# Security in Amazon SageMaker Unified Studio Security Cloud security at AWS is the highest priority. As an AWS customer, you benefit from data centers and network architectures that are built to meet the requirements of the most security-sensitive organizations. Security is a shared responsibility between AWS and you. The [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) describes this as security *of* the cloud and security *in* the cloud: + **Security of the cloud** – AWS is responsible for protecting the infrastructure that runs AWS services in the AWS Cloud. AWS also provides you with services that you can use securely. Third-party auditors regularly test and verify the effectiveness of our security as part of the [AWS Compliance Programs](https://aws.amazon.com/compliance/programs/). To learn about the compliance programs that apply to Amazon SageMaker Unified Studio, see [AWS Services in Scope by Compliance Program](https://aws.amazon.com/compliance/services-in-scope/). + **Security in the cloud** – Your responsibility is determined by the AWS service that you use. You are also responsible for other factors including the sensitivity of your data, your company’s requirements, and applicable laws and regulations. This documentation helps you understand how to apply the shared responsibility model when using Amazon SageMaker Unified Studio. The following topics show you how to configure Amazon SageMaker Unified Studio to meet your security and compliance objectives. You also learn how to use other AWS services that help you to monitor and secure your Amazon SageMaker Unified Studio resources. **Topics** + [ # Identity and access management for Amazon SageMaker Unified Studio ](security-iam.md) + [ # Data protection in Amazon SageMaker Unified Studio ](data-protection.md) + [ # Authorization in Amazon SageMaker Unified Studio ](security-authorization.md) + [ # Compliance validation for Amazon SageMaker Unified Studio ](compliance-validation.md) + [ # Security Best Practices for Amazon SageMaker Unified Studio ](security-best-practices.md) + [ # Resilience in Amazon SageMaker Unified Studio ](disaster-recovery-resiliency.md) + [ # Infrastructure Security in Amazon SageMaker Unified Studio ](infrastructure-security.md) + [ # Network isolation in Amazon SageMaker Unified Studio ](network-isolation.md) + [ # Configuration and vulnerability analysis for Amazon SageMaker Unified Studio ](vulnerability-analysis-and-management.md) + [ # Cross-service confused deputy prevention ](cross-service-confused-deputy-prevention.md) # Identity and access management for Amazon SageMaker Unified Studio Identity and access management AWS Identity and Access Management (IAM) is an AWS service that helps an administrator securely control access to AWS resources. IAM administrators control who can be *authenticated* (signed in) and *authorized* (have permissions) to use Amazon SageMaker Unified Studio resources. IAM is an AWS service that you can use with no additional charge. **Note** Certain features in Amazon SageMaker Unified Studio may maintain active sessions even after you log out of your IAM Identity Center/SSO session. Sometimes, these disconnected sessions can persist for up to 12 hours. Affected features include: Spaces Local IDE (Visual Studio Code) Support Workflows ML Experiments (MLFlow) Connections Hyperpod Amazon SageMaker partner applications To ensure the security of your environment, administrators must review and adjust session duration settings where possible and be cautious when using shared workstations or public networks. **Topics** + [ ## Audience ](#security_iam_audience) + [ ## Authenticating with identities ](#security_iam_authentication) + [ ## Managing access using policies ](#security_iam_access-manage) + [ # How Amazon SageMaker Unified Studio works with IAM ](security_iam_service-with-iam.md) + [ # Identity-based policy examples for Amazon SageMaker Unified Studio ](security_iam_id-based-policy-examples.md) + [ # AWS managed policies for Amazon SageMaker Unified Studio ](security-iam-awsmanpol.md) + [ # IAM roles for Amazon SageMaker Unified Studio ](security-iam-roles.md) + [ # Access control patterns Amazon SageMaker Unified Studio ](security-accesss-control-patterns.md) + [ # Troubleshooting Amazon SageMaker Unified Studio identity and access ](security_iam_troubleshoot.md) ## Audience How you use AWS Identity and Access Management (IAM) differs based on your role: + **Service user** - request permissions from your administrator if you cannot access features (see [Troubleshooting Amazon SageMaker Unified Studio identity and access](security_iam_troubleshoot.md)) + **Service administrator** - determine user access and submit permission requests (see [How Amazon SageMaker Unified Studio works with IAM](security_iam_service-with-iam.md)) + **IAM administrator** - write policies to manage access (see [Identity-based policy examples for Amazon SageMaker Unified Studio](security_iam_id-based-policy-examples.md)) ## Authenticating with identities Authentication is how you sign in to AWS using your identity credentials. You must be authenticated as the AWS account root user, an IAM user, or by assuming an IAM role. You can sign in as a federated identity using credentials from an identity source like AWS IAM Identity Center (IAM Identity Center), single sign-on authentication, or Google/Facebook credentials. For more information about signing in, see [How to sign in to your AWS account](https://docs.aws.amazon.com/signin/latest/userguide/how-to-sign-in.html) in the *AWS Sign-In User Guide*. For programmatic access, AWS provides an SDK and CLI to cryptographically sign requests. For more information, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) in the *IAM User Guide*. ### AWS account root user When you create an AWS account, you begin with one sign-in identity called the AWS account *root user* that has complete access to all AWS services and resources. We strongly recommend that you don't use the root user for everyday tasks. For tasks that require root user credentials, see [Tasks that require root user credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks) in the *IAM User Guide*. ### Federated identity As a best practice, require human users to use federation with an identity provider to access AWS services using temporary credentials. A *federated identity* is a user from your enterprise directory, web identity provider, or Directory Service that accesses AWS services using credentials from an identity source. Federated identities assume roles that provide temporary credentials. For centralized access management, we recommend AWS IAM Identity Center. For more information, see [What is IAM Identity Center?](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) in the *AWS IAM Identity Center User Guide*. ### IAM users and groups An *[IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)* is an identity with specific permissions for a single person or application. We recommend using temporary credentials instead of IAM users with long-term credentials. For more information, see [Require human users to use federation with an identity provider to access AWS using temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#bp-users-federation-idp) in the *IAM User Guide*. An [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html) specifies a collection of IAM users and makes permissions easier to manage for large sets of users. For more information, see [Use cases for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/gs-identities-iam-users.html) in the *IAM User Guide*. ### IAM roles An *[IAM role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)* is an identity with specific permissions that provides temporary credentials. You can assume a role by [switching from a user to an IAM role (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-console.html) or by calling an AWS CLI or AWS API operation. For more information, see [Methods to assume a role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage-assume.html) in the *IAM User Guide*. IAM roles are useful for federated user access, temporary IAM user permissions, cross-account access, cross-service access, and applications running on Amazon EC2. For more information, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the *IAM User Guide*. ## Managing access using policies You control access in AWS by creating policies and attaching them to AWS identities or resources. A policy defines permissions when associated with an identity or resource. AWS evaluates these policies when a principal makes a request. Most policies are stored in AWS as JSON documents. For more information about JSON policy documents, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json) in the *IAM User Guide*. Using policies, administrators specify who has access to what by defining which **principal** can perform **actions** on what **resources**, and under what **conditions**. By default, users and roles have no permissions. An IAM administrator creates IAM policies and adds them to roles, which users can then assume. IAM policies define permissions regardless of the method used to perform the operation. ### Identity-based policies Identity-based policies are JSON permissions policy documents that you attach to an identity (user, group, or role). These policies control what actions identities can perform, on which resources, and under what conditions. To learn how to create an identity-based policy, see [Define custom IAM permissions with customer managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide*. Identity-based policies can be *inline policies* (embedded directly into a single identity) or *managed policies* (standalone policies attached to multiple identities). To learn how to choose between managed and inline policies, see [Choose between managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-choosing-managed-or-inline.html) in the *IAM User Guide*. ### Resource-based policies Resource-based policies are JSON policy documents that you attach to a resource. Examples include IAM *role trust policies* and Amazon S3 *bucket policies*. In services that support resource-based policies, service administrators can use them to control access to a specific resource. You must [specify a principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html) in a resource-based policy. Resource-based policies are inline policies that are located in that service. You can't use AWS managed policies from IAM in a resource-based policy. ### Other policy types AWS supports additional policy types that can set the maximum permissions granted by more common policy types: + **Permissions boundaries** – Set the maximum permissions that an identity-based policy can grant to an IAM entity. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. + **Service control policies (SCPs)** – Specify the maximum permissions for an organization or organizational unit in AWS Organizations. For more information, see [Service control policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) in the *AWS Organizations User Guide*. + **Resource control policies (RCPs)** – Set the maximum available permissions for resources in your accounts. For more information, see [Resource control policies (RCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps.html) in the *AWS Organizations User Guide*. + **Session policies** – Advanced policies passed as a parameter when creating a temporary session for a role or federated user. For more information, see [Session policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) in the *IAM User Guide*. ### Multiple policy types When multiple types of policies apply to a request, the resulting permissions are more complicated to understand. To learn how AWS determines whether to allow a request when multiple policy types are involved, see [Policy evaluation logic](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html) in the *IAM User Guide*. # How Amazon SageMaker Unified Studio works with IAM Before you use IAM to manage access to Amazon SageMaker Unified Studio, learn what IAM features are available to use with Amazon SageMaker Unified Studio. **IAM features you can use with Amazon SageMaker Unified Studio** | IAM feature | Amazon SageMaker Unified Studio support | | --- | --- | | [Identity-based policies](#security_iam_service-with-iam-id-based-policies) | Yes | | [Resource-based policies](#security_iam_service-with-iam-resource-based-policies) | No | | [Policy actions](#security_iam_service-with-iam-id-based-policies-actions) | Yes | | [Policy resources](#security_iam_service-with-iam-id-based-policies-resources) | Yes | | [Policy condition keys](#security_iam_service-with-iam-id-based-policies-conditionkeys) | Yes | | [ACLs](#security_iam_service-with-iam-acls) | No | | [ABAC (tags in policies)](#security_iam_service-with-iam-tags) | Partial | | [Temporary credentials](#security_iam_service-with-iam-roles-tempcreds) | Yes | | [Principal permissions](#security_iam_service-with-iam-principal-permissions) | Yes | | [Service roles](#security_iam_service-with-iam-roles-service) | Yes | | [Service-linked roles](#security_iam_service-with-iam-roles-service-linked) | No | To get a high-level view of how Amazon SageMaker Unified Studio and other AWS services work with most IAM features, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide*. ## Identity-based policies for Amazon SageMaker Unified Studio Identity-based policies **Supports identity-based policies:** Yes Identity-based policies are JSON permissions policy documents that you can attach to an identity, such as an IAM user, group of users, or role. These policies control what actions users and roles can perform, on which resources, and under what conditions. To learn how to create an identity-based policy, see [Define custom IAM permissions with customer managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) in the *IAM User Guide*. With IAM identity-based policies, you can specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied. To learn about all of the elements that you can use in a JSON policy, see [IAM JSON policy elements reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *IAM User Guide*. ### Identity-based policy examples for Amazon SageMaker Unified Studio To view examples of Amazon SageMaker Unified Studio identity-based policies, see [Identity-based policy examples for Amazon SageMaker Unified Studio](security_iam_id-based-policy-examples.md). ## Resource-based policies within Amazon SageMaker Unified Studio Resource-based policies **Supports resource-based