翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
AWS マネージドポリシー: AmazonDataZoneSageMakerProvisioningRolePolicy
AmazonDataZoneSageMakerProvisioningRolePolicy ポリシーは、Amazon SageMaker との相互運用に必要なアクセス許可を Amazon DataZone に付与します。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "CreateSageMakerStudio", "Effect": "Allow", "Action": [ "sagemaker:CreateDomain" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:CalledViaFirst": [ "cloudformation.amazonaws.com" ] }, "ForAnyValue:StringEquals": { "aws:TagKeys": [ "AmazonDataZoneEnvironment" ] }, "Null": { "aws:TagKeys": "false", "aws:ResourceTag/AmazonDataZoneEnvironment": "false", "aws:RequestTag/AmazonDataZoneEnvironment": "false" } } }, { "Sid": "DeleteSageMakerStudio", "Effect": "Allow", "Action": [ "sagemaker:DeleteDomain" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:CalledViaFirst": [ "cloudformation.amazonaws.com" ] }, "ForAnyValue:StringLike": { "aws:TagKeys": [ "AmazonDataZoneEnvironment" ] }, "Null": { "aws:TagKeys": "false", "aws:ResourceTag/AmazonDataZoneEnvironment": "false" } } }, { "Sid": "AmazonDataZoneEnvironmentSageMakerDescribePermissions", "Effect": "Allow", "Action": [ "sagemaker:DescribeDomain" ], "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaFirst": [ "cloudformation.amazonaws.com" ] } } }, { "Sid": "IamPassRolePermissions", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/sm-provisioning/datazone_usr*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "glue.amazonaws.com", "lakeformation.amazonaws.com", "sagemaker.amazonaws.com" ], "aws:CalledViaFirst": [ "cloudformation.amazonaws.com" ] } } }, { "Sid": "AmazonDataZonePermissionsToCreateEnvironmentRole", "Effect": "Allow", "Action": [ "iam:CreateRole", "iam:DetachRolePolicy", "iam:DeleteRolePolicy", "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Resource": [ "arn:aws:iam::*:role/sm-provisioning/datazone_usr*" ], "Condition": { "StringEquals": { "aws:CalledViaFirst": [ "cloudformation.amazonaws.com" ], "iam:PermissionsBoundary": "arn:aws:iam::aws:policy/AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary" } } }, { "Sid": "AmazonDataZonePermissionsToManageEnvironmentRole", "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetRolePolicy", "iam:DeleteRole" ], "Resource": [ "arn:aws:iam::*:role/sm-provisioning/datazone_usr*" ], "Condition": { "StringEquals": { "aws:CalledViaFirst": [ "cloudformation.amazonaws.com" ] } } }, { "Sid": "AmazonDataZonePermissionsToCreateSageMakerServiceRole", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/sagemaker.amazonaws.com/AWSServiceRoleForAmazonSageMakerNotebooks" ], "Condition": { "StringEquals": { "aws:CalledViaFirst": [ "cloudformation.amazonaws.com" ] } } }, { "Sid": "AmazonDataZoneEnvironmentParameterValidation", "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "sagemaker:ListDomains" ], "Resource": "*" }, { "Sid": "AmazonDataZoneEnvironmentKMSKeyValidation", "Effect": "Allow", "Action": [ "kms:DescribeKey" ], "Resource": "arn:aws:kms:*:*:key/*", "Condition": { "Null": { "aws:ResourceTag/AmazonDataZoneEnvironment": "false" } } }, { "Sid": "AmazonDataZoneEnvironmentGluePermissions", "Effect": "Allow", "Action": [ "glue:CreateConnection", "glue:DeleteConnection", "glue:GetConnection" ], "Resource": [ "arn:aws:glue:*:*:connection/dz-sm-athena-glue-connection-*", "arn:aws:glue:*:*:connection/dz-sm-redshift-cluster-connection-*", "arn:aws:glue:*:*:connection/dz-sm-redshift-serverless-connection-*", "arn:aws:glue:*:*:catalog" ], "Condition": { "StringEquals": { "aws:CalledViaFirst": [ "cloudformation.amazonaws.com" ] } } } ] }
