本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS Amazon SageMaker Ground Truth 的受管政策
這些 AWS 受管理的原則會新增使用 SageMaker Ground Truth 所需的權限。這些策略可在您的 AWS 帳戶中使用,並由從 SageMaker 主控台建立的執行角色使用。
AWS 受管理的策略: AmazonSageMakerGroundTruthExecution
此 AWS 受管政策授予使用 G SageMaker round Truth 所需的權限。
許可詳細資訊
此政策包含以下許可。
-
lambda— 允許主參與者叫用名稱包含「Sageter」(不區分大小寫)、"" 或 "GtRecipe" 的 Lambda 函數。LabelingFunction -
s3- 讓主體從 Amazon S3 儲存貯體新增和擷取物件。這些物件僅限於不區分大小寫的名稱包含「地面真相」或「Sageemaker」,或以「」標記的物件。SageMaker -
cloudwatch— 允許主參與者張貼 CloudWatch 量度。 -
logs- 讓主體建立和存取日誌串流,以及張貼日誌事件。 -
sqs- 讓主體建立 Amazon SQS 佇列,並傳送和接收 Amazon SQS 訊息。這些權限僅限於名稱包含 "GroundTruth" 的佇列。 -
sns- 讓主體訂閱並發佈訊息至不區分大小寫名稱包含 “groundtruth” 或 “sagemaker” 的 Amazon SNS 主題。 -
ec2- 讓主體建立、描述和刪除其 VPC 端點服務名稱包含 “sagemaker-task-resources” 或 “labeling” 的 Amazon VPC 端點。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "CustomLabelingJobs", "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:*GtRecipe*", "arn:aws:lambda:*:*:function:*LabelingFunction*", "arn:aws:lambda:*:*:function:*SageMaker*", "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*Sagemaker*" ] }, { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::*GroundTruth*", "arn:aws:s3:::*Groundtruth*", "arn:aws:s3:::*groundtruth*", "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/SageMaker": "true" } } }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": "*" }, { "Sid": "CloudWatch", "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "*" }, { "Sid": "StreamingQueue", "Effect": "Allow", "Action": [ "sqs:CreateQueue", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:SetQueueAttributes" ], "Resource": "arn:aws:sqs:*:*:*GroundTruth*" }, { "Sid": "StreamingTopicSubscribe", "Effect": "Allow", "Action": "sns:Subscribe", "Resource": [ "arn:aws:sns:*:*:*GroundTruth*", "arn:aws:sns:*:*:*Groundtruth*", "arn:aws:sns:*:*:*groundTruth*", "arn:aws:sns:*:*:*groundtruth*", "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sageMaker*", "arn:aws:sns:*:*:*sagemaker*" ], "Condition": { "StringEquals": { "sns:Protocol": "sqs" }, "StringLike": { "sns:Endpoint": "arn:aws:sqs:*:*:*GroundTruth*" } } }, { "Sid": "StreamingTopic", "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:*:*:*GroundTruth*", "arn:aws:sns:*:*:*Groundtruth*", "arn:aws:sns:*:*:*groundTruth*", "arn:aws:sns:*:*:*groundtruth*", "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sageMaker*", "arn:aws:sns:*:*:*sagemaker*" ] }, { "Sid": "StreamingTopicUnsubscribe", "Effect": "Allow", "Action": [ "sns:Unsubscribe" ], "Resource": "*" }, { "Sid": "WorkforceVPC", "Effect": "Allow", "Action": [ "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints" ], "Resource": "*", "Condition": { "StringLikeIfExists": { "ec2:VpceServiceName": [ "*sagemaker-task-resources*", "aws.sagemaker*labeling*" ] } } } ] }
Amazon SageMaker 更新 SageMaker Ground Truth 管理政策
檢視有關 Amazon SageMaker Ground Truth AWS 受管政策更新的詳細資料,因為此服務開始追蹤這些變更。
| 政策 | 版本 | 變更 | 日期 |
|---|---|---|---|
|
AmazonSageMakerGroundTruthExecution - 更新現有政策 |
3 |
新增 |
2022 年 4 月 29 日 |
AmazonSageMakerGroundTruthExecution -更新現有策略 |
2 |
移除 |
2022 年 4 月 11 日 |
AmazonSageMakerGroundTruthExecution -新政策 |
1 |
初始政策 |
2020 年 7 月 20 日 |