policies:** No Resource-based policies are JSON policy documents that you attach to a resource. Examples of resource-based policies are IAM *role trust policies* and Amazon S3 *bucket policies*. In services that support resource-based policies, service administrators can use them to control access to a specific resource. For the resource where the policy is attached, the policy defines what actions a specified principal can perform on that resource and under what conditions. You must [specify a principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html) in a resource-based policy. Principals can include accounts, users, roles, federated users, or AWS services. To enable cross-account access, you can specify an entire account or IAM entities in another account as the principal in a resource-based policy. For more information, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the *IAM User Guide*. ## Policy actions for Amazon SageMaker Unified Studio Policy actions **Supports policy actions:** Yes Administrators can use AWS JSON policies to specify who has access to what. That is, which **principal** can perform **actions** on what **resources**, and under what **conditions**. The `Action` element of a JSON policy describes the actions that you can use to allow or deny access in a policy. Include actions in a policy to grant permissions to perform the associated operation. To see a list of Amazon SageMaker Unified Studio actions, see [Actions Defined by Amazon SageMaker Unified Studio ](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_your_service.html#your_service-actions-as-permissions) in the *Service Authorization Reference*. Policy actions in Amazon SageMaker Unified Studio use the following prefix before the action: ``` ``` To specify multiple actions in a single statement, separate them with commas. ``` "Action": [ ":action1", ":action2" ] ``` To view examples of Amazon SageMaker Unified Studio identity-based policies, see [Identity-based policy examples for Amazon SageMaker Unified Studio](security_iam_id-based-policy-examples.md). ## Policy resources for Amazon SageMaker Unified Studio Policy resources **Supports policy resources:** Yes Administrators can use AWS JSON policies to specify who has access to what. That is, which **principal** can perform **actions** on what **resources**, and under what **conditions**. The `Resource` JSON policy element specifies the object or objects to which the action applies. As a best practice, specify a resource using its [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html). For actions that don't support resource-level permissions, use a wildcard (\$1) to indicate that the statement applies to all resources. ``` "Resource": "*" ``` To see a list of Amazon SageMaker Unified Studio resource types and their ARNs, see [Resources Defined by Amazon SageMaker Unified Studio ](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_your_service.html#your_service-resources-for-iam-policies) in the *Service Authorization Reference*. To learn with which actions you can specify the ARN of each resource, see [Actions Defined by Amazon SageMaker Unified Studio ](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_your_service.html#your_service-actions-as-permissions). To view examples of Amazon SageMaker Unified Studio identity-based policies, see [Identity-based policy examples for Amazon SageMaker Unified Studio](security_iam_id-based-policy-examples.md). ## Policy condition keys for Amazon SageMaker Unified Studio Policy condition keys **Supports service-specific policy condition keys:** Yes Administrators can use AWS JSON policies to specify who has access to what. That is, which **principal** can perform **actions** on what **resources**, and under what **conditions**. The `Condition` element specifies when statements execute based on defined criteria. You can create conditional expressions that use [condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html), such as equals or less than, to match the condition in the policy with values in the request. To see all AWS global condition keys, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) in the *IAM User Guide*. To see a list of Amazon SageMaker Unified Studio condition keys, see [Condition Keys for Amazon SageMaker Unified Studio ](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_your_service.html#your_service-policy-keys) in the *Service Authorization Reference*. To learn with which actions and resources you can use a condition key, see [Actions Defined by Amazon SageMaker Unified Studio ](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_your_service.html#your_service-actions-as-permissions). To view examples of Amazon SageMaker Unified Studio identity-based policies, see [Identity-based policy examples for Amazon SageMaker Unified Studio](security_iam_id-based-policy-examples.md). ## ACLs in Amazon SageMaker Unified Studio ACLs **Supports ACLs:** No Access control lists (ACLs) control which principals (account members, users, or roles) have permissions to access a resource. ACLs are similar to resource-based policies, although they do not use the JSON policy document format. ## ABAC with Amazon SageMaker Unified Studio ABAC **Supports ABAC (tags in policies):** Partial Attribute-based access control (ABAC) is an authorization strategy that defines permissions based on attributes called tags. You can attach tags to IAM entities and AWS resources, then design ABAC policies to allow operations when the principal's tag matches the tag on the resource. To control access based on tags, you provide tag information in the [condition element](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) of a policy using the `aws:ResourceTag/key-name`, `aws:RequestTag/key-name`, or `aws:TagKeys` condition keys. If a service supports all three condition keys for every resource type, then the value is **Yes** for the service. If a service supports all three condition keys for only some resource types, then the value is **Partial**. For more information about ABAC, see [Define permissions with ABAC authorization](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html) in the *IAM User Guide*. To view a tutorial with steps for setting up ABAC, see [Use attribute-based access control (ABAC)](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html) in the *IAM User Guide*. ## Using temporary credentials with Amazon SageMaker Unified Studio Temporary credentials **Supports temporary credentials:** Yes Temporary credentials provide short-term access to AWS resources and are automatically created when you use federation or switch roles. AWS recommends that you dynamically generate temporary credentials instead of using long-term access keys. For more information, see [Temporary security credentials in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) and [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the *IAM User Guide*. ## Cross-service principal permissions for Amazon SageMaker Unified Studio Principal permissions **Supports forward access sessions (FAS):** Yes Forward access sessions (FAS) use the permissions of the principal calling an AWS service, combined with the requesting AWS service to make requests to downstream services. For policy details when making FAS requests, see [Forward access