AWS Kebijakan Terkelola untuk SageMaker Proyek dan JumpStart - Amazon SageMaker AI
AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicyAmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicyAmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicyAmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicyAmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicyKebijakan AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicyAmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicyKebijakan Kebijakan Kebijakan Kebijakan AWS Pembaruan kebijakan Service Catalog

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

AWS Kebijakan Terkelola untuk SageMaker Proyek dan JumpStart

Kebijakan AWS terkelola ini menambahkan izin untuk menggunakan templat dan JumpStart solusi proyek Amazon SageMaker AI bawaan. Kebijakan tersedia di AWS akun Anda dan digunakan oleh peran eksekusi yang dibuat dari konsol SageMaker AI.

SageMaker Memproyeksikan dan JumpStart menggunakan AWS Service Catalog untuk menyediakan AWS sumber daya di akun pelanggan. Beberapa sumber daya yang dibuat perlu mengambil peran eksekusi. Misalnya, jika AWS Service Catalog membuat CodePipeline pipeline atas nama pelanggan untuk CI/CD proyek pembelajaran mesin SageMaker AI, maka pipeline tersebut memerlukan peran IAM.

AmazonSageMakerServiceCatalogProductsLaunchRolePeran tersebut memiliki izin yang diperlukan untuk meluncurkan portofolio SageMaker AI produk dari AWS Service Catalog. AmazonSageMakerServiceCatalogProductsUseRolePeran tersebut memiliki izin yang diperlukan untuk menggunakan portofolio SageMaker AI produk dari AWS Service Catalog. AmazonSageMakerServiceCatalogProductsLaunchRolePeran meneruskan AmazonSageMakerServiceCatalogProductsUseRole peran ke sumber daya produk AWS Service Catalog yang disediakan.

Kebijakan terkelola AWS :

Kebijakan peran layanan ini digunakan oleh AWS Service Catalog layanan untuk menyediakan produk dari portofolio Amazon SageMaker AI. Kebijakan ini memberikan izin ke serangkaian AWS layanan terkait termasuk AWS CodePipeline,,, AWS CodeCommit AWS Glue AWS CodeBuild AWS CloudFormation, dan lainnya.

AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicyKebijakan ini dimaksudkan untuk digunakan oleh AmazonSageMakerServiceCatalogProductsLaunchRole peran yang dibuat dari konsol SageMaker AI. Kebijakan ini menambahkan izin untuk menyediakan AWS sumber daya untuk SageMaker Projects dan JumpStart menggunakan Service Catalog ke akun pelanggan.

Detail izin

Kebijakan ini mencakup izin berikut.

  • apigateway— Memungkinkan peran untuk memanggil titik akhir API Gateway yang ditandai dengan. sagemaker:launch-source

  • cloudformation— Memungkinkan AWS Service Catalog untuk membuat, memperbarui, dan menghapus CloudFormation tumpukan. Juga memungkinkan Service Catalog untuk menandai dan menghapus tag sumber daya.

  • codebuild— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat, memperbarui, dan menghapus CodeBuild proyek.

  • codecommit— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat, memperbarui, dan menghapus CodeCommit repositori.

  • codepipeline— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat, memperbarui, dan menghapus CodePipelines.

  • codestarconnections, codestar-connections — Juga memungkinkan peran untuk lulus AWS CodeConnections dan AWS CodeStar koneksi.

  • cognito-idp— Mengizinkan peran untuk membuat, memperbarui, dan menghapus grup dan kolam pengguna. Juga memungkinkan penandaan sumber daya.

  • ecr— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat dan menghapus repositori Amazon ECR. Juga memungkinkan penandaan sumber daya.

  • events— Memungkinkan peran yang diasumsikan oleh AWS Service Catalog dan diteruskan CloudFormation untuk membuat dan menghapus EventBridge aturan. Digunakan untuk mengikat berbagai komponen pipa CICD.

  • firehose— Memungkinkan peran untuk berinteraksi dengan aliran Firehose.

  • glue— Memungkinkan peran untuk berinteraksi dengan AWS Glue.

  • iam— Memungkinkan peran untuk melewati peran yang ditambahkan. AmazonSageMakerServiceCatalog Ini diperlukan ketika Proyek menyediakan AWS Service Catalog produk, sebagai peran perlu diteruskan AWS Service Catalog.

  • lambda— Memungkinkan peran untuk berinteraksi dengan AWS Lambda. Juga memungkinkan penandaan sumber daya.

  • logs— Memungkinkan peran untuk membuat, menghapus, dan mengakses aliran log.

  • s3— Memungkinkan peran yang diambil oleh AWS Service Catalog dan diteruskan CloudFormation untuk mengakses bucket Amazon S3 tempat kode template Project disimpan.

  • sagemaker— Memungkinkan peran untuk berinteraksi dengan berbagai layanan SageMaker AI. Ini dilakukan baik CloudFormation selama penyediaan template, maupun CodeBuild selama eksekusi pipeline CICD. Juga memungkinkan penandaan sumber daya berikut: titik akhir, konfigurasi titik akhir, model, saluran pipa, proyek, dan paket model.

  • states— Memungkinkan peran untuk membuat, menghapus, dan memperbarui Step Functions yang ditambahkan. sagemaker

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AmazonSageMakerServiceCatalogAPIGatewayPermission",
      "Effect": "Allow",
      "Action": [
        "apigateway:GET",
        "apigateway:POST",
        "apigateway:PUT",
        "apigateway:PATCH",
        "apigateway:DELETE"
      ],
      "Resource": "*",
      "Condition": {
        "StringLike": {
          "aws:ResourceTag/sagemaker:launch-source": "*"
        }
      }
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogAPIGatewayPostPermission",
      "Effect": "Allow",
      "Action": [
        "apigateway:POST"
      ],
      "Resource": "*",
      "Condition": {
        "ForAnyValue:StringLike": {
          "aws:TagKeys": [
            "sagemaker:launch-source"
          ]
        }
      }
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogAPIGatewayPatchPermission",
      "Effect": "Allow",
      "Action": [
        "apigateway:PATCH"
      ],
      "Resource": [
        "arn:aws:apigateway:*::/account"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCFnMutatePermission",
      "Effect": "Allow",
      "Action": [
        "cloudformation:CreateStack",
        "cloudformation:UpdateStack",
        "cloudformation:DeleteStack"
      ],
      "Resource": "arn:aws:cloudformation:*:*:stack/SC-*",
      "Condition": {
        "ArnLikeIfExists": {
          "cloudformation:RoleArn": [
            "arn:aws:sts::*:assumed-role/AmazonSageMakerServiceCatalog*"
          ]
        }
      }
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCFnTagPermission",
      "Effect": "Allow",
      "Action": [
        "cloudformation:TagResource",
        "cloudformation:UntagResource"
      ],
      "Resource": "arn:aws:cloudformation:*:*:stack/SC-*",
      "Condition" : {
        "Null": {
          "aws:ResourceTag/sagemaker:project-name": "false"
        }
      }
    },

