cannot use public subnets in `VpcOnly` mode.
1. Ensure your subnets have the required number of IP addresses needed. The expected number of IP addresses needed per user can vary based on use case. We recommend between 2 and 4 IP addresses per user. The total IP address capacity for a domain is the sum of available IP addresses for each subnet provided when the domain is created. Ensure that your estimated IP address usage does not exceed the capacity supported by the number of subnets you provide. Additionally, using subnets distributed across many availability zones can aid in IP address availability. For more information, see [VPC and subnet sizing for IPv4](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#vpc-sizing-ipv4).
**Note**
You can configure only subnets with a default tenancy VPC in which your instance runs on shared hardware. For more information on the tenancy attribute for VPCs, see [Dedicated Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html).
1.
**Warning**
When using `VpcOnly` mode, you partly own the networking configuration for the domain. We recommend the security best practice of applying least-privilege permissions to the inbound and outbound access that security group rules provide. Overly permissive inbound rule configurations could allow users with access to the VPC to interact with the applications of other user profiles without authentication.
Set up one or more security groups with inbound and outbound rules that allow the following traffic:
+ [NFS traffic over TCP on port 2049](https://docs.aws.amazon.com/efs/latest/ug/network-access.html) between the domain and the Amazon EFS volume.
+ [TCP traffic within the security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-other-instances). This is required for connectivity between the Jupyter Server application and the Kernel Gateway applications. You must allow access to at least ports in the range `8192-65535`.
Create a distinct security group for each user profile and add inbound access from that same security group. We do not recommend reusing a domain-level security group for user profiles. If the domain-level security group allows inbound access to itself, then all applications in the domain would have access to all other applications in the domain.
1. If you want to allow internet access, you must use a [NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-working-with) with access to the internet, for example through an [internet gateway](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html).
1. If you don't want to allow internet access, [create interface VPC endpoints](https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html) (AWS PrivateLink) to allow Studio to access the following services with the corresponding service names. You must also associate the security groups for your VPC with these endpoints.
+ SageMaker API : `com.amazonaws.region.sagemaker.api`.
+ SageMaker AI runtime: `com.amazonaws.region.sagemaker.runtime`. This is required to run endpoint invocations.
+ Amazon S3: `com.amazonaws.region.s3`.
+ SageMaker Projects: `com.amazonaws.region.servicecatalog`.
+ SageMaker Studio: `aws.sagemaker.region.studio`.
+ Any other AWS services you require.
If you use the [SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable/) to run remote training jobs, you must also create the following Amazon VPC endpoints.
+ AWS Security Token Service: `com.amazonaws.region.sts`
+ Amazon CloudWatch: `com.amazonaws.region.logs`. This is required to allow SageMaker Python SDK to get the remote training job status from Amazon CloudWatch.
1. If using the domain in `VpcOnly` mode from an on-premises network, establish private connectivity from the network of the host running Studio in the browser and the target Amazon VPC. This is required because the Studio UI invokes AWS endpoints using API calls with temporary AWS credentials. These temporary credentials are associated with the execution role of the logged user profile. If the domain is configured in `VpcOnly` mode in an on-premises network, the execution role might define IAM policy conditions that enforce the execution of AWS service API calls only through the configured Amazon VPC endpoints.This causes API calls executed from the Studio UI to fail. We recommend resolving this using an [AWS Site-to-Site VPN](https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html) or [AWS Direct Connect](https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html)connection.
**Note**
For a customer working within VPC mode, company firewalls can cause connection issues with Studio or applications. Make the following checks if you encounter one of these issues when using Studio from behind a firewall.
Verify that the Studio URL and URLs for all of your applications are in your network's allowlist. For example:
```
*.studio.region.sagemaker.aws
*.console.aws.a2z.com
```
Verify that the websocket connections are not blocked. Jupyter uses websockets.
**For more information**
+ [Security groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html)
+ [Connect to SageMaker AI Within your VPC](interface-vpc-endpoint.md)
+ [VPC with public and private subnets (NAT)](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html)
# Connect Studio notebooks in a VPC to external resources
The following topic gives information about how to connect Studio Notebooks in a VPC to external resources.
## Default communication with the internet
By default, SageMaker Studio provides a network interface that allows communication with the internet through a VPC managed by SageMaker AI. Traffic to AWS services, like Amazon S3 and CloudWatch, goes through an internet gateway. Traffic that accesses the SageMaker API and SageMaker AI runtime also goes through an internet gateway. Traffic between the domain and Amazon EFS volume goes through the VPC that you identified when you onboarded to Studio or called the [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html) API. The following diagram shows the default configuration.
![\[SageMaker Studio VPC diagram depicting direct internet access usage.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-vpc-internet.png)
## `VPC only` communication with the internet
To stop SageMaker AI from providing internet access to your Studio notebooks, disable internet access by specifying the `VPC only` network access type. Specify this network access type when you [onboard to Studio](https://docs.aws.amazon.com/sagemaker/latest/dg/onboard-vpc.html) or call the [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html) API. As a result, you won't be able to run a Studio notebook unless:
+ your VPC has an interface endpoint to the SageMaker API and runtime, or a NAT gateway with internet access
+ your security groups allow outbound connections
The following diagram shows a configuration for using VPC-only mode.
![\[SageMaker Studio VPC diagram depicting usage of VPC-only mode.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-vpc-private.png)
### Requirements to use `VPC only` mode
When you choose `VpcOnly`, follow these steps:
1. You must use private subnets only. You cannot use public subnets in `VpcOnly` mode.
1. Ensure your subnets have the required number of IP addresses needed. The expected number of IP addresses needed per user can vary based on use case. We recommend between 2 and 4 IP addresses per user. The total IP address capacity for a Studio domain is the sum of available IP addresses for each subnet provided when the domain is created. Make sure that your IP address usage isn't more than the capacity supported by the number of subnets you provide. Additionally, using subnets distributed across many availability zones can help with IP address availability. For more information, see [VPC and subnet sizing for IPv4](https://docs.aws.amazon.com/vpc/latest/userguide/how-it-works.html#vpc-sizing-ipv4).
**Note**
You can configure only subnets with a default tenancy VPC in which your instance runs on shared hardware. For more information on the tenancy attribute for VPCs, see [Dedicated Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html).
1.
**Warning**
When using `VpcOnly` mode, you partly own the networking configuration for the domain. We recommend the security best practice of applying least-privilege permissions to the inbound and outbound access that security group rules provide. Overly permissive inbound rule configurations could allow users with access to the VPC to interact with the applications of other user profiles without authentication.
Set up one or more security groups with inbound and outbound rules that allow the following traffic:
+ [NFS traffic over TCP on port 2049](https://docs.aws.amazon.com/efs/latest/ug/network-access.html) between the domain and the Amazon EFS volume.
+ [TCP traffic within the security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-other-instances). This is required for connectivity between the Jupyter Server application and the Kernel Gateway applications. You must allow access to at least ports in the range `8192-65535`.
Create a distinct security group for each user profile and add inbound access from that same security group. We do not recommend reusing a domain-level security group for user profiles. If the domain-level security group allows inbound access to itself, all applications in the domain have access to all other applications in the domain.
1. If you want to allow internet access, you must use a [NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-working-with) with access to the internet, for example through an [internet gateway](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html).
1. To remove internet access, [create interface VPC endpoints](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html) (AWS PrivateLink) to allow Studio to access the following services with the corresponding service names. You must also associate the security groups for your VPC with these endpoints.
+ SageMaker API : `com.amazonaws.region.sagemaker.api`
+ SageMaker AI runtime: `com.amazonaws.region.sagemaker.runtime`. This is required to run Studio notebooks and to train and host models.
+ Amazon S3: `com.amazonaws.region.s3`.
+ To use SageMaker Projects: `com.amazonaws.region.servicecatalog`.
+ Any other AWS services you require.
If you use the [SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable/) to run remote training jobs, you must also create the following Amazon VPC endpoints.
+ AWS Security Token Service: `com.amazonaws.region.sts`
+ Amazon CloudWatch: `com.amazonaws.region.logs`. This is required to allow SageMaker Python SDK to get the remote training job status from Amazon CloudWatch.
**Note**
For a customer working within VPC mode, company firewalls can cause connection issues with SageMaker Studio or between JupyterServer and the KernelGateway. Make the following checks if you run into one of these issues when using SageMaker Studio from behind a firewall.
Check that the Studio URL is in your networks allowlist.
Check that the websocket connections are not blocked. Jupyter uses websocket under the hood. If the KernelGateway application is InService, JupyterServer may not be able to connect to the KernelGateway. You should see this problem when opening System Terminal as well.
**For more information**
+ [Securing Amazon SageMaker Studio connectivity using a private VPC](https://aws.amazon.com/blogs/machine-learning/securing-amazon-sagemaker-studio-connectivity-using-a-private-vpc).
+ [Security groups for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html)
+ [Connect to SageMaker AI Within your VPC](interface-vpc-endpoint.md)
+ [VPC with public and private subnets (NAT)](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html)
# Connect a Notebook Instance in a VPC to External Resources
The following topic gives information on how to connect your notebook instance in a VPC to external resources.
## Default communication with the internet
When your notebook allows *direct internet access*, SageMaker AI provides a network interface that allows the notebook to communicate with the internet through a VPC managed by SageMaker AI. Traffic within your VPC's CIDR goes through elastic network interface created in your VPC. All the other traffic goes through the network interface created by SageMaker AI, which is essentially through the public internet. Traffic to gateway VPC endpoints like Amazon S3 and DynamoDB goes through the public internet, while traffic to interface VPC interface endpoints still goes through your VPC. If you want to use gateway VPC endpoints, you might want to disable direct internet access.
## VPC-only communication with the internet
To disable direct internet access, you can specify a VPC for your notebook instance. By doing so, you prevent SageMaker AI from providing internet access to your notebook instance. As a result, the notebook instance can't train or host models unless your VPC has an interface endpoint (AWS PrivateLink) or a NAT gateway and your security groups allow outbound connections.
For information about creating a VPC interface endpoint to use AWS PrivateLink for your notebook instance, see [Connect to a Notebook Instance Through a VPC Interface Endpoint](notebook-interface-endpoint.md). For information about setting up a NAT gateway for your VPC, see [VPC with Public and Private Subnets (NAT)](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html) in the *Amazon Virtual Private Cloud User Guide*. For information about security groups, see [Security Groups for Your VPC](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html). For more information about networking configurations in each networking mode and configuring network on premise, see [Understanding Amazon SageMaker notebook instance networking configurations and advanced routing options](https://aws.amazon.com/blogs/machine-learning/understanding-amazon-sagemaker-notebook-instance-networking-configurations-and-advanced-routing-options/).
**Warning**
When you use a VPC for your notebook instance, you partly own the networking configuration for the instance. As a security best practice, we recommend that you apply least-privilege permissions to the inbound and outbound access that you permit with your security group rules. If you apply overly permissive inbound rule configurations, then users who have access to your VPC could access your Jupyter Notebooks without authenticating.
## Security and Shared Notebook Instances
A SageMaker notebook instance is designed to work best for an individual user. It is designed to give data scientists and other users the most power for managing their development environment.
A notebook instance user has root access for installing packages and other pertinent software. We recommend that you exercise judgement when granting individuals access to notebook instances that are attached to a VPC that contains sensitive information. For example, you might grant a user access to a notebook instance with an IAM policy by giving them the ability to create a presigned notebook URL, as shown in the following example:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sagemaker:CreatePresignedNotebookInstanceUrl",
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:notebook-instance/myNotebookInstance"
}
]
}
```
------
# Run Training and Inference Containers in Internet-Free Mode
SageMaker AI training and deployed inference containers are internet-enabled by default. This allows containers to access external services and resources on the public internet as part of your training and inference workloads. However, this could provide an avenue for unauthorized access to your data. For example, a malicious user or code that you accidentally install on the container (in the form of a publicly available source code library) could access your data and transfer it to a remote host.