sessions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_forward_access_sessions.html). ## Service roles for Amazon SageMaker Unified Studio Service roles **Supports service roles:** Yes A service role is an [IAM role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) that a service assumes to perform actions on your behalf. An IAM administrator can create, modify, and delete a service role from within IAM. For more information, see [Create a role to delegate permissions to an AWS service](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html) in the *IAM User Guide*. **Warning** Changing the permissions for a service role might break Amazon SageMaker Unified Studio functionality. Edit service roles only when Amazon SageMaker Unified Studio provides guidance to do so. ## Service-linked roles for Amazon SageMaker Unified Studio Service-linked roles **Supports service-linked roles:** No A service-linked role is a type of service role that is linked to an AWS service. The service can assume the role to perform an action on your behalf. Service-linked roles appear in your AWS account and are owned by the service. An IAM administrator can view, but not edit the permissions for service-linked roles. For details about creating or managing service-linked roles, see [AWS services that work with IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html). Find a service in the table that includes a `Yes` in the **Service-linked role** column. Choose the **Yes** link to view the service-linked role documentation for that service. # Identity-based policy examples for Amazon SageMaker Unified Studio Identity-based policy examples By default, users and roles don't have permission to create or modify Amazon SageMaker Unified Studio resources. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies. To learn how to create an IAM identity-based policy by using these example JSON policy documents, see [Create IAM policies (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html) in the *IAM User Guide*. For details about actions and resource types defined by Amazon SageMaker Unified Studio, including the format of the ARNs for each of the resource types, see [Actions, Resources, and Condition Keys for Amazon SageMaker Unified Studio ](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_your_service.html) in the *Service Authorization Reference*. **Topics** + [ ## Policy best practices ](#security_iam_service-with-iam-policy-best-practices) + [ ## Using the Amazon SageMaker Unified Studio console ](#security_iam_id-based-policy-examples-console) + [ ## Allow users to view their own permissions ](#security_iam_id-based-policy-examples-view-own-permissions) ## Policy best practices Identity-based policies determine whether someone can create, access, or delete Amazon SageMaker Unified Studio resources in your account. These actions can incur costs for your AWS account. When you create or edit identity-based policies, follow these guidelines and recommendations: + **Get started with AWS managed policies and move toward least-privilege permissions** – To get started granting permissions to your users and workloads, use the *AWS managed policies* that grant permissions for many common use cases. They are available in your AWS account. We recommend that you reduce permissions further by defining AWS customer managed policies that are specific to your use cases. For more information, see [AWS managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) or [AWS managed policies for job functions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html) in the *IAM User Guide*. + **Apply least-privilege permissions** – When you set permissions with IAM policies, grant only the permissions required to perform a task. You do this by defining the actions that can be taken on specific resources under specific conditions, also known as *least-privilege permissions*. For more information about using IAM to apply permissions, see [ Policies and permissions in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) in the *IAM User Guide*. + **Use conditions in IAM policies to further restrict access** – You can add a condition to your policies to limit access to actions and resources. For example, you can write a policy condition to specify that all requests must be sent using SSL. You can also use conditions to grant access to service actions if they are used through a specific AWS service, such as CloudFormation. For more information, see [ IAM JSON policy elements: Condition](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) in the *IAM User Guide*. + **Use IAM Access Analyzer to validate your IAM policies to ensure secure and functional permissions** – IAM Access Analyzer validates new and existing policies so that the policies adhere to the IAM policy language (JSON) and IAM best practices. IAM Access Analyzer provides more than 100 policy checks and actionable recommendations to help you author secure and functional policies. For more information, see [Validate policies with IAM Access Analyzer](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html) in the *IAM User Guide*. + **Require multi-factor authentication (MFA)** – If you have a scenario that requires IAM users or a root user in your AWS account, turn on MFA for additional security. To require MFA when API operations are called, add MFA conditions to your policies. For more information, see [ Secure API access with MFA](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html) in the *IAM User Guide*. For more information about best practices in IAM, see [Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) in the *IAM User Guide*. ## Using the Amazon SageMaker Unified Studio console Using the console To access the Amazon SageMaker Unified Studio console, you must have a minimum set of permissions. These permissions must allow you to list and view details about the Amazon SageMaker Unified Studio resources in your AWS account. If you create an identity-based policy that is more restrictive than the minimum required permissions, the console won't function as intended for entities (users or roles) with that policy. You don't need to allow minimum console permissions for users that are making calls only to the AWS CLI or the AWS API. Instead, allow access to only the actions that match the API operation that they're trying to perform. To ensure that users and roles can still use the Amazon SageMaker Unified Studio console, also attach the Amazon SageMaker Unified Studio `ConsoleAccess` or `ReadOnly` AWS managed policy to the entities. For more information, see [Adding permissions to a user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the *IAM User Guide*. ## Allow users to view their own permissions This example shows how you might create a policy that allows IAM users to view the inline and managed policies that are attached to their user identity. This policy includes permissions to complete this action on the console or programmatically using the AWS CLI or AWS API. ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "ViewOwnUserInfo", "Effect": "Allow", "Action": [ "iam:GetUserPolicy", "iam:ListGroupsForUser", "iam:ListAttachedUserPolicies", "iam:ListUserPolicies", "iam:GetUser" ], "Resource": ["arn:aws:iam::*:user/${aws:username}"] }, { "Sid": "NavigateInConsole", "Effect": "Allow", "Action": [ "iam:GetGroupPolicy", "iam:GetPolicyVersion", "iam:GetPolicy", "iam:ListAttachedGroupPolicies", "iam:ListGroupPolicies", "iam:ListPolicyVersions", "iam:ListPolicies", "iam:ListUsers" ], "Resource": "*" } ] } ``` # AWS managed policies for Amazon SageMaker Unified Studio AWS managed policies To add permissions to users, groups, and roles, it is easier to use AWS managed policies than to write policies yourself. It takes time and expertise to [create IAM customer managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html) that provide your team with only the permissions they need. To get started quickly, you can use our AWS managed policies. These policies cover common use cases and are available in your AWS account. For more information about AWS managed policies, see [AWS managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) in the *IAM User Guide*. AWS services maintain and update AWS managed policies. You can't change the permissions in AWS managed policies. Services occasionally add additional permissions to an AWS managed policy to support new features. This type of update affects all identities (users, groups, and roles) where the policy is attached. Services are most likely to update an AWS managed policy when a new feature is launched or when new operations become available. Services do not remove permissions from an AWS managed policy, so policy updates won't break your existing permissions. Additionally, AWS supports managed policies for job functions that span multiple services. For example, the **ReadOnlyAccess** AWS managed policy provides read-only access to all AWS services and resources. When a service launches a new feature, AWS adds read-only permissions for new operations and resources. For a list and descriptions of job function policies, see [AWS managed policies for job functions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html) in the *IAM User Guide*. **Topics** + [ # AWS policy: SageMakerStudioFullAccess ](security-iam-awsmanpol-SageMakerStudioFullAccess.md) + [ # AWS policy: SageMakerStudioProjectUserRolePermissionsBoundary ](security-iam-awsmanpol-SageMakerStudioProjectUserRolePermissionsBoundary.md) + [ # AWS policy: SageMakerStudioDomainExecutionRolePolicy ](security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy.md) + [ # AWS policy: SageMakerStudioProjectUserRolePolicy ](security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy.md) + [ # AWS policy: SageMakerStudioProjectRoleMachineLearningPolicy ](security-iam-awsmanpol-SageMakerStudioProjectRoleMachineLearningPolicy.md) + [ # AWS policy: SageMakerStudioDomainServiceRolePolicy ](security-iam-awsmanpol-SageMakerStudioDomainServiceRolePolicy.md) + [ # AWS policy: SageMakerStudioProjectProvisioningRolePolicy ](security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy.md) + [ # AWS policy: AmazonDataZoneBedrockModelManagementPolicy ](security-iam-awsmanpol-AmazonDataZoneBedrockModelManagementPolicy.md) + [ # AWS policy: SageMakerStudioQueryExecutionRolePolicy ](security-iam-awsmanpol-SageMakerStudioQueryExecutionRolePolicy.md) + [ # AWS policy: SageMakerStudioEMRServiceRolePolicy ](security-iam-awsmanpol-SageMakerStudioEMRServiceRolePolicy.md) + [ # AWS policy: AmazonDataZoneBedrockModelConsumptionPolicy ](security-iam-awsmanpol-AmazonDataZoneBedrockModelConsumptionPolicy.md) + [ # AWS policy: SageMakerStudioEMRInstanceRolePolicy ](security-iam-awsmanpol-SageMakerStudioEMRInstanceRolePolicy.md) + [ # AWS policy: SageMakerStudioBedrockAgentServiceRolePolicy ](security-iam-awsmanpol-SageMakerStudioBedrockAgentServiceRolePolicy.md) + [ # AWS policy: SageMakerStudioBedrockChatAgentUserRolePolicy ](security-iam-awsmanpol-SageMakerStudioBedrockChatAgentUserRolePolicy.md) + [ # AWS policy: SageMakerStudioBedrockPromptUserRolePolicy ](security-iam-awsmanpol-SageMakerStudioBedrockPromptUserRolePolicy.md) + [ # AWS policy: SageMakerStudioBedrockFlowServiceRolePolicy ](security-iam-awsmanpol-SageMakerStudioBedrockFlowServiceRolePolicy.md) + [ # AWS policy: SageMakerStudioBedrockEvaluationJobServiceRolePolicy ](security-iam-awsmanpol-SageMakerStudioBedrockEvaluationJobServiceRolePolicy.md) + [ # AWS policy: SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy ](security-iam-awsmanpol-SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy.md) + [ # AWS policy: SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy ](security-iam-awsmanpol-SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy.md) + [ # AWS policy: SageMakerStudioBedrockFunctionExecutionRolePolicy ](security-iam-awsmanpol-SageMakerStudioBedrockFunctionExecutionRolePolicy.md) + [ # AWS policy: SageMakerStudioUserIAMConsolePolicy ](security-iam-awsmanpol-SageMakerStudioUserIAMConsolePolicy.md) + [ # AWS policy: SageMakerStudioUserIAMDefaultExecutionPolicy ](security-iam-awsmanpol-SageMakerStudioUserIAMDefaultExecutionPolicy.md) + [ # AWS policy: SageMakerStudioUserIAMPermissiveExecutionPolicy ](security-iam-awsmanpol-SageMakerStudioUserIAMPermissiveExecutionPolicy.md) + [ # AWS policy: SageMakerStudioAdminIAMConsolePolicy ](security-iam-awsmanpol-SageMakerStudioAdminIAMConsolePolicy.md) + [ # AWS policy: SageMakerStudioAdminIAMDefaultExecutionPolicy ](security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy.md) + [ # AWS policy: SageMakerStudioAdminIAMPermissiveExecutionPolicy ](security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy.md) + [ # AWS policy: SageMakerStudioAdminProjectUserRolePolicy ](security-iam-awsmanpol-SageMakerStudioAdminProjectUserRolePolicy.md) + [ # Amazon SageMaker Unified Studio updates to AWS managed policies ](security-iam-awsmanpol-updates.md) # AWS policy: SageMakerStudioFullAccess SageMakerStudioFullAccess This policy provides full access to Amazon SageMaker Unified Studio via the Amazon SageMaker management console. To view the permissions for this policy, see [SageMakerStudioFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioFullAccess.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioProjectUserRolePermissionsBoundary SageMakerStudioProjectUserRolePermissionsBoundary Amazon SageMaker Unified Studio creates IAM roles for Projects users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the boundary of their permissions. This policy is a permissions boundary. A permissions boundary sets the maximum permissions that an identity-based policy can grant to an IAM entity. You should not use and attach Amazon SageMaker Unified Studio permissions boundary policies on your own. Amazon SageMaker Unified Studio permissions boundary policies should only be attached to Amazon SageMaker Unified Studio managed roles. When you create a project via the Amazon SageMaker Unified Studio, it applies this permissions boundary to the IAM roles that are provisioned during project creation. The permissions boundary limits the scope of the roles that Amazon SageMaker Unified Studio creates and any roles that you add. Amazon SageMaker Unified Studio uses the SageMakerStudioProjectUserRolePermissionsBoundary managed policy to limit the provisioned IAM principal to which it is attached. The principals might take the form of the user roles that Amazon SageMaker Unified Studiocan assume on behalf of interactive enterprise users or analytic services (AWS Glue, for example), and