    {
      "Sid": "AmazonSageMakerServiceCatalogCFnReadPermission",
      "Effect": "Allow",
      "Action": [
        "cloudformation:DescribeStackEvents",
        "cloudformation:DescribeStacks"
      ],
      "Resource": "arn:aws:cloudformation:*:*:stack/SC-*"
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCFnTemplatePermission",
      "Effect": "Allow",
      "Action": [
        "cloudformation:GetTemplateSummary",
        "cloudformation:ValidateTemplate"
      ],
      "Resource": "*"
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCodeBuildPermission",
      "Effect": "Allow",
      "Action": [
        "codebuild:CreateProject",
        "codebuild:DeleteProject",
        "codebuild:UpdateProject"
      ],
      "Resource": [
        "arn:aws:codebuild:*:*:project/sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCodeCommitPermission",
      "Effect": "Allow",
      "Action": [
        "codecommit:CreateCommit",
        "codecommit:CreateRepository",
        "codecommit:DeleteRepository",
        "codecommit:GetRepository",
        "codecommit:TagResource"
      ],
      "Resource": [
        "arn:aws:codecommit:*:*:sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCodeCommitListPermission",
      "Effect": "Allow",
      "Action": [
        "codecommit:ListRepositories"
      ],
      "Resource": "*"
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCodePipelinePermission",
      "Effect": "Allow",
      "Action": [
        "codepipeline:CreatePipeline",
        "codepipeline:DeletePipeline",
        "codepipeline:GetPipeline",
        "codepipeline:GetPipelineState",
        "codepipeline:StartPipelineExecution",
        "codepipeline:TagResource",
        "codepipeline:UpdatePipeline"
      ],
      "Resource": [
        "arn:aws:codepipeline:*:*:sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCIAMUserPermission",
      "Effect": "Allow",
      "Action": [
        "cognito-idp:CreateUserPool",
        "cognito-idp:TagResource"
      ],
      "Resource": "*",
      "Condition": {
        "ForAnyValue:StringLike": {
          "aws:TagKeys": [
            "sagemaker:launch-source"
          ]
        }
      }
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCIAMPermission",
      "Effect": "Allow",
      "Action": [
        "cognito-idp:CreateGroup",
        "cognito-idp:CreateUserPoolDomain",
        "cognito-idp:CreateUserPoolClient",
        "cognito-idp:DeleteGroup",
        "cognito-idp:DeleteUserPool",
        "cognito-idp:DeleteUserPoolClient",
        "cognito-idp:DeleteUserPoolDomain",
        "cognito-idp:DescribeUserPool",
        "cognito-idp:DescribeUserPoolClient",
        "cognito-idp:UpdateUserPool",
        "cognito-idp:UpdateUserPoolClient"
      ],
      "Resource": "*",
      "Condition": {
        "StringLike": {
          "aws:ResourceTag/sagemaker:launch-source": "*"
        }
      }
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogECRPermission",
      "Effect": "Allow",
      "Action": [
        "ecr:CreateRepository",
        "ecr:DeleteRepository",
        "ecr:TagResource"
      ],
      "Resource": [
        "arn:aws:ecr:*:*:repository/sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogEventBridgePermission",
      "Effect": "Allow",
      "Action": [
        "events:DescribeRule",
        "events:DeleteRule",
        "events:DisableRule",
        "events:EnableRule",
        "events:PutRule",
        "events:PutTargets",
        "events:RemoveTargets"
      ],
      "Resource": [
        "arn:aws:events:*:*:rule/sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogFirehosePermission",
      "Effect": "Allow",
      "Action": [
        "firehose:CreateDeliveryStream",
        "firehose:DeleteDeliveryStream",
        "firehose:DescribeDeliveryStream",
        "firehose:StartDeliveryStreamEncryption",
        "firehose:StopDeliveryStreamEncryption",
        "firehose:UpdateDestination"
      ],
      "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*"
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogGluePermission",
      "Effect": "Allow",
      "Action": [
        "glue:CreateDatabase",
        "glue:DeleteDatabase"
      ],
      "Resource": [
        "arn:aws:glue:*:*:catalog",
        "arn:aws:glue:*:*:database/sagemaker-*",
        "arn:aws:glue:*:*:table/sagemaker-*",
        "arn:aws:glue:*:*:userDefinedFunction/sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogGlueClassiferPermission",
      "Effect": "Allow",
      "Action": [
        "glue:CreateClassifier",
        "glue:DeleteClassifier",
        "glue:DeleteCrawler",
        "glue:DeleteJob",
        "glue:DeleteTrigger",
        "glue:DeleteWorkflow",
        "glue:StopCrawler"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogGlueWorkflowPermission",
      "Effect": "Allow",
      "Action": [
        "glue:CreateWorkflow"
      ],
      "Resource": [
        "arn:aws:glue:*:*:workflow/sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogGlueJobPermission",
      "Effect": "Allow",
      "Action": [
        "glue:CreateJob"
      ],
      "Resource": [
        "arn:aws:glue:*:*:job/sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogGlueCrawlerPermission",
      "Effect": "Allow",
      "Action": [
        "glue:CreateCrawler",
        "glue:GetCrawler"
      ],
      "Resource": [
        "arn:aws:glue:*:*:crawler/sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogGlueTriggerPermission",
      "Effect": "Allow",
      "Action": [
        "glue:CreateTrigger",
        "glue:GetTrigger"
      ],
      "Resource": [
        "arn:aws:glue:*:*:trigger/sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogPassRolePermission",
      "Effect": "Allow",
      "Action": [
        "iam:PassRole"
      ],
      "Resource": [
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalog*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogLambdaPermission",
      "Effect": "Allow",
      "Action": [
        "lambda:AddPermission",
        "lambda:CreateFunction",
        "lambda:DeleteFunction",
        "lambda:GetFunction",
        "lambda:GetFunctionConfiguration",
        "lambda:InvokeFunction",
        "lambda:RemovePermission"
      ],
      "Resource": [
        "arn:aws:lambda:*:*:function:sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogLambdaTagPermission",
      "Effect": "Allow",
      "Action": "lambda:TagResource",
      "Resource": [
        "arn:aws:lambda:*:*:function:sagemaker-*"
      ],
      "Condition": {
        "ForAllValues:StringLike": {
          "aws:TagKeys": [
            "sagemaker:*"
          ]
        }
      }
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogLogGroupPermission",
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:DeleteLogGroup",
        "logs:DeleteLogStream",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:PutRetentionPolicy"
      ],
      "Resource": [
        "arn:aws:logs:*:*:log-group:/aws/apigateway/AccessLogs/*",
        "arn:aws:logs:*:*:log-group::log-stream:*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogS3ReadPermission",
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "s3:ExistingObjectTag/servicecatalog:provisioning": "true"
        }
      }
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogS3ReadSagemakerResourcePermission",
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": [
        "arn:aws:s3:::sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogS3MutatePermission",
      "Effect": "Allow",
      "Action": [
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:DeleteBucketPolicy",
        "s3:GetBucketPolicy",
        "s3:PutBucketAcl",
        "s3:PutBucketNotification",
        "s3:PutBucketPolicy",
        "s3:PutBucketPublicAccessBlock",
        "s3:PutBucketLogging",
        "s3:PutEncryptionConfiguration",
        "s3:PutBucketCORS",
        "s3:PutBucketTagging",
        "s3:PutObjectTagging"
      ],
      "Resource": "arn:aws:s3:::sagemaker-*"
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogSageMakerPermission",
      "Effect": "Allow",
      "Action": [
        "sagemaker:CreateEndpoint",
        "sagemaker:CreateEndpointConfig",
        "sagemaker:CreateModel",
        "sagemaker:CreateWorkteam",
        "sagemaker:DeleteEndpoint",
        "sagemaker:DeleteEndpointConfig",
        "sagemaker:DeleteModel",
        "sagemaker:DeleteWorkteam",
        "sagemaker:DescribeModel",
        "sagemaker:DescribeEndpointConfig",
        "sagemaker:DescribeEndpoint",
        "sagemaker:DescribeWorkteam",
        "sagemaker:CreateCodeRepository",
        "sagemaker:DescribeCodeRepository",
        "sagemaker:UpdateCodeRepository",
        "sagemaker:DeleteCodeRepository"
      ],
      "Resource": [
        "arn:aws:sagemaker:*:*:*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogSageMakerTagPermission",
      "Effect": "Allow",
      "Action": [
        "sagemaker:AddTags"
      ],
      "Resource": [
        "arn:aws:sagemaker:*:*:endpoint/*",
        "arn:aws:sagemaker:*:*:endpoint-config/*",
        "arn:aws:sagemaker:*:*:model/*",
        "arn:aws:sagemaker:*:*:pipeline/*",
        "arn:aws:sagemaker:*:*:project/*",
        "arn:aws:sagemaker:*:*:model-package/*"
      ],
      "Condition": {
        "ForAllValues:StringLike": {
          "aws:TagKeys": [
            "sagemaker:*"
          ]
        }
      }
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogSageMakerImagePermission",
      "Effect": "Allow",
      "Action": [
        "sagemaker:CreateImage",
        "sagemaker:DeleteImage",
        "sagemaker:DescribeImage",
        "sagemaker:UpdateImage",
        "sagemaker:ListTags"
      ],
      "Resource": [
        "arn:aws:sagemaker:*:*:image/*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogStepFunctionPermission",
      "Effect": "Allow",
      "Action": [
        "states:CreateStateMachine",
        "states:DeleteStateMachine",
        "states:UpdateStateMachine"
      ],
      "Resource": [
        "arn:aws:states:*:*:stateMachine:sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCodeStarPermission",
      "Effect": "Allow",
      "Action": "codestar-connections:PassConnection",
      "Resource": "arn:aws:codestar-connections:*:*:connection/*",
      "Condition": {
        "StringEquals": {
          "codestar-connections:PassedToService": "codepipeline.amazonaws.com"
        }
      }
    },
    {
      "Sid": "AmazonSageMakerServiceCatalogCodeConnectionPermission",
      "Effect": "Allow",
      "Action": "codeconnections:PassConnection",
      "Resource": "arn:aws:codeconnections:*:*:connection/*",
      "Condition": {
        "StringEquals": {
          "codeconnections:PassedToService": "codepipeline.amazonaws.com"
        }
      }
    },
  ]
}
Tampilkan lebih banyakTampilkan lebih sedikit

Kebijakan terkelola AWS : AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy

Kebijakan ini digunakan oleh Amazon API Gateway dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan ke peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh API Gateway yang memerlukan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • lambda— Memanggil fungsi yang dibuat oleh template mitra.

  • sagemaker— Memanggil titik akhir yang dibuat oleh template mitra.

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:*:*:function:sagemaker-*",
      "Condition": {
        "Null": {
          "aws:ResourceTag/sagemaker:project-name": "false",
          "aws:ResourceTag/sagemaker:partner": "false"
        },
        "StringEquals": {
          "aws:ResourceAccount": "${aws:PrincipalAccount}"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "sagemaker:InvokeEndpoint",
      "Resource": "arn:aws:sagemaker:*:*:endpoint/*",
      "Condition": {
        "Null": {
          "aws:ResourceTag/sagemaker:project-name": "false",
          "aws:ResourceTag/sagemaker:partner": "false"
        },
        "StringEquals": {
          "aws:ResourceAccount": "${aws:PrincipalAccount}"
        }
      }
    }
  ]
}

Kebijakan terkelola AWS : AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy

Kebijakan ini digunakan oleh AWS CloudFormation dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh AWS CloudFormation yang memerlukan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • iam— Lulus AmazonSageMakerServiceCatalogProductsLambdaRole dan AmazonSageMakerServiceCatalogProductsApiGatewayRole peran.

  • lambda— Buat, perbarui, hapus, dan panggil AWS Lambda fungsi; mengambil, menerbitkan, dan menghapus versi lapisan Lambda.

  • apigateway— Buat, perbarui, dan hapus sumber daya Amazon API Gateway.

  • s3— Ambil lambda-auth-code/layer.zip file dari bucket Amazon Simple Storage Service (Amazon S3).

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iam:PassRole"
      ],
      "Resource": [
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsLambdaRole"
      ],
      "Condition": {
        "StringEquals": {
          "iam:PassedToService": "lambda.amazonaws.com"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "iam:PassRole"
      ],
      "Resource": [
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsApiGatewayRole"
      ],
      "Condition": {
        "StringEquals": {
          "iam:PassedToService": "apigateway.amazonaws.com"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "lambda:DeleteFunction",
        "lambda:UpdateFunctionCode",
        "lambda:ListTags",
        "lambda:InvokeFunction"
      ],
      "Resource": [
        "arn:aws:lambda:*:*:function:sagemaker-*"
      ],
      "Condition": {
        "Null": {
          "aws:ResourceTag/sagemaker:project-name": "false",
          "aws:ResourceTag/sagemaker:partner": "false"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "lambda:CreateFunction",
        "lambda:TagResource"
      ],
      "Resource": [
        "arn:aws:lambda:*:*:function:sagemaker-*"
      ],
      "Condition": {
        "Null": {
          "aws:ResourceTag/sagemaker:project-name": "false",
          "aws:ResourceTag/sagemaker:partner": "false"
        },
        "ForAnyValue:StringEquals": {
          "aws:TagKeys": [
            "sagemaker:project-name",
            "sagemaker:partner"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "lambda:PublishLayerVersion",
        "lambda:GetLayerVersion",
        "lambda:DeleteLayerVersion",
        "lambda:GetFunction"
      ],
      "Resource": [
        "arn:aws:lambda:*:*:layer:sagemaker-*",
        "arn:aws:lambda:*:*:function:sagemaker-*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "apigateway:GET",
        "apigateway:DELETE",
        "apigateway:PATCH",
        "apigateway:POST",
        "apigateway:PUT"
      ],
      "Resource": [
        "arn:aws:apigateway:*::/restapis/*",
        "arn:aws:apigateway:*::/restapis"
      ],
      "Condition": {
        "Null": {
          "aws:ResourceTag/sagemaker:project-name": "false",
          "aws:ResourceTag/sagemaker:partner": "false"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "apigateway:POST",
        "apigateway:PUT"
      ],
      "Resource": [
        "arn:aws:apigateway:*::/restapis",
        "arn:aws:apigateway:*::/tags/*"
      ],
      "Condition": {
        "Null": {
          "aws:ResourceTag/sagemaker:project-name": "false",
          "aws:ResourceTag/sagemaker:partner": "false"
        },
        "ForAnyValue:StringEquals": {
          "aws:TagKeys": [
            "sagemaker:project-name",
            "sagemaker:partner"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::sagemaker-*/lambda-auth-code/layer.zip"
      ],
      "Condition": {
        "StringEquals": {
          "aws:ResourceAccount": "${aws:PrincipalAccount}"
        }
      }
    }
  ]
}
Tampilkan lebih banyakTampilkan lebih sedikit

Kebijakan terkelola AWS : AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy

Kebijakan ini digunakan oleh AWS Lambda dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh Lambda yang membutuhkan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • secretsmanager— Ambil data dari rahasia yang disediakan mitra untuk template mitra.