If you use an Amazon VPC by specifying a value for the `VpcConfig` parameter when you call [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html), or [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html), you can protect your data and resources by managing security groups and restricting internet access from your VPC. However, this comes at the cost of additional network configuration, and has the risk of configuring your network incorrectly. If you do not want SageMaker AI to provide external network access to your training or inference containers, you can enable network isolation.
## Network Isolation
You can enable network isolation when you create your training job or model by setting the value of the `EnableNetworkIsolation` parameter to `True` when you call [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html), [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html), or [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html).
**Note**
Network isolation is required to run training jobs and models using resources from AWS Marketplace. For additional security, AWS Marketplace images run within an Amazon VPC. They only have access to data within their local file systems.
When you enable network isolation, your training and inference containers can't make any outbound network calls to any service, including Amazon S3. No AWS credentials are made available to the container runtime environment. For training jobs with multiple instances, network inbound and outbound traffic is limited to communication between training container peers.
SageMaker AI still handles all necessary Amazon S3 download and upload operations using your SageMaker AI execution role. This happens apart from your training and inference containers, ensuring that your training data and model artifacts are still accessible while maintaining container isolation.
The following managed SageMaker AI containers do not support network isolation because they require access to Amazon S3:
+ Chainer
+ SageMaker AI Reinforcement Learning
### Network isolation with a VPC
Network isolation can be used in conjunction with a VPC. In this scenario, the download and upload of customer data and model artifacts are routed through your VPC subnet. However, the training and inference containers themselves continue to be isolated from the network, and do not have access to any resource within your VPC or on the internet.
# Connect to SageMaker AI Within your VPC
You can connect directly to the SageMaker API or to Amazon SageMaker Runtime through an [interface endpoint](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-interface.html) in your virtual private cloud (VPC) instead of connecting over the internet. When you use a VPC interface endpoint, communication between your VPC and the SageMaker AI API or Runtime is conducted entirely and securely within an AWS network.
## Connect to SageMaker AI through a VPC interface endpoint
The SageMaker API and SageMaker AI Runtime support [Amazon Virtual Private Cloud](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html) (Amazon VPC) interface endpoints that are powered by [AWS PrivateLink](https://aws.amazon.com/privatelink). Each VPC endpoint is represented by one or more [Elastic Network Interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) with private IP addresses in your VPC subnets. For example, an application inside your VPC uses AWS PrivateLink to communicate with SageMaker AI Runtime. SageMaker AI Runtime in turn communicates with the SageMaker AI endpoint. Using AWS PrivateLink allows you to invoke your SageMaker AI endpoint from within your VPC, as shown in the following diagram.
![\[\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/security-vpc-SM.png)
The VPC interface endpoint connects your VPC directly to the SageMaker API or SageMaker AI Runtime using AWS PrivateLink without using an internet gateway, NAT device, VPN connection, or Direct Connect connection. The instances in your VPC do not need to connect to the public internet in order to communicate with the SageMaker API or SageMaker AI Runtime.
You can create an AWS PrivateLink interface endpoint to connect to SageMaker AI or to SageMaker AI Runtime using either the AWS Management Console or AWS Command Line Interface (AWS CLI). For instructions, see [Access an AWS service using an interface VPC endpoint](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-interface.html#create-interface-endpoint).
If you haven't enabled a private Domain Name System (DNS) hostname for your VPC endpoint, *after you have created a VPC endpoint*, specify the internet endpoint URL to the SageMaker API or SageMaker AI Runtime. Example code using AWS CLI commands to specify the `endpoint-url` parameter follows.
```
aws sagemaker list-notebook-instances --endpoint-url VPC_Endpoint_ID.api.sagemaker.Region.vpce.amazonaws.com
aws sagemaker list-training-jobs --endpoint-url VPC_Endpoint_ID.api.sagemaker.Region.vpce.amazonaws.com
aws sagemaker-runtime invoke-endpoint --endpoint-url https://VPC_Endpoint_ID.runtime.sagemaker.Region.vpce.amazonaws.com \
--endpoint-name Endpoint_Name \
--body "Endpoint_Body" \
--content-type "Content_Type" \
Output_File
```
If you enable private DNS hostnames for your VPC endpoint, you don't need to specify the endpoint URL because the default hostname (https://api.sagemaker.*Region*.amazon.com) resolves to your VPC endpoint. Similarly, the default SageMaker AI Runtime DNS hostname (https://runtime.sagemaker.*Region*.amazonaws.com) also resolves to your VPC endpoint.
The SageMaker API and SageMaker AI Runtime support VPC endpoints in all AWS Regions where both [Amazon VPC](https://docs.aws.amazon.com/general/latest/gr/rande.html#vpc_region) and [SageMaker AI](https://docs.aws.amazon.com/general/latest/gr/rande.html#sagemaker_region) ares available. SageMaker AI supports making calls to all of its [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_Operations.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_Operations.html) inside your VPC. If you use the `AuthorizedUrl` from the [
CreatePresignedNotebookInstanceUrl](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html) command, your traffic will go over the public internet. You can't only use a VPC endpoint to access the presigned URL, the request must go through the internet gateway.
By default, your users can share the presigned URL to people outside of your corporate network. For additional security, you must add IAM permissions to restrict the URL only be usable within your network. For information about IAM permissions, see [How AWS PrivateLink works with IAM](https://docs.aws.amazon.com/vpc/latest/privatelink/security_iam_service-with-iam.html).
**Note**
When setting up a VPC interface endpoint for the SageMaker AI Runtime service (https://runtime.sagemaker.`Region`.amazonaws.com), you must ensure that the VPC interface endpoint is activated in the Availability Zone of your client in order for private DNS resolution to work. Otherwise, you may see DNS failures when attempting to resolve the URL.
To learn more about AWS PrivateLink, see the [AWS PrivateLink documentation](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html#what-is-privatelink). Refer to [AWS PrivateLink Pricing](https://aws.amazon.com/privatelink/pricing/) for the price of VPC endpoints. To learn more about VPC and endpoints, see [Amazon VPC](https://aws.amazon.com/vpc/). For information about how to use identity-based AWS Identity and Access Management policies to restrict access to the SageMaker API and SageMaker AI Runtime, see [Control access to the SageMaker AI API by using identity-based policies](security_iam_id-based-policy-examples.md#api-access-policy).
## Using SageMaker training and hosting with resources inside your VPC
SageMaker AI uses your execution role to download and upload information from an Amazon S3 bucket and Amazon Elastic Container Registry (Amazon ECR), in isolation from your training or inference container. If you have resources that are located inside your VPC, you can still grant SageMaker AI access to those resources. The following sections explain how to make your resources available to SageMaker AI with or without network isolation.
### Without network isolation enabled
If you haven't set network isolation on your training job or model, SageMaker AI can access resources using either of the following methods.
+ SageMaker training and deployed inference containers can access the internet by default. SageMaker AI containers are able to access external services and resources on the public internet as part of your training and inference workloads. SageMaker AI containers are not able to access resources inside your VPC without a VPC configuration, as shown in the following illustration.
![\[\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/security-vpc-no-config.png)
+ Use a VPC configuration to communicate with resources inside your VPC through an elastic network interface (ENI). The communication between the container and the resources in your VPC takes place securely within your VPC network, as shown in the following illustration. In this case, you manage networking access to your VPC resources and internet.
![\[\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/security-vpc-config.png)
### With network isolation
If you employ network isolation, the SageMaker AI container can't communicate with resources inside your VPC or make any network calls, as shown in the following illustration. If you provide a VPC configuration, the download and upload operations will be run through your VPC. For more information about hosting and training with network isolation while using a VPC, see [Network Isolation](mkt-algo-model-internet-free.md#mkt-algo-model-internet-free-isolation).
![\[\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/security-network-isolation-no-config.png)
## Create a VPC Endpoint Policy for SageMaker AI
You can create a policy for Amazon VPC endpoints for SageMaker AI to specify the following:
+ The principal that can perform actions.
+ The actions that can be performed.
+ The resources on which actions can be performed.
For more information, see [Controlling Access to Services with VPC Endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) in the *Amazon VPC User Guide*.
**Note**
VPC endpoint policies aren't supported for Federal Information Processing Standard (FIPS) SageMaker AI runtime endpoints for [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpoint.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpoint.html).
The following example VPC endpoint policy specifies that all users who have access to the VPC interface endpoint are allowed to invoke the SageMaker AI hosted endpoint named `myEndpoint`.
```
{
"Statement": [
{
"Action": "sagemaker:InvokeEndpoint",
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:us-west-2:123456789012:endpoint/myEndpoint",
"Principal": "*"
}
]
}
```
In this example, the following are denied:
+ Other SageMaker API actions, such as `sagemaker:CreateEndpoint` and `sagemaker:CreateTrainingJob`.
+ Invoking SageMaker AI hosted endpoints other than `myEndpoint`.
**Note**
In this example, users can still take other SageMaker API actions from outside the VPC. For information about how to restrict API calls to those from within the VPC, see [Control access to the SageMaker AI API by using identity-based policies](security_iam_id-based-policy-examples.md#api-access-policy).
## Create a VPC Endpoint Policy for Amazon SageMaker Feature Store
To create a VPC Endpoint for Amazon SageMaker Feature Store, use the following endpoint template, substituting your *VPC\$1Endpoint\$1ID.api* and *Region*:
`VPC_Endpoint_ID.api.featurestore-runtime.sagemaker.Region.vpce.amazonaws.com`
# Connect to Amazon SageMaker Studio and Studio Classic Through an Interface VPC Endpoint
You can connect to your Amazon SageMaker Studio and Amazon SageMaker Studio Classic from your [Amazon Virtual Private Cloud](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html) (Amazon VPC) through an [interface endpoint](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html) in your VPC instead of connecting over the internet. When you use an interface VPC endpoint (interface endpoint), communication between your VPC and Studio or Studio Classic is conducted entirely and securely within the AWS network.
Studio and Studio Classic supports interface endpoints that are powered by [AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-overview.html). Each interface endpoint is represented by one or more [Elastic network interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) with private IP addresses in your VPC subnets.
Studio and Studio Classic supports interface endpoints in all AWS Regions where both [Amazon SageMaker AI](https://aws.amazon.com/sagemaker/pricing/) and [Amazon VPC](https://aws.amazon.com/vpc/pricing/) are available.
**Topics**
+ [
## Create a VPC Endpoint
](#studio-interface-endpoint-create)
+ [
## Create a VPC Endpoint Policy for Studio or Studio Classic
](#studio-private-link-policy)
+ [
## Allow Access Only from Within Your VPC
](#studio-private-link-restrict)
## Create a VPC Endpoint
You can create an interface endpoint to connect to Studio or Studio Classic with either the AWS console or the AWS Command Line Interface (AWS CLI). For instructions, see [Creating an interface endpoint](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#create-interface-endpoint). Make sure that you create interface endpoints for all of the subnets in your VPC from which you want to connect to Studio and Studio Classic.
When you create an interface endpoint, ensure that the security groups on your endpoint allow inbound access for HTTPS traffic from the security groups associated with Studio and Studio Classic. For more information, see [Control access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html#vpc-endpoints-security-groups).
**Note**
In addition to creating an interface endpoint to connect to Studio and Studio Classic, create an interface endpoint to connect to the Amazon SageMaker API. When users call [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedDomainUrl.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedDomainUrl.html) to get the URL to connect to Studio and Studio Classic, that call goes through the interface endpoint used to connect to the SageMaker API.
When you create the interface endpoint, specify **aws.sagemaker.*Region*.studio** as the service name for either Studio or Studio Classic. After you create the interface endpoint, enable private DNS for your endpoint. When you connect to Studio or Studio Classic from within the VPC using the SageMaker API, the AWS CLI, or the console, you connect through the interface endpoint instead of the public internet. You also need to set up a custom DNS with private hosted zones for the Amazon VPC endpoint so Studio or Studio Classic can access the SageMaker API using the `api.sagemaker.$region.amazonaws.com` endpoint rather than using the VPC endpoint URL. For instructions on setting up a private hosted zone, see [Working with private hosted zones](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html).
## Create a VPC Endpoint Policy for Studio or Studio Classic
You can attach an Amazon VPC endpoint policy to the interface VPC endpoints that you use to connect to Studio or Studio Classic. The endpoint policy controls access to Studio or Studio Classic. You can specify the following:
+ The principal that can perform actions.
+ The actions that can be performed.
+ The resources on which actions can be performed.
To use a VPC endpoint with Studio or Studio Classic, your endpoint policy must allow the `CreateApp` operation on the KernelGateway app type. This allows traffic that is routed to through the VPC endpoint to call the `CreateApp` API. The following example VPC endpoint policy shows how to allow the `CreateApp` operation.
```
{
"Statement": [
{
"Action": "sagemaker:CreateApp",
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:us-west-2:acct-id:app/domain-id/*",
"Principal": "*"
}
]
}
```
For more information, see [Controlling access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html).
The following example of a VPC endpoint policy specifies that all users that have access to the endpoint are allowed to access the user profiles in the SageMaker AI domain with the specified domain ID. Access to other domains is denied.
```
{
"Statement": [
{
"Action": "sagemaker:CreatePresignedDomainUrl",
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:us-west-2:acct-id:user-profile/domain-id/*",
"Principal": "*"
}
]
}
```
## Allow Access Only from Within Your VPC
Users outside your VPC can connect to Studio or Studio Classic over the internet even if you set up an interface endpoint in your VPC.
To allow access to only connections made from within your VPC, create an AWS Identity and Access Management (IAM) policy to that effect. Add that policy to every user, group, or role used to access Studio or Studio Classic. This feature is only supported when using IAM mode for authentication, and is not supported in IAM Identity Center mode. The following examples demonstrate how to create such policies.
**Important**
If you apply an IAM policy similar to one of the following examples, users cannot access Studio or Studio Classic or the specified SageMaker APIs through the SageMaker AI console. To access Studio or Studio Classic, users must use a presigned URL or call the SageMaker APIs directly.
**Example 1: Allow connections only within the subnet of an interface endpoint**
The following policy allows connections only to callers within the subnet where you created the interface endpoint.
------
#### [ JSON ]
****
```
{
"Id": "sagemaker-studio-example-1",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnableSageMakerStudioAccess",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:DescribeUserProfile"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:SourceVpc": "vpc-111bbaaa"
}
}
}
]
}
```
------
**Example 2: Allow connections only through interface endpoints using `aws:sourceVpce`**
The following policy allows connections only to those made through the interface endpoints specified by the `aws:sourceVpce` condition key. For example, the first interface endpoint could allow access through the SageMaker AI console. The second interface endpoint could allow access through the SageMaker API.
------
#### [ JSON ]
****
```
{
"Id": "sagemaker-studio-example-2",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnableSageMakerStudioAccess",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:DescribeUserProfile"
],
"Resource": "*",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:sourceVpce": [
"vpce-111bbccc",
"vpce-111bbddd"
]
}
}
}
]
}
```
------
This policy includes the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeUserProfile.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeUserProfile.html) action. Typically you call `DescribeUserProfile` to make sure that the status of the user profile is `InService` before you try to connect to the domain. For example:
```
aws sagemaker describe-user-profile \
--domain-id domain-id \
--user-profile-name profile-name
```
Response:
```
{
"DomainId": "domain-id",
"UserProfileArn": "arn:aws:sagemaker:us-west-2:acct-id:user-profile/domain-id/profile-name",
"UserProfileName": "profile-name",
"HomeEfsFileSystemUid": "200001",
"Status": "InService",
"LastModifiedTime": 1605418785.555,
"CreationTime": 1605418477.297
}
```
```
aws sagemaker create-presigned-domain-url
--domain-id domain-id \
--user-profile-name profile-name
```
Response:
```
{
"AuthorizedUrl": "https://domain-id.studio.us-west-2.sagemaker.aws/auth?token=AuthToken"
}
```
For both of these calls, if you are using a version of the AWS SDK that was released before August 13, 2018, you must specify the endpoint URL in the call. For example, the following example shows a call to `create-presigned-domain-url`:
```
aws sagemaker create-presigned-domain-url
--domain-id domain-id \
--user-profile-name profile-name \
--endpoint-url vpc-endpoint-id.api.sagemaker.Region.vpce.amazonaws.com
```
**Example 3: Allow connections from IP addresses using `aws:SourceIp` **
The following policy allows connections only from the specified range of IP addresses using the `aws:SourceIp` condition key.
------
#### [ JSON ]
****
```
{
"Id": "sagemaker-studio-example-3",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnableSageMakerStudioAccess",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:DescribeUserProfile"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.0.2.0/24",
"203.0.113.0/24"
]
}
}
}
]
}
```
------
**Example 4: Allow connections from IP addresses through an interface endpoint using `aws:VpcSourceIp`**
If you are accessing Studio or Studio Classic through an interface endpoint, you can use the `aws:VpcSourceIp` condition key to allow connections only from the specified range of IP addresses within the subnet where you created the interface endpoint as shown in the following policy:
------
#### [ JSON ]
****
```
{
"Id": "sagemaker-studio-example-4",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnableSageMakerStudioAccess",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:DescribeUserProfile"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:VpcSourceIp": [
"192.0.2.0/24",
"203.0.113.0/24"
]
},
"StringEquals": {
"aws:SourceVpc": "vpc-111bbaaa"
}
}
}
]
}
```
------
# Connecting to an MLflow tracking server through an Interface VPC Endpoint
The MLflow tracking server runs in an Amazon Virtual Private Cloud managed by Amazon SageMaker AI. You can connect to an MLflow tracking server from an endpoint in your own VPC. Your requests to the tracking server are not exposed to the public internet. For more information about connecting your VPC to SageMaker AI, see [Connect to SageMaker AI Within your VPC](interface-vpc-endpoint.md).
**Topics**
+ [
# Create a VPC Endpoint
](mlflow-interface-endpoint-create.md)
+ [
# Create a VPC Endpoint Policy for SageMaker AI MLflow
](mlflow-private-link-policy.md)
+ [
# Allow Access only from within your VPC
](mlflow-private-link-restrict.md)
# Create a VPC Endpoint
You can create an interface endpoint to connect to SageMaker AI MLflow. For instructions, see [Creating an interface endpoint](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#create-interface-endpoint). Make sure that you create interface endpoints for all of the subnets in your VPC from which you want to connect to SageMaker AI MLflow.
When you create an interface endpoint, ensure that the security groups on your endpoint allow inbound and outbound access for HTTPS traffic. For more information, see [Control access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html#vpc-endpoints-security-groups).
**Note**
In addition to creating an interface endpoint to connect to SageMaker AI MLflow, create an interface endpoint to connect to the Amazon SageMaker API. When users call [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedMlflowTrackingServerUrl.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedMlflowTrackingServerUrl.html) to get the URL to connect to SageMaker AI MLflow, that call goes through the interface endpoint used to connect to the SageMaker API.
When you create the interface endpoint, specify **aws.sagemaker.*AWS Region*.experiments** as the service name. After you create the interface endpoint, enable private DNS for your endpoint. When you connect to SageMaker AI MLflow from within the VPC using the SageMaker Python SDK, you connect through the interface endpoint instead of the public internet.
Within the AWS Management Console, you can use the following procedure to create an endpoint.
**To create an endpoint**
1. Navigate to the [Amazon Virtual Private Cloud console](https://console.aws.amazon.com/vpcconsole).
1. Navigate to **Endpoints**.
1. Choose **Create endpoint**.
1. (Optional) For **Name (tag)**, specify a name for the endpoint.
1. In the search bar under **Services**, specify **experiments**.
1. Select the endponit that you're creating.
1. For **VPC**, specify the name of the VPC.
1. Choose **Create endpoint**.
# Create a VPC Endpoint Policy for SageMaker AI MLflow
You can attach an Amazon VPC endpoint policy to the interface VPC endpoints that you use to connect to SageMaker AI MLflow. The endpoint policy controls access to MLflow. You can specify the following:
+ The principal that can perform actions.
+ The actions that can be performed.
+ The resources on which actions can be performed.
For more information, see [Controlling access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html).
The following example of a VPC endpoint policy specifies that all users that have access to the endpoint are allowed to access to the MLflow tracking server that you specify. Access to other tracking servers is denied.
```
{
"Statement": [
{
"Action": "sagemaker-mlflow:*",
"Effect": "Allow",
"Principal": "*",
"Resource": "arn:aws:sagemaker:AWS Region:111122223333:mlflow-tracking-server/*"
}
]
}
```
# Allow Access only from within your VPC
Users outside your VPC can connect to SageMaker AI MLflow or over the internet even if you set up an interface endpoint in your VPC.
To allow access to only connections made from within your VPC, create an AWS Identity and Access Management (IAM) policy to that effect. Add that policy to every user, group, or role used to access SageMaker AI MLflow. This feature is only supported when using IAM mode for authentication, and is not supported in IAM Identity Center mode. The following examples demonstrate how to create such policies.
**Important**
If you apply an IAM policy similar to one of the following examples, users cannot access SageMaker AI MLflow through the specified SageMaker APIs through the SageMaker AI console. To access SageMaker AI MLflow, users must use a presigned URL or call the SageMaker APIs directly.
**Example 1: Allow connections only within the subnet of an interface endpoint**
The following policy allows connections only to callers within the subnet where you created the interface endpoint.
------
#### [ JSON ]
****
```
{
"Id": "mlflow-example-1",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "MlflowAccess",
"Effect": "Allow",
"Action": [
"sagemaker-mlflow:*"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:SourceVpce": "vpce-111bbaaa"
}
}
}
]
}
```
------
**Example 2: Allow connections only through interface endpoints using `aws:sourceVpce`**
The following policy allows connections only to those made through the interface endpoints specified by the `aws:sourceVpce` condition key. For example, the first interface endpoint could allow access through the SageMaker AI console. The second interface endpoint could allow access through the SageMaker API.
------
#### [ JSON ]
****
```
{
"Id": "sagemaker-mlflow-example-2",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "MlflowAccess",
"Effect": "Allow",
"Action": [
"sagemaker-mlflow:*"
],
"Resource": "*",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:sourceVpce": [
"vpce-111bbccc",
"vpce-111bbddd"
]
}
}
}
]
}
```
------
**Example 3: Allow connections from IP addresses using `aws:SourceIp` **
The following policy allows connections only from the specified range of IP addresses using the `aws:SourceIp` condition key.
------
#### [ JSON ]
****
```
{
"Id": "sagemaker-mlflow-example-3",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "MlflowAccess",
"Effect": "Allow",
"Action": [
"sagemaker-mlflow:*"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.0.2.0/24",
"203.0.113.0/24"
]
}
}
}
]
}
```
------
**Example 4: Allow connections from IP addresses through an interface endpoint using `aws:VpcSourceIp`**
If you are accessing SageMaker AI MLflow through an interface endpoint, you can use the `aws:VpcSourceIp` condition key to allow connections only from the specified range of IP addresses within the subnet where you created the interface endpoint as shown in the following policy:
------
#### [ JSON ]
****
```
{
"Id": "sagemaker-mlflow-example-4",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "MlflowAccess",
"Effect": "Allow",
"Action": [
"sagemaker-mlflow:*"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:VpcSourceIp": [
"192.0.2.0/24",
"203.0.113.0/24"
]
},
"StringEquals": {
"aws:SourceVpc": "vpc-111bbaaa"
}
}
}
]
}
```
------
# Connect to a Notebook Instance Through a VPC Interface Endpoint
You can connect to your notebook instance from your VPC through an [interface endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html) in your Virtual Private Cloud (VPC) instead of connecting over the public internet. When you use a VPC interface endpoint, communication between your VPC and the notebook instance is conducted entirely and securely within the AWS network.
