Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AWS Kebijakan Terkelola untuk SageMaker Proyek dan JumpStart
Kebijakan AWS terkelola ini menambahkan izin untuk menggunakan templat dan JumpStart solusi proyek Amazon SageMaker AI bawaan. Kebijakan tersedia di AWS akun Anda dan digunakan oleh peran eksekusi yang dibuat dari konsol SageMaker AI.
SageMaker Memproyeksikan dan JumpStart menggunakan AWS Service Catalog untuk menyediakan AWS sumber daya di akun pelanggan. Beberapa sumber daya yang dibuat perlu mengambil peran eksekusi. Misalnya, jika AWS Service Catalog membuat CodePipeline pipeline atas nama pelanggan untuk CI/CD proyek pembelajaran mesin SageMaker AI, maka pipeline tersebut memerlukan peran IAM.
AmazonSageMakerServiceCatalogProductsLaunchRoleAmazonSageMakerServiceCatalogProductsLaunchRolePeran meneruskan AmazonSageMakerServiceCatalogProductsUseRole peran ke sumber daya produk AWS Service Catalog yang disediakan.
Topik
AWS kebijakan terkelola: AmazonSageMakerAdmin - ServiceCatalogProductsServiceRolePolicy
AWS kebijakan terkelola: AmazonSageMakerPartnerServiceCatalogProductsApiGateway ServiceRolePolicy
AWS kebijakan terkelola: AmazonSageMakerPartnerServiceCatalogProductsLambdaService RolePolicy
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsApiGatewayService RolePolicy
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsCloudformationServiceRole Kebijakan
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsCodeBuildService RolePolicy
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsCodePipelineService RolePolicy
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsEventsServiceRole Kebijakan
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsFirehoseServiceRole Kebijakan
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsGlueServiceRole Kebijakan
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsLambdaServiceRole Kebijakan
Amazon SageMaker AI memperbarui kebijakan AWS terkelola AWS Service Catalog
AWS kebijakan terkelola: AmazonSageMakerAdmin - ServiceCatalogProductsServiceRolePolicy
Kebijakan peran layanan ini digunakan oleh AWS Service Catalog layanan untuk menyediakan produk dari portofolio Amazon SageMaker AI. Kebijakan ini memberikan izin ke serangkaian AWS layanan terkait termasuk AWS CodePipeline,,, AWS CodeCommit AWS Glue AWS CodeBuild AWS CloudFormation, dan lainnya.
AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicyKebijakan ini dimaksudkan untuk digunakan oleh AmazonSageMakerServiceCatalogProductsLaunchRole peran yang dibuat dari konsol SageMaker AI. Kebijakan ini menambahkan izin untuk menyediakan AWS sumber daya untuk SageMaker Projects dan JumpStart menggunakan Service Catalog ke akun pelanggan.
Detail izin
Kebijakan ini mencakup izin berikut.
-
apigateway— Memungkinkan peran untuk memanggil titik akhir API Gateway yang ditandai dengan.sagemaker:launch-source -
cloudformation— Memungkinkan AWS Service Catalog untuk membuat, memperbarui, dan menghapus CloudFormation tumpukan. Juga memungkinkan Service Catalog untuk menandai dan menghapus tag sumber daya. -
codebuild— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat, memperbarui, dan menghapus CodeBuild proyek. -
codecommit— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat, memperbarui, dan menghapus CodeCommit repositori. -
codepipeline— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat, memperbarui, dan menghapus CodePipelines. -
codestarconnections,codestar-connections— Juga memungkinkan peran untuk lulus AWS CodeConnections dan AWS CodeStar koneksi. -
cognito-idp— Memungkinkan peran untuk membuat, memperbarui, dan menghapus grup dan kumpulan pengguna. Juga memungkinkan penandaan sumber daya. -
ecr— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat dan menghapus repositori Amazon ECR. Juga memungkinkan penandaan sumber daya. -
events— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat dan menghapus EventBridge aturan. Digunakan untuk mengikat berbagai komponen pipa CICD. -
firehose— Memungkinkan peran untuk berinteraksi dengan aliran Firehose. -
glue— Memungkinkan peran untuk berinteraksi dengan AWS Glue. -
iam— Memungkinkan peran untuk melewati peran yang ditambahkan.AmazonSageMakerServiceCatalogIni diperlukan ketika Proyek menyediakan AWS Service Catalog produk, sebagai peran perlu diteruskan AWS Service Catalog. -
lambda— Memungkinkan peran untuk berinteraksi dengan AWS Lambda. Juga memungkinkan penandaan sumber daya. -
logs— Memungkinkan peran untuk membuat, menghapus, dan mengakses aliran log. -
s3— Memungkinkan peran yang diambil oleh AWS Service Catalog dan diteruskan CloudFormation untuk mengakses bucket Amazon S3 tempat kode template Project disimpan. -
sagemaker— Memungkinkan peran untuk berinteraksi dengan berbagai layanan SageMaker AI. Ini dilakukan baik CloudFormation selama penyediaan template, maupun CodeBuild selama eksekusi pipeline CICD. Juga memungkinkan penandaan sumber daya berikut: titik akhir, konfigurasi titik akhir, model, saluran pipa, proyek, dan paket model. -
states— Memungkinkan peran untuk membuat, menghapus, dan memperbarui Step Functions yang ditambahkan.sagemaker
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonSageMakerServiceCatalogAPIGatewayPermission", "Effect": "Allow", "Action": [ "apigateway:GET", "apigateway:POST", "apigateway:PUT", "apigateway:PATCH", "apigateway:DELETE" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/sagemaker:launch-source": "*" } } }, { "Sid": "AmazonSageMakerServiceCatalogAPIGatewayPostPermission", "Effect": "Allow", "Action": [ "apigateway:POST" ], "Resource": "*", "Condition": { "ForAnyValue:StringLike": { "aws:TagKeys": [ "sagemaker:launch-source" ] } } }, { "Sid": "AmazonSageMakerServiceCatalogAPIGatewayPatchPermission", "Effect": "Allow", "Action": [ "apigateway:PATCH" ], "Resource": [ "arn:aws:apigateway:*::/account" ] }, { "Sid": "AmazonSageMakerServiceCatalogCFnMutatePermission", "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:UpdateStack", "cloudformation:DeleteStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/SC-*", "Condition": { "ArnLikeIfExists": { "cloudformation:RoleArn": [ "arn:aws:sts::*:assumed-role/AmazonSageMakerServiceCatalog*" ] } } }, { "Sid": "AmazonSageMakerServiceCatalogCFnTagPermission", "Effect": "Allow", "Action": [ "cloudformation:TagResource", "cloudformation:UntagResource" ], "Resource": "arn:aws:cloudformation:*:*:stack/SC-*", "Condition" : { "Null": { "aws:ResourceTag/sagemaker:project-name": "false" } } }, { "Sid": "AmazonSageMakerServiceCatalogCFnReadPermission", "Effect": "Allow", "Action": [ "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks" ], "Resource": "arn:aws:cloudformation:*:*:stack/SC-*" }, { "Sid": "AmazonSageMakerServiceCatalogCFnTemplatePermission", "Effect": "Allow", "Action": [ "cloudformation:GetTemplateSummary", "cloudformation:ValidateTemplate" ], "Resource": "*" }, { "Sid": "AmazonSageMakerServiceCatalogCodeBuildPermission", "Effect": "Allow", "Action": [ "codebuild:CreateProject", "codebuild:DeleteProject", "codebuild:UpdateProject" ], "Resource": [ "arn:aws:codebuild:*:*:project/sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogCodeCommitPermission", "Effect": "Allow", "Action": [ "codecommit:CreateCommit", "codecommit:CreateRepository", "codecommit:DeleteRepository", "codecommit:GetRepository", "codecommit:TagResource" ], "Resource": [ "arn:aws:codecommit:*:*:sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogCodeCommitListPermission", "Effect": "Allow", "Action": [ "codecommit:ListRepositories" ], "Resource": "*" }, { "Sid": "AmazonSageMakerServiceCatalogCodePipelinePermission", "Effect": "Allow", "Action": [ "codepipeline:CreatePipeline", "codepipeline:DeletePipeline", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:StartPipelineExecution", "codepipeline:TagResource", "codepipeline:UpdatePipeline" ], "Resource": [ "arn:aws:codepipeline:*:*:sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogCIAMUserPermission", "Effect": "Allow", "Action": [ "cognito-idp:CreateUserPool", "cognito-idp:TagResource" ], "Resource": "*", "Condition": { "ForAnyValue:StringLike": { "aws:TagKeys": [ "sagemaker:launch-source" ] } } }, { "Sid": "AmazonSageMakerServiceCatalogCIAMPermission", "Effect": "Allow", "Action": [ "cognito-idp:CreateGroup", "cognito-idp:CreateUserPoolDomain", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteGroup", "cognito-idp:DeleteUserPool", "cognito-idp:DeleteUserPoolClient", "cognito-idp:DeleteUserPoolDomain", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:UpdateUserPool", "cognito-idp:UpdateUserPoolClient" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/sagemaker:launch-source": "*" } } }, { "Sid": "AmazonSageMakerServiceCatalogECRPermission", "Effect": "Allow", "Action": [ "ecr:CreateRepository", "ecr:DeleteRepository", "ecr:TagResource" ], "Resource": [ "arn:aws:ecr:*:*:repository/sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogEventBridgePermission", "Effect": "Allow", "Action": [ "events:DescribeRule", "events:DeleteRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Resource": [ "arn:aws:events:*:*:rule/sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogFirehosePermission", "Effect": "Allow", "Action": [ "firehose:CreateDeliveryStream", "firehose:DeleteDeliveryStream", "firehose:DescribeDeliveryStream", "firehose:StartDeliveryStreamEncryption", "firehose:StopDeliveryStreamEncryption", "firehose:UpdateDestination" ], "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*" }, { "Sid": "AmazonSageMakerServiceCatalogGluePermission", "Effect": "Allow", "Action": [ "glue:CreateDatabase", "glue:DeleteDatabase" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/sagemaker-*", "arn:aws:glue:*:*:table/sagemaker-*", "arn:aws:glue:*:*:userDefinedFunction/sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogGlueClassiferPermission", "Effect": "Allow", "Action": [ "glue:CreateClassifier", "glue:DeleteClassifier", "glue:DeleteCrawler", "glue:DeleteJob", "glue:DeleteTrigger", "glue:DeleteWorkflow", "glue:StopCrawler" ], "Resource": [ "*" ] }, { "Sid": "AmazonSageMakerServiceCatalogGlueWorkflowPermission", "Effect": "Allow", "Action": [ "glue:CreateWorkflow" ], "Resource": [ "arn:aws:glue:*:*:workflow/sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogGlueJobPermission", "Effect": "Allow", "Action": [ "glue:CreateJob" ], "Resource": [ "arn:aws:glue:*:*:job/sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogGlueCrawlerPermission", "Effect": "Allow", "Action": [ "glue:CreateCrawler", "glue:GetCrawler" ], "Resource": [ "arn:aws:glue:*:*:crawler/sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogGlueTriggerPermission", "Effect": "Allow", "Action": [ "glue:CreateTrigger", "glue:GetTrigger" ], "Resource": [ "arn:aws:glue:*:*:trigger/sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogPassRolePermission", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalog*" ] }, { "Sid": "AmazonSageMakerServiceCatalogLambdaPermission", "Effect": "Allow", "Action": [ "lambda:AddPermission", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:InvokeFunction", "lambda:RemovePermission" ], "Resource": [ "arn:aws:lambda:*:*:function:sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogLambdaTagPermission", "Effect": "Allow", "Action": "lambda:TagResource", "Resource": [ "arn:aws:lambda:*:*:function:sagemaker-*" ], "Condition": { "ForAllValues:StringLike": { "aws:TagKeys": [ "sagemaker:*" ] } } }, { "Sid": "AmazonSageMakerServiceCatalogLogGroupPermission", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DeleteLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutRetentionPolicy" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/apigateway/AccessLogs/*", "arn:aws:logs:*:*:log-group::log-stream:*" ] }, { "Sid": "AmazonSageMakerServiceCatalogS3ReadPermission", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "*", "Condition": { "StringEquals": { "s3:ExistingObjectTag/servicecatalog:provisioning": "true" } } }, { "Sid": "AmazonSageMakerServiceCatalogS3ReadSagemakerResourcePermission", "Effect": "Allow", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogS3MutatePermission", "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:GetBucketPolicy", "s3:PutBucketAcl", "s3:PutBucketNotification", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketLogging", "s3:PutEncryptionConfiguration", "s3:PutBucketCORS", "s3:PutBucketTagging", "s3:PutObjectTagging" ], "Resource": "arn:aws:s3:::sagemaker-*" }, { "Sid": "AmazonSageMakerServiceCatalogSageMakerPermission", "Effect": "Allow", "Action": [ "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateModel", "sagemaker:CreateWorkteam", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteModel", "sagemaker:DeleteWorkteam", "sagemaker:DescribeModel", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeEndpoint", "sagemaker:DescribeWorkteam", "sagemaker:CreateCodeRepository", "sagemaker:DescribeCodeRepository", "sagemaker:UpdateCodeRepository", "sagemaker:DeleteCodeRepository" ], "Resource": [ "arn:aws:sagemaker:*:*:*" ] }, { "Sid": "AmazonSageMakerServiceCatalogSageMakerTagPermission", "Effect": "Allow", "Action": [ "sagemaker:AddTags" ], "Resource": [ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*", "arn:aws:sagemaker:*:*:pipeline/*", "arn:aws:sagemaker:*:*:project/*", "arn:aws:sagemaker:*:*:model-package/*" ], "Condition": { "ForAllValues:StringLike": { "aws:TagKeys": [ "sagemaker:*" ] } } }, { "Sid": "AmazonSageMakerServiceCatalogSageMakerImagePermission", "Effect": "Allow", "Action": [ "sagemaker:CreateImage", "sagemaker:DeleteImage", "sagemaker:DescribeImage", "sagemaker:UpdateImage", "sagemaker:ListTags" ], "Resource": [ "arn:aws:sagemaker:*:*:image/*" ] }, { "Sid": "AmazonSageMakerServiceCatalogStepFunctionPermission", "Effect": "Allow", "Action": [ "states:CreateStateMachine", "states:DeleteStateMachine", "states:UpdateStateMachine" ], "Resource": [ "arn:aws:states:*:*:stateMachine:sagemaker-*" ] }, { "Sid": "AmazonSageMakerServiceCatalogCodeStarPermission", "Effect": "Allow", "Action": "codestar-connections:PassConnection", "Resource": "arn:aws:codestar-connections:*:*:connection/*", "Condition": { "StringEquals": { "codestar-connections:PassedToService": "codepipeline.amazonaws.com" } } }, { "Sid": "AmazonSageMakerServiceCatalogCodeConnectionPermission", "Effect": "Allow", "Action": "codeconnections:PassConnection", "Resource": "arn:aws:codeconnections:*:*:connection/*", "Condition": { "StringEquals": { "codeconnections:PassedToService": "codepipeline.amazonaws.com" } } }, ] }
AWS kebijakan terkelola: AmazonSageMakerPartnerServiceCatalogProductsApiGateway ServiceRolePolicy
Kebijakan ini digunakan oleh Amazon API Gateway dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan ke peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
lambda— Memanggil fungsi yang dibuat oleh template mitra. -
sagemaker— Memanggil titik akhir yang dibuat oleh template mitra.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "lambda:InvokeFunction", "Resource": "arn:aws:lambda:*:*:function:sagemaker-*", "Condition": { "Null": { "aws:ResourceTag/sagemaker:project-name": "false", "aws:ResourceTag/sagemaker:partner": "false" }, "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Effect": "Allow", "Action": "sagemaker:InvokeEndpoint", "Resource": "arn:aws:sagemaker:*:*:endpoint/*", "Condition": { "Null": { "aws:ResourceTag/sagemaker:project-name": "false", "aws:ResourceTag/sagemaker:partner": "false" }, "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } } ] }
AWS kebijakan terkelola: AmazonSageMakerPartnerServiceCatalogProductsCloudFormation ServiceRolePolicy
Kebijakan ini digunakan oleh AWS CloudFormation dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
iam— LulusAmazonSageMakerServiceCatalogProductsLambdaRoledanAmazonSageMakerServiceCatalogProductsApiGatewayRoleperan. -
lambda— Buat, perbarui, hapus, dan panggil AWS Lambda fungsi; mengambil, menerbitkan, dan menghapus versi lapisan Lambda. -
apigateway— Buat, perbarui, dan hapus sumber daya Amazon API Gateway. -
s3— Ambillambda-auth-code/layer.zipfile dari bucket Amazon Simple Storage Service (Amazon S3).