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "secretsmanager:GetSecretValue",
      "Resource": "arn:aws:secretsmanager:*:*:secret:*",
      "Condition": {
        "Null": {
          "aws:ResourceTag/sagemaker:partner": false
        },
        "StringEquals": {
          "aws:ResourceAccount": "${aws:PrincipalAccount}"
        }
      }
    }
  ]
}
Tampilkan lebih banyakTampilkan lebih sedikit

Kebijakan terkelola AWS : AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy

Kebijakan ini digunakan oleh Amazon API Gateway dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan ke peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh API Gateway yang memerlukan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • logs— Buat dan baca grup CloudWatch Log, aliran, dan acara; perbarui acara; jelaskan berbagai sumber daya.

    Izin ini terbatas pada sumber daya yang awalan grup lognya dimulai dengan “aws/apigateway/”.

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogDelivery",
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:DeleteLogDelivery",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:DescribeResourcePolicies",
        "logs:DescribeDestinations",
        "logs:DescribeExportTasks",
        "logs:DescribeMetricFilters",
        "logs:DescribeQueries",
        "logs:DescribeQueryDefinitions",
        "logs:DescribeSubscriptionFilters",
        "logs:GetLogDelivery",
        "logs:GetLogEvents",
        "logs:PutLogEvents",
        "logs:PutResourcePolicy",
        "logs:UpdateLogDelivery"
      ],
      "Resource": "arn:aws:logs:*:*:log-group:/aws/apigateway/*"
    }
  ]
}

AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsCloudformationServiceRole Kebijakan

Kebijakan ini digunakan oleh AWS CloudFormation dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh AWS CloudFormation yang memerlukan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • sagemaker— Izinkan akses ke berbagai sumber daya SageMaker AI tidak termasuk domain, profil pengguna, aplikasi, dan definisi aliran.

  • iam— Lulus AmazonSageMakerServiceCatalogProductsCodeBuildRole dan AmazonSageMakerServiceCatalogProductsExecutionRole peran.

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "sagemaker:AddAssociation",
        "sagemaker:AddTags",
        "sagemaker:AssociateTrialComponent",
        "sagemaker:BatchDescribeModelPackage",
        "sagemaker:BatchGetMetrics",
        "sagemaker:BatchGetRecord",
        "sagemaker:BatchPutMetrics",
        "sagemaker:CreateAction",
        "sagemaker:CreateAlgorithm",
        "sagemaker:CreateApp",
        "sagemaker:CreateAppImageConfig",
        "sagemaker:CreateArtifact",
        "sagemaker:CreateAutoMLJob",
        "sagemaker:CreateCodeRepository",
        "sagemaker:CreateCompilationJob",
        "sagemaker:CreateContext",
        "sagemaker:CreateDataQualityJobDefinition",
        "sagemaker:CreateDeviceFleet",
        "sagemaker:CreateDomain",
        "sagemaker:CreateEdgePackagingJob",
        "sagemaker:CreateEndpoint",
        "sagemaker:CreateEndpointConfig",
        "sagemaker:CreateExperiment",
        "sagemaker:CreateFeatureGroup",
        "sagemaker:CreateFlowDefinition",
        "sagemaker:CreateHumanTaskUi",
        "sagemaker:CreateHyperParameterTuningJob",
        "sagemaker:CreateImage",
        "sagemaker:CreateImageVersion",
        "sagemaker:CreateInferenceRecommendationsJob",
        "sagemaker:CreateLabelingJob",
        "sagemaker:CreateLineageGroupPolicy",
        "sagemaker:CreateModel",
        "sagemaker:CreateModelBiasJobDefinition",
        "sagemaker:CreateModelExplainabilityJobDefinition",
        "sagemaker:CreateModelPackage",
        "sagemaker:CreateModelPackageGroup",
        "sagemaker:CreateModelQualityJobDefinition",
        "sagemaker:CreateMonitoringSchedule",
        "sagemaker:CreateNotebookInstance",
        "sagemaker:CreateNotebookInstanceLifecycleConfig",
        "sagemaker:CreatePipeline",
        "sagemaker:CreatePresignedDomainUrl",
        "sagemaker:CreatePresignedNotebookInstanceUrl",
        "sagemaker:CreateProcessingJob",
        "sagemaker:CreateProject",
        "sagemaker:CreateTrainingJob",
        "sagemaker:CreateTransformJob",
        "sagemaker:CreateTrial",
        "sagemaker:CreateTrialComponent",
        "sagemaker:CreateUserProfile",
        "sagemaker:CreateWorkforce",
        "sagemaker:CreateWorkteam",
        "sagemaker:DeleteAction",
        "sagemaker:DeleteAlgorithm",
        "sagemaker:DeleteApp",
        "sagemaker:DeleteAppImageConfig",
        "sagemaker:DeleteArtifact",
        "sagemaker:DeleteAssociation",
        "sagemaker:DeleteCodeRepository",
        "sagemaker:DeleteContext",
        "sagemaker:DeleteDataQualityJobDefinition",
        "sagemaker:DeleteDeviceFleet",
        "sagemaker:DeleteDomain",
        "sagemaker:DeleteEndpoint",
        "sagemaker:DeleteEndpointConfig",
        "sagemaker:DeleteExperiment",
        "sagemaker:DeleteFeatureGroup",
        "sagemaker:DeleteFlowDefinition",
        "sagemaker:DeleteHumanLoop",
        "sagemaker:DeleteHumanTaskUi",
        "sagemaker:DeleteImage",
        "sagemaker:DeleteImageVersion",
        "sagemaker:DeleteLineageGroupPolicy",
        "sagemaker:DeleteModel",
        "sagemaker:DeleteModelBiasJobDefinition",
        "sagemaker:DeleteModelExplainabilityJobDefinition",
        "sagemaker:DeleteModelPackage",
        "sagemaker:DeleteModelPackageGroup",
        "sagemaker:DeleteModelPackageGroupPolicy",
        "sagemaker:DeleteModelQualityJobDefinition",
        "sagemaker:DeleteMonitoringSchedule",
        "sagemaker:DeleteNotebookInstance",
        "sagemaker:DeleteNotebookInstanceLifecycleConfig",
        "sagemaker:DeletePipeline",
        "sagemaker:DeleteProject",
        "sagemaker:DeleteRecord",
        "sagemaker:DeleteTags",
        "sagemaker:DeleteTrial",
        "sagemaker:DeleteTrialComponent",
        "sagemaker:DeleteUserProfile",
        "sagemaker:DeleteWorkforce",
        "sagemaker:DeleteWorkteam",
        "sagemaker:DeregisterDevices",
        "sagemaker:DescribeAction",
        "sagemaker:DescribeAlgorithm",
        "sagemaker:DescribeApp",
        "sagemaker:DescribeAppImageConfig",
        "sagemaker:DescribeArtifact",
        "sagemaker:DescribeAutoMLJob",
        "sagemaker:DescribeCodeRepository",
        "sagemaker:DescribeCompilationJob",
        "sagemaker:DescribeContext",
        "sagemaker:DescribeDataQualityJobDefinition",
        "sagemaker:DescribeDevice",
        "sagemaker:DescribeDeviceFleet",
        "sagemaker:DescribeDomain",
        "sagemaker:DescribeEdgePackagingJob",
        "sagemaker:DescribeEndpoint",
        "sagemaker:DescribeEndpointConfig",
        "sagemaker:DescribeExperiment",
        "sagemaker:DescribeFeatureGroup",
        "sagemaker:DescribeFlowDefinition",
        "sagemaker:DescribeHumanLoop",
        "sagemaker:DescribeHumanTaskUi",
        "sagemaker:DescribeHyperParameterTuningJob",
        "sagemaker:DescribeImage",
        "sagemaker:DescribeImageVersion",
        "sagemaker:DescribeInferenceRecommendationsJob",
        "sagemaker:DescribeLabelingJob",
        "sagemaker:DescribeLineageGroup",
        "sagemaker:DescribeModel",
        "sagemaker:DescribeModelBiasJobDefinition",
        "sagemaker:DescribeModelExplainabilityJobDefinition",
        "sagemaker:DescribeModelPackage",
        "sagemaker:DescribeModelPackageGroup",
        "sagemaker:DescribeModelQualityJobDefinition",
        "sagemaker:DescribeMonitoringSchedule",
        "sagemaker:DescribeNotebookInstance",
        "sagemaker:DescribeNotebookInstanceLifecycleConfig",
        "sagemaker:DescribePipeline",
        "sagemaker:DescribePipelineDefinitionForExecution",
        "sagemaker:DescribePipelineExecution",
        "sagemaker:DescribeProcessingJob",
        "sagemaker:DescribeProject",
        "sagemaker:DescribeSubscribedWorkteam",
        "sagemaker:DescribeTrainingJob",
        "sagemaker:DescribeTransformJob",
        "sagemaker:DescribeTrial",
        "sagemaker:DescribeTrialComponent",
        "sagemaker:DescribeUserProfile",
        "sagemaker:DescribeWorkforce",
        "sagemaker:DescribeWorkteam",
        "sagemaker:DisableSagemakerServicecatalogPortfolio",
        "sagemaker:DisassociateTrialComponent",
        "sagemaker:EnableSagemakerServicecatalogPortfolio",
        "sagemaker:GetDeviceFleetReport",
        "sagemaker:GetDeviceRegistration",
        "sagemaker:GetLineageGroupPolicy",
        "sagemaker:GetModelPackageGroupPolicy",
        "sagemaker:GetRecord",
        "sagemaker:GetSagemakerServicecatalogPortfolioStatus",
        "sagemaker:GetSearchSuggestions",
        "sagemaker:InvokeEndpoint",
        "sagemaker:InvokeEndpointAsync",
        "sagemaker:ListActions",
        "sagemaker:ListAlgorithms",
        "sagemaker:ListAppImageConfigs",
        "sagemaker:ListApps",
        "sagemaker:ListArtifacts",
        "sagemaker:ListAssociations",
        "sagemaker:ListAutoMLJobs",
        "sagemaker:ListCandidatesForAutoMLJob",
        "sagemaker:ListCodeRepositories",
        "sagemaker:ListCompilationJobs",
        "sagemaker:ListContexts",
        "sagemaker:ListDataQualityJobDefinitions",
        "sagemaker:ListDeviceFleets",
        "sagemaker:ListDevices",
        "sagemaker:ListDomains",
        "sagemaker:ListEdgePackagingJobs",
        "sagemaker:ListEndpointConfigs",
        "sagemaker:ListEndpoints",
        "sagemaker:ListExperiments",
        "sagemaker:ListFeatureGroups",
        "sagemaker:ListFlowDefinitions",
        "sagemaker:ListHumanLoops",
        "sagemaker:ListHumanTaskUis",
        "sagemaker:ListHyperParameterTuningJobs",
        "sagemaker:ListImageVersions",
        "sagemaker:ListImages",
        "sagemaker:ListInferenceRecommendationsJobs",
        "sagemaker:ListLabelingJobs",
        "sagemaker:ListLabelingJobsForWorkteam",
        "sagemaker:ListLineageGroups",
        "sagemaker:ListModelBiasJobDefinitions",
        "sagemaker:ListModelExplainabilityJobDefinitions",
        "sagemaker:ListModelMetadata",
        "sagemaker:ListModelPackageGroups",
        "sagemaker:ListModelPackages",
        "sagemaker:ListModelQualityJobDefinitions",
        "sagemaker:ListModels",
        "sagemaker:ListMonitoringExecutions",
        "sagemaker:ListMonitoringSchedules",
        "sagemaker:ListNotebookInstanceLifecycleConfigs",
        "sagemaker:ListNotebookInstances",
        "sagemaker:ListPipelineExecutionSteps",
        "sagemaker:ListPipelineExecutions",
        "sagemaker:ListPipelineParametersForExecution",
        "sagemaker:ListPipelines",
        "sagemaker:ListProcessingJobs",
        "sagemaker:ListProjects",
        "sagemaker:ListSubscribedWorkteams",
        "sagemaker:ListTags",
        "sagemaker:ListTrainingJobs",
        "sagemaker:ListTrainingJobsForHyperParameterTuningJob",
        "sagemaker:ListTransformJobs",
        "sagemaker:ListTrialComponents",
        "sagemaker:ListTrials",
        "sagemaker:ListUserProfiles",
        "sagemaker:ListWorkforces",
        "sagemaker:ListWorkteams",
        "sagemaker:PutLineageGroupPolicy",
        "sagemaker:PutModelPackageGroupPolicy",
        "sagemaker:PutRecord",
        "sagemaker:QueryLineage",
        "sagemaker:RegisterDevices",
        "sagemaker:RenderUiTemplate",
        "sagemaker:Search",
        "sagemaker:SendHeartbeat",
        "sagemaker:SendPipelineExecutionStepFailure",
        "sagemaker:SendPipelineExecutionStepSuccess",
        "sagemaker:StartHumanLoop",
        "sagemaker:StartMonitoringSchedule",
        "sagemaker:StartNotebookInstance",
        "sagemaker:StartPipelineExecution",
        "sagemaker:StopAutoMLJob",
        "sagemaker:StopCompilationJob",
        "sagemaker:StopEdgePackagingJob",
        "sagemaker:StopHumanLoop",
        "sagemaker:StopHyperParameterTuningJob",
        "sagemaker:StopInferenceRecommendationsJob",
        "sagemaker:StopLabelingJob",
        "sagemaker:StopMonitoringSchedule",
        "sagemaker:StopNotebookInstance",
        "sagemaker:StopPipelineExecution",
        "sagemaker:StopProcessingJob",
        "sagemaker:StopTrainingJob",
        "sagemaker:StopTransformJob",
        "sagemaker:UpdateAction",
        "sagemaker:UpdateAppImageConfig",
        "sagemaker:UpdateArtifact",
        "sagemaker:UpdateCodeRepository",
        "sagemaker:UpdateContext",
        "sagemaker:UpdateDeviceFleet",
        "sagemaker:UpdateDevices",
        "sagemaker:UpdateDomain",
        "sagemaker:UpdateEndpoint",
        "sagemaker:UpdateEndpointWeightsAndCapacities",
        "sagemaker:UpdateExperiment",
        "sagemaker:UpdateImage",
        "sagemaker:UpdateModelPackage",
        "sagemaker:UpdateMonitoringSchedule",
        "sagemaker:UpdateNotebookInstance",
        "sagemaker:UpdateNotebookInstanceLifecycleConfig",
        "sagemaker:UpdatePipeline",
        "sagemaker:UpdatePipelineExecution",
        "sagemaker:UpdateProject",
        "sagemaker:UpdateTrainingJob",
        "sagemaker:UpdateTrial",
        "sagemaker:UpdateTrialComponent",
        "sagemaker:UpdateUserProfile",
        "sagemaker:UpdateWorkforce",
        "sagemaker:UpdateWorkteam"
      ],
      "NotResource": [
        "arn:aws:sagemaker:*:*:domain/*",
        "arn:aws:sagemaker:*:*:user-profile/*",
        "arn:aws:sagemaker:*:*:app/*",
        "arn:aws:sagemaker:*:*:flow-definition/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iam:PassRole"
      ],
      "Resource": [
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodeBuildRole",
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole"
      ]
    }
  ]
}
Tampilkan lebih banyakTampilkan lebih sedikit