SageMaker notebook instances support [Amazon Virtual Private Cloud](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html) (Amazon VPC) interface endpoints that are powered by [AWS PrivateLink](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html#what-is-privatelink). Each VPC endpoint is represented by one or more [Elastic Network Interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) with private IP addresses in your VPC subnets.
**Note**
Before you create an interface VPC endpoint to connect to a notebook instance, create an interface VPC endpoint to connect to the SageMaker API. That way, when users call [
CreatePresignedNotebookInstanceUrl](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html) to get the URL to connect to the notebook instance, that call also goes through the interface VPC endpoint. For information, see [Connect to SageMaker AI Within your VPC](interface-vpc-endpoint.md).
You can create an interface endpoint to connect to your notebook instance with either the AWS Management Console or AWS Command Line Interface (AWS CLI) commands. For instructions, see [Creating an Interface Endpoint](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-interface.html#create-interface-endpoint). Make sure that you create an interface endpoint for all of the subnets in your VPC from which you want to connect to the notebook instance.
When you create the interface endpoint, specify **aws.sagemaker.*Region*.notebook** as the service name. After you create a VPC endpoint, enable private DNS for your VPC endpoint. Anyone using the SageMaker API, the AWS CLI, or the console to connect to the notebook instance from within the VPC connects to the notebook instance through the VPC endpoint instead of the public internet.
SageMaker notebook instances support VPC endpoints in all AWS Regions where both [Amazon VPC](https://docs.aws.amazon.com/general/latest/gr/rande.html#vpc_region) and [SageMaker AI](https://docs.aws.amazon.com/general/latest/gr/rande.html#sagemaker_region) are available.
**Topics**
+ [
## Connect Your Private Network to Your VPC
](#notebook-private-link-vpn-nbi)
+ [
## Create a VPC Endpoint Policy for SageMaker AI Notebook Instances
](#nbi-private-link-policy)
+ [
## Restrict Access to Connections from Within Your VPC
](#notebook-private-link-restrict)
## Connect Your Private Network to Your VPC
To connect to your notebook instance through your VPC, you either have to connect from an instance that is inside the VPC, or connect your private network to your VPC by using an AWS Virtual Private Network (Site-to-Site VPN) or Direct Connect. For information about Site-to-Site VPN, see [VPN Connections](https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html) in the *Amazon Virtual Private Cloud User Guide*. For information about AWS Direct Connect, see [Creating a Connection](https://docs.aws.amazon.com/directconnect/latest/UserGuide/create-connection.html) in the *AWS Direct Connect User Guide*.
## Create a VPC Endpoint Policy for SageMaker AI Notebook Instances
You can create a policy for Amazon VPC endpoints for SageMaker notebook instances to specify the following:
+ The principal that can perform actions.
+ The actions that can be performed.
+ The resources on which actions can be performed.
For more information, see [Controlling Access to Services with VPC Endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) in the *Amazon VPC User Guide*.
The following example of a VPC endpoint policy specifies that all users that have access to the endpoint are allowed to access the notebook instance named `myNotebookInstance`.
```
{
"Statement": [
{
"Action": "sagemaker:CreatePresignedNotebookInstanceUrl",
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:us-west-2:123456789012:notebook-instance/myNotebookInstance",
"Principal": "*"
}
]
}
```
Access to other notebook instances is denied.
## Restrict Access to Connections from Within Your VPC
Even if you set up an interface endpoint in your VPC, individuals outside the VPC can connect to the notebook instance over the internet.
**Important**
If you apply an IAM policy similar to one of the following, users can't access the specified SageMaker APIs or the notebook instance through the console.
To restrict access to only connections made from within your VPC, create an AWS Identity and Access Management policy that restricts access to only calls that come from within your VPC. Then add that policy to every AWS Identity and Access Management user, group, or role used to access the notebook instance.
**Note**
This policy allows connections only to callers within a subnet where you created an interface endpoint.
------
#### [ JSON ]
****
```
{
"Id": "notebook-example-1",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnableNotebookAccess",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedNotebookInstanceUrl",
"sagemaker:DescribeNotebookInstance"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:SourceVpc": "vpc-111bbaaa"
}
}
}
]
}
```
------
If you want to restrict access to the notebook instance to only connections made using the interface endpoint, use the `aws:SourceVpce` condition key instead of `aws:SourceVpc:`
------
#### [ JSON ]
****
```
{
"Id": "notebook-example-1",
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EnableNotebookAccess",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedNotebookInstanceUrl",
"sagemaker:DescribeNotebookInstance"
],
"Resource": "*",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:sourceVpce": [
"vpce-111bbccc",
"vpce-111bbddd"
]
}
}
}
]
}
```
------
Both of these policy examples assume that you have also created an interface endpoint for the SageMaker API. For more information, see [Connect to SageMaker AI Within your VPC](interface-vpc-endpoint.md). In the second example, one of the values for `aws:SourceVpce` is the ID of the interface endpoint for the notebook instance. The other is the ID of the interface endpoint for the SageMaker API.
The policy examples here include [
DescribeNotebookInstance](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeNotebookInstance.html), because typically you would call `DescribeNotebookInstance` to make sure that the `NotebookInstanceStatus` is `InService` before you try to connect to it. For example:
```
aws sagemaker describe-notebook-instance \
--notebook-instance-name myNotebookInstance
{
"NotebookInstanceArn":
"arn:aws:sagemaker:us-west-2:1234567890ab:notebook-instance/mynotebookinstance",
"NotebookInstanceName": "myNotebookInstance",
"NotebookInstanceStatus": "InService",
"Url": "mynotebookinstance.notebook.us-west-2.sagemaker.aws",
"InstanceType": "ml.m4.xlarge",
"RoleArn":
"arn:aws:iam::1234567890ab:role/service-role/AmazonSageMaker-ExecutionRole-12345678T123456",
"LastModifiedTime": 1540334777.501,
"CreationTime": 1523050674.078,
"DirectInternetAccess": "Disabled"
}
aws sagemaker create-presigned-notebook-instance-url --notebook-instance-name myNotebookInstance
{
"AuthorizedUrl": "https://mynotebookinstance.notebook.us-west-2.sagemaker.aws?authToken=AuthToken
}
```
**Note**
The `presigned-notebook-instance-url`, `AuthorizedUrl`, generated can be used from anywhere on the internet.
For both of these calls, if you did not enable private DNS hostnames for your VPC endpoint, or if you are using a version of the AWS SDK that was released before August 13, 2018, you must specify the endpoint URL in the call. For example, the call to `create-presigned-notebook-instance-url` is:
```
aws sagemaker create-presigned-notebook-instance-url
--notebook-instance-name myNotebookInstance --endpoint-url
VPC_Endpoint_ID.api.sagemaker.Region.vpce.amazonaws.com
```
## Connect Your Private Network to Your VPC
To call the SageMaker API and SageMaker AI Runtime through your VPC, you have to connect from an instance that is inside the VPC or connect your private network to your VPC by using an AWS Virtual Private Network (Site-to-Site VPN) or Direct Connect. For information about Site-to-Site VPN, see [VPN Connections](https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html) in the *Amazon Virtual Private Cloud User Guide*. For information about AWS Direct Connect, see [Creating a Connection](https://docs.aws.amazon.com/directconnect/latest/UserGuide/create-connection.html) in the *AWS Direct Connect User Guide*.
# Give SageMaker AI Access to Resources in your Amazon VPC
SageMaker AI runs the following job types in an Amazon Virtual Private Cloud by default.
+ Processing
+ Training
+ Model hosting
+ Batch transform
+ Amazon SageMaker Clarify
+ SageMaker AI Compilation
However, containers for these jobs access AWS resources—such as the Amazon Simple Storage Service (Amazon S3) buckets where you store training data and model artifacts—over the internet.
To control access to your data and job containers, we recommend that you create a private VPC and configure it so that they aren't accessible over the internet. For information about creating and configuring a VPC, see [Getting Started With Amazon VPC](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/getting-started-ipv4.html) in the *Amazon VPC User Guide*. Using a VPC helps to protect your job containers and data because you can configure your VPC so that it is not connected to the internet. Using a VPC also allows you to monitor all network traffic in and out of your job containers by using VPC flow logs. For more information, see [VPC Flow Logs](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html) in the *Amazon VPC User Guide*.
You specify your private VPC configuration when you create jobs by specifying subnets and security groups. When you specify the subnets and security groups, SageMaker AI creates *elastic network interfaces* that are associated with your security groups in one of the subnets. Network interfaces allow your job containers to connect to resources in your VPC. For information about network interfaces, see [Elastic Network Interfaces](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ElasticNetworkInterfaces.html) in the *Amazon VPC User Guide*.
You specify a VPC configuration within the `VpcConfig` object of the [CreateProcessingJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob.html) operation or [CreateTrainingJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html) operation. Specifying a VPC configuration when you create a training job gives your model access to resources within your VPC.
Specifying a VPC configuration alone doesn't change the invocation path. To connect to Amazon SageMaker AI within a VPC, create a VPC endpoint and invoke it. For more information, see [Connect to SageMaker AI Within your VPC](interface-vpc-endpoint.md).
**Topics**
+ [
# Give SageMaker AI Processing Jobs Access to Resources in Your Amazon VPC
](process-vpc.md)
+ [
# Give SageMaker AI Training Jobs Access to Resources in Your Amazon VPC
](train-vpc.md)
+ [
# Give SageMaker AI Hosted Endpoints Access to Resources in Your Amazon VPC
](host-vpc.md)
+ [
# Give Batch Transform Jobs Access to Resources in Your Amazon VPC
](batch-vpc.md)
+ [
# Give Amazon SageMaker Clarify Jobs Access to Resources in Your Amazon VPC
](clarify-vpc.md)
+ [
# Give SageMaker AI Compilation Jobs Access to Resources in Your Amazon VPC
](neo-vpc.md)
+ [
# Give Inference Recommender Jobs Access to Resources in Your Amazon VPC
](inference-recommender-vpc-access.md)
# Give SageMaker AI Processing Jobs Access to Resources in Your Amazon VPC
To control access to your data and processing jobs, create a Amazon VPC with private subnets. For information about creating and configuring a VPC, see [Get Started With Amazon VPC](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-getting-started.html) in the *Amazon VPC User Guide*.
You can monitor all network traffic in and out of your processing containers by using VPC flow logs. For more information, see [VPC Flow Logs](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html) in the *Amazon VPC User Guide*.
This document explains how to add Amazon VPC configurations for processing jobs.
## Configure a Processing Job for Amazon VPC Access
You configure the processing job by specifying the subnets and security group IDs within the VPC. You don’t need to specify the subnet for the processing container. Amazon SageMaker AI automatically pulls the processing container from Amazon ECR. For more information about processing containers, see [Data transformation workloads with SageMaker Processing](processing-job.md).
When creating a processing job, you can specify subnets and security groups in your VPC using either the SageMaker AI console or the API.
To use the API, you specify the subnets and security group IDs in the `NetworkConfig.VpcConfig` parameter of the [ CreateProcessingJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob.html) operation. SageMaker AI uses the subnet and security group details to create the network interfaces and attaches them to the processing containers. The network interfaces provide the processing containers with a network connection within your VPC. This allows the processing job to connect to resources that exist in your VPC.
