本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS 受管政策:AmazonSageMakerClusterInstanceRolePolicy
此政策會授予使用 Amazon SageMaker HyperPod 時通常需要的許可。
許可詳細資訊
此 AWS 受管政策包含下列許可。
-
cloudwatch – 允許主體發佈 Amazon CloudWatch 指標。
-
logs – 允許主體發佈 CloudWatch 日誌串流。
-
s3 – 允許主體從您帳戶中的 Amazon S3 儲存貯體列出和擷取生命週期指令碼檔案。這些儲存貯體僅限於名稱開頭為「sagemaker-」的儲存貯體。
-
ssmmessages – 允許主體開啟與 的連線 AWS Systems Manager。
- JSON
-
-
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "CloudwatchLogStreamPublishPermissions",
"Effect" : "Allow",
"Action" : [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:DescribeLogStreams"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*:log-stream:*"
]
},
{
"Sid" : "CloudwatchLogGroupCreationPermissions",
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*"
]
},
{
"Sid" : "CloudwatchPutMetricDataAccess",
"Effect" : "Allow",
"Action" : [
"cloudwatch:PutMetricData"
],
"Resource" : [
"*"
],
"Condition" : {
"StringEquals" : {
"cloudwatch:namespace" : "/aws/sagemaker/Clusters"
}
}
},
{
"Sid" : "DataRetrievalFromS3BucketPermissions",
"Effect" : "Allow",
"Action" : [
"s3:ListBucket",
"s3:GetObject"
],
"Resource" : [
"arn:aws:s3:::sagemaker-*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "SSMConnectivityPermissions",
"Effect" : "Allow",
"Action" : [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource" : "*"
}
]
}