Kebijakan terkelola AWS : AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy

Kebijakan ini digunakan oleh AWS CodeBuild dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh CodeBuild yang memerlukan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • sagemaker— Izinkan akses ke berbagai sumber daya SageMaker AI.

  • codecommit— Unggah CodeCommit arsip ke CodeBuild pipeline, dapatkan status unggah, dan batalkan unggahan; dapatkan informasi cabang dan komit. Izin ini terbatas pada sumber daya yang namanya dimulai dengan “sagemaker-”.

  • ecr— Buat repositori Amazon ECR dan gambar kontainer; unggah lapisan gambar. Izin ini terbatas pada repositori yang namanya dimulai dengan “sagemaker-”.

    ecr— Baca semua sumber daya.

  • iam— Lulus peran berikut:

    • AmazonSageMakerServiceCatalogProductsCloudformationRole untuk AWS CloudFormation

    • AmazonSageMakerServiceCatalogProductsCodeBuildRole untuk AWS CodeBuild

    • AmazonSageMakerServiceCatalogProductsCodePipelineRole untuk AWS CodePipeline

    • AmazonSageMakerServiceCatalogProductsEventsRoleke Amazon EventBridge.

    • AmazonSageMakerServiceCatalogProductsExecutionRoleke Amazon SageMaker AI.

  • logs— Buat dan baca grup CloudWatch Log, aliran, dan acara; perbarui acara; jelaskan berbagai sumber daya.

    Izin ini terbatas pada sumber daya yang awalan namanya dimulai dengan “aws/codebuild/”.

  • s3— Membuat, membaca, dan membuat daftar bucket Amazon S3. Izin ini terbatas pada bucket yang namanya dimulai dengan “sagemaker-”.

  • codestarconnections, codestar-connections - Penggunaan AWS CodeConnections dan AWS CodeStar koneksi.