then conduct actions to process data such as reading and writing from Amazon S3 or running AWS Glue crawler. The SageMakerStudioProjectUserRolePermissionsBoundary policy grants read and write access for Amazon SageMaker Unified Studioto services such as Amazon SageMaker, AWS Glue, Amazon S3, AWS Lake Formation, Amazon Redshift, Amazon Athena, Amazon Q, Amazon EMR. The policy also gives read and write permissions to some infrastructure resources that are required to use these services such as network interfaces, AWS KMS keys, AWS CodeCommit, and AWS Secrets Manager. **Note** You can't create new projects with AWS CodeCommit. Existing projects that were created using CodeCommit will continue to work. + Amazon SageMaker permissions are required for users to use the Amazon SageMaker Domain and Spaces provisioned by default by the Tooling blueprint. + AWS Glue permissions are required for users to use the default AWS Glue Connection and create AWS Glue Sessions. + Amazon S3 permissions are required for users to access the project's Amazon S3 bucket. + AWS Lake Formation permissions are required for users to access underlying data in Amazon S3. + Amazon Redshift permissions are required for users to perform SQL queries against Amazon Redshift, and to allow access to the project's Amazon Redshift clusters. + Amazon Athena permissions are required for users to use the provisioned Amazon Athena workgroup and to perform SQL queries. + Amazon Q permissions are required for users to interact with Amazon Q within Amazon SageMaker Unified Studio. + Amazon EMR permissions are required for users to create and access EMR clusters. AWS KMS permissions are required to use CMK in the various services integrated with Amazon SageMaker Unified Studio. + AWS CodeCommit permissions are required for users to use the default Git repository, and perform operations such as committing changes. + AWS Secrets Manager permissions are required for accessing the secret for various services, such as Amazon Redshift, AWS Glue federated data connections, and Amazon Bedrock. + Amazon Bedrock permissions are required to allow users access to Amazon Bedrock IDE, a development experience in Amazon SageMaker Unified Studio that lets you easily discover Amazon Bedrock models and build generative AI apps that use Amazon Bedrock models and features. To view the permissions for this policy, see [SageMakerStudioProjectUserRolePermissionsBoundary](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioProjectUserRolePermissionsBoundary.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioDomainExecutionRolePolicy SageMakerStudioDomainExecutionRolePolicy Default policy for the SageMakerUnifiedStudioDomainExecutionRole service role. This role is used by Amazon SageMaker Unified Studio to catalog, discover, govern, share, and analyze data in the Amazon SageMaker Unified Studio domain. This role provides access to all Amazon SageMaker Unified Studio APIs that are required for Amazon SageMaker Unified Studio use, as well as RAM permissions to support usage of associated accounts in a Amazon SageMaker Unified Studio domain. It also provides access to services used outside of a project scope, including AWS CodeConnections, Amazon Q, AWS Systems Manager, and Amazon Bedrock. To view the permissions for this policy, see [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioDomainExecutionRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioProjectUserRolePolicy SageMakerStudioProjectUserRolePolicy Amazon SageMaker Unified Studio creates IAM roles for projects users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the permissions. This is the main policy for the SageMakerUnifiedStudioProjectRole role. The SageMakerStudioProjectUserRolePolicy policy is created as part of the Tooling environment blueprint. This policy grants read and write access for Amazon SageMaker Unified Studio users to services such as Amazon SageMaker, AWS Glue, Amazon S3, AWS Lake Formation, Amazon Redshift, Amazon Athena, Amazon Q, Amazon EMR. The policy also gives read and write permissions to some infrastructure resources that are required to use these services such as network interfaces, AWS KMS keys, AWS CodeCommit, and AWS Secrets Manager. An administrator can disable certain permissions in this policy by tagging the role to which the policy is attached to. The tag EnableGlueSparkWorkloads=false disables all Glue Spark workloads related permissions. The tag EnableGenAIStudio=false disables all Generative AI Studio related permissions. **Note** You can't create new projects with AWS CodeCommit. Existing projects that were created using CodeCommit will continue to work. + Amazon SageMaker permissions are required for users to use the Amazon SageMaker Domain and Spaces provisioned by default by the Tooling blueprint. + AWS Glue permissions are required for users to use the default AWS Glue Connection and create AWS Glue Sessions. + Amazon S3 permissions are required for users to access the project's Amazon S3 bucket. + AWS Lake Formation permissions are required for users to access underlying data in Amazon S3. + Amazon Redshift permissions are required for users to perform SQL queries against Amazon Redshift, and to allow access to the project's Amazon Redshift clusters. + Amazon Athena permissions are required for users to use the provisioned Amazon Athena workgroup and to perform SQL queries. + Amazon Q permissions are required for users to interact with Amazon Q within Amazon SageMaker Unified Studio. + Amazon EMR permissions are required for users to create and access Amazon EMR clusters. + AWS CodeCommit permissions are required for users to use the default Git repository, and perform operations such as committing changes. + AWS Secrets Manager permissions are required for accessing the secret for various services, such as Amazon Redshift, AWS Glue federated data connections, and Amazon Bedrock. + Amazon Bedrock permissions are required to allow users access to Amazon Bedrock IDE, a development experience in Amazon SageMaker Unified Studio that lets you easily discover Amazon Bedrock models and build generative AI apps that use Amazon Bedrock models and features. + AWS KMS permissions are required to support customer managed keys. Resources provisioned by Amazon SageMaker Unified Studio can be encrypted with your customer managed key. To view the permissions for this policy, see [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioProjectUserRolePolicy.html) in the *AWS Managed Policy Reference*. **Note** Amazon SageMaker Unified Studio creates IAM roles for project users to perform data analytics, AI, and ML actions. You can attach the SageMakerStudioProjectUserRolePolicy managed policy as your user role policy or you can create and attach your own user role policy. Using your own policy provides more granular control over permissions but requires knowledge of IAM policy configuration. The IAM policy must include all necessary permissions required for the service to function properly. # AWS policy: SageMakerStudioProjectRoleMachineLearningPolicy SageMakerStudioProjectRoleMachineLearningPolicy Amazon SageMaker Unified Studio creates IAM roles for projects users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the permissions related to Amazon SageMaker. This is the SageMaker policy