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsLambdaRole" ], "Condition": { "StringEquals": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsApiGatewayRole" ], "Condition": { "StringEquals": { "iam:PassedToService": "apigateway.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "lambda:DeleteFunction", "lambda:UpdateFunctionCode", "lambda:ListTags", "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:sagemaker-*" ], "Condition": { "Null": { "aws:ResourceTag/sagemaker:project-name": "false", "aws:ResourceTag/sagemaker:partner": "false" } } }, { "Effect": "Allow", "Action": [ "lambda:CreateFunction", "lambda:TagResource" ], "Resource": [ "arn:aws:lambda:*:*:function:sagemaker-*" ], "Condition": { "Null": { "aws:ResourceTag/sagemaker:project-name": "false", "aws:ResourceTag/sagemaker:partner": "false" }, "ForAnyValue:StringEquals": { "aws:TagKeys": [ "sagemaker:project-name", "sagemaker:partner" ] } } }, { "Effect": "Allow", "Action": [ "lambda:PublishLayerVersion", "lambda:GetLayerVersion", "lambda:DeleteLayerVersion", "lambda:GetFunction" ], "Resource": [ "arn:aws:lambda:*:*:layer:sagemaker-*", "arn:aws:lambda:*:*:function:sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "apigateway:GET", "apigateway:DELETE", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT" ], "Resource": [ "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/restapis" ], "Condition": { "Null": { "aws:ResourceTag/sagemaker:project-name": "false", "aws:ResourceTag/sagemaker:partner": "false" } } }, { "Effect": "Allow", "Action": [ "apigateway:POST", "apigateway:PUT" ], "Resource": [ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/tags/*" ], "Condition": { "Null": { "aws:ResourceTag/sagemaker:project-name": "false", "aws:ResourceTag/sagemaker:partner": "false" }, "ForAnyValue:StringEquals": { "aws:TagKeys": [ "sagemaker:project-name", "sagemaker:partner" ] } } }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::sagemaker-*/lambda-auth-code/layer.zip" ], "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } } ] }
AWS kebijakan terkelola: AmazonSageMakerPartnerServiceCatalogProductsLambdaService RolePolicy
Kebijakan ini digunakan oleh AWS Lambda dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
secretsmanager— Ambil data dari rahasia yang disediakan mitra untuk template mitra.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "secretsmanager:GetSecretValue", "Resource": "arn:aws:secretsmanager:*:*:secret:*", "Condition": { "Null": { "aws:ResourceTag/sagemaker:partner": false }, "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } } ] }
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsApiGatewayService RolePolicy
Kebijakan ini digunakan oleh Amazon API Gateway dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan ke peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
logs— Buat dan baca grup CloudWatch Log, aliran, dan acara; perbarui acara; jelaskan berbagai sumber daya.Izin ini terbatas pada sumber daya yang awalan grup lognya dimulai dengan “aws/apigateway/”.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DescribeResourcePolicies", "logs:DescribeDestinations", "logs:DescribeExportTasks", "logs:DescribeMetricFilters", "logs:DescribeQueries", "logs:DescribeQueryDefinitions", "logs:DescribeSubscriptionFilters", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/apigateway/*" } ] }
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsCloudformationServiceRole Kebijakan
Kebijakan ini digunakan oleh AWS CloudFormation dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
sagemaker— Izinkan akses ke berbagai sumber daya SageMaker AI tidak termasuk domain, profil pengguna, aplikasi, dan definisi aliran. -
iam— LulusAmazonSageMakerServiceCatalogProductsCodeBuildRoledanAmazonSageMakerServiceCatalogProductsExecutionRoleperan.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:AddAssociation", "sagemaker:AddTags", "sagemaker:AssociateTrialComponent", "sagemaker:BatchDescribeModelPackage", "sagemaker:BatchGetMetrics", "sagemaker:BatchGetRecord", "sagemaker:BatchPutMetrics", "sagemaker:CreateAction", "sagemaker:CreateAlgorithm", "sagemaker:CreateApp", "sagemaker:CreateAppImageConfig", "sagemaker:CreateArtifact", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCodeRepository", "sagemaker:CreateCompilationJob", "sagemaker:CreateContext", "sagemaker:CreateDataQualityJobDefinition", "sagemaker:CreateDeviceFleet", "sagemaker:CreateDomain", "sagemaker:CreateEdgePackagingJob", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateExperiment", "sagemaker:CreateFeatureGroup", "sagemaker:CreateFlowDefinition", "sagemaker:CreateHumanTaskUi", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateImage", "sagemaker:CreateImageVersion", "sagemaker:CreateInferenceRecommendationsJob", "sagemaker:CreateLabelingJob", "sagemaker:CreateLineageGroupPolicy", "sagemaker:CreateModel", "sagemaker:CreateModelBiasJobDefinition", "sagemaker:CreateModelExplainabilityJobDefinition", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreateModelQualityJobDefinition", "sagemaker:CreateMonitoringSchedule", "sagemaker:CreateNotebookInstance", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:CreatePipeline", "sagemaker:CreatePresignedDomainUrl", "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateProcessingJob", "sagemaker:CreateProject", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateTrial", "sagemaker:CreateTrialComponent", "sagemaker:CreateUserProfile", "sagemaker:CreateWorkforce", "sagemaker:CreateWorkteam", "sagemaker:DeleteAction", "sagemaker:DeleteAlgorithm", "sagemaker:DeleteApp", "sagemaker:DeleteAppImageConfig", "sagemaker:DeleteArtifact", "sagemaker:DeleteAssociation", "sagemaker:DeleteCodeRepository", "sagemaker:DeleteContext", "sagemaker:DeleteDataQualityJobDefinition", "sagemaker:DeleteDeviceFleet", "sagemaker:DeleteDomain", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteExperiment", "sagemaker:DeleteFeatureGroup", "sagemaker:DeleteFlowDefinition", "sagemaker:DeleteHumanLoop", "sagemaker:DeleteHumanTaskUi", "sagemaker:DeleteImage", "sagemaker:DeleteImageVersion", "sagemaker:DeleteLineageGroupPolicy", "sagemaker:DeleteModel", "sagemaker:DeleteModelBiasJobDefinition", "sagemaker:DeleteModelExplainabilityJobDefinition", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeleteModelPackageGroupPolicy", "sagemaker:DeleteModelQualityJobDefinition", "sagemaker:DeleteMonitoringSchedule", "sagemaker:DeleteNotebookInstance", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:DeletePipeline", "sagemaker:DeleteProject", "sagemaker:DeleteRecord", "sagemaker:DeleteTags", "sagemaker:DeleteTrial", "sagemaker:DeleteTrialComponent", "sagemaker:DeleteUserProfile", "sagemaker:DeleteWorkforce", "sagemaker:DeleteWorkteam", "sagemaker:DeregisterDevices", "sagemaker:DescribeAction", "sagemaker:DescribeAlgorithm", "sagemaker:DescribeApp", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeArtifact", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeContext", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DescribeDevice", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeDomain", "sagemaker:DescribeEdgePackagingJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeExperiment", "sagemaker:DescribeFeatureGroup", "sagemaker:DescribeFlowDefinition", "sagemaker:DescribeHumanLoop", "sagemaker:DescribeHumanTaskUi", "sagemaker:DescribeHyperParameterTuningJob", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeLabelingJob", "sagemaker:DescribeLineageGroup", "sagemaker:DescribeModel", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineDefinitionForExecution", "sagemaker:DescribePipelineExecution", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeProject", "sagemaker:DescribeSubscribedWorkteam", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:DescribeTrial", "sagemaker:DescribeTrialComponent", "sagemaker:DescribeUserProfile", "sagemaker:DescribeWorkforce", "sagemaker:DescribeWorkteam", "sagemaker:DisableSagemakerServicecatalogPortfolio", "sagemaker:DisassociateTrialComponent", "sagemaker:EnableSagemakerServicecatalogPortfolio", "sagemaker:GetDeviceFleetReport", "sagemaker:GetDeviceRegistration", "sagemaker:GetLineageGroupPolicy", "sagemaker:GetModelPackageGroupPolicy", "sagemaker:GetRecord", "sagemaker:GetSagemakerServicecatalogPortfolioStatus", "sagemaker:GetSearchSuggestions", "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointAsync", "sagemaker:ListActions", "sagemaker:ListAlgorithms", "sagemaker:ListAppImageConfigs", "sagemaker:ListApps", "sagemaker:ListArtifacts", "sagemaker:ListAssociations", "sagemaker:ListAutoMLJobs", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:ListCodeRepositories", "sagemaker:ListCompilationJobs", "sagemaker:ListContexts", "sagemaker:ListDataQualityJobDefinitions", "sagemaker:ListDeviceFleets", "sagemaker:ListDevices", "sagemaker:ListDomains", "sagemaker:ListEdgePackagingJobs", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListExperiments", "sagemaker:ListFeatureGroups", "sagemaker:ListFlowDefinitions", "sagemaker:ListHumanLoops", "sagemaker:ListHumanTaskUis", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListImageVersions", "sagemaker:ListImages", "sagemaker:ListInferenceRecommendationsJobs", "sagemaker:ListLabelingJobs", "sagemaker:ListLabelingJobsForWorkteam", "sagemaker:ListLineageGroups", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelExplainabilityJobDefinitions", "sagemaker:ListModelMetadata", "sagemaker:ListModelPackageGroups", "sagemaker:ListModelPackages", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringExecutions", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelineExecutionSteps", "sagemaker:ListPipelineExecutions", "sagemaker:ListPipelineParametersForExecution", "sagemaker:ListPipelines", "sagemaker:ListProcessingJobs", "sagemaker:ListProjects", "sagemaker:ListSubscribedWorkteams", "sagemaker:ListTags", "sagemaker:ListTrainingJobs", "sagemaker:ListTrainingJobsForHyperParameterTuningJob", "sagemaker:ListTransformJobs", "sagemaker:ListTrialComponents", "sagemaker:ListTrials", "sagemaker:ListUserProfiles", "sagemaker:ListWorkforces", "sagemaker:ListWorkteams", "sagemaker:PutLineageGroupPolicy", "sagemaker:PutModelPackageGroupPolicy", "sagemaker:PutRecord", "sagemaker:QueryLineage", "sagemaker:RegisterDevices", "sagemaker:RenderUiTemplate", "sagemaker:Search", "sagemaker:SendHeartbeat", "sagemaker:SendPipelineExecutionStepFailure", "sagemaker:SendPipelineExecutionStepSuccess", "sagemaker:StartHumanLoop", "sagemaker:StartMonitoringSchedule", "sagemaker:StartNotebookInstance", "sagemaker:StartPipelineExecution", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopEdgePackagingJob", "sagemaker:StopHumanLoop", "sagemaker:StopHyperParameterTuningJob", "sagemaker:StopInferenceRecommendationsJob", "sagemaker:StopLabelingJob", "sagemaker:StopMonitoringSchedule", "sagemaker:StopNotebookInstance", "sagemaker:StopPipelineExecution", "sagemaker:StopProcessingJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:UpdateAction", "sagemaker:UpdateAppImageConfig", "sagemaker:UpdateArtifact", "sagemaker:UpdateCodeRepository", "sagemaker:UpdateContext", "sagemaker:UpdateDeviceFleet", "sagemaker:UpdateDevices", "sagemaker:UpdateDomain", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateExperiment", "sagemaker:UpdateImage", "sagemaker:UpdateModelPackage", "sagemaker:UpdateMonitoringSchedule", "sagemaker:UpdateNotebookInstance", "sagemaker:UpdateNotebookInstanceLifecycleConfig", "sagemaker:UpdatePipeline", "sagemaker:UpdatePipelineExecution", "sagemaker:UpdateProject", "sagemaker:UpdateTrainingJob", "sagemaker:UpdateTrial", "sagemaker:UpdateTrialComponent", "sagemaker:UpdateUserProfile", "sagemaker:UpdateWorkforce", "sagemaker:UpdateWorkteam" ], "NotResource": [ "arn:aws:sagemaker:*:*:domain/*", "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:app/*", "arn:aws:sagemaker:*:*:flow-definition/*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodeBuildRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole" ] } ] }
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsCodeBuildService RolePolicy
Kebijakan ini digunakan oleh AWS CodeBuild dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
sagemaker— Izinkan akses ke berbagai sumber daya SageMaker AI. -
codecommit— Unggah CodeCommit arsip ke CodeBuild pipeline, dapatkan status unggah, dan batalkan unggahan; dapatkan informasi cabang dan komit. Izin ini terbatas pada sumber daya yang namanya dimulai dengan “sagemaker-”. -
ecr— Buat repositori Amazon ECR dan gambar kontainer; unggah lapisan gambar. Izin ini terbatas pada repositori yang namanya dimulai dengan “sagemaker-”.ecr— Baca semua sumber daya. -
iam— Lulus peran berikut:-
AmazonSageMakerServiceCatalogProductsCloudformationRoleke AWS CloudFormation. -
AmazonSageMakerServiceCatalogProductsCodeBuildRoleke AWS CodeBuild. -
AmazonSageMakerServiceCatalogProductsCodePipelineRoleke AWS CodePipeline. -
AmazonSageMakerServiceCatalogProductsEventsRoleke Amazon EventBridge. -
AmazonSageMakerServiceCatalogProductsExecutionRoleke Amazon SageMaker AI.
-
-
logs— Buat dan baca grup CloudWatch Log, aliran, dan acara; perbarui acara; jelaskan berbagai sumber daya.Izin ini terbatas pada sumber daya yang awalan namanya dimulai dengan “aws/codebuild/”.
-
s3— Buat, baca, dan daftar ember Amazon S3. Izin ini terbatas pada bucket yang namanya dimulai dengan “sagemaker-”. -
codestarconnections,codestar-connections- Penggunaan AWS CodeConnections dan AWS CodeStar koneksi.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonSageMakerCodeBuildCodeCommitPermission", "Effect": "Allow", "Action": [ "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetUploadArchiveStatus", "codecommit:UploadArchive" ], "Resource": "arn:aws:codecommit:*:*:sagemaker-*" }, { "Sid": "AmazonSageMakerCodeBuildECRReadPermission", "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:DescribeImageScanFindings", "ecr:DescribeRegistry", "ecr:DescribeImageReplicationStatus", "ecr:DescribeRepositories", "ecr:DescribeImageReplicationStatus", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer" ], "Resource": [ "*" ] }, { "Sid": "AmazonSageMakerCodeBuildECRWritePermission", "Effect": "Allow", "Action": [ "ecr:CompleteLayerUpload", "ecr:CreateRepository", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart" ], "Resource": [ "arn:aws:ecr:*:*:repository/sagemaker-*" ] }, { "Sid": "AmazonSageMakerCodeBuildPassRoletPermission", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsEventsRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodePipelineRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCloudformationRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodeBuildRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "events.amazonaws.com", "codepipeline.amazonaws.com", "cloudformation.amazonaws.com", "codebuild.amazonaws.com", "sagemaker.amazonaws.com" ] } } }, { "Sid": "AmazonSageMakerCodeBuildLogPermission", "Effect": "Allow", "Action": [ "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DescribeResourcePolicies", "logs:DescribeDestinations", "logs:DescribeExportTasks", "logs:DescribeMetricFilters", "logs:DescribeQueries", "logs:DescribeQueryDefinitions", "logs:DescribeSubscriptionFilters", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/*" }, { "Sid": "AmazonSageMakerCodeBuildS3Permission", "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:GetBucketAcl", "s3:GetBucketCors", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutBucketCors", "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ] }, { "Sid": "AmazonSageMakerCodeBuildSageMakerPermission", "Effect": "Allow", "Action": [ "sagemaker:AddAssociation", "sagemaker:AddTags", "sagemaker:AssociateTrialComponent", "sagemaker:BatchDescribeModelPackage", "sagemaker:BatchGetMetrics", "sagemaker:BatchGetRecord", "sagemaker:BatchPutMetrics", "sagemaker:CreateAction", "sagemaker:CreateAlgorithm", "sagemaker:CreateApp", "sagemaker:CreateAppImageConfig", "sagemaker:CreateArtifact", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCodeRepository", "sagemaker:CreateCompilationJob", "sagemaker:CreateContext", "sagemaker:CreateDataQualityJobDefinition", "sagemaker:CreateDeviceFleet", "sagemaker:CreateDomain", "sagemaker:CreateEdgePackagingJob", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateExperiment", "sagemaker:CreateFeatureGroup", "sagemaker:CreateFlowDefinition", "sagemaker:CreateHumanTaskUi", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateImage", "sagemaker:CreateImageVersion", "sagemaker:CreateInferenceRecommendationsJob", "sagemaker:CreateLabelingJob", "sagemaker:CreateLineageGroupPolicy", "sagemaker:CreateModel", "sagemaker:CreateModelBiasJobDefinition", "sagemaker:CreateModelExplainabilityJobDefinition", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreateModelQualityJobDefinition", "sagemaker:CreateMonitoringSchedule", "sagemaker:CreateNotebookInstance", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:CreatePipeline", "sagemaker:CreatePresignedDomainUrl", "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateProcessingJob", "sagemaker:CreateProject", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateTrial", "sagemaker:CreateTrialComponent", "sagemaker:CreateUserProfile", "sagemaker:CreateWorkforce", "sagemaker:CreateWorkteam", "sagemaker:DeleteAction", "sagemaker:DeleteAlgorithm", "sagemaker:DeleteApp", "sagemaker:DeleteAppImageConfig", "sagemaker:DeleteArtifact", "sagemaker:DeleteAssociation", "sagemaker:DeleteCodeRepository", "sagemaker:DeleteContext", "sagemaker:DeleteDataQualityJobDefinition", "sagemaker:DeleteDeviceFleet", "sagemaker:DeleteDomain", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteExperiment", "sagemaker:DeleteFeatureGroup", "sagemaker:DeleteFlowDefinition", "sagemaker:DeleteHumanLoop", "sagemaker:DeleteHumanTaskUi", "sagemaker:DeleteImage", "sagemaker:DeleteImageVersion", "sagemaker:DeleteLineageGroupPolicy", "sagemaker:DeleteModel", "sagemaker:DeleteModelBiasJobDefinition", "sagemaker:DeleteModelExplainabilityJobDefinition", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeleteModelPackageGroupPolicy", "sagemaker:DeleteModelQualityJobDefinition", "sagemaker:DeleteMonitoringSchedule", "sagemaker:DeleteNotebookInstance", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:DeletePipeline", "sagemaker:DeleteProject", "sagemaker:DeleteRecord", "sagemaker:DeleteTags", "sagemaker:DeleteTrial", "sagemaker:DeleteTrialComponent", "sagemaker:DeleteUserProfile", "sagemaker:DeleteWorkforce", "sagemaker:DeleteWorkteam", "sagemaker:DeregisterDevices", "sagemaker:DescribeAction", "sagemaker:DescribeAlgorithm", "sagemaker:DescribeApp", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeArtifact", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeContext", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DescribeDevice", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeDomain", "sagemaker:DescribeEdgePackagingJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeExperiment", "sagemaker:DescribeFeatureGroup", "sagemaker:DescribeFlowDefinition", "sagemaker:DescribeHumanLoop", "sagemaker:DescribeHumanTaskUi", "sagemaker:DescribeHyperParameterTuningJob", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeLabelingJob", "sagemaker:DescribeLineageGroup", "sagemaker:DescribeModel", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineDefinitionForExecution", "sagemaker:DescribePipelineExecution", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeProject", "sagemaker:DescribeSubscribedWorkteam", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:DescribeTrial", "sagemaker:DescribeTrialComponent", "sagemaker:DescribeUserProfile", "sagemaker:DescribeWorkforce", "sagemaker:DescribeWorkteam", "sagemaker:DisableSagemakerServicecatalogPortfolio", "sagemaker:DisassociateTrialComponent", "sagemaker:EnableSagemakerServicecatalogPortfolio", "sagemaker:GetDeviceFleetReport", "sagemaker:GetDeviceRegistration", "sagemaker:GetLineageGroupPolicy", "sagemaker:GetModelPackageGroupPolicy", "sagemaker:GetRecord", "sagemaker:GetSagemakerServicecatalogPortfolioStatus", "sagemaker:GetSearchSuggestions", "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointAsync", "sagemaker:ListActions", "sagemaker:ListAlgorithms", "sagemaker:ListAppImageConfigs", "sagemaker:ListApps", "sagemaker:ListArtifacts", "sagemaker:ListAssociations", "sagemaker:ListAutoMLJobs", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:ListCodeRepositories", "sagemaker:ListCompilationJobs", "sagemaker:ListContexts", "sagemaker:ListDataQualityJobDefinitions", "sagemaker:ListDeviceFleets", "sagemaker:ListDevices", "sagemaker:ListDomains", "sagemaker:ListEdgePackagingJobs", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListExperiments", "sagemaker:ListFeatureGroups", "sagemaker:ListFlowDefinitions", "sagemaker:ListHumanLoops", "sagemaker:ListHumanTaskUis", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListImageVersions", "sagemaker:ListImages", "sagemaker:ListInferenceRecommendationsJobs", "sagemaker:ListLabelingJobs", "sagemaker:ListLabelingJobsForWorkteam", "sagemaker:ListLineageGroups", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelExplainabilityJobDefinitions", "sagemaker:ListModelMetadata", "sagemaker:ListModelPackageGroups", "sagemaker:ListModelPackages", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringExecutions", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelineExecutionSteps", "sagemaker:ListPipelineExecutions", "sagemaker:ListPipelineParametersForExecution", "sagemaker:ListPipelines", "sagemaker:ListProcessingJobs", "sagemaker:ListProjects", "sagemaker:ListSubscribedWorkteams", "sagemaker:ListTags", "sagemaker:ListTrainingJobs", "sagemaker:ListTrainingJobsForHyperParameterTuningJob", "sagemaker:ListTransformJobs", "sagemaker:ListTrialComponents", "sagemaker:ListTrials", "sagemaker:ListUserProfiles", "sagemaker:ListWorkforces", "sagemaker:ListWorkteams", "sagemaker:PutLineageGroupPolicy", "sagemaker:PutModelPackageGroupPolicy", "sagemaker:PutRecord", "sagemaker:QueryLineage", "sagemaker:RegisterDevices", "sagemaker:RenderUiTemplate", "sagemaker:Search", "sagemaker:SendHeartbeat", "sagemaker:SendPipelineExecutionStepFailure", "sagemaker:SendPipelineExecutionStepSuccess", "sagemaker:StartHumanLoop", "sagemaker:StartMonitoringSchedule", "sagemaker:StartNotebookInstance", "sagemaker:StartPipelineExecution", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopEdgePackagingJob", "sagemaker:StopHumanLoop", "sagemaker:StopHyperParameterTuningJob", "sagemaker:StopInferenceRecommendationsJob", "sagemaker:StopLabelingJob", "sagemaker:StopMonitoringSchedule", "sagemaker:StopNotebookInstance", "sagemaker:StopPipelineExecution", "sagemaker:StopProcessingJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:UpdateAction", "sagemaker:UpdateAppImageConfig", "sagemaker:UpdateArtifact", "sagemaker:UpdateCodeRepository", "sagemaker:UpdateContext", "sagemaker:UpdateDeviceFleet", "sagemaker:UpdateDevices", "sagemaker:UpdateDomain", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateExperiment", "sagemaker:UpdateImage", "sagemaker:UpdateModelPackage", "sagemaker:UpdateMonitoringSchedule", "sagemaker:UpdateNotebookInstance", "sagemaker:UpdateNotebookInstanceLifecycleConfig", "sagemaker:UpdatePipeline", "sagemaker:UpdatePipelineExecution", "sagemaker:UpdateProject", "sagemaker:UpdateTrainingJob", "sagemaker:UpdateTrial", "sagemaker:UpdateTrialComponent", "sagemaker:UpdateUserProfile", "sagemaker:UpdateWorkforce", "sagemaker:UpdateWorkteam" ], "Resource": [ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*", "arn:aws:sagemaker:*:*:pipeline/*", "arn:aws:sagemaker:*:*:project/*", "arn:aws:sagemaker:*:*:model-package/*" ] }, { "Sid" : "AmazonSageMakerCodeBuildCodeStarConnectionPermission", "Effect": "Allow", "Action": [ "codestar-connections:UseConnection" ], "Resource": [ "arn:aws:codestar-connections:*:*:connection/*" ], "Condition": { "StringEqualsIgnoreCase": { "aws:ResourceTag/sagemaker": "true" } } }, { "Sid" : "AmazonSageMakerCodeBuildCodeConnectionPermission", "Effect": "Allow", "Action": [ "codeconnections:UseConnection" ], "Resource": [ "arn:aws:codeconnections:*:*:connection/*" ], "Condition": { "StringEqualsIgnoreCase": { "aws:ResourceTag/sagemaker": "true" } } } ] }
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsCodePipelineService RolePolicy
Kebijakan ini digunakan oleh AWS CodePipeline dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
cloudformation— Buat, baca, hapus, dan perbarui CloudFormation tumpukan; buat, baca, hapus, dan jalankan set perubahan; atur kebijakan tumpukan; tag dan hapus tag sumber daya. Izin ini terbatas pada sumber daya yang namanya dimulai dengan “sagemaker-”. -
s3— Buat, baca, daftar, dan hapus bucket Amazon S3; menambah, membaca, dan menghapus objek dari bucket; membaca dan mengatur konfigurasi CORS; baca daftar kontrol akses (ACL); dan baca Wilayah tempat AWS bucket berada.Izin ini terbatas pada ember yang namanya dimulai dengan “sagemaker-” atau “aws-glue-.