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AmazonSageMakerCodeBuildCodeCommitPermission",
      "Effect": "Allow",
      "Action": [
        "codecommit:CancelUploadArchive",
        "codecommit:GetBranch",
        "codecommit:GetCommit",
        "codecommit:GetUploadArchiveStatus",
        "codecommit:UploadArchive"
      ],
      "Resource": "arn:aws:codecommit:*:*:sagemaker-*"
    },
    {
      "Sid": "AmazonSageMakerCodeBuildECRReadPermission",
      "Effect": "Allow",
      "Action": [
        "ecr:BatchCheckLayerAvailability",
        "ecr:BatchGetImage",
        "ecr:DescribeImageScanFindings",
        "ecr:DescribeRegistry",
        "ecr:DescribeImageReplicationStatus",
        "ecr:DescribeRepositories",
        "ecr:DescribeImageReplicationStatus",
        "ecr:GetAuthorizationToken",
        "ecr:GetDownloadUrlForLayer"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "AmazonSageMakerCodeBuildECRWritePermission",
      "Effect": "Allow",
      "Action": [
        "ecr:CompleteLayerUpload",
        "ecr:CreateRepository",
        "ecr:InitiateLayerUpload",
        "ecr:PutImage",
        "ecr:UploadLayerPart"
      ],
      "Resource": [
        "arn:aws:ecr:*:*:repository/sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerCodeBuildPassRoletPermission",
      "Effect": "Allow",
      "Action": [
        "iam:PassRole"
      ],
      "Resource": [
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsEventsRole",
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodePipelineRole",
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCloudformationRole",
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodeBuildRole",
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole"
      ],
      "Condition": {
        "StringEquals": {
          "iam:PassedToService": [
            "events.amazonaws.com",
            "codepipeline.amazonaws.com",
            "cloudformation.amazonaws.com",
            "codebuild.amazonaws.com",
            "sagemaker.amazonaws.com"
          ]
        }
      }
    },
    {
      "Sid": "AmazonSageMakerCodeBuildLogPermission",
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogDelivery",
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:DeleteLogDelivery",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:DescribeResourcePolicies",
        "logs:DescribeDestinations",
        "logs:DescribeExportTasks",
        "logs:DescribeMetricFilters",
        "logs:DescribeQueries",
        "logs:DescribeQueryDefinitions",
        "logs:DescribeSubscriptionFilters",
        "logs:GetLogDelivery",
        "logs:GetLogEvents",
        "logs:ListLogDeliveries",
        "logs:PutLogEvents",
        "logs:PutResourcePolicy",
        "logs:UpdateLogDelivery"
      ],
      "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/*"
    },
    {
      "Sid": "AmazonSageMakerCodeBuildS3Permission",
      "Effect": "Allow",
      "Action": [
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:GetBucketAcl",
        "s3:GetBucketCors",
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:PutBucketCors",
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::aws-glue-*",
        "arn:aws:s3:::sagemaker-*"
      ]
    },
    {
      "Sid": "AmazonSageMakerCodeBuildSageMakerPermission",
      "Effect": "Allow",
      "Action": [
        "sagemaker:AddAssociation",
        "sagemaker:AddTags",
        "sagemaker:AssociateTrialComponent",
        "sagemaker:BatchDescribeModelPackage",
        "sagemaker:BatchGetMetrics",
        "sagemaker:BatchGetRecord",
        "sagemaker:BatchPutMetrics",
        "sagemaker:CreateAction",
        "sagemaker:CreateAlgorithm",
        "sagemaker:CreateApp",
        "sagemaker:CreateAppImageConfig",
        "sagemaker:CreateArtifact",
        "sagemaker:CreateAutoMLJob",
        "sagemaker:CreateCodeRepository",
        "sagemaker:CreateCompilationJob",
        "sagemaker:CreateContext",
        "sagemaker:CreateDataQualityJobDefinition",
        "sagemaker:CreateDeviceFleet",
        "sagemaker:CreateDomain",
        "sagemaker:CreateEdgePackagingJob",
        "sagemaker:CreateEndpoint",
        "sagemaker:CreateEndpointConfig",
        "sagemaker:CreateExperiment",
        "sagemaker:CreateFeatureGroup",
        "sagemaker:CreateFlowDefinition",
        "sagemaker:CreateHumanTaskUi",
        "sagemaker:CreateHyperParameterTuningJob",
        "sagemaker:CreateImage",
        "sagemaker:CreateImageVersion",
        "sagemaker:CreateInferenceRecommendationsJob",
        "sagemaker:CreateLabelingJob",
        "sagemaker:CreateLineageGroupPolicy",
        "sagemaker:CreateModel",
        "sagemaker:CreateModelBiasJobDefinition",
        "sagemaker:CreateModelExplainabilityJobDefinition",
        "sagemaker:CreateModelPackage",
        "sagemaker:CreateModelPackageGroup",
        "sagemaker:CreateModelQualityJobDefinition",
        "sagemaker:CreateMonitoringSchedule",
        "sagemaker:CreateNotebookInstance",
        "sagemaker:CreateNotebookInstanceLifecycleConfig",
        "sagemaker:CreatePipeline",
        "sagemaker:CreatePresignedDomainUrl",
        "sagemaker:CreatePresignedNotebookInstanceUrl",
        "sagemaker:CreateProcessingJob",
        "sagemaker:CreateProject",
        "sagemaker:CreateTrainingJob",
        "sagemaker:CreateTransformJob",
        "sagemaker:CreateTrial",
        "sagemaker:CreateTrialComponent",
        "sagemaker:CreateUserProfile",
        "sagemaker:CreateWorkforce",
        "sagemaker:CreateWorkteam",
        "sagemaker:DeleteAction",
        "sagemaker:DeleteAlgorithm",
        "sagemaker:DeleteApp",
        "sagemaker:DeleteAppImageConfig",
        "sagemaker:DeleteArtifact",
        "sagemaker:DeleteAssociation",
        "sagemaker:DeleteCodeRepository",
        "sagemaker:DeleteContext",
        "sagemaker:DeleteDataQualityJobDefinition",
        "sagemaker:DeleteDeviceFleet",
        "sagemaker:DeleteDomain",
        "sagemaker:DeleteEndpoint",
        "sagemaker:DeleteEndpointConfig",
        "sagemaker:DeleteExperiment",
        "sagemaker:DeleteFeatureGroup",
        "sagemaker:DeleteFlowDefinition",
        "sagemaker:DeleteHumanLoop",
        "sagemaker:DeleteHumanTaskUi",
        "sagemaker:DeleteImage",
        "sagemaker:DeleteImageVersion",
        "sagemaker:DeleteLineageGroupPolicy",
        "sagemaker:DeleteModel",
        "sagemaker:DeleteModelBiasJobDefinition",
        "sagemaker:DeleteModelExplainabilityJobDefinition",
        "sagemaker:DeleteModelPackage",
        "sagemaker:DeleteModelPackageGroup",
        "sagemaker:DeleteModelPackageGroupPolicy",
        "sagemaker:DeleteModelQualityJobDefinition",
        "sagemaker:DeleteMonitoringSchedule",
        "sagemaker:DeleteNotebookInstance",
        "sagemaker:DeleteNotebookInstanceLifecycleConfig",
        "sagemaker:DeletePipeline",
        "sagemaker:DeleteProject",
        "sagemaker:DeleteRecord",
        "sagemaker:DeleteTags",
        "sagemaker:DeleteTrial",
        "sagemaker:DeleteTrialComponent",
        "sagemaker:DeleteUserProfile",
        "sagemaker:DeleteWorkforce",
        "sagemaker:DeleteWorkteam",
        "sagemaker:DeregisterDevices",
        "sagemaker:DescribeAction",
        "sagemaker:DescribeAlgorithm",
        "sagemaker:DescribeApp",
        "sagemaker:DescribeAppImageConfig",
        "sagemaker:DescribeArtifact",
        "sagemaker:DescribeAutoMLJob",
        "sagemaker:DescribeCodeRepository",
        "sagemaker:DescribeCompilationJob",
        "sagemaker:DescribeContext",
        "sagemaker:DescribeDataQualityJobDefinition",
        "sagemaker:DescribeDevice",
        "sagemaker:DescribeDeviceFleet",
        "sagemaker:DescribeDomain",
        "sagemaker:DescribeEdgePackagingJob",
        "sagemaker:DescribeEndpoint",
        "sagemaker:DescribeEndpointConfig",
        "sagemaker:DescribeExperiment",
        "sagemaker:DescribeFeatureGroup",
        "sagemaker:DescribeFlowDefinition",
        "sagemaker:DescribeHumanLoop",
        "sagemaker:DescribeHumanTaskUi",
        "sagemaker:DescribeHyperParameterTuningJob",
        "sagemaker:DescribeImage",
        "sagemaker:DescribeImageVersion",
        "sagemaker:DescribeInferenceRecommendationsJob",
        "sagemaker:DescribeLabelingJob",
        "sagemaker:DescribeLineageGroup",
        "sagemaker:DescribeModel",
        "sagemaker:DescribeModelBiasJobDefinition",
        "sagemaker:DescribeModelExplainabilityJobDefinition",
        "sagemaker:DescribeModelPackage",
        "sagemaker:DescribeModelPackageGroup",
        "sagemaker:DescribeModelQualityJobDefinition",
        "sagemaker:DescribeMonitoringSchedule",
        "sagemaker:DescribeNotebookInstance",
        "sagemaker:DescribeNotebookInstanceLifecycleConfig",
        "sagemaker:DescribePipeline",
        "sagemaker:DescribePipelineDefinitionForExecution",
        "sagemaker:DescribePipelineExecution",
        "sagemaker:DescribeProcessingJob",
        "sagemaker:DescribeProject",
        "sagemaker:DescribeSubscribedWorkteam",
        "sagemaker:DescribeTrainingJob",
        "sagemaker:DescribeTransformJob",
        "sagemaker:DescribeTrial",
        "sagemaker:DescribeTrialComponent",
        "sagemaker:DescribeUserProfile",
        "sagemaker:DescribeWorkforce",
        "sagemaker:DescribeWorkteam",
        "sagemaker:DisableSagemakerServicecatalogPortfolio",
        "sagemaker:DisassociateTrialComponent",
        "sagemaker:EnableSagemakerServicecatalogPortfolio",
        "sagemaker:GetDeviceFleetReport",
        "sagemaker:GetDeviceRegistration",
        "sagemaker:GetLineageGroupPolicy",
        "sagemaker:GetModelPackageGroupPolicy",
        "sagemaker:GetRecord",
        "sagemaker:GetSagemakerServicecatalogPortfolioStatus",
        "sagemaker:GetSearchSuggestions",
        "sagemaker:InvokeEndpoint",
        "sagemaker:InvokeEndpointAsync",
        "sagemaker:ListActions",
        "sagemaker:ListAlgorithms",
        "sagemaker:ListAppImageConfigs",
        "sagemaker:ListApps",
        "sagemaker:ListArtifacts",
        "sagemaker:ListAssociations",
        "sagemaker:ListAutoMLJobs",
        "sagemaker:ListCandidatesForAutoMLJob",
        "sagemaker:ListCodeRepositories",
        "sagemaker:ListCompilationJobs",
        "sagemaker:ListContexts",
        "sagemaker:ListDataQualityJobDefinitions",
        "sagemaker:ListDeviceFleets",
        "sagemaker:ListDevices",
        "sagemaker:ListDomains",
        "sagemaker:ListEdgePackagingJobs",
        "sagemaker:ListEndpointConfigs",
        "sagemaker:ListEndpoints",
        "sagemaker:ListExperiments",
        "sagemaker:ListFeatureGroups",
        "sagemaker:ListFlowDefinitions",
        "sagemaker:ListHumanLoops",
        "sagemaker:ListHumanTaskUis",
        "sagemaker:ListHyperParameterTuningJobs",
        "sagemaker:ListImageVersions",
        "sagemaker:ListImages",
        "sagemaker:ListInferenceRecommendationsJobs",
        "sagemaker:ListLabelingJobs",
        "sagemaker:ListLabelingJobsForWorkteam",
        "sagemaker:ListLineageGroups",
        "sagemaker:ListModelBiasJobDefinitions",
        "sagemaker:ListModelExplainabilityJobDefinitions",
        "sagemaker:ListModelMetadata",
        "sagemaker:ListModelPackageGroups",
        "sagemaker:ListModelPackages",
        "sagemaker:ListModelQualityJobDefinitions",
        "sagemaker:ListModels",
        "sagemaker:ListMonitoringExecutions",
        "sagemaker:ListMonitoringSchedules",
        "sagemaker:ListNotebookInstanceLifecycleConfigs",
        "sagemaker:ListNotebookInstances",
        "sagemaker:ListPipelineExecutionSteps",
        "sagemaker:ListPipelineExecutions",
        "sagemaker:ListPipelineParametersForExecution",
        "sagemaker:ListPipelines",
        "sagemaker:ListProcessingJobs",
        "sagemaker:ListProjects",
        "sagemaker:ListSubscribedWorkteams",
        "sagemaker:ListTags",
        "sagemaker:ListTrainingJobs",
        "sagemaker:ListTrainingJobsForHyperParameterTuningJob",
        "sagemaker:ListTransformJobs",
        "sagemaker:ListTrialComponents",
        "sagemaker:ListTrials",
        "sagemaker:ListUserProfiles",
        "sagemaker:ListWorkforces",
        "sagemaker:ListWorkteams",
        "sagemaker:PutLineageGroupPolicy",
        "sagemaker:PutModelPackageGroupPolicy",
        "sagemaker:PutRecord",
        "sagemaker:QueryLineage",
        "sagemaker:RegisterDevices",
        "sagemaker:RenderUiTemplate",
        "sagemaker:Search",
        "sagemaker:SendHeartbeat",
        "sagemaker:SendPipelineExecutionStepFailure",
        "sagemaker:SendPipelineExecutionStepSuccess",
        "sagemaker:StartHumanLoop",
        "sagemaker:StartMonitoringSchedule",
        "sagemaker:StartNotebookInstance",
        "sagemaker:StartPipelineExecution",
        "sagemaker:StopAutoMLJob",
        "sagemaker:StopCompilationJob",
        "sagemaker:StopEdgePackagingJob",
        "sagemaker:StopHumanLoop",
        "sagemaker:StopHyperParameterTuningJob",
        "sagemaker:StopInferenceRecommendationsJob",
        "sagemaker:StopLabelingJob",
        "sagemaker:StopMonitoringSchedule",
        "sagemaker:StopNotebookInstance",
        "sagemaker:StopPipelineExecution",
        "sagemaker:StopProcessingJob",
        "sagemaker:StopTrainingJob",
        "sagemaker:StopTransformJob",
        "sagemaker:UpdateAction",
        "sagemaker:UpdateAppImageConfig",
        "sagemaker:UpdateArtifact",
        "sagemaker:UpdateCodeRepository",
        "sagemaker:UpdateContext",
        "sagemaker:UpdateDeviceFleet",
        "sagemaker:UpdateDevices",
        "sagemaker:UpdateDomain",
        "sagemaker:UpdateEndpoint",
        "sagemaker:UpdateEndpointWeightsAndCapacities",
        "sagemaker:UpdateExperiment",
        "sagemaker:UpdateImage",
        "sagemaker:UpdateModelPackage",
        "sagemaker:UpdateMonitoringSchedule",
        "sagemaker:UpdateNotebookInstance",
        "sagemaker:UpdateNotebookInstanceLifecycleConfig",
        "sagemaker:UpdatePipeline",
        "sagemaker:UpdatePipelineExecution",
        "sagemaker:UpdateProject",
        "sagemaker:UpdateTrainingJob",
        "sagemaker:UpdateTrial",
        "sagemaker:UpdateTrialComponent",
        "sagemaker:UpdateUserProfile",
        "sagemaker:UpdateWorkforce",
        "sagemaker:UpdateWorkteam"
      ],
      "Resource": [
        "arn:aws:sagemaker:*:*:endpoint/*",
        "arn:aws:sagemaker:*:*:endpoint-config/*",
        "arn:aws:sagemaker:*:*:model/*",
        "arn:aws:sagemaker:*:*:pipeline/*",
        "arn:aws:sagemaker:*:*:project/*",
        "arn:aws:sagemaker:*:*:model-package/*"
      ]
    },
    {
      "Sid" : "AmazonSageMakerCodeBuildCodeStarConnectionPermission",
      "Effect": "Allow",
      "Action": [
        "codestar-connections:UseConnection"
      ],
      "Resource": [
        "arn:aws:codestar-connections:*:*:connection/*"
      ],
      "Condition": {
        "StringEqualsIgnoreCase": {
          "aws:ResourceTag/sagemaker": "true"
        }
      }
    },
    {
      "Sid" : "AmazonSageMakerCodeBuildCodeConnectionPermission",
      "Effect": "Allow",
      "Action": [
        "codeconnections:UseConnection"
      ],
      "Resource": [
        "arn:aws:codeconnections:*:*:connection/*"
      ],
      "Condition": {
        "StringEqualsIgnoreCase": {
          "aws:ResourceTag/sagemaker": "true"
        }
      }
    }
  ]
}
Tampilkan lebih banyakTampilkan lebih sedikit

Kebijakan terkelola AWS : AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy

Kebijakan ini digunakan oleh AWS CodePipeline dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh CodePipeline yang memerlukan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • cloudformation— Membuat, membaca, menghapus, dan memperbarui CloudFormation tumpukan; membuat, membaca, menghapus, dan menjalankan set perubahan; mengatur kebijakan tumpukan; tag dan untag sumber daya. Izin ini terbatas pada sumber daya yang namanya dimulai dengan “sagemaker-”.