The following is an example of the `VpcConfig` parameter that you include in your call to the `CreateProcessingJob` operation:
```
VpcConfig: {
"Subnets": [
"subnet-0123456789abcdef0",
"subnet-0123456789abcdef1",
"subnet-0123456789abcdef2"
],
"SecurityGroupIds": [
"sg-0123456789abcdef0"
]
}
```
## Configure Your Private VPC for SageMaker AI Processing
When configuring the private VPC for your SageMaker AI processing jobs, use the following guidelines. For information about setting up a VPC, see [Working with VPCs and Subnets](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/working-with-vpcs.html) in the *Amazon VPC User Guide*.
**Topics**
+ [
### Ensure That Subnets Have Enough IP Addresses
](#process-vpc-ip)
+ [
### Create an Amazon S3 VPC Endpoint
](#process-vpc-s3)
+ [
### Use a Custom Endpoint Policy to Restrict Access to S3
](#process-vpc-policy)
+ [
### Configure Route Tables
](#process-vpc-route-table)
+ [
### Configure the VPC Security Group
](#process-vpc-groups)
+ [
### Connect to Resources Outside Your VPC
](#process-vpc-nat)
+ [
### Monitor Amazon SageMaker Processing Jobs with CloudWatch Logs and Metrics
](#process-vpc-cloudwatch)
### Ensure That Subnets Have Enough IP Addresses
Your VPC subnets should have at least two private IP addresses for each instance in a processing job. For more information, see [VPC and Subnet Sizing for IPv4](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#vpc-sizing-ipv4) in the *Amazon VPC User Guide*.
### Create an Amazon S3 VPC Endpoint
If you configure your VPC so that processing containers don't have access to the internet, they can't connect to the Amazon S3 buckets that contain your data unless you create a VPC endpoint that allows access. By creating a VPC endpoint, you allow your processing containers to access the buckets where you store your data. We recommend that you also create a custom policy that allows only requests from your private VPC to access to your S3 buckets. For more information, see [Endpoints for Amazon S3](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints-s3.html).
**To create an S3 VPC endpoint:**
1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **Endpoints**, then choose **Create Endpoint**
1. For **Service Name**, choose **com.amazonaws.*region*.s3**, where *region* is the name of the region where your VPC resides.
1. For **VPC**, choose the VPC you want to use for this endpoint.
1. For **Configure route tables**, select the route tables to be used by the endpoint. The VPC service automatically adds a route to each route table you select that points any S3 traffic to the new endpoint.
1. For **Policy**, choose **Full Access** to allow full access to the S3 service by any user or service within the VPC. Choose **Custom** to restrict access further. For information, see [Use a Custom Endpoint Policy to Restrict Access to S3](#process-vpc-policy).
### Use a Custom Endpoint Policy to Restrict Access to S3
The default endpoint policy allows full access to S3 for any user or service in your VPC. To further restrict access to S3, create a custom endpoint policy. For more information, see [Using Endpoint Policies for Amazon S3](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-policies-s3). You can also use a bucket policy to restrict access to your S3 buckets to only traffic that comes from your Amazon VPC. For information, see [Using Amazon S3 Bucket Policies](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-s3-bucket-policies).
#### Restrict Package Installation on the Processing Container
The default endpoint policy allows users to install packages from the Amazon Linux and Amazon Linux 2 repositories on the processing container. If you don't want users to install packages from that repository, create a custom endpoint policy that explicitly denies access to the Amazon Linux and Amazon Linux 2 repositories. The following is an example of a policy that denies access to these repositories:
```
{
"Statement": [
{
"Sid": "AmazonLinuxAMIRepositoryAccess",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::packages.*.amazonaws.com/*",
"arn:aws:s3:::repo.*.amazonaws.com/*"
]
}
]
}
{
"Statement": [
{ "Sid": "AmazonLinux2AMIRepositoryAccess",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::amazonlinux.*.amazonaws.com/*"
]
}
]
}
```
### Configure Route Tables
Use default DNS settings for your endpoint route table, so that standard Amazon S3 URLs (for example, `http://s3-aws-region.amazonaws.com/amzn-s3-demo-bucket`) resolve. If you don't use default DNS settings, ensure that the URLs that you use to specify the locations of the data in your processing jobs resolve by configuring the endpoint route tables. For information about VPC endpoint route tables, see [Routing for Gateway Endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-gateway.html#vpc-endpoints-routing) in the *Amazon VPC User Guide*.
### Configure the VPC Security Group
In distributed processing, you must allow communication between the different containers in the same processing job. To do that, configure a rule for your security group that allows inbound connections between members of the same security group. For more information, see [Security Group Rules](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#SecurityGroupRules).
### Connect to Resources Outside Your VPC
If you're connecting your models to resources outside the VPC that they're running in, do one of the following:
+ **Connect to other AWS services** – If your model needs access to an AWS service that supports interface Amazon VPC endpoints, create an endpoint to connect to that service. For a list of services that support interface endpoints, see [AWS services that integrate with AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html) in the AWS PrivateLink User Guide. For information about creating an interface VPC endpoint, see [Access an AWS service using an interface VPC endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html) in the AWS PrivateLink User Guide.
+ **Connect to resources over the internet** – If your models are running on instances in an Amazon VPC that does not have a subnet with access to the internet, the models won't have access to resources on the internet. If your model needs access to an AWS service that doesn't support interface VPC endpoints, or to a resource outside of AWS, ensure that you are running your models in a private subnet that has access to the internet using a public NAT gateway in a public subnet. After you have your models running in the private subnet, configure your security groups and network access control lists (NACLs) to allow outbound connections from the private subnet to the public NAT gateway in the public subnet. For information, see [NAT gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html ) in the Amazon VPC User Guide.
### Monitor Amazon SageMaker Processing Jobs with CloudWatch Logs and Metrics
Amazon SageMaker AI provides Amazon CloudWatch logs and metrics to monitor training jobs. CloudWatch provides CPU, GPU, memory, GPU memory, and disk metrics, and event logging. For more information about monitoring Amazon SageMaker processing jobs, see [Amazon SageMaker AI metrics in Amazon CloudWatch](monitoring-cloudwatch.md) and [SageMaker AI job metrics](monitoring-cloudwatch.md#cloudwatch-metrics-jobs).
# Give SageMaker AI Training Jobs Access to Resources in Your Amazon VPC
**Note**
For training jobs, you can configure only subnets with a default tenancy VPC in which your instance runs on shared hardware. For more information on the tenancy attribute for VPCs, see [Dedicated Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html).
## Configure a Training Job for Amazon VPC Access
To control access to your training jobs, run them in an Amazon VPC with private subnets that don’t have internet access.
You configure the training job to run in the VPC by specifying its subnets and security group IDs. You don’t need to specify the subnet for the container of the training job. Amazon SageMaker AI automatically pulls the training container image from Amazon ECR.
When you create a training job, you can specify the subnets and security groups in your VPC using the Amazon SageMaker AI console or the API.
To use the API, you specify the subnets and security group IDs in the `VpcConfig` parameter of the [ CreateTrainingJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html) operation. SageMaker AI uses the subnet and security group details to create the network interfaces and attaches them to the training containers. The network interfaces provide the training containers with a network connection within your VPC. This allows the training job to connect to resources that exist in your VPC.
The following is an example of the `VpcConfig` parameter that you include in your call to the `CreateTrainingJob` operation:
```
VpcConfig: {
"Subnets": [
"subnet-0123456789abcdef0",
"subnet-0123456789abcdef1",
"subnet-0123456789abcdef2"
],
"SecurityGroupIds": [
"sg-0123456789abcdef0"
]
}
```
## Configure Your Private VPC for SageMaker AI Training
When configuring the private VPC for your SageMaker AI training jobs, use the following guidelines. For information about setting up a VPC, see [Working with VPCs and Subnets](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/working-with-vpcs.html) in the *Amazon VPC User Guide*.
**Topics**
+ [
### Ensure That Subnets Have Enough IP Addresses
](#train-vpc-ip)
+ [
### Create an Amazon S3 VPC Endpoint
](#train-vpc-s3)
+ [
### Use a Custom Endpoint Policy to Restrict Access to S3
](#train-vpc-policy)
+ [
### Configure Route Tables
](#train-vpc-route-table)
+ [
### Configure the VPC Security Group
](#train-vpc-groups)
+ [
### Connect to Resources Outside Your VPC
](#train-vpc-nat)
+ [
### Monitor Amazon SageMaker Training Jobs with CloudWatch Logs and Metrics
](#train-vpc-cloudwatch)
### Ensure That Subnets Have Enough IP Addresses
Training instances that *don't use* an Elastic Fabric Adapter (EFA) should have at least 2 private IP addresses. Training instances that use an EFA should have at least 5 private IP addresses. For more information, see [Multiple IP addresses](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html) in the Amazon EC2 User Guide.
Your VPC subnets should have at least two private IP addresses for each instance in a training job. For more information, see [VPC and Subnet Sizing for IPv4](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#vpc-sizing-ipv4) in the *Amazon VPC User Guide*.
### Create an Amazon S3 VPC Endpoint
If you configure your VPC so that training containers don't have access to the internet, they can't connect to the Amazon S3 buckets that contain your training data unless you create a VPC endpoint that allows access. By creating a VPC endpoint, you allow your training containers to access the buckets where you store your data and model artifacts. We recommend that you also create a custom policy that allows only requests from your private VPC to access to your S3 buckets. For more information, see [Endpoints for Amazon S3](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints-s3.html).
**To create an S3 VPC endpoint:**
1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **Endpoints**, then choose **Create Endpoint**
1. For **Service Name**, search for **com.amazonaws.*region*.s3**, where *region* is the name of the region where your VPC resides.
1. Choose the **Gateway** type.
1. For **VPC**, choose the VPC you want to use for this endpoint.
1. For **Configure route tables**, select the route tables to be used by the endpoint. The VPC service automatically adds a route to each route table you select that points any S3 traffic to the new endpoint.
1. For **Policy**, choose **Full Access** to allow full access to the S3 service by any user or service within the VPC. Choose **Custom** to restrict access further. For information, see [Use a Custom Endpoint Policy to Restrict Access to S3](#train-vpc-policy).
### Use a Custom Endpoint Policy to Restrict Access to S3
The default endpoint policy allows full access to S3 for any user or service in your VPC. To further restrict access to S3, create a custom endpoint policy. For more information, see [Using Endpoint Policies for Amazon S3](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-policies-s3). You can also use a bucket policy to restrict access to your S3 buckets to only traffic that comes from your Amazon VPC. For information, see [Using Amazon S3 Bucket Policies](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-s3-bucket-policies).
#### Restrict Package Installation on the Training Container
The default endpoint policy allows users to install packages from the Amazon Linux and Amazon Linux 2 repositories on the training container. If you don't want users to install packages from that repository, create a custom endpoint policy that explicitly denies access to the Amazon Linux and Amazon Linux 2 repositories. The following is an example of a policy that denies access to these repositories:
```
{
"Statement": [
{
"Sid": "AmazonLinuxAMIRepositoryAccess",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::packages.*.amazonaws.com/*",
"arn:aws:s3:::repo.*.amazonaws.com/*"
]
}
]
}
{
"Statement": [
{ "Sid": "AmazonLinux2AMIRepositoryAccess",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::amazonlinux.*.amazonaws.com/*"
]
}
]
}
```
### Configure Route Tables
Use default DNS settings for your endpoint route table, so that standard Amazon S3 URLs (for example, `http://s3-aws-region.amazonaws.com/amzn-s3-demo-bucket`) resolve. If you don't use default DNS settings, ensure that the URLs that you use to specify the locations of the data in your training jobs resolve by configuring the endpoint route tables. For information about VPC endpoint route tables, see [Routing for Gateway Endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-gateway.html#vpc-endpoints-routing) in the *Amazon VPC User Guide*.
### Configure the VPC Security Group
In distributed training, you must allow communication between the different containers in the same training job. To do that, configure a rule for your security group that allows inbound connections between members of the same security group. For EFA-enabled instances, ensure that both inbound and outbound connections allow all traffic from the same security group. For information, see [Security Group Rules](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#SecurityGroupRules) in the *Amazon Virtual Private Cloud User Guide*.
