翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AmazonSageMakerHyperPodObservabilityAdminAccess
説明: このポリシーは、SageMaker HyperPod オブザーバビリティの設定に必要な管理者権限を提供します。これにより、Amazon Managed Prometheus、Amazon Managed Grafana、および EKS アドオンへのアクセスが可能になります。このポリシーには、アカウント内のすべての Amazon Managed Grafana ワークスペースで ServiceAccountTokens を介した Grafana HTTP APIs への広範なアクセスも含まれています。
AmazonSageMakerHyperPodObservabilityAdminAccess は AWS マネージドポリシーです。
このポリシーを使用すると
ユーザー、グループおよびロールに AmazonSageMakerHyperPodObservabilityAdminAccess をアタッチできます。
ポリシーの詳細
-
タイプ: AWS 管理ポリシー
-
作成日時: 2025 年 7 月 10 日 14:37 UTC
-
編集日時: 2025 年 7 月 10 日 14:37 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonSageMakerHyperPodObservabilityAdminAccess
ポリシーのバージョン
ポリシーのバージョン: v1 (デフォルト)
ポリシーのデフォルトバージョンは、ポリシーのアクセス許可を定義するバージョンです。ポリシーを持つユーザーまたはロールが AWS リソースへのアクセスをリクエストすると、 はポリシーのデフォルトバージョン AWS をチェックして、リクエストを許可するかどうかを判断します。
JSON ポリシードキュメント
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "PrometheusCreateAccess", "Effect" : "Allow", "Action" : [ "aps:CreateWorkspace" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:RequestTag/SageMaker" : "true" } } }, { "Sid" : "PrometheusTagsAccess", "Effect" : "Allow", "Action" : "aps:TagResource", "Resource" : [ "arn:aws:aps:*:*:/workspaces", "arn:aws:aps:*:*:rulegroupsnamespace/*/HyperPodObservabilityNamespace" ], "Condition" : { "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "SageMaker" ] }, "StringEquals" : { "aws:RequestTag/SageMaker" : "true", "aws:ResourceTag/SageMaker" : "true" } } }, { "Sid" : "PrometheusDescribeAccess", "Effect" : "Allow", "Action" : [ "aps:DescribeWorkspace" ], "Resource" : "arn:aws:aps:*:*:workspace/*" }, { "Sid" : "PrometheusListAccess", "Effect" : "Allow", "Action" : [ "aps:ListWorkspaces" ], "Resource" : "*" }, { "Sid" : "PrometheusAlertsRuleGroupAccess", "Effect" : "Allow", "Action" : [ "aps:CreateAlertManagerDefinition", "aps:DescribeAlertManagerDefinition", "aps:DescribeRuleGroupsNamespace", "aps:ListRuleGroupsNamespaces" ], "Resource" : [ "arn:aws:aps:*:*:workspace/*", "arn:aws:aps:*:*:rulegroupsnamespace/*/HyperPodObservabilityNamespace" ] }, { "Sid" : "PrometheusCreateRuleGroupAccess", "Effect" : "Allow", "Action" : "aps:CreateRuleGroupsNamespace", "Resource" : "arn:aws:aps:*:*:rulegroupsnamespace/*/HyperPodObservabilityNamespace", "Condition" : { "StringEquals" : { "aws:RequestTag/SageMaker" : "true", "aws:ResourceTag/SageMaker" : "true" } } }, { "Sid" : "GrafanaCreateWorkspaceAccess", "Effect" : "Allow", "Action" : [ "grafana:CreateWorkspace" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:RequestTag/SageMaker" : "true" } } }, { "Sid" : "GrafanaTagsAccess", "Effect" : "Allow", "Action" : "grafana:TagResource", "Resource" : "arn:aws:grafana:*:*:/workspaces", "Condition" : { "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "SageMaker" ] }, "StringEquals" : { "aws:RequestTag/SageMaker" : "true", "aws:ResourceTag/SageMaker" : "true" } } }, { "Sid" : "GrafanaListAccess", "Effect" : "Allow", "Action" : [ "grafana:ListWorkspaces" ], "Resource" : "*" }, { "Sid" : "GrafanaServiceAccountAccess", "Effect" : "Allow", "Action" : [ "grafana:DescribeWorkspace", "grafana:CreateWorkspaceApiKey", "grafana:CreateWorkspaceServiceAccount", "grafana:CreateWorkspaceServiceAccountToken", "grafana:ListWorkspaceServiceAccounts", "grafana:ListWorkspaceServiceAccountTokens", "grafana:DeleteWorkspaceServiceAccountToken" ], "Resource" : "arn:aws:grafana:*:*:/workspaces/*" }, { "Sid" : "IAMGrafanaPassRoleAccess", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : "arn:aws:iam::*:role/AmazonSageMakerHyperPodObservabilityGrafanaAccess-*", "Condition" : { "StringLike" : { "iam:PassedToService" : [ "grafana.amazonaws.com" ] } } }, { "Sid" : "IAMEKSPassRoleAccess", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : "arn:aws:iam::*:role/AmazonSageMakerHyperPodObservabilityAddonAccess-*", "Condition" : { "StringLike" : { "iam:PassedToService" : [ "pods.eks.amazonaws.com" ] } } }, { "Sid" : "IAMGetRoleAccess", "Effect" : "Allow", "Action" : "iam:GetRole", "Resource" : [ "arn:aws:iam::*:role/AmazonSageMakerHyperPodObservabilityAddonAccess-*" ] }, { "Sid" : "HyperPodClusterAccess", "Effect" : "Allow", "Action" : [ "sagemaker:ListClusters", "sagemaker:DescribeCluster" ], "Resource" : "*" }, { "Sid" : "EKSAddonAccess", "Effect" : "Allow", "Action" : [ "eks:DeleteAddon", "eks:UpdateAddon", "eks:DescribeAddon" ], "Resource" : "arn:aws:eks:*:*:addon/*/amazon-sagemaker-hyperpod-observability/*" }, { "Sid" : "EKSAddonDescribeAccess", "Effect" : "Allow", "Action" : [ "eks:DescribeAddonConfiguration", "eks:DescribeAddonVersions" ], "Resource" : "*" }, { "Sid" : "EKSAddonDescribePodIdentityAccess", "Effect" : "Allow", "Action" : "eks:DescribePodIdentityAssociation", "Resource" : "arn:aws:eks:*:*:podidentityassociation/*/*" }, { "Sid" : "EKSListDescribeAccess", "Effect" : "Allow", "Action" : [ "eks:ListAddons", "eks:DescribeCluster" ], "Resource" : "arn:aws:eks:*:*:cluster/*" }, { "Sid" : "EKSCreateAccess", "Effect" : "Allow", "Action" : [ "eks:CreateAddon", "eks:CreatePodIdentityAssociation" ], "Resource" : "arn:aws:eks:*:*:cluster/*", "Condition" : { "StringEquals" : { "aws:RequestTag/SageMaker" : "true" } } }, { "Sid" : "EKSTagsAccess", "Effect" : "Allow", "Action" : "eks:TagResource", "Resource" : [ "arn:aws:eks:*:*:cluster/*", "arn:aws:eks:*:*:addon/*/*/*", "arn:aws:eks:*:*:podidentityassociation/*/*" ], "Condition" : { "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "SageMaker" ] }, "StringEquals" : { "aws:RequestTag/SageMaker" : "true", "aws:ResourceTag/SageMaker" : "true" } } }, { "Sid" : "SSOAccess", "Effect" : "Allow", "Action" : [ "sso:DescribeRegisteredRegions", "sso:CreateManagedApplicationInstance" ], "Resource" : "*" } ] }
詳細はこちら