  • s3— Buat, baca, daftar, dan hapus bucket Amazon S3; menambah, membaca, dan menghapus objek dari bucket; membaca dan mengatur konfigurasi CORS; baca daftar kontrol akses (ACL); dan baca Wilayah tempat AWS bucket berada.

    Izin ini terbatas pada ember yang namanya dimulai dengan “sagemaker-” atau “aws-glue-.

  • iam— Lulus AmazonSageMakerServiceCatalogProductsCloudformationRole peran.

  • codebuild— Dapatkan informasi CodeBuild build dan mulai membangun. Izin ini terbatas pada proyek dan membangun sumber daya yang namanya dimulai dengan “sagemaker-”.

  • codecommit— Unggah CodeCommit arsip ke CodeBuild pipeline, dapatkan status unggah, dan batalkan unggahan; dapatkan informasi cabang dan komit.

  • codestarconnections, codestar-connections - Penggunaan AWS CodeConnections dan AWS CodeStar koneksi.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid" : "AmazonSageMakerCodePipelineCFnPermission",
      "Effect": "Allow",
      "Action": [
        "cloudformation:CreateChangeSet",
        "cloudformation:CreateStack",
        "cloudformation:DescribeChangeSet",
        "cloudformation:DeleteChangeSet",
        "cloudformation:DeleteStack",
        "cloudformation:DescribeStacks",
        "cloudformation:ExecuteChangeSet",
        "cloudformation:SetStackPolicy",
        "cloudformation:UpdateStack"
      ],
      "Resource": "arn:aws:cloudformation:*:*:stack/sagemaker-*"
    },
    {
      "Sid" : "AmazonSageMakerCodePipelineCFnTagPermission",
      "Effect": "Allow",
      "Action": [
        "cloudformation:TagResource",
        "cloudformation:UntagResource"
      ],
      "Resource": "arn:aws:cloudformation:*:*:stack/sagemaker-*"
      "Condition" : {
        "ForAnyValue:StringEquals": {
        "aws:TagKeys": [
          "sagemaker:project-name"
        ]
      }
    },
    {
      "Sid" : "AmazonSageMakerCodePipelineS3Permission",
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::sagemaker-*"
      ]
    },
    {
      "Sid" : "AmazonSageMakerCodePipelinePassRolePermission",
      "Effect": "Allow",
      "Action": [
        "iam:PassRole"
      ],
      "Resource": [
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCloudformationRole"
      ]
    },
    {
      "Sid" : "AmazonSageMakerCodePipelineCodeBuildPermission",
      "Effect": "Allow",
      "Action": [
        "codebuild:BatchGetBuilds",
        "codebuild:StartBuild"
      ],
      "Resource": [
        "arn:aws:codebuild:*:*:project/sagemaker-*",
        "arn:aws:codebuild:*:*:build/sagemaker-*"
      ]
    },
    {
      "Sid" : "AmazonSageMakerCodePipelineCodeCommitPermission",
      "Effect": "Allow",
      "Action": [
        "codecommit:CancelUploadArchive",
        "codecommit:GetBranch",
        "codecommit:GetCommit",
        "codecommit:GetUploadArchiveStatus",
        "codecommit:UploadArchive"
      ],
      "Resource": "arn:aws:codecommit:*:*:sagemaker-*"
    },
    {
      "Sid" : "AmazonSageMakerCodePipelineCodeStarConnectionPermission",
      "Effect": "Allow",
      "Action": [
        "codestar-connections:UseConnection"
      ],
      "Resource": [
        "arn:aws:codestar-connections:*:*:connection/*"
      ],
      "Condition": {
        "StringEqualsIgnoreCase": {
          "aws:ResourceTag/sagemaker": "true"
        }
      }
    },
    {
      "Sid" : "AmazonSageMakerCodePipelineCodeConnectionPermission",
      "Effect": "Allow",
      "Action": [
        "codeconnections:UseConnection"
      ],
      "Resource": [
        "arn:aws:codeconnections:*:*:connection/*"
      ],
      "Condition": {
        "StringEqualsIgnoreCase": {
          "aws:ResourceTag/sagemaker": "true"
        }
      }
    }
  ]
}

AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsEventsServiceRole Kebijakan

Kebijakan ini digunakan oleh Amazon EventBridge dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh EventBridge yang memerlukan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • codepipeline— Mulai CodeBuild eksekusi. Izin ini terbatas pada saluran pipa yang namanya dimulai dengan “sagemaker-”.

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "codepipeline:StartPipelineExecution",
      "Resource": "arn:aws:codepipeline:*:*:sagemaker-*"
    }
  ]
}

AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsFirehoseServiceRole Kebijakan

Kebijakan ini digunakan oleh Amazon Data Firehose dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon AI. SageMaker Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh Firehose yang memerlukan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • firehose— Kirim catatan Firehose. Izin ini terbatas pada sumber daya yang nama aliran pengirimannya dimulai dengan “sagemaker-”.

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "firehose:PutRecord",
        "firehose:PutRecordBatch"
      ],
      "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*"
    }
  ]
}

AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsGlueServiceRole Kebijakan

Kebijakan ini digunakan oleh AWS Glue dalam produk yang disediakan AWS Service Catalog dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh Glue yang membutuhkan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • glue— Buat, baca, dan hapus AWS Glue partisi, tabel, dan versi tabel. Izin ini terbatas pada sumber daya yang namanya dimulai dengan “sagemaker-”. Buat dan baca database AWS Glue. Izin ini terbatas pada database yang namanya “default”, “global_temp”, atau dimulai dengan “sagemaker-”. Fungsi yang ditetapkan pengguna

  • s3— Buat, baca, daftar, dan hapus bucket Amazon S3; menambah, membaca, dan menghapus objek dari bucket; membaca dan mengatur konfigurasi CORS; baca daftar kontrol akses (ACL), dan baca Wilayah tempat AWS bucket berada.

    Izin ini terbatas pada ember yang namanya dimulai dengan “sagemaker-” atau “aws-glue-”.

  • logs— Buat, baca, dan hapus grup CloudWatch log log, aliran, dan pengiriman; dan buat kebijakan sumber daya.

    Izin ini terbatas pada sumber daya yang awalan namanya dimulai dengan “aws/glue/”.

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "glue:BatchCreatePartition",
        "glue:BatchDeletePartition",
        "glue:BatchDeleteTable",
        "glue:BatchDeleteTableVersion",
        "glue:BatchGetPartition",
        "glue:CreateDatabase",
        "glue:CreatePartition",
        "glue:CreateTable",
        "glue:DeletePartition",
        "glue:DeleteTable",
        "glue:DeleteTableVersion",
        "glue:GetDatabase",
        "glue:GetPartition",
        "glue:GetPartitions",
        "glue:GetTable",
        "glue:GetTables",
        "glue:GetTableVersion",
        "glue:GetTableVersions",
        "glue:SearchTables",
        "glue:UpdatePartition",
        "glue:UpdateTable",
        "glue:GetUserDefinedFunctions"
      ],
      "Resource": [
        "arn:aws:glue:*:*:catalog",
        "arn:aws:glue:*:*:database/default",
        "arn:aws:glue:*:*:database/global_temp",
        "arn:aws:glue:*:*:database/sagemaker-*",
        "arn:aws:glue:*:*:table/sagemaker-*",
        "arn:aws:glue:*:*:tableVersion/sagemaker-*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:GetBucketAcl",
        "s3:GetBucketCors",
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:PutBucketCors"
      ],
      "Resource": [
        "arn:aws:s3:::aws-glue-*",
        "arn:aws:s3:::sagemaker-*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::aws-glue-*",
        "arn:aws:s3:::sagemaker-*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogDelivery",
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:DeleteLogDelivery",
        "logs:Describe*",
        "logs:GetLogDelivery",
        "logs:GetLogEvents",
        "logs:ListLogDeliveries",
        "logs:PutLogEvents",
        "logs:PutResourcePolicy",
        "logs:UpdateLogDelivery"
      ],
      "Resource": "arn:aws:logs:*:*:log-group:/aws/glue/*"
    }
  ]
}

AWS kebijakan terkelola: AmazonSageMakerServiceCatalogProductsLambdaServiceRole Kebijakan

Kebijakan ini digunakan oleh AWS Lambda dalam produk yang AWS Service Catalog disediakan dari portofolio Amazon SageMaker AI. Kebijakan ini dimaksudkan untuk dilampirkan pada peran IAM yang AmazonSageMakerServiceCatalogProductsLaunchRolediteruskan ke AWS sumber daya yang dibuat oleh Lambda yang membutuhkan peran.

Detail izin

Kebijakan ini mencakup izin berikut.

  • sagemaker— Izinkan akses ke berbagai sumber daya SageMaker AI.

  • ecr— Buat dan hapus repositori Amazon ECR; membuat, membaca, dan menghapus gambar kontainer; unggah lapisan gambar. Izin ini terbatas pada repositori yang namanya dimulai dengan “sagemaker-”.

  • events— Buat, baca, dan hapus EventBridge aturan Amazon; dan buat dan hapus target. Izin ini terbatas pada aturan yang namanya dimulai dengan “sagemaker-”.

  • s3— Buat, baca, daftar, dan hapus bucket Amazon S3; menambah, membaca, dan menghapus objek dari bucket; membaca dan mengatur konfigurasi CORS; baca daftar kontrol akses (ACL), dan baca Wilayah tempat AWS bucket berada.

    Izin ini terbatas pada ember yang namanya dimulai dengan “sagemaker-” atau “aws-glue-”.

  • iam— Lulus AmazonSageMakerServiceCatalogProductsExecutionRole peran.

  • logs— Buat, baca, dan hapus grup CloudWatch log log, aliran, dan pengiriman; dan buat kebijakan sumber daya.