### Connect to Resources Outside Your VPC
If you configure your VPC so that it doesn't have internet access, training jobs that use that VPC do not have access to resources outside your VPC. If your training job needs access to resources outside your VPC, provide access with one of the following options:
+ If your training job needs access to an AWS service that supports interface VPC endpoints, create an endpoint to connect to that service. For a list of services that support interface endpoints, see [VPC Endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html) in the *Amazon Virtual Private Cloud User Guide*. For information about creating an interface VPC endpoint, see [Interface VPC Endpoints (AWS PrivateLink)](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-interface.html) in the *Amazon Virtual Private Cloud User Guide*.
+ If your training job needs access to an AWS service that doesn't support interface VPC endpoints or to a resource outside of AWS, create a NAT gateway and configure your security groups to allow outbound connections. For information about setting up a NAT gateway for your VPC, see [Scenario 2: VPC with Public and Private Subnets (NAT)](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html) in the *Amazon Virtual Private Cloud User Guide*.
### Monitor Amazon SageMaker Training Jobs with CloudWatch Logs and Metrics
Amazon SageMaker AI provides Amazon CloudWatch logs and metrics to monitor training jobs. CloudWatch provides CPU, GPU, memory, GPU memory, and disk metrics, and event logging. For more information about monitoring Amazon SageMaker training jobs, see [Amazon SageMaker AI metrics in Amazon CloudWatch](monitoring-cloudwatch.md) and [SageMaker AI job metrics](monitoring-cloudwatch.md#cloudwatch-metrics-jobs).
# Give SageMaker AI Hosted Endpoints Access to Resources in Your Amazon VPC
## Configure a Model for Amazon VPC Access
To specify subnets and security groups in your private VPC, use the `VpcConfig` request parameter of the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html) API, or provide this information when you create a model in the SageMaker AI console. SageMaker AI uses this information to create network interfaces and attach them to your model containers. The network interfaces provide your model containers with a network connection within your VPC that is not connected to the internet. They also enable your model to connect to resources in your private VPC.
**Note**
You must create at least two subnets in different availability zones in your private VPC, even if you have only one hosting instance.
The following is an example of the `VpcConfig` parameter that you include in your call to `CreateModel`:
```
VpcConfig: {
"Subnets": [
"subnet-0123456789abcdef0",
"subnet-0123456789abcdef1",
"subnet-0123456789abcdef2"
],
"SecurityGroupIds": [
"sg-0123456789abcdef0"
]
}
```
## Configure Your Private VPC for SageMaker AI Hosting
When configuring the private VPC for your SageMaker AI models, use the following guidelines. For information about setting up a VPC, see [Working with VPCs and Subnets](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/working-with-vpcs.html) in the *Amazon VPC User Guide*.
**Topics**
+ [
### Ensure That Subnets Have Enough IP Addresses
](#host-vpc-ip)
+ [
### Create an Amazon S3 VPC Endpoint
](#host-vpc-s3)
+ [
### Use a Custom Endpoint Policy to Restrict Access to Amazon S3
](#host-vpc-policy)
+ [
### Add Permissions for Endpoint Access for Containers Running in a VPC to Custom IAM Policies
](#host-vpc-endpoints)
+ [
### Configure Route Tables
](#host-vpc-route-table)
+ [
### Connect to Resources Outside Your VPC
](#model-vpc-nat)
### Ensure That Subnets Have Enough IP Addresses
Training instances that don't use an Elastic Fabric Adapter (EFA) should have at least 2 private IP addresses. Training instances that use an EFA should have at least 5 private IP addresses. For more information, see [Multiple IP addresses](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html) in the Amazon EC2 User Guide.
### Create an Amazon S3 VPC Endpoint
If you configure your VPC so that model containers don't have access to the internet, they can't connect to the Amazon S3 buckets that contain your data unless you create a VPC endpoint that allows access. By creating a VPC endpoint, you allow your model containers to access the buckets where you store your data and model artifacts . We recommend that you also create a custom policy that allows only requests from your private VPC to access to your S3 buckets. For more information, see [Endpoints for Amazon S3](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints-s3.html).
**To create an Amazon S3 VPC endpoint:**
1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **Endpoints**, then choose **Create Endpoint**
1. For **Service Name**, choose **com.amazonaws.*region*.s3**, where *region* is the name of the AWS Region where your VPC resides.
1. For **VPC**, choose the VPC that you want to use for this endpoint.
1. For **Configure route tables**, choose the route tables for the endpoint to use. The VPC service automatically adds a route to each route table that you choose that points Amazon S3 traffic to the new endpoint.
1. For **Policy**, choose **Full Access** to allow full access to the Amazon S3 service by any user or service within the VPC. To restrict access further, choose **Custom**. For more information, see [Use a Custom Endpoint Policy to Restrict Access to Amazon S3](#host-vpc-policy).
### Use a Custom Endpoint Policy to Restrict Access to Amazon S3
The default endpoint policy allows full access to Amazon Simple Storage Service (Amazon S3) for any user or service in your VPC. To further restrict access to Amazon S3, create a custom endpoint policy. For more information, see [Using Endpoint Policies for Amazon S3](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-policies-s3).
You can also use a bucket policy to restrict access to your S3 buckets to only traffic that comes from your Amazon VPC. For information, see [Using Amazon S3 Bucket Policies](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-s3-bucket-policies).
#### Restrict Package Installation on the Model Container with a Custom Endpoint Policy
The default endpoint policy allows users to install packages from the Amazon Linux and Amazon Linux 2 repositories on the model container. If you don't want users to install packages from those repositories, create a custom endpoint policy that explicitly denies access to the Amazon Linux and Amazon Linux 2 repositories. The following is an example of a policy that denies access to these repositories:
```
{
"Statement": [
{
"Sid": "AmazonLinuxAMIRepositoryAccess",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::packages.*.amazonaws.com/*",
"arn:aws:s3:::repo.*.amazonaws.com/*"
]
}
]
}
{
"Statement": [
{ "Sid": "AmazonLinux2AMIRepositoryAccess",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::amazonlinux.*.amazonaws.com/*"
]
}
]
}
```
### Add Permissions for Endpoint Access for Containers Running in a VPC to Custom IAM Policies
The `SageMakerFullAccess` managed policy includes the permissions that you need to use models configured for Amazon VPC access with an endpoint. These permissions allow SageMaker AI to create an elastic network interface and attach it to model containers running in a VPC. If you use your own IAM policy, you must add the following permissions to that policy to use models configured for VPC access.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcEndpoints",
"ec2:DescribeDhcpOptions",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreateNetworkInterface"
],
"Resource": "*"
}
]
}
```
------
For more information about the `SageMakerFullAccess` managed policy, see [AWS managed policy: AmazonSageMakerFullAccess](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonSageMakerFullAccess).
### Configure Route Tables
Use default DNS settings for your endpoint route table, so that standard Amazon S3 URLs (for example, `http://s3-aws-region.amazonaws.com/amzn-s3-demo-bucket`) resolve. If you don't use default DNS settings, ensure that the URLs that you use to specify the locations of the data in your models resolve by configuring the endpoint route tables. For information about VPC endpoint route tables, see [Routing for Gateway Endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-gateway.html#vpc-endpoints-routing) in the *Amazon VPC User Guide*.
### Connect to Resources Outside Your VPC
If you configure your VPC so that it doesn't have internet access, models that use that VPC do not have access to resources outside your VPC. If your model needs access to resources outside your VPC, provide access with one of the following options:
+ If your model needs access to an AWS service that supports interface VPC endpoints, create an endpoint to connect to that service. For a list of services that support interface endpoints, see [VPC Endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html) in the *Amazon VPC User Guide*. For information about creating an interface VPC endpoint, see [Interface VPC Endpoints (AWS PrivateLink)](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-interface.html) in the *Amazon VPC User Guide*.
+ If your model needs access to an AWS service that doesn't support interface VPC endpoints or to a resource outside of AWS, create a NAT gateway and configure your security groups to allow outbound connections. For information about setting up a NAT gateway for your VPC, see [Scenario 2: VPC with Public and Private Subnets (NAT)](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html) in the *Amazon Virtual Private Cloud User Guide*.
# Give Batch Transform Jobs Access to Resources in Your Amazon VPC
To control access to your data and batch transform jobs, we recommend that you create a private Amazon VPC and configure it so that your jobs aren't accessible over the public internet. You specify your private VPC configuration when you create a model by specifying subnets and security groups. You then specify the same model when you create a batch transform job. When you specify the subnets and security groups, SageMaker AI creates *elastic network interfaces* that are associated with your security groups in one of the subnets. Network interfaces allow your model containers to connect to resources in your VPC. For information about network interfaces, see [Elastic Network Interfaces](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ElasticNetworkInterfaces.html) in the *Amazon VPC User Guide*.
This document explains how to add Amazon VPC configurations for batch transform jobs.
## Configure a Batch Transform Job for Amazon VPC Access
To specify subnets and security groups in your private VPC, use the `VpcConfig` request parameter of the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html) API, or provide this information when you create a model in the SageMaker AI console. Then specify the same model in the `ModelName` request parameter of the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTransformJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTransformJob.html) API, or in the **Model name** field when you create a transform job in the SageMaker AI console. SageMaker AI uses this information to create network interfaces and attach them to your model containers. The network interfaces provide your model containers with a network connection within your VPC that is not connected to the internet. They also enable your transform job to connect to resources in your private VPC.
The following is an example of the `VpcConfig` parameter that you include in your call to `CreateModel`:
```
VpcConfig: {
"Subnets": [
"subnet-0123456789abcdef0",
"subnet-0123456789abcdef1",
"subnet-0123456789abcdef2"
],
"SecurityGroupIds": [
"sg-0123456789abcdef0"
]
}
```
If you are creating a model using the `CreateModel` API operation, the IAM execution role that you use to create your model must include the permissions described in [CreateModel API: Execution Role Permissions](sagemaker-roles.md#sagemaker-roles-createmodel-perms), including the following permissions required for a private VPC.
When creating a model in the console, if you select **Create a new role** in the **Model Settings** section, the [AmazonSageMakerFullAccess ](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AmazonSageMakerFullAccess$jsonEditor) policy used to create the role already contains these permissions. If you select **Enter a custom IAM role ARN** or **Use existing role**, the role ARN that you specify must have an execution policy attached with the following permissions.
```
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
```
## Configure Your Private VPC for SageMaker AI Batch Transform
When configuring the private VPC for your SageMaker AI batch transform jobs, use the following guidelines. For information about setting up a VPC, see [Working with VPCs and Subnets](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/working-with-vpcs.html) in the *Amazon VPC User Guide*.
**Topics**
+ [
### Ensure That Subnets Have Enough IP Addresses
](#batch-vpc-ip)
+ [
### Create an Amazon S3 VPC Endpoint
](#batch-vpc-s3)
+ [
### Use a Custom Endpoint Policy to Restrict Access to S3
](#batch-vpc-policy)
+ [
### Configure Route Tables
](#batch-vpc-route-table)
+ [
### Configure the VPC Security Group
](#batch-vpc-groups)
+ [
### Connect to Resources Outside Your VPC
](#batch-vpc-nat)
### Ensure That Subnets Have Enough IP Addresses
Your VPC subnets should have at least two private IP addresses for each instance in a transform job. For more information, see [VPC and Subnet Sizing for IPv4](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#vpc-sizing-ipv4) in the *Amazon VPC User Guide*.
### Create an Amazon S3 VPC Endpoint
If you configure your VPC so that model containers don't have access to the internet, they can't connect to the Amazon S3 buckets that contain your data unless you create a VPC endpoint that allows access. By creating a VPC endpoint, you allow your model containers to access the buckets where you store your data and model artifacts . We recommend that you also create a custom policy that allows only requests from your private VPC to access to your S3 buckets. For more information, see [Endpoints for Amazon S3](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints-s3.html).