for the SageMakerUnifiedStudioProjectRole role. This policy grants read and write access for Amazon SageMaker Unified Studio users to services such as Amazon SageMaker, Amazon CloudWatch, and AWS Resource Groups. The policy also gives read and write permissions to some infrastructure resources that are required to use these services such as network interfaces and AWS KMS keys. An administrator can disable certain permissions in this policy by tagging the role to which the policy is attached to. The tag EnableSageMakerMLWorkloads=false disables all SageMaker ML workloads related permissions. To view the permissions for this policy, see [SageMakerStudioProjectRoleMachineLearningPolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioProjectRoleMachineLearningPolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioDomainServiceRolePolicy SageMakerStudioDomainServiceRolePolicy This is the default policy for the SageMakerUnifiedStudioDomainServiceRole service role. This policy is used by Amazon SageMaker Unified Studio to access the SSM parameters in the user’s account. Those parameters are set by the administrator in the Amazon SageMaker Unified Studio project profiles. This policy also has permissions to AWS KMS for encrypted SSM parameters. The KMS key must be tagged with EnableKeyForAmazonDataZone to allow decrypting the SSM parameters. To view the permissions for this policy, see [SageMakerStudioDomainServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioDomainServiceRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioProjectProvisioningRolePolicy SageMakerStudioProjectProvisioningRolePolicy Amazon SageMaker Unified Studio uses this policy to provision and manage resources in your account. This is the default policy for the AmazonSageMakerProvisioning- service role. This role is used by Amazon SageMaker Unified Studio to manage resources in your account created as part of projects lifecycle. This role provides access to manage resources for all services used in Amazon SageMaker Unified Studio, including Amazon SageMaker, AWS Glue, Amazon S3, AWS Lake Formation, Amazon Redshift, Amazon Athena, Amazon Q, Amazon EMR, Amazon Bedrock, AWS CodeCommit, and AWS IAM. **Note** You can't create new projects with AWS CodeCommit. Existing projects that were created using CodeCommit will continue to work. + Amazon SageMaker permissions are required to manage the SageMaker Domain and Spaces provisioned by default by the Tooling blueprint. + AWS Glue permissions are required to manage AWS Glue Connections, AWS Glue Catalog, and AWS Glue Databases. + Amazon S3 permissions are required to access S3 objects to provision Amazon Bedrock resources, federated AWS Glue connection, and to create the staging bucket for Amazon Redshift. + AWS Lake Formation permissions are required to manage grants on AWS Glue Data Catalog. + Amazon Redshift permissions are required to provision Amazon Redshift Serverless workgroup and namespace. + Amazon Athena permissions are required to provision Amazon Athena workgroup and Amazon Athena data catalog for federated connection. + Amazon EMR permissions are required to provision Amazon EMR on EC2 clusters. + AWS KMS permissions are required to use CMK in the various services integrated with Amazon SageMaker Unified Studio. + AWS CodeCommit permissions are required to provision the default Git repository. + AWS Secrets Manager permissions are required to provision the secret for various services, such as Amazon Redshift, AWS Glue federated data connections, and Amazon Bedrock. + AWS IAM permissions are required to provision the roles that will be used by users of Amazon SageMaker Unified Studio. + Amazon Bedrock permissions are required to provision Amazon Bedrock IDE related resources to enable discovery of Amazon Bedrock models and build generative AI apps that use Amazon Bedrock models and features. To view the permissions for this policy, see [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioProjectProvisioningRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: AmazonDataZoneBedrockModelManagementPolicy AmazonDataZoneBedrockModelManagementPolicy Provides permissions to manage Amazon Bedrock model access, including creating, tagging and deleting application inference profiles. To view the permissions for this policy, see [AmazonDataZoneBedrockModelManagementPolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonDataZoneBedrockModelManagementPolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioQueryExecutionRolePolicy SageMakerStudioQueryExecutionRolePolicy This is the default policy for the SageMakerQueryExecutionRole role. This policy provides permissions to run query executions on federated connections. To view the permissions for this policy, see [SageMakerStudioQueryExecutionRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioQueryExecutionRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioEMRServiceRolePolicy SageMakerStudioEMRServiceRolePolicy Amazon SageMaker Unified Studio creates IAM roles for project users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the permissions related to EMR. To view the permissions for this policy, see [SageMakerStudioEMRServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioEMRServiceRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: AmazonDataZoneBedrockModelConsumptionPolicy AmazonDataZoneBedrockModelConsumptionPolicy Provides permissions to consume Amazon Bedrock models, including invoking Amazon Bedrock application inference profile created for particular Amazon DataZone domain. To view the permissions for this policy, see [AmazonDataZoneBedrockModelConsumptionPolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonDataZoneBedrockModelConsumptionPolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioEMRInstanceRolePolicy SageMakerStudioEMRInstanceRolePolicy Amazon SageMaker Unified Studio creates IAM roles for project users to perform data analytics, artificial intelligence, and machine learning actions and uses this policy when creating these roles to define the permissions related to EMR. To view the permissions for this policy, see [SageMakerStudioEMRInstanceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioEMRInstanceRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioBedrockAgentServiceRolePolicy SageMakerStudioBedrockAgentServiceRolePolicy This policy allows Amazon Bedrock Agents to access Amazon Bedrock models and other resources attached to an agent in Amazon SageMaker Unified Studio. This is the main policy for the Amazon Bedrock IDE agent service role. This role is part of the AmazonBedrockChatAgent environment blueprint. This policy grants the Amazon Bedrock service access to resources attached to a Amazon Bedrock IDE chat agent app, including Amazon Bedrock models, guardrails, knowledge bases; AWS Lambda functions; Amazon S3 objects; and an AWS KMS key. + Amazon Bedrock permissions are required for Amazon Bedrock agents to invoke Amazon Bedrock models enabled at the project level. This policy also grants access to Amazon Bedrock resources managed within Amazon SageMaker Unified Studio. + AWS Lambda permissions are required for Amazon Bedrock agents to run functions attached to an Amazon Bedrock IDE chat agent app. + Amazon S3 permissions are required for Amazon Bedrock agents to access