-
iam— LulusAmazonSageMakerServiceCatalogProductsCloudformationRoleperan. -
codebuild— Dapatkan informasi CodeBuild build dan mulai membangun. Izin ini terbatas pada proyek dan membangun sumber daya yang namanya dimulai dengan “sagemaker-”. -
codecommit— Unggah CodeCommit arsip ke CodeBuild pipeline, dapatkan status unggah, dan batalkan unggahan; dapatkan informasi cabang dan komit. -
codestarconnections,codestar-connections- Penggunaan AWS CodeConnections dan AWS CodeStar koneksi.
{ "Version": "2012-10-17", "Statement": [ { "Sid" : "AmazonSageMakerCodePipelineCFnPermission", "Effect": "Allow", "Action": [ "cloudformation:CreateChangeSet", "cloudformation:CreateStack", "cloudformation:DescribeChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", "cloudformation:SetStackPolicy", "cloudformation:UpdateStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/sagemaker-*" }, { "Sid" : "AmazonSageMakerCodePipelineCFnTagPermission", "Effect": "Allow", "Action": [ "cloudformation:TagResource", "cloudformation:UntagResource" ], "Resource": "arn:aws:cloudformation:*:*:stack/sagemaker-*" "Condition" : { "ForAnyValue:StringEquals": { "aws:TagKeys": [ "sagemaker:project-name" ] } }, { "Sid" : "AmazonSageMakerCodePipelineS3Permission", "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::sagemaker-*" ] }, { "Sid" : "AmazonSageMakerCodePipelinePassRolePermission", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCloudformationRole" ] }, { "Sid" : "AmazonSageMakerCodePipelineCodeBuildPermission", "Effect": "Allow", "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Resource": [ "arn:aws:codebuild:*:*:project/sagemaker-*", "arn:aws:codebuild:*:*:build/sagemaker-*" ] }, { "Sid" : "AmazonSageMakerCodePipelineCodeCommitPermission", "Effect": "Allow", "Action": [ "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetUploadArchiveStatus", "codecommit:UploadArchive" ], "Resource": "arn:aws:codecommit:*:*:sagemaker-*" }, { "Sid" : "AmazonSageMakerCodePipelineCodeStarConnectionPermission", "Effect": "Allow", "Action": [ "codestar-connections:UseConnection" ], "Resource": [ "arn:aws:codestar-connections:*:*:connection/*" ], "Condition": { "StringEqualsIgnoreCase": { "aws:ResourceTag/sagemaker": "true" } } }, { "Sid" : "AmazonSageMakerCodePipelineCodeConnectionPermission", "Effect": "Allow", "Action": [ "codeconnections:UseConnection" ], "Resource": [ "arn:aws:codeconnections:*:*:connection/*" ], "Condition": { "StringEqualsIgnoreCase": { "aws:ResourceTag/sagemaker": "true" } } } ] }
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsEventsServiceRole Kebijakan
Kebijakan ini digunakan oleh Amazon EventBridge dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
codepipeline— Mulai CodeBuild eksekusi. Izin ini terbatas pada saluran pipa yang namanya dimulai dengan “sagemaker-”.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "codepipeline:StartPipelineExecution", "Resource": "arn:aws:codepipeline:*:*:sagemaker-*" } ] }
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsFirehoseServiceRole Kebijakan
Kebijakan ini digunakan oleh Amazon Data Firehose dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon AI. SageMaker Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
firehose— Kirim catatan Firehose. Izin ini terbatas pada sumber daya yang nama aliran pengirimannya dimulai dengan “sagemaker-”.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "firehose:PutRecord", "firehose:PutRecordBatch" ], "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*" } ] }
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsGlueServiceRole Kebijakan
Kebijakan ini digunakan oleh AWS Glue dalam produk yang disediakan AWS Service Catalog dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
glue— Buat, baca, dan hapus AWS Glue partisi, tabel, dan versi tabel. Izin ini terbatas pada sumber daya yang namanya dimulai dengan “sagemaker-”. Buat dan baca database AWS Glue. Izin ini terbatas pada database yang namanya “default”, “global_temp”, atau dimulai dengan “sagemaker-”. Dapatkan fungsi yang ditentukan pengguna. -
s3— Buat, baca, daftar, dan hapus bucket Amazon S3; menambah, membaca, dan menghapus objek dari bucket; membaca dan mengatur konfigurasi CORS; baca daftar kontrol akses (ACL), dan baca Wilayah tempat AWS bucket berada.Izin ini terbatas pada ember yang namanya dimulai dengan “sagemaker-” atau “aws-glue-”.
-
logs— Buat, baca, dan hapus grup CloudWatch log log, aliran, dan pengiriman; dan buat kebijakan sumber daya.Izin ini terbatas pada sumber daya yang awalan namanya dimulai dengan “aws/glue/”.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "glue:BatchCreatePartition", "glue:BatchDeletePartition", "glue:BatchDeleteTable", "glue:BatchDeleteTableVersion", "glue:BatchGetPartition", "glue:CreateDatabase", "glue:CreatePartition", "glue:CreateTable", "glue:DeletePartition", "glue:DeleteTable", "glue:DeleteTableVersion", "glue:GetDatabase", "glue:GetPartition", "glue:GetPartitions", "glue:GetTable", "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions", "glue:SearchTables", "glue:UpdatePartition", "glue:UpdateTable", "glue:GetUserDefinedFunctions" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/default", "arn:aws:glue:*:*:database/global_temp", "arn:aws:glue:*:*:database/sagemaker-*", "arn:aws:glue:*:*:table/sagemaker-*", "arn:aws:glue:*:*:tableVersion/sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:GetBucketAcl", "s3:GetBucketCors", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutBucketCors" ], "Resource": [ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:Describe*", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/glue/*" } ] }
AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsLambdaServiceRole Kebijakan
Kebijakan ini digunakan oleh AWS Lambda dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRole
Detail izin
Kebijakan ini mencakup izin berikut.
-
sagemaker— Izinkan akses ke berbagai sumber daya SageMaker AI. -
ecr— Buat dan hapus repositori Amazon ECR; membuat, membaca, dan menghapus gambar kontainer; unggah lapisan gambar. Izin ini terbatas pada repositori yang namanya dimulai dengan “sagemaker-”. -
events— Buat, baca, dan hapus EventBridge aturan Amazon; dan buat dan hapus target. Izin ini terbatas pada aturan yang namanya dimulai dengan “sagemaker-”. -
s3— Buat, baca, daftar, dan hapus bucket Amazon S3; menambah, membaca, dan menghapus objek dari bucket; membaca dan mengatur konfigurasi CORS; baca daftar kontrol akses (ACL), dan baca Wilayah tempat AWS bucket berada.Izin ini terbatas pada ember yang namanya dimulai dengan “sagemaker-” atau “aws-glue-”.
-
iam— LulusAmazonSageMakerServiceCatalogProductsExecutionRoleperan. -
logs— Buat, baca, dan hapus grup CloudWatch log log, aliran, dan pengiriman; dan buat kebijakan sumber daya.Izin ini terbatas pada sumber daya yang awalan namanya dimulai dengan “aws/lambda/”.
-
codebuild— Mulai dan dapatkan informasi tentang AWS CodeBuild build.