**To create an S3 VPC endpoint:**
1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **Endpoints**, then choose **Create Endpoint**
1. For **Service Name**, choose **com.amazonaws.*region*.s3**, where *region* is the name of the region where your VPC resides.
1. For **VPC**, choose the VPC you want to use for this endpoint.
1. For **Configure route tables**, select the route tables to be used by the endpoint. The VPC service automatically adds a route to each route table you select that points any S3 traffic to the new endpoint.
1. For **Policy**, choose **Full Access** to allow full access to the S3 service by any user or service within the VPC. Choose **Custom** to restrict access further. For information, see [Use a Custom Endpoint Policy to Restrict Access to S3](#batch-vpc-policy).
### Use a Custom Endpoint Policy to Restrict Access to S3
The default endpoint policy allows full access to S3 for any user or service in your VPC. To further restrict access to S3, create a custom endpoint policy. For more information, see [Using Endpoint Policies for Amazon S3](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-policies-s3). You can also use a bucket policy to restrict access to your S3 buckets to only traffic that comes from your Amazon VPC. For information, see [Using Amazon S3 Bucket Policies](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-s3-bucket-policies).
#### Restrict Package Installation on the Model Container
The default endpoint policy allows users to install packages from the Amazon Linux and Amazon Linux 2 repositories on the training container. If you don't want users to install packages from that repository, create a custom endpoint policy that explicitly denies access to the Amazon Linux and Amazon Linux 2 repositories. The following is an example of a policy that denies access to these repositories:
```
{
"Statement": [
{
"Sid": "AmazonLinuxAMIRepositoryAccess",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::packages.*.amazonaws.com/*",
"arn:aws:s3:::repo.*.amazonaws.com/*"
]
}
]
}
{
"Statement": [
{ "Sid": "AmazonLinux2AMIRepositoryAccess",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::amazonlinux.*.amazonaws.com/*"
]
}
]
}
```
### Configure Route Tables
Use default DNS settings for your endpoint route table, so that standard Amazon S3 URLs (for example, `http://s3-aws-region.amazonaws.com/amzn-s3-demo-bucket`) resolve. If you don't use default DNS settings, ensure that the URLs that you use to specify the locations of the data in your batch transform jobs resolve by configuring the endpoint route tables. For information about VPC endpoint route tables, see [Routing for Gateway Endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-gateway.html#vpc-endpoints-routing) in the *Amazon VPC User Guide*.
### Configure the VPC Security Group
In distributed batch transform, you must allow communication between the different containers in the same batch transform job. To do that, configure a rule for your security group that allows inbound and outbound connections between members of the same security group. Members of the same security group should be able to communicate with each other across all ports. For more information, see [Security Group Rules](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#SecurityGroupRules).
### Connect to Resources Outside Your VPC
If you configure your VPC so that it doesn't have internet access, batch transform jobs that use that VPC do not have access to resources outside your VPC. If your batch transform job needs access to resources outside your VPC, provide access with one of the following options:
+ If your batch transform job needs access to an AWS service that supports interface VPC endpoints, create an endpoint to connect to that service. For a list of services that support interface endpoints, see [VPC Endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html) in the *Amazon VPC User Guide*. For information about creating an interface VPC endpoint, see [Interface VPC Endpoints (AWS PrivateLink)](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-interface.html) in the *Amazon VPC User Guide*.
+ If your batch transform job needs access to an AWS service that doesn't support interface VPC endpoints or to a resource outside of AWS, create a NAT gateway and configure your security groups to allow outbound connections. For information about setting up a NAT gateway for your VPC, see [Scenario 2: VPC with Public and Private Subnets (NAT)](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html) in the *Amazon Virtual Private Cloud User Guide*.
# Give Amazon SageMaker Clarify Jobs Access to Resources in Your Amazon VPC
To control access to your data and SageMaker Clarify jobs, we recommend that you create a private Amazon VPC and configure it so that your jobs aren't accessible over the public internet. For information about creating and configuring an Amazon VPC for processing jobs, see [Give SageMaker Processing Jobs Access to Resources in Your Amazon VPC](https://docs.aws.amazon.com/sagemaker/latest/dg/process-vpc).
This document explains how to add additional Amazon VPC configurations that meet the requirements for SageMaker Clarify jobs.
**Topics**
+ [
## Configure a SageMaker Clarify Job for Amazon VPC Access
](#clarify-vpc-config)
+ [
## Configure Your Private Amazon VPC for SageMaker Clarify jobs
](#clarify-vpc-vpc)
## Configure a SageMaker Clarify Job for Amazon VPC Access
You need to specify subnets and security groups when configuring your private Amazon VPC for SageMaker Clarify jobs and to enable the job to get inferences from the SageMaker AI model when computing post-training bias metrics and feature contributions that help explain model predictions.
**Topics**
+ [
### SageMaker Clarify Job Amazon VPC Subnets and Security Groups
](#clarify-vpc-job)
+ [
### Configure a Model Amazon VPC for Inference
](#clarify-vpc-model)
### SageMaker Clarify Job Amazon VPC Subnets and Security Groups
Subnets and security groups in your private Amazon VPC can be assigned to a SageMaker Clarify job in various ways, depending on how you create the job.
+ **SageMaker AI console**: Provide this information when you create the job in the **SageMaker AI Dashboard**. From the **Processing** menu, choose **Processing jobs**, then choose **Create processing job**. Select the **VPC** option in the **Network** panel and provide the subnets and security groups using the drop-down lists. Make sure network isolation option provided in this panel is turned off.
+ **SageMaker API**: Use the `NetworkConfig.VpcConfig` request parameter of the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob) API, as shown in the following example:
```
"NetworkConfig": {
"VpcConfig": {
"Subnets": [
"subnet-0123456789abcdef0",
"subnet-0123456789abcdef1",
"subnet-0123456789abcdef2"
],
"SecurityGroupIds": [
"sg-0123456789abcdef0"
]
}
}
```
+ **SageMaker Python SDK**: Use the `NetworkConfig` parameter of the [https://sagemaker.readthedocs.io/en/stable/api/training/processing.html?highlight=Processor#sagemaker.clarify.SageMakerClarifyProcessor](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html?highlight=Processor#sagemaker.clarify.SageMakerClarifyProcessor) API or [https://sagemaker.readthedocs.io/en/stable/api/training/processing.html?highlight=Processor#sagemaker.processing.Processor](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html?highlight=Processor#sagemaker.processing.Processor) API, as shown in the following example:
```
from sagemaker.network import NetworkConfig
network_config = NetworkConfig(
subnets=[
"subnet-0123456789abcdef0",
"subnet-0123456789abcdef1",
"subnet-0123456789abcdef2",
],
security_group_ids=[
"sg-0123456789abcdef0",
],
)
```
SageMaker AI uses the information to create network interfaces and attach them to the SageMaker Clarify job. The network interfaces provide a SageMaker Clarify job with a network connection within your Amazon VPC that is not connected to the public internet. They also enable the SageMaker Clarify job to connect to resources in your private Amazon VPC.
**Note**
The network isolation option of the SageMaker Clarify job must be turned off (by default the option is turned off) so that the SageMaker Clarify job can communicate with the shadow endpoint.
### Configure a Model Amazon VPC for Inference
In order to compute post-training bias metrics and explainability, the SageMaker Clarify job needs to get inferences from the SageMaker AI model that is specified by the `model_name` parameter of the [analysis configuration](https://docs.aws.amazon.com/sagemaker/latest/dg/clarify-configure-processing-jobs.html#clarify-processing-job-configure-analysis) for the SageMaker Clarify processing job. Alternatively, if you use the `SageMakerClarifyProcessor` API in the SageMaker AI Python SDK, the job needs to get the `model_name` specified by the [ModelConfig](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html?highlight=Processor#sagemaker.clarify.ModelConfig) class. To accomplish this, the SageMaker Clarify job creates an ephemeral endpoint with the model, known as a *shadow endpoint*, and then applies the Amazon VPC configuration of the model to the shadow endpoint.
To specify subnets and security groups in your private Amazon VPC to the SageMaker AI model, use the `VpcConfig` request parameter of the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel) API or provide this information when you create the model using the SageMaker AI dashboard in the console. The following is an example of the `VpcConfig` parameter that you include in your call to `CreateModel`:
```
"VpcConfig": {
"Subnets": [
"subnet-0123456789abcdef0",
"subnet-0123456789abcdef1",
"subnet-0123456789abcdef2"
],
"SecurityGroupIds": [
"sg-0123456789abcdef0"
]
}
```
You can specify the number of instances of the shadow endpoint to launch with the `initial_instance_count` parameter of the [analysis configuration](https://docs.aws.amazon.com/sagemaker/latest/dg/clarify-configure-processing-jobs.html#clarify-processing-job-configure-analysis) for the SageMaker Clarify processing job. Alternatively, if you use the `SageMakerClarifyProcessor` API in the SageMaker AI Python SDK, the job needs to get the `instance_count` specified by the [ModelConfig](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html?highlight=Processor#sagemaker.clarify.ModelConfig) class.
**Note**
Even if you only request one instance when creating the shadow endpoint, you need at least two subnets in the model's [ModelConfig](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html?highlight=Processor#sagemaker.clarify.ModelConfig) in distinct availability zones. Otherwise the shadow endpoint creation fails with the following error:
ClientError: Error hosting endpoint sagemaker-clarify-endpoint-XXX: Failed. Reason: Unable to locate at least 2 availability zone(s) with the requested instance type YYY that overlap with SageMaker AI subnets.
If your model requires model files in Amazon S3, then the model Amazon VPC needs to have an Amazon S3 VPC endpoint. For more information about creating and configuring an Amazon VPC for SageMaker AI models, see [Give SageMaker AI Hosted Endpoints Access to Resources in Your Amazon VPC](host-vpc.md).
## Configure Your Private Amazon VPC for SageMaker Clarify jobs
In general, you can follow the steps in [Configure Your Private VPC for SageMaker Processing](https://docs.aws.amazon.com/sagemaker/latest/dg/process-vpc.html#process-vpc-vpc) to configure your private Amazon VPC for SageMaker Clarify jobs. Here are some highlights and special requirements for SageMaker Clarify jobs.
**Topics**
+ [
### Connect to Resources Outside Your Amazon VPC
](#clarify-vpc-nat)
+ [
### Configure the Amazon VPC Security Group
](#clarify-vpc-security-group)
### Connect to Resources Outside Your Amazon VPC
If you configure your Amazon VPC so that it does not have public internet access, then some additional setup is required to grant SageMaker Clarify jobs access to resources and services outside of your Amazon VPC. For example, an Amazon S3 VPC endpoint is required because a SageMaker Clarify job needs to load a dataset from an S3 bucket as well as save the analysis results to an S3 bucket. For more information, see [Create an Amazon S3 VPC Endpoint](https://docs.aws.amazon.com/sagemaker/latest/dg/process-vpc.html#process-vpc-s3) for the creation guide. In addition, if a SageMaker Clarify job needs to get inferences from the shadow endpoint, then it needs to call several more AWS services.
+ **Create an Amazon SageMaker API service VPC endpoint**: The SageMaker Clarify job needs to call the Amazon SageMaker API service to manipulate the shadow endpoint, or to describe a SageMaker AI model for Amazon VPC validation. You can follow the guidance provided in the [Securing all Amazon SageMaker API calls with AWS PrivateLink](https://aws.amazon.com/blogs/machine-learning/securing-all-amazon-sagemaker-api-calls-with-aws-privatelink/) blog to create an Amazon SageMaker API VPC endpoint that allows the SageMaker Clarify job to make the service calls. Note that the service name of Amazon SageMaker API service is `com.amazonaws.region.sagemaker.api`, where *region* is the name of the Region where your Amazon VPC resides.
