Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.
AWS verwaltete Richtlinie: AmazonSageMakerHyperPodObservabilityAdminAccess
Diese Richtlinie bietet Administratorrechte, die für die Einrichtung von Amazon SageMaker HyperPod Observability erforderlich sind. Es ermöglicht den Zugriff auf die Add-Ons Amazon Managed Prometheus, Amazon Managed Grafana und Amazon Elastic Kubernetes Service. Die Richtlinie beinhaltet auch einen umfassenden Zugriff auf Grafana-HTTP APIs ServiceAccountTokens über alle Amazon Managed Grafana-Workspaces in Ihrem Konto.
Im Folgenden finden Sie die JSON-Richtlinie.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "PrometheusCreateAccess", "Effect": "Allow", "Action": [ "aps:CreateWorkspace" ], "Resource": "*", "Condition": { "StringEquals": { "aws:RequestTag/SageMaker": "true" } } }, { "Sid": "PrometheusTagsAccess", "Effect": "Allow", "Action": "aps:TagResource", "Resource": [ "arn:aws:aps:*:*:/workspaces", "arn:aws:aps:*:*:rulegroupsnamespace/*/HyperPodObservabilityNamespace" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "SageMaker" ] }, "StringEquals": { "aws:RequestTag/SageMaker": "true", "aws:ResourceTag/SageMaker": "true" } } }, { "Sid": "PrometheusDescribeAccess", "Effect": "Allow", "Action": [ "aps:DescribeWorkspace" ], "Resource": "arn:aws:aps:*:*:workspace/*" }, { "Sid": "PrometheusListAccess", "Effect": "Allow", "Action": [ "aps:ListWorkspaces" ], "Resource": "*" }, { "Sid": "PrometheusAlertsRuleGroupAccess", "Effect": "Allow", "Action": [ "aps:CreateAlertManagerDefinition", "aps:DescribeAlertManagerDefinition", "aps:DescribeRuleGroupsNamespace", "aps:ListRuleGroupsNamespaces" ], "Resource": [ "arn:aws:aps:*:*:workspace/*", "arn:aws:aps:*:*:rulegroupsnamespace/*/HyperPodObservabilityNamespace" ] }, { "Sid": "PrometheusCreateRuleGroupAccess", "Effect": "Allow", "Action": "aps:CreateRuleGroupsNamespace", "Resource": "arn:aws:aps:*:*:rulegroupsnamespace/*/HyperPodObservabilityNamespace", "Condition": { "StringEquals": { "aws:RequestTag/SageMaker": "true", "aws:ResourceTag/SageMaker": "true" } } }, { "Sid": "GrafanaCreateWorkspaceAccess", "Effect": "Allow", "Action": [ "grafana:CreateWorkspace" ], "Resource": "*", "Condition": { "StringEquals": { "aws:RequestTag/SageMaker": "true" } } }, { "Sid": "GrafanaTagsAccess", "Effect": "Allow", "Action": "grafana:TagResource", "Resource": "arn:aws:grafana:*:*:/workspaces", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "SageMaker" ] }, "StringEquals": { "aws:RequestTag/SageMaker": "true", "aws:ResourceTag/SageMaker": "true" } } }, { "Sid": "GrafanaListAccess", "Effect": "Allow", "Action": [ "grafana:ListWorkspaces" ], "Resource": "*" }, { "Sid": "GrafanaServiceAccountAccess", "Effect": "Allow", "Action": [ "grafana:DescribeWorkspace", "grafana:CreateWorkspaceApiKey", "grafana:CreateWorkspaceServiceAccount", "grafana:CreateWorkspaceServiceAccountToken", "grafana:ListWorkspaceServiceAccounts", "grafana:ListWorkspaceServiceAccountTokens", "grafana:DeleteWorkspaceServiceAccountToken" ], "Resource": "arn:aws:grafana:*:*:/workspaces/*" }, { "Sid": "IAMGrafanaPassRoleAccess", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/AmazonSageMakerHyperPodObservabilityGrafanaAccess-*", "Condition": { "StringLike": { "iam:PassedToService": [ "grafana.amazonaws.com" ] } } }, { "Sid": "IAMEKSPassRoleAccess", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/AmazonSageMakerHyperPodObservabilityAddonAccess-*", "Condition": { "StringLike": { "iam:PassedToService": [ "pods.eks.amazonaws.com" ] } } }, { "Sid": "IAMGetRoleAccess", "Effect": "Allow", "Action": "iam:GetRole", "Resource": [ "arn:aws:iam::*:role/AmazonSageMakerHyperPodObservabilityAddonAccess-*" ] }, { "Sid": "HyperPodClusterAccess", "Effect": "Allow", "Action": [ "sagemaker:ListClusters", "sagemaker:DescribeCluster" ], "Resource": "*" }, { "Sid": "EKSAddonAccess", "Effect": "Allow", "Action": [ "eks:DeleteAddon", "eks:UpdateAddon", "eks:DescribeAddon" ], "Resource": "arn:aws:eks:*:*:addon/*/amazon-sagemaker-hyperpod-observability/*" }, { "Sid": "EKSAddonDescribeAccess", "Effect": "Allow", "Action": [ "eks:DescribeAddonConfiguration", "eks:DescribeAddonVersions" ], "Resource": "*" }, { "Sid": "EKSAddonDescribePodIdentityAccess", "Effect": "Allow", "Action": "eks:DescribePodIdentityAssociation", "Resource": "arn:aws:eks:*:*:podidentityassociation/*/*" }, { "Sid": "EKSListDescribeAccess", "Effect": "Allow", "Action": [ "eks:ListAddons", "eks:DescribeCluster" ], "Resource": "arn:aws:eks:*:*:cluster/*" }, { "Sid": "EKSCreateAccess", "Effect": "Allow", "Action": [ "eks:CreateAddon", "eks:CreatePodIdentityAssociation" ], "Resource": "arn:aws:eks:*:*:cluster/*", "Condition": { "StringEquals": { "aws:RequestTag/SageMaker": "true" } } }, { "Sid": "EKSTagsAccess", "Effect": "Allow", "Action": "eks:TagResource", "Resource": [ "arn:aws:eks:*:*:cluster/*", "arn:aws:eks:*:*:addon/*/*/*", "arn:aws:eks:*:*:podidentityassociation/*/*" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "SageMaker" ] }, "StringEquals": { "aws:RequestTag/SageMaker": "true", "aws:ResourceTag/SageMaker": "true" } } }, { "Sid": "SSOAccess", "Effect": "Allow", "Action": [ "sso:DescribeRegisteredRegions", "sso:CreateManagedApplicationInstance" ], "Resource": "*" } ] }