{ "Version": "2012-10-17", "Statement": [ { "Sid" : "AmazonSageMakerLambdaECRPermission", "Effect": "Allow", "Action": [ "ecr:DescribeImages", "ecr:BatchDeleteImage", "ecr:CompleteLayerUpload", "ecr:CreateRepository", "ecr:DeleteRepository", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart" ], "Resource": [ "arn:aws:ecr:*:*:repository/sagemaker-*" ] }, { "Sid" : "AmazonSageMakerLambdaEventBridgePermission", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Resource": [ "arn:aws:events:*:*:rule/sagemaker-*" ] }, { "Sid" : "AmazonSageMakerLambdaS3BucketPermission", "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:GetBucketAcl", "s3:GetBucketCors", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutBucketCors" ], "Resource": [ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ] }, { "Sid" : "AmazonSageMakerLambdaS3ObjectPermission", "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ] }, { "Sid" : "AmazonSageMakerLambdaSageMakerPermission", "Effect": "Allow", "Action": [ "sagemaker:AddAssociation", "sagemaker:AddTags", "sagemaker:AssociateTrialComponent", "sagemaker:BatchDescribeModelPackage", "sagemaker:BatchGetMetrics", "sagemaker:BatchGetRecord", "sagemaker:BatchPutMetrics", "sagemaker:CreateAction", "sagemaker:CreateAlgorithm", "sagemaker:CreateApp", "sagemaker:CreateAppImageConfig", "sagemaker:CreateArtifact", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCodeRepository", "sagemaker:CreateCompilationJob", "sagemaker:CreateContext", "sagemaker:CreateDataQualityJobDefinition", "sagemaker:CreateDeviceFleet", "sagemaker:CreateDomain", "sagemaker:CreateEdgePackagingJob", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateExperiment", "sagemaker:CreateFeatureGroup", "sagemaker:CreateFlowDefinition", "sagemaker:CreateHumanTaskUi", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateImage", "sagemaker:CreateImageVersion", "sagemaker:CreateInferenceRecommendationsJob", "sagemaker:CreateLabelingJob", "sagemaker:CreateLineageGroupPolicy", "sagemaker:CreateModel", "sagemaker:CreateModelBiasJobDefinition", "sagemaker:CreateModelExplainabilityJobDefinition", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreateModelQualityJobDefinition", "sagemaker:CreateMonitoringSchedule", "sagemaker:CreateNotebookInstance", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:CreatePipeline", "sagemaker:CreatePresignedDomainUrl", "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateProcessingJob", "sagemaker:CreateProject", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateTrial", "sagemaker:CreateTrialComponent", "sagemaker:CreateUserProfile", "sagemaker:CreateWorkforce", "sagemaker:CreateWorkteam", "sagemaker:DeleteAction", "sagemaker:DeleteAlgorithm", "sagemaker:DeleteApp", "sagemaker:DeleteAppImageConfig", "sagemaker:DeleteArtifact", "sagemaker:DeleteAssociation", "sagemaker:DeleteCodeRepository", "sagemaker:DeleteContext", "sagemaker:DeleteDataQualityJobDefinition", "sagemaker:DeleteDeviceFleet", "sagemaker:DeleteDomain", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteExperiment", "sagemaker:DeleteFeatureGroup", "sagemaker:DeleteFlowDefinition", "sagemaker:DeleteHumanLoop", "sagemaker:DeleteHumanTaskUi", "sagemaker:DeleteImage", "sagemaker:DeleteImageVersion", "sagemaker:DeleteLineageGroupPolicy", "sagemaker:DeleteModel", "sagemaker:DeleteModelBiasJobDefinition", "sagemaker:DeleteModelExplainabilityJobDefinition", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeleteModelPackageGroupPolicy", "sagemaker:DeleteModelQualityJobDefinition", "sagemaker:DeleteMonitoringSchedule", "sagemaker:DeleteNotebookInstance", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:DeletePipeline", "sagemaker:DeleteProject", "sagemaker:DeleteRecord", "sagemaker:DeleteTags", "sagemaker:DeleteTrial", "sagemaker:DeleteTrialComponent", "sagemaker:DeleteUserProfile", "sagemaker:DeleteWorkforce", "sagemaker:DeleteWorkteam", "sagemaker:DeregisterDevices", "sagemaker:DescribeAction", "sagemaker:DescribeAlgorithm", "sagemaker:DescribeApp", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeArtifact", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeContext", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DescribeDevice", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeDomain", "sagemaker:DescribeEdgePackagingJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeExperiment", "sagemaker:DescribeFeatureGroup", "sagemaker:DescribeFlowDefinition", "sagemaker:DescribeHumanLoop", "sagemaker:DescribeHumanTaskUi", "sagemaker:DescribeHyperParameterTuningJob", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeLabelingJob", "sagemaker:DescribeLineageGroup", "sagemaker:DescribeModel", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineDefinitionForExecution", "sagemaker:DescribePipelineExecution", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeProject", "sagemaker:DescribeSubscribedWorkteam", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:DescribeTrial", "sagemaker:DescribeTrialComponent", "sagemaker:DescribeUserProfile", "sagemaker:DescribeWorkforce", "sagemaker:DescribeWorkteam", "sagemaker:DisableSagemakerServicecatalogPortfolio", "sagemaker:DisassociateTrialComponent", "sagemaker:EnableSagemakerServicecatalogPortfolio", "sagemaker:GetDeviceFleetReport", "sagemaker:GetDeviceRegistration", "sagemaker:GetLineageGroupPolicy", "sagemaker:GetModelPackageGroupPolicy", "sagemaker:GetRecord", "sagemaker:GetSagemakerServicecatalogPortfolioStatus", "sagemaker:GetSearchSuggestions", "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointAsync", "sagemaker:ListActions", "sagemaker:ListAlgorithms", "sagemaker:ListAppImageConfigs", "sagemaker:ListApps", "sagemaker:ListArtifacts", "sagemaker:ListAssociations", "sagemaker:ListAutoMLJobs", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:ListCodeRepositories", "sagemaker:ListCompilationJobs", "sagemaker:ListContexts", "sagemaker:ListDataQualityJobDefinitions", "sagemaker:ListDeviceFleets", "sagemaker:ListDevices", "sagemaker:ListDomains", "sagemaker:ListEdgePackagingJobs", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListExperiments", "sagemaker:ListFeatureGroups", "sagemaker:ListFlowDefinitions", "sagemaker:ListHumanLoops", "sagemaker:ListHumanTaskUis", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListImageVersions", "sagemaker:ListImages", "sagemaker:ListInferenceRecommendationsJobs", "sagemaker:ListLabelingJobs", "sagemaker:ListLabelingJobsForWorkteam", "sagemaker:ListLineageGroups", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelExplainabilityJobDefinitions", "sagemaker:ListModelMetadata", "sagemaker:ListModelPackageGroups", "sagemaker:ListModelPackages", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringExecutions", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelineExecutionSteps", "sagemaker:ListPipelineExecutions", "sagemaker:ListPipelineParametersForExecution", "sagemaker:ListPipelines", "sagemaker:ListProcessingJobs", "sagemaker:ListProjects", "sagemaker:ListSubscribedWorkteams", "sagemaker:ListTags", "sagemaker:ListTrainingJobs", "sagemaker:ListTrainingJobsForHyperParameterTuningJob", "sagemaker:ListTransformJobs", "sagemaker:ListTrialComponents", "sagemaker:ListTrials", "sagemaker:ListUserProfiles", "sagemaker:ListWorkforces", "sagemaker:ListWorkteams", "sagemaker:PutLineageGroupPolicy", "sagemaker:PutModelPackageGroupPolicy", "sagemaker:PutRecord", "sagemaker:QueryLineage", "sagemaker:RegisterDevices", "sagemaker:RenderUiTemplate", "sagemaker:Search", "sagemaker:SendHeartbeat", "sagemaker:SendPipelineExecutionStepFailure", "sagemaker:SendPipelineExecutionStepSuccess", "sagemaker:StartHumanLoop", "sagemaker:StartMonitoringSchedule", "sagemaker:StartNotebookInstance", "sagemaker:StartPipelineExecution", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopEdgePackagingJob", "sagemaker:StopHumanLoop", "sagemaker:StopHyperParameterTuningJob", "sagemaker:StopInferenceRecommendationsJob", "sagemaker:StopLabelingJob", "sagemaker:StopMonitoringSchedule", "sagemaker:StopNotebookInstance", "sagemaker:StopPipelineExecution", "sagemaker:StopProcessingJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:UpdateAction", "sagemaker:UpdateAppImageConfig", "sagemaker:UpdateArtifact", "sagemaker:UpdateCodeRepository", "sagemaker:UpdateContext", "sagemaker:UpdateDeviceFleet", "sagemaker:UpdateDevices", "sagemaker:UpdateDomain", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateExperiment", "sagemaker:UpdateImage", "sagemaker:UpdateModelPackage", "sagemaker:UpdateMonitoringSchedule", "sagemaker:UpdateNotebookInstance", "sagemaker:UpdateNotebookInstanceLifecycleConfig", "sagemaker:UpdatePipeline", "sagemaker:UpdatePipelineExecution", "sagemaker:UpdateProject", "sagemaker:UpdateTrainingJob", "sagemaker:UpdateTrial", "sagemaker:UpdateTrialComponent", "sagemaker:UpdateUserProfile", "sagemaker:UpdateWorkforce", "sagemaker:UpdateWorkteam" ], "Resource": [ "arn:aws:sagemaker:*:*:action/*", "arn:aws:sagemaker:*:*:algorithm/*", "arn:aws:sagemaker:*:*:app-image-config/*", "arn:aws:sagemaker:*:*:artifact/*", "arn:aws:sagemaker:*:*:automl-job/*", "arn:aws:sagemaker:*:*:code-repository/*", "arn:aws:sagemaker:*:*:compilation-job/*", "arn:aws:sagemaker:*:*:context/*", "arn:aws:sagemaker:*:*:data-quality-job-definition/*", "arn:aws:sagemaker:*:*:device-fleet/*/device/*", "arn:aws:sagemaker:*:*:device-fleet/*", "arn:aws:sagemaker:*:*:edge-packaging-job/*", "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:experiment/*", "arn:aws:sagemaker:*:*:experiment-trial/*", "arn:aws:sagemaker:*:*:experiment-trial-component/*", "arn:aws:sagemaker:*:*:feature-group/*", "arn:aws:sagemaker:*:*:human-loop/*", "arn:aws:sagemaker:*:*:human-task-ui/*", "arn:aws:sagemaker:*:*:hyper-parameter-tuning-job/*", "arn:aws:sagemaker:*:*:image/*", "arn:aws:sagemaker:*:*:image-version/*/*", "arn:aws:sagemaker:*:*:inference-recommendations-job/*", "arn:aws:sagemaker:*:*:labeling-job/*", "arn:aws:sagemaker:*:*:model/*", "arn:aws:sagemaker:*:*:model-bias-job-definition/*", "arn:aws:sagemaker:*:*:model-explainability-job-definition/*", "arn:aws:sagemaker:*:*:model-package/*", "arn:aws:sagemaker:*:*:model-package-group/*", "arn:aws:sagemaker:*:*:model-quality-job-definition/*", "arn:aws:sagemaker:*:*:monitoring-schedule/*", "arn:aws:sagemaker:*:*:notebook-instance/*", "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/*", "arn:aws:sagemaker:*:*:pipeline/*", "arn:aws:sagemaker:*:*:pipeline/*/execution/*", "arn:aws:sagemaker:*:*:processing-job/*", "arn:aws:sagemaker:*:*:project/*", "arn:aws:sagemaker:*:*:training-job/*", "arn:aws:sagemaker:*:*:transform-job/*", "arn:aws:sagemaker:*:*:workforce/*", "arn:aws:sagemaker:*:*:workteam/*" ] }, { "Sid" : "AmazonSageMakerLambdaPassRolePermission", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole" ] }, { "Sid" : "AmazonSageMakerLambdaLogPermission", "Effect": "Allow", "Action": [ "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DescribeResourcePolicies", "logs:DescribeDestinations", "logs:DescribeExportTasks", "logs:DescribeMetricFilters", "logs:DescribeQueries", "logs:DescribeQueryDefinitions", "logs:DescribeSubscriptionFilters", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*" }, { "Sid" : "AmazonSageMakerLambdaCodeBuildPermission", "Effect": "Allow", "Action": [ "codebuild:StartBuild", "codebuild:BatchGetBuilds" ], "Resource": "arn:aws:codebuild:*:*:project/sagemaker-*", "Condition": { "StringLike": { "aws:ResourceTag/sagemaker:project-name": "*" } } } ] }
Amazon SageMaker AI memperbarui kebijakan AWS terkelola AWS Service Catalog
Lihat detail tentang pembaruan kebijakan AWS terkelola untuk Amazon SageMaker AI sejak layanan ini mulai melacak perubahan ini.
| Kebijakan | Versi | Perubahan | Tanggal |
|---|---|---|---|
|
AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy- Kebijakan yang diperbarui |
9 |
Tambahkan |
Juli 1, 2024 |
AmazonSageMakerAdmin- ServiceCatalogProductsServiceRolePolicy - Kebijakan yang diperbarui |
7 |
Kembalikan kebijakan ke versi 7 (v7). Hapus |
12 Juni 2024 |
AmazonSageMakerAdmin- ServiceCatalogProductsServiceRolePolicy - Kebijakan yang diperbarui |
8 |
Tambahkan |
Juni 11, 2024 |
|
AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy- Kebijakan yang diperbarui |
2 |
Tambahkan |
Juni 11, 2024 |
|
AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy- Kebijakan yang diperbarui |
2 |
Tambahkan |
Juni 11, 2024 |
|
AmazonSageMakerServiceCatalogProductsLambdaServiceRoleKebijakan- Kebijakan yang diperbarui |
2 |
Tambahkan |
Juni 11, 2024 |
|
AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy |
1 | Kebijakan awal |
1 Agustus 2023 |
|
AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy |
1 | Kebijakan awal |
1 Agustus 2023 |
|
AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy |
1 | Kebijakan awal |
1 Agustus 2023 |
|
AmazonSageMakerServiceCatalogProductsGlueServiceRoleKebijakan- Kebijakan yang diperbarui |
2 |
Tambahkan izin untuk |
26 Agustus 2022 |
AmazonSageMakerAdmin- ServiceCatalogProductsServiceRolePolicy - Kebijakan yang diperbarui |
7 |
Tambahkan izin untuk |
2 Agustus 2022 |
| AmazonSageMakerAdmin- ServiceCatalogProductsServiceRolePolicy - Kebijakan yang diperbarui | 6 |
Tambahkan izin untuk |
14 Juli 2022 |
AmazonSageMakerServiceCatalogProductsLambdaServiceRoleKebijakan |
1 |
Kebijakan awal |
4 April 2022 |
|
AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy |
1 |
Kebijakan awal |
24 Maret 2022 |
|
AmazonSageMakerServiceCatalogProductsCloudformationServiceRoleKebijakan |
1 |
Kebijakan awal |
24 Maret 2022 |
AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy |
1 |
Kebijakan awal |
24 Maret 2022 |
| AmazonSageMakerAdmin- ServiceCatalogProductsServiceRolePolicy - Kebijakan yang diperbarui | 5 |
Tambahkan izin untuk |
Maret 21, 2022 |
AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy |
1 |
Kebijakan awal |
Februari 22, 2022 |
|
AmazonSageMakerServiceCatalogProductsEventsServiceRoleKebijakan |
1 |
Kebijakan awal |
Februari 22, 2022 |
|
AmazonSageMakerServiceCatalogProductsFirehoseServiceRoleKebijakan |
1 |
Kebijakan awal |
Februari 22, 2022 |
| AmazonSageMakerServiceCatalogProductsGlueServiceRoleKebijakan | 1 |
Kebijakan awal |
Februari 22, 2022 |
| AmazonSageMakerAdmin- ServiceCatalogProductsServiceRolePolicy - Kebijakan yang diperbarui | 4 |
Tambahkan izin untuk |
16 Februari 2022 |
| AmazonSageMakerAdmin- ServiceCatalogProductsServiceRolePolicy - Kebijakan yang diperbarui | 3 |
Tambahkan izin baru untuk Buat, baca, perbarui, dan hapus SageMaker Gambar. |
15 September 2021 |
| AmazonSageMakerAdmin- ServiceCatalogProductsServiceRolePolicy - Kebijakan yang diperbarui | 2 |
Tambahkan izin untuk Buat, baca, perbarui, dan hapus repositori kode. Lewati AWS CodeStar koneksi ke AWS CodePipeline. |
1 Juli 2021 |
| AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy | 1 | Kebijakan awal |
27 November 2020 |