+ **Create an Amazon SageMaker AI Runtime VPC Endpoint**: The SageMaker Clarify job needs to call the Amazon SageMaker AI runtime service, which routes the invocations to the shadow endpoint. The setup steps are similar to those for the Amazon SageMaker API service. Note that the service name of Amazon SageMaker AI Runtime service is `com.amazonaws.region.sagemaker.runtime`, where *region* is the name of the Region where your Amazon VPC resides.
### Configure the Amazon VPC Security Group
SageMaker Clarify jobs support distributed processing when two or more processing instances are specified in one of the following ways:
+ **SageMaker AI console**: The **Instance count** is specified in the **Resource configuration** part of the **Job settings** panel on the **Create processing job** page.
+ **SageMaker API**: The `InstanceCount` is specified when you create the job with the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob) API.
+ **SageMaker Python SDK**: The `instance_count` is specified when using the [SageMakerClarifyProcessor](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html?highlight=Processor#sagemaker.clarify.SageMakerClarifyProcessor) API or the [Processor](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html?highlight=Processor#sagemaker.processing.Processor) API.
In distributed processing, you must allow communication between the different instances in the same processing job. To do that, configure a rule for your security group that allows inbound connections between members of the same security group. For information, see [Security group rules](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#SecurityGroupRules).
# Give SageMaker AI Compilation Jobs Access to Resources in Your Amazon VPC
**Note**
For compilation jobs, you can configure only subnets with a default tenancy VPC in which your job runs on shared hardware. For more information on the tenancy attribute for VPCs, see [Dedicated Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html).
## Configure a Compilation Job for Amazon VPC Access
To specify subnets and security groups in your private VPC, use the `VpcConfig` request parameter of the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateCompilationJob.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateCompilationJob.html) API, or provide this information when you create a compilation job in the SageMaker AI console. SageMaker AI Neo uses this information to create network interfaces and attach them to your compilation jobs. The network interfaces provide compilation jobs with a network connection within your VPC that is not connected to the internet. They also enable your compilation job to connect to resources in your private VPC. The following is an example of the `VpcConfig` parameter that you include in your call to `CreateCompilationJob`:
```
VpcConfig: {"Subnets": [
"subnet-0123456789abcdef0",
"subnet-0123456789abcdef1",
"subnet-0123456789abcdef2"
],
"SecurityGroupIds": [
"sg-0123456789abcdef0"
]
}
```
## Configure Your Private VPC for SageMaker AI Compilation
When configuring the private VPC for your SageMaker AI compilation jobs, use the following guidelines. For information about setting up a VPC, see [Working with VPCs and Subnets](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/working-with-vpcs.html) in the *Amazon VPC User Guide*.
**Topics**
+ [
### Ensure That Subnets Have Enough IP Addresses
](#neo-vpc-ip)
+ [
### Create an Amazon S3 VPC Endpoint
](#neo-vpc-s3)
+ [
### Use a Custom Endpoint Policy to Restrict Access to S3
](#neo-vpc-policy)
+ [
### Configure Route Tables
](#neo-vpc-route-table)
+ [
### Configure the VPC Security Group
](#neo-vpc-groups)
### Ensure That Subnets Have Enough IP Addresses
Your VPC subnets should have at least two private IP addresses for each instance in a compilation job. For more information, see [VPC and Subnet Sizing for IPv4](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#vpc-sizing-ipv4) in the *Amazon VPC User Guide*.
### Create an Amazon S3 VPC Endpoint
If you configure your VPC to block access to the internet, SageMaker Neo can't connect to the Amazon S3 buckets that contain your models unless you create a VPC endpoint that allows access. By creating a VPC endpoint, you allow your SageMaker Neo compilation jobs to access the buckets where you store your data and model artifacts . We recommend that you also create a custom policy that allows only requests from your private VPC to access to your S3 buckets. For more information, see [Endpoints for Amazon S3](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints-s3.html).
**To create an S3 VPC endpoint:**
1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **Endpoints**, then choose **Create Endpoint**
1. For **Service Name**, search for **com.amazonaws.*region*.s3**, where *region* is the name of the region where your VPC resides.
1. Choose the **Gateway** type.
1. For **VPC**, choose the VPC you want to use for this endpoint.
1. For **Configure route tables**, select the route tables to be used by the endpoint. The VPC service automatically adds a route to each route table you select that points any S3 traffic to the new endpoint.
1. For **Policy**, choose **Full Access** to allow full access to the S3 service by any user or service within the VPC. Choose **Custom** to restrict access further. For information, see [Use a Custom Endpoint Policy to Restrict Access to S3](train-vpc.md#train-vpc-policy).
### Use a Custom Endpoint Policy to Restrict Access to S3
The default endpoint policy allows full access to S3 for any user or service in your VPC. To further restrict access to S3, create a custom endpoint policy. For more information, see [Using Endpoint Policies for Amazon S3](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-policies-s3). You can also use a bucket policy to restrict access to your S3 buckets to only traffic that comes from your Amazon VPC. For information, see [Using Amazon S3 Bucket Policies](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html#vpc-endpoints-s3-bucket-policies). The following is a sample customized policy:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::your-sample-bucket",
"arn:aws:s3:::your-sample-bucket/*"
],
"Condition": {
"StringNotEquals": {
"aws:SourceVpce": [
"vpce-1a2b3c4d"
]
}
}
}
]
}
```
------
#### Add Permissions for Compilation Job Running in a Amazon VPC to Custom IAM Policies
The `SageMakerFullAccess` managed policy includes the permissions that you need to use models configured for Amazon VPC access with an endpoint. These permissions allow SageMaker Neo to create an elastic network interface and attach it to compilation job running in a Amazon VPC. If you use your own IAM policy, you must add the following permissions to that policy to use models configured for Amazon VPC access.
------
#### [ JSON ]
****
```
{"Version":"2012-10-17",
"Statement": [
{"Effect": "Allow",
"Action": [
"ec2:DescribeVpcEndpoints",
"ec2:DescribeDhcpOptions",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreateNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute"
],
"Resource": "*"
}
]
}
```
------
For more information about the `SageMakerFullAccess` managed policy, see [AWS managed policy: AmazonSageMakerFullAccess](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonSageMakerFullAccess).
### Configure Route Tables
Use default DNS settings for your endpoint route table, so that standard Amazon S3 URLs (for example, `http://s3-aws-region.amazonaws.com/amzn-s3-demo-bucket`) resolve. If you don't use default DNS settings, ensure that the URLs that you use to specify the locations of the data in your compilation jobs resolve by configuring the endpoint route tables. For information about VPC endpoint route tables, see [Routing for Gateway Endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-gateway.html#vpc-endpoints-routing) in the *Amazon VPC User Guide*.
### Configure the VPC Security Group
In your security group for the compilation job, you must allow outbound communication to your Amazon S3 Amazon VPC endpoints and the subnet CIDR ranges used for the compilation job. For information, see [Security Group Rules](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#SecurityGroupRules) and [Control access to services with Amazon VPC endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints-access.html).
# Give Inference Recommender Jobs Access to Resources in Your Amazon VPC
**Note**
Inference Recommender requires you to register your model with Model Registry. Note that Model Registry doesn't allow your model artifacts or Amazon ECR image to be VPC restricted.
Inference Recommender also has a requirement that your sample payload Amazon S3 object is not VPC restricted. For inference recommendation jobs, you can't create a custom policy that allows only requests from your private VPC to access to your Amazon S3 buckets.
To specify subnets and security groups in your private VPC, use the `RecommendationJobVpcConfig` request parameter of the [CreateInferenceRecommendationsJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateInferenceRecommendationsJob.html) API, or specify your subnets and security groups when you create a recommendation job in the SageMaker AI console.
Inference Recommender uses this information to create endpoints. When provisioning endpoints, SageMaker AI creates network interfaces and attaches them to your endpoints. The network interfaces provide your endpoints with a network connection to your VPC. The following is an example of the `VpcConfig` parameter that you include in a call to `CreateInferenceRecommendationsJob`:
```
VpcConfig: {
"Subnets": [
"subnet-0123456789abcdef0",
"subnet-0123456789abcdef1",
"subnet-0123456789abcdef2"
],
"SecurityGroupIds": [
"sg-0123456789abcdef0"
]
}
```
Refer to the following topics for more information on configuring your Amazon VPC for use with Inference Recommender jobs.
**Topics**
+ [
## Ensure that subnets have enough IP addresses
](#inference-recommender-vpc-access-subnets)
+ [
## Create an Amazon S3 VPC endpoint
](#inference-recommender-vpc-access-endpoint)
+ [
## Add permissions for Inference Recommender jobs running in an Amazon VPC to custom IAM policies
](#inference-recommender-vpc-access-permissions)
+ [
## Configure route tables
](#inference-recommender-vpc-access-route-tables)
+ [
## Configure the VPC security group
](#inference-recommender-vpc-access-security-group)
## Ensure that subnets have enough IP addresses
Your VPC subnets should have at least two private IP addresses for each instance in an inference recommendation job. For more information about subnets and private IP addresses, see [How Amazon VPC works](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#vpc-sizing-ipv4) in the *Amazon VPC User Guide*.
## Create an Amazon S3 VPC endpoint
If you configure your VPC to block access to the internet, Inference Recommender can't connect to the Amazon S3 buckets that contain your models unless you create a VPC endpoint that allows access. By creating a VPC endpoint, you allow your SageMaker AI inference recommendation jobs to access the buckets where you store your data and model artifacts.
To create an Amazon S3 VPC endpoint, use the following procedure:
1. Open the [Amazon VPC console](https://console.aws.amazon.com/vpc/).
1. In the navigation pane, choose **Endpoints**, and then choose **Create Endpoint**.
1. For **Service Name**, search for `com.amazonaws.region.s3`, where `region` is the name of the Region where your VPC resides.
1. Choose the **Gateway type**.
1. For **VPC**, choose the VPC you want to use for this endpoint.
1. For **Configure route tables**, select the route tables to be used by the endpoint. The VPC service automatically adds a route to each route table you select that points any Amazon S3 traffic to the new endpoint.
1. For **Policy**, choose **Full Access** to allow full access to the Amazon S3 service by any user or service within the VPC.
## Add permissions for Inference Recommender jobs running in an Amazon VPC to custom IAM policies
The `[ AmazonSageMakerFullAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonSageMakerFullAccess)` managed policy includes the permissions that you need to use models configured for Amazon VPC access with an endpoint. These permissions allow Inference Recommender to create an elastic network interface and attach it to the inference recommendation job running in an Amazon VPC. If you use your own IAM policy, you must add the following permissions to that policy to use models configured for Amazon VPC access.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{"Effect": "Allow",
"Action": [
"ec2:DescribeVpcEndpoints",
"ec2:DescribeDhcpOptions",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreateNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute"
],
"Resource": "*"
}
]
}
```
------
## Configure route tables
Use the default DNS settings for your endpoint route table, so that standard Amazon S3 URLs (for example: `http://s3-aws-region.amazonaws.com/amzn-s3-demo-bucket`) resolve. If you don't use the default DNS settings, ensure that the URLs that you use to specify the locations of the data in your inference recommendation jobs resolve by configuring the endpoint route tables. For information about VPC endpoint route tables, see [ Routing gateway endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-gateway.html#vpc-endpoints-routing) in the *Amazon VPC User Guide*.
## Configure the VPC security group
In your security group for the inference recommendation job, you must allow outbound communication to your Amazon S3 VPC endpoints and the subnet CIDR ranges used for the inference recommendation job. For information, see [Security Group Rules](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#SecurityGroupRules) and [Control access to services with Amazon VPC endpoints](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints-access.html) in the *Amazon VPC User Guide*.