    Izin ini terbatas pada sumber daya yang awalan namanya dimulai dengan “aws/lambda/”.

  • codebuild— Mulai dan dapatkan informasi tentang AWS CodeBuild build.

JSON
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid" : "AmazonSageMakerLambdaECRPermission",
      "Effect": "Allow",
      "Action": [
        "ecr:DescribeImages",
        "ecr:BatchDeleteImage",
        "ecr:CompleteLayerUpload",
        "ecr:CreateRepository",
        "ecr:DeleteRepository",
        "ecr:InitiateLayerUpload",
        "ecr:PutImage",
        "ecr:UploadLayerPart"
      ],
      "Resource": [
        "arn:aws:ecr:*:*:repository/sagemaker-*"
      ]
    },
    {
      "Sid" : "AmazonSageMakerLambdaEventBridgePermission",
      "Effect": "Allow",
      "Action": [
        "events:DeleteRule",
        "events:DescribeRule",
        "events:PutRule",
        "events:PutTargets",
        "events:RemoveTargets"
      ],
      "Resource": [
        "arn:aws:events:*:*:rule/sagemaker-*"
      ]
    },
    {
      "Sid" : "AmazonSageMakerLambdaS3BucketPermission",
      "Effect": "Allow",
      "Action": [
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:GetBucketAcl",
        "s3:GetBucketCors",
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:PutBucketCors"
      ],
      "Resource": [
        "arn:aws:s3:::aws-glue-*",
        "arn:aws:s3:::sagemaker-*"
      ]
    },
    {
      "Sid" : "AmazonSageMakerLambdaS3ObjectPermission",
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::aws-glue-*",
        "arn:aws:s3:::sagemaker-*"
      ]
    },
    {
      "Sid" : "AmazonSageMakerLambdaSageMakerPermission",
      "Effect": "Allow",
      "Action": [
        "sagemaker:AddAssociation",
        "sagemaker:AddTags",
        "sagemaker:AssociateTrialComponent",
        "sagemaker:BatchDescribeModelPackage",
        "sagemaker:BatchGetMetrics",
        "sagemaker:BatchGetRecord",
        "sagemaker:BatchPutMetrics",
        "sagemaker:CreateAction",
        "sagemaker:CreateAlgorithm",
        "sagemaker:CreateApp",
        "sagemaker:CreateAppImageConfig",
        "sagemaker:CreateArtifact",
        "sagemaker:CreateAutoMLJob",
        "sagemaker:CreateCodeRepository",
        "sagemaker:CreateCompilationJob",
        "sagemaker:CreateContext",
        "sagemaker:CreateDataQualityJobDefinition",
        "sagemaker:CreateDeviceFleet",
        "sagemaker:CreateDomain",
        "sagemaker:CreateEdgePackagingJob",
        "sagemaker:CreateEndpoint",
        "sagemaker:CreateEndpointConfig",
        "sagemaker:CreateExperiment",
        "sagemaker:CreateFeatureGroup",
        "sagemaker:CreateFlowDefinition",
        "sagemaker:CreateHumanTaskUi",
        "sagemaker:CreateHyperParameterTuningJob",
        "sagemaker:CreateImage",
        "sagemaker:CreateImageVersion",
        "sagemaker:CreateInferenceRecommendationsJob",
        "sagemaker:CreateLabelingJob",
        "sagemaker:CreateLineageGroupPolicy",
        "sagemaker:CreateModel",
        "sagemaker:CreateModelBiasJobDefinition",
        "sagemaker:CreateModelExplainabilityJobDefinition",
        "sagemaker:CreateModelPackage",
        "sagemaker:CreateModelPackageGroup",
        "sagemaker:CreateModelQualityJobDefinition",
        "sagemaker:CreateMonitoringSchedule",
        "sagemaker:CreateNotebookInstance",
        "sagemaker:CreateNotebookInstanceLifecycleConfig",
        "sagemaker:CreatePipeline",
        "sagemaker:CreatePresignedDomainUrl",
        "sagemaker:CreatePresignedNotebookInstanceUrl",
        "sagemaker:CreateProcessingJob",
        "sagemaker:CreateProject",
        "sagemaker:CreateTrainingJob",
        "sagemaker:CreateTransformJob",
        "sagemaker:CreateTrial",
        "sagemaker:CreateTrialComponent",
        "sagemaker:CreateUserProfile",
        "sagemaker:CreateWorkforce",
        "sagemaker:CreateWorkteam",
        "sagemaker:DeleteAction",
        "sagemaker:DeleteAlgorithm",
        "sagemaker:DeleteApp",
        "sagemaker:DeleteAppImageConfig",
        "sagemaker:DeleteArtifact",
        "sagemaker:DeleteAssociation",
        "sagemaker:DeleteCodeRepository",
        "sagemaker:DeleteContext",
        "sagemaker:DeleteDataQualityJobDefinition",
        "sagemaker:DeleteDeviceFleet",
        "sagemaker:DeleteDomain",
        "sagemaker:DeleteEndpoint",
        "sagemaker:DeleteEndpointConfig",
        "sagemaker:DeleteExperiment",
        "sagemaker:DeleteFeatureGroup",
        "sagemaker:DeleteFlowDefinition",
        "sagemaker:DeleteHumanLoop",
        "sagemaker:DeleteHumanTaskUi",
        "sagemaker:DeleteImage",
        "sagemaker:DeleteImageVersion",
        "sagemaker:DeleteLineageGroupPolicy",
        "sagemaker:DeleteModel",
        "sagemaker:DeleteModelBiasJobDefinition",
        "sagemaker:DeleteModelExplainabilityJobDefinition",
        "sagemaker:DeleteModelPackage",
        "sagemaker:DeleteModelPackageGroup",
        "sagemaker:DeleteModelPackageGroupPolicy",
        "sagemaker:DeleteModelQualityJobDefinition",
        "sagemaker:DeleteMonitoringSchedule",
        "sagemaker:DeleteNotebookInstance",
        "sagemaker:DeleteNotebookInstanceLifecycleConfig",
        "sagemaker:DeletePipeline",
        "sagemaker:DeleteProject",
        "sagemaker:DeleteRecord",
        "sagemaker:DeleteTags",
        "sagemaker:DeleteTrial",
        "sagemaker:DeleteTrialComponent",
        "sagemaker:DeleteUserProfile",
        "sagemaker:DeleteWorkforce",
        "sagemaker:DeleteWorkteam",
        "sagemaker:DeregisterDevices",
        "sagemaker:DescribeAction",
        "sagemaker:DescribeAlgorithm",
        "sagemaker:DescribeApp",
        "sagemaker:DescribeAppImageConfig",
        "sagemaker:DescribeArtifact",
        "sagemaker:DescribeAutoMLJob",
        "sagemaker:DescribeCodeRepository",
        "sagemaker:DescribeCompilationJob",
        "sagemaker:DescribeContext",
        "sagemaker:DescribeDataQualityJobDefinition",
        "sagemaker:DescribeDevice",
        "sagemaker:DescribeDeviceFleet",
        "sagemaker:DescribeDomain",
        "sagemaker:DescribeEdgePackagingJob",
        "sagemaker:DescribeEndpoint",
        "sagemaker:DescribeEndpointConfig",
        "sagemaker:DescribeExperiment",
        "sagemaker:DescribeFeatureGroup",
        "sagemaker:DescribeFlowDefinition",
        "sagemaker:DescribeHumanLoop",
        "sagemaker:DescribeHumanTaskUi",
        "sagemaker:DescribeHyperParameterTuningJob",
        "sagemaker:DescribeImage",
        "sagemaker:DescribeImageVersion",
        "sagemaker:DescribeInferenceRecommendationsJob",
        "sagemaker:DescribeLabelingJob",
        "sagemaker:DescribeLineageGroup",
        "sagemaker:DescribeModel",
        "sagemaker:DescribeModelBiasJobDefinition",
        "sagemaker:DescribeModelExplainabilityJobDefinition",
        "sagemaker:DescribeModelPackage",
        "sagemaker:DescribeModelPackageGroup",
        "sagemaker:DescribeModelQualityJobDefinition",
        "sagemaker:DescribeMonitoringSchedule",
        "sagemaker:DescribeNotebookInstance",
        "sagemaker:DescribeNotebookInstanceLifecycleConfig",
        "sagemaker:DescribePipeline",
        "sagemaker:DescribePipelineDefinitionForExecution",
        "sagemaker:DescribePipelineExecution",
        "sagemaker:DescribeProcessingJob",
        "sagemaker:DescribeProject",
        "sagemaker:DescribeSubscribedWorkteam",
        "sagemaker:DescribeTrainingJob",
        "sagemaker:DescribeTransformJob",
        "sagemaker:DescribeTrial",
        "sagemaker:DescribeTrialComponent",
        "sagemaker:DescribeUserProfile",
        "sagemaker:DescribeWorkforce",
        "sagemaker:DescribeWorkteam",
        "sagemaker:DisableSagemakerServicecatalogPortfolio",
        "sagemaker:DisassociateTrialComponent",
        "sagemaker:EnableSagemakerServicecatalogPortfolio",
        "sagemaker:GetDeviceFleetReport",
        "sagemaker:GetDeviceRegistration",
        "sagemaker:GetLineageGroupPolicy",
        "sagemaker:GetModelPackageGroupPolicy",
        "sagemaker:GetRecord",
        "sagemaker:GetSagemakerServicecatalogPortfolioStatus",
        "sagemaker:GetSearchSuggestions",
        "sagemaker:InvokeEndpoint",
        "sagemaker:InvokeEndpointAsync",
        "sagemaker:ListActions",
        "sagemaker:ListAlgorithms",
        "sagemaker:ListAppImageConfigs",
        "sagemaker:ListApps",
        "sagemaker:ListArtifacts",
        "sagemaker:ListAssociations",
        "sagemaker:ListAutoMLJobs",
        "sagemaker:ListCandidatesForAutoMLJob",
        "sagemaker:ListCodeRepositories",
        "sagemaker:ListCompilationJobs",
        "sagemaker:ListContexts",
        "sagemaker:ListDataQualityJobDefinitions",
        "sagemaker:ListDeviceFleets",
        "sagemaker:ListDevices",
        "sagemaker:ListDomains",
        "sagemaker:ListEdgePackagingJobs",
        "sagemaker:ListEndpointConfigs",
        "sagemaker:ListEndpoints",
        "sagemaker:ListExperiments",
        "sagemaker:ListFeatureGroups",
        "sagemaker:ListFlowDefinitions",
        "sagemaker:ListHumanLoops",
        "sagemaker:ListHumanTaskUis",
        "sagemaker:ListHyperParameterTuningJobs",
        "sagemaker:ListImageVersions",
        "sagemaker:ListImages",
        "sagemaker:ListInferenceRecommendationsJobs",
        "sagemaker:ListLabelingJobs",
        "sagemaker:ListLabelingJobsForWorkteam",
        "sagemaker:ListLineageGroups",
        "sagemaker:ListModelBiasJobDefinitions",
        "sagemaker:ListModelExplainabilityJobDefinitions",
        "sagemaker:ListModelMetadata",
        "sagemaker:ListModelPackageGroups",
        "sagemaker:ListModelPackages",
        "sagemaker:ListModelQualityJobDefinitions",
        "sagemaker:ListModels",
        "sagemaker:ListMonitoringExecutions",
        "sagemaker:ListMonitoringSchedules",
        "sagemaker:ListNotebookInstanceLifecycleConfigs",
        "sagemaker:ListNotebookInstances",
        "sagemaker:ListPipelineExecutionSteps",
        "sagemaker:ListPipelineExecutions",
        "sagemaker:ListPipelineParametersForExecution",
        "sagemaker:ListPipelines",
        "sagemaker:ListProcessingJobs",
        "sagemaker:ListProjects",
        "sagemaker:ListSubscribedWorkteams",
        "sagemaker:ListTags",
        "sagemaker:ListTrainingJobs",
        "sagemaker:ListTrainingJobsForHyperParameterTuningJob",
        "sagemaker:ListTransformJobs",
        "sagemaker:ListTrialComponents",
        "sagemaker:ListTrials",
        "sagemaker:ListUserProfiles",
        "sagemaker:ListWorkforces",
        "sagemaker:ListWorkteams",
        "sagemaker:PutLineageGroupPolicy",
        "sagemaker:PutModelPackageGroupPolicy",
        "sagemaker:PutRecord",
        "sagemaker:QueryLineage",
        "sagemaker:RegisterDevices",
        "sagemaker:RenderUiTemplate",
        "sagemaker:Search",
        "sagemaker:SendHeartbeat",
        "sagemaker:SendPipelineExecutionStepFailure",
        "sagemaker:SendPipelineExecutionStepSuccess",
        "sagemaker:StartHumanLoop",
        "sagemaker:StartMonitoringSchedule",
        "sagemaker:StartNotebookInstance",
        "sagemaker:StartPipelineExecution",
        "sagemaker:StopAutoMLJob",
        "sagemaker:StopCompilationJob",
        "sagemaker:StopEdgePackagingJob",
        "sagemaker:StopHumanLoop",
        "sagemaker:StopHyperParameterTuningJob",
        "sagemaker:StopInferenceRecommendationsJob",
        "sagemaker:StopLabelingJob",
        "sagemaker:StopMonitoringSchedule",
        "sagemaker:StopNotebookInstance",
        "sagemaker:StopPipelineExecution",
        "sagemaker:StopProcessingJob",
        "sagemaker:StopTrainingJob",
        "sagemaker:StopTransformJob",
        "sagemaker:UpdateAction",
        "sagemaker:UpdateAppImageConfig",
        "sagemaker:UpdateArtifact",
        "sagemaker:UpdateCodeRepository",
        "sagemaker:UpdateContext",
        "sagemaker:UpdateDeviceFleet",
        "sagemaker:UpdateDevices",
        "sagemaker:UpdateDomain",
        "sagemaker:UpdateEndpoint",
        "sagemaker:UpdateEndpointWeightsAndCapacities",
        "sagemaker:UpdateExperiment",
        "sagemaker:UpdateImage",
        "sagemaker:UpdateModelPackage",
        "sagemaker:UpdateMonitoringSchedule",
        "sagemaker:UpdateNotebookInstance",
        "sagemaker:UpdateNotebookInstanceLifecycleConfig",
        "sagemaker:UpdatePipeline",
        "sagemaker:UpdatePipelineExecution",
        "sagemaker:UpdateProject",
        "sagemaker:UpdateTrainingJob",
        "sagemaker:UpdateTrial",
        "sagemaker:UpdateTrialComponent",
        "sagemaker:UpdateUserProfile",
        "sagemaker:UpdateWorkforce",
        "sagemaker:UpdateWorkteam"
      ],
      "Resource": [
        "arn:aws:sagemaker:*:*:action/*",
        "arn:aws:sagemaker:*:*:algorithm/*",
        "arn:aws:sagemaker:*:*:app-image-config/*",
        "arn:aws:sagemaker:*:*:artifact/*",
        "arn:aws:sagemaker:*:*:automl-job/*",
        "arn:aws:sagemaker:*:*:code-repository/*",
        "arn:aws:sagemaker:*:*:compilation-job/*",
        "arn:aws:sagemaker:*:*:context/*",
        "arn:aws:sagemaker:*:*:data-quality-job-definition/*",
        "arn:aws:sagemaker:*:*:device-fleet/*/device/*",
        "arn:aws:sagemaker:*:*:device-fleet/*",
        "arn:aws:sagemaker:*:*:edge-packaging-job/*",
        "arn:aws:sagemaker:*:*:endpoint/*",
        "arn:aws:sagemaker:*:*:endpoint-config/*",
        "arn:aws:sagemaker:*:*:experiment/*",
        "arn:aws:sagemaker:*:*:experiment-trial/*",
        "arn:aws:sagemaker:*:*:experiment-trial-component/*",
        "arn:aws:sagemaker:*:*:feature-group/*",
        "arn:aws:sagemaker:*:*:human-loop/*",
        "arn:aws:sagemaker:*:*:human-task-ui/*",
        "arn:aws:sagemaker:*:*:hyper-parameter-tuning-job/*",
        "arn:aws:sagemaker:*:*:image/*",
        "arn:aws:sagemaker:*:*:image-version/*/*",
        "arn:aws:sagemaker:*:*:inference-recommendations-job/*",
        "arn:aws:sagemaker:*:*:labeling-job/*",
        "arn:aws:sagemaker:*:*:model/*",
        "arn:aws:sagemaker:*:*:model-bias-job-definition/*",
        "arn:aws:sagemaker:*:*:model-explainability-job-definition/*",
        "arn:aws:sagemaker:*:*:model-package/*",
        "arn:aws:sagemaker:*:*:model-package-group/*",
        "arn:aws:sagemaker:*:*:model-quality-job-definition/*",
        "arn:aws:sagemaker:*:*:monitoring-schedule/*",
        "arn:aws:sagemaker:*:*:notebook-instance/*",
        "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/*",
        "arn:aws:sagemaker:*:*:pipeline/*",
        "arn:aws:sagemaker:*:*:pipeline/*/execution/*",
        "arn:aws:sagemaker:*:*:processing-job/*",
        "arn:aws:sagemaker:*:*:project/*",
        "arn:aws:sagemaker:*:*:training-job/*",
        "arn:aws:sagemaker:*:*:transform-job/*",
        "arn:aws:sagemaker:*:*:workforce/*",
        "arn:aws:sagemaker:*:*:workteam/*"
      ]
    },
    {
      "Sid" : "AmazonSageMakerLambdaPassRolePermission",
      "Effect": "Allow",
      "Action": [
        "iam:PassRole"
      ],
      "Resource": [
        "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole"
      ]
    },
    {
      "Sid" : "AmazonSageMakerLambdaLogPermission",
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogDelivery",
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:DeleteLogDelivery",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:DescribeResourcePolicies",
        "logs:DescribeDestinations",
        "logs:DescribeExportTasks",
        "logs:DescribeMetricFilters",
        "logs:DescribeQueries",
        "logs:DescribeQueryDefinitions",
        "logs:DescribeSubscriptionFilters",
        "logs:GetLogDelivery",
        "logs:GetLogEvents",
        "logs:ListLogDeliveries",
        "logs:PutLogEvents",
        "logs:PutResourcePolicy",
        "logs:UpdateLogDelivery"
      ],
      "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*"
    },
    {
      "Sid" : "AmazonSageMakerLambdaCodeBuildPermission",
      "Effect": "Allow",
      "Action": [
        "codebuild:StartBuild",
        "codebuild:BatchGetBuilds"
      ],
      "Resource": "arn:aws:codebuild:*:*:project/sagemaker-*",
      "Condition": {
        "StringLike": {
          "aws:ResourceTag/sagemaker:project-name": "*"
        }
      }
    }
  ]
}
Tampilkan lebih banyakTampilkan lebih sedikit

