本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
限制用户访问某些 Notebook 实例
要限制某些用户对特定 Braket Notebook 实例的访问,您可以向特定角色、用户或组添加拒绝权限策略。
以下示例使用策略变量有效地限制启动、停止和访问中特定笔记本实例的权限 AWS 账户 123456789012,该实例根据应具有访问权限的用户命名(例如,用户Alice将有权访问名为的笔记本实例amazon-braket-Alice)。
- JSON
-
-
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "DenyCreateDeleteUpdateNotebookInstances",
"Effect": "Deny",
"Action": [
"sagemaker:CreateNotebookInstance",
"sagemaker:DeleteNotebookInstance",
"sagemaker:UpdateNotebookInstance",
"sagemaker:CreateNotebookInstanceLifecycleConfig",
"sagemaker:DeleteNotebookInstanceLifecycleConfig",
"sagemaker:UpdateNotebookInstanceLifecycleConfig"
],
"Resource": "*"
},
{
"Sid": "DenyDescribeStartStopNotebookInstances",
"Effect": "Deny",
"Action": [
"sagemaker:DescribeNotebookInstance",
"sagemaker:StartNotebookInstance",
"sagemaker:StopNotebookInstance"
],
"NotResource": [
"arn:aws:sagemaker:*:123456789012:notebook-instance/amazon-braket-${aws:username}"
]
},
{
"Sid": "DenyNotebookInstanceUrl",
"Effect": "Deny",
"Action": [
"sagemaker:CreatePresignedNotebookInstanceUrl"
],
"NotResource": [
"arn:aws:sagemaker:*:123456789012:notebook-instance/amazon-braket-${aws:username}*"
]
}
]
}