Amazon SageMaker AI memperbarui kebijakan AWS terkelola AWS Service Catalog

Tampilkan detail tentang pembaruan untuk kebijakan yang dikelola untuk Amazon RDS sejak layanan ini mulai melacak perubahan ini.

Kebijakan Versi Perubahan Tanggal

: update-policy

 9

Tambahkancloudformation:TagResource,cloudformation:UntagResource, dan codeconnections:PassConnection izin.

 1 Juli 2018

AmazonSageMakerAdmin: update-policy

 7

Kembalikan kebijakan ke versi 7 (v7). Hapuscloudformation:TagResource,cloudformation:UntagResource, dan codeconnections:PassConnection izin.

 27 Juni 2024

AmazonSageMakerAdmin: update-policy

 8

Tambahkancloudformation:TagResource,cloudformation:UntagResource, dan codeconnections:PassConnection izin.

 27 Juni 2024

: update-policy

 2

Tambahkan codestar-connections:UseConnection dan codeconnections:UseConnection izin.

 27 Juni 2024

: update-policy

 2

Tambahkancloudformation:TagResource,cloudformation:UntagResource, codestar-connections:UseConnection dan codeconnections:UseConnection izin.

 27 Juni 2024

: update-policy

 2

Tambahkan codebuild:StartBuild dan codebuild:BatchGetBuilds izin.

 27 Juni 2024

AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy

 1 hari

Kebijakan awal

 1 Agustus 2023

AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy

 1 hari

Kebijakan awal

 1 Agustus 2023

AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy

 1 hari

Kebijakan awal

 1 Agustus 2023

: update-policy

 2

Tambahkan izin untukglue:GetUserDefinedFunctions.

 26 Agustus 2022

AmazonSageMakerAdmin: update-policy

 7

Tambahkan izin untuksagemaker:AddTags.

 2 Agustus 2022
AmazonSageMakerAdmin: update-policy 6

Tambahkan izin untuklambda:TagResource.

 14 Juli 2022

Kebijakan

1 hari

Kebijakan awal

 4 April 2022

AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy

 1 hari

Kebijakan awal

 24 Maret 2022

Kebijakan

1 hari

Kebijakan awal

 24 Maret 2022

AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy

 1 hari

Kebijakan awal

 24 Maret 2022
AmazonSageMakerAdmin: update-policy 5

Tambahkan izin untukecr-idp:TagResource.

 22 Maret 2022

AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy

 1 hari

Kebijakan awal

 2 Februari 2022

Kebijakan

1 hari

Kebijakan awal

 2 Februari 2022

Kebijakan

1 hari

Kebijakan awal

 2 Februari 2022
Kebijakan 1 hari

Kebijakan awal

 2 Februari 2022
AmazonSageMakerAdmin: update-policy 4

Izin untuk cognito-idp:TagResource, , dan

16 Februari 2022
AmazonSageMakerAdmin: update-policy 3

Tambahkan izin baru untuksagemaker.

Membuat, membaca, memperbarui, dan menghapus SageMaker Gambar.

 15 September 2021
AmazonSageMakerAdmin: update-policy 2

Izin untuk sagemaker, , dan

Membuat, mencantumkan, memperbarui, dan menghapus repositori di CodeArtifact.

Lewati AWS CodeStar koneksi ke AWS CodePipeline.

 1 Juli 2021
AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy 1 hari

Kebijakan awal

 27 November 2020