the project's Amazon S3 bucket. + AWS KMS permissions are required to access Amazon Bedrock and Amazon S3 data encrypted with a customer managed key. This policy allows the Amazon Bedrock service to access specific resources tagged with the same project ID as the service role. This tag restriction effectively only permits access to resources in the same project. By default, project users are not allowed to change service role tags. To view the permissions for this policy, see [SageMakerStudioBedrockAgentServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioBedrockAgentServiceRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioBedrockChatAgentUserRolePolicy SageMakerStudioBedrockChatAgentUserRolePolicy This policy provides access to an Amazon Bedrock chat agent app's configuration and Amazon Bedrock agent in Amazon SageMaker Unified Studio. This is the main policy for the Amazon Bedrock IDE chat agent user role. This role is part of the AmazonBedrockChatAgent environment blueprint. This policy grants users access to a shared Amazon Bedrock IDE chat agent app, including the permission to invoke an Amazon Bedrock agent, get its configuration from Amazon S3, and use an AWS KMS key. + Amazon Bedrock permissions are required for app users to read and invoke an Amazon Bedrock agent. + Amazon S3 permissions are required for app users to read an object in the project's Amazon S3 bucket. + AWS KMS permissions are required to access Amazon Bedrock and Amazon S3 data encrypted with a customer managed key. This policy allows users to access individually shared Amazon Bedrock IDE chat agent apps. By default, domain users and project users are not allowed to change user role tags. To view the permissions for this policy, see [SageMakerStudioBedrockChatAgentUserRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioBedrockChatAgentUserRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioBedrockPromptUserRolePolicy SageMakerStudioBedrockPromptUserRolePolicy This policy provides access to an Amazon Bedrock prompt and its configuration in Amazon SageMaker Unified Studio. This is the main policy for the Amazon Bedrock IDE prompt user role. This role is part of the AmazonBedrockPrompt environment blueprint. This policy grants users access to a shared Amazon Bedrock IDE prompt, including the Amazon Bedrock prompt, its configuration in Amazon S3, and an AWS KMS key. + Amazon Bedrock permissions are required for prompt users to read Amazon Bedrock prompts. + Amazon S3 permissions are required for prompt users to read an object in the project's Amazon S3 bucket. + AWS KMS permissions are required to access Amazon Bedrock and Amazon S3 data encrypted with a customer managed key. This policy allows users to access individually shared Amazon Bedrock IDE prompts. By default, domain users and project users are not allowed to change user role tags. To view the permissions for this policy, see [SageMakerStudioBedrockPromptUserRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioBedrockPromptUserRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioBedrockFlowServiceRolePolicy SageMakerStudioBedrockFlowServiceRolePolicy This policy allows Amazon Bedrock Flows to access Amazon Bedrock models and other resources attached to a flow in Amazon SageMaker Unified Studio. This is the main policy for the Amazon Bedrock IDE prompt flow service role. This role is part of the AmazonBedrockFlow environment blueprint. This policy grants the Amazon Bedrock service access to resources attached to a Amazon Bedrock IDE flow app, including Amazon Bedrock models, guardrails, knowledge bases, prompts; AWS Lambda functions; and an AWS KMS key. + Amazon Bedrock permissions are required for Amazon Bedrock prompt flows to invoke Amazon Bedrock models enabled at the project level. This policy also grants access to Amazon Bedrock resources managed within Amazon SageMaker Unified Studio. + AWS Lambda permissions are required for Amazon Bedrock prompt flows to run functions attached to an Amazon Bedrock IDE flow app. + AWS KMS permissions are required to access Amazon Bedrock and Amazon S3 data encrypted with a customer managed key. This policy allows the Amazon Bedrock service to access specific resources tagged with the same project ID as the service role. This tag restriction effectively only permits access to resources in the same project. By default, project users are not allowed to change service role tags. To view the permissions for this policy, see [SageMakerStudioBedrockFlowServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioBedrockFlowServiceRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioBedrockEvaluationJobServiceRolePolicy SageMakerStudioBedrockEvaluationJobServiceRolePolicy This policy allows Amazon Bedrock to access Amazon Bedrock models and datasets for evaluation jobs in Amazon SageMaker Unified Studio. This is the main policy for the Amazon Bedrock IDE evaluation job service role. This role is part of the AmazonBedrockEvaluation environment blueprint. This policy grants the Amazon Bedrock service access to resources for an Amazon Bedrock model evaluation job, including Amazon Bedrock models, Amazon S3 objects, and an AWS KMS key. + Amazon Bedrock permissions are required for Amazon Bedrock evaluation jobs to invoke Amazon Bedrock models enabled at the project level. This policy also grants access to Amazon Bedrock resources managed within Amazon SageMaker Unified Studio. + Amazon S3 permissions are required for Amazon Bedrock evaluation jobs to access the project's Amazon S3 bucket. + AWS KMS permissions are required to access Amazon S3 data encrypted with a customer managed key. This policy allows the Amazon Bedrock service to access specific resources tagged with the same project ID as the service role. This tag restriction effectively only permits access to resources in the same project. By default, project users are not allowed to change service role tags. To view the permissions for this policy, see [SageMakerStudioBedrockEvaluationJobServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioBedrockEvaluationJobServiceRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy This policy provides access to configure vector stores and Amazon Bedrock knowledge bases in Amazon SageMaker Unified Studio. This is the main policy for the Amazon Bedrock IDE knowledge base custom resource service role. This role is part of the AmazonBedrockKnowledgeBase environment blueprint. This policy grants AWS Lambda-backed CloudFormation custom resources access to Amazon Bedrock IDE knowledge bases and their Amazon OpenSearch Serverless collections. + Amazon Bedrock permissions are required for the custom resource to start and query Amazon Bedrock knowledge base ingestion jobs. + Amazon OpenSearch Serverless permissions for the custom resource to prepare Amazon OpenSearch Serverless collections for use with Amazon Bedrock knowledge bases. This policy allows the Amazon Bedrock service to access specific resources tagged with the same project ID as the service role. This tag restriction effectively only permits access to resources in the same project. By default, project users are not allowed to change service role tags. To view the permissions for this policy, see [SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy This policy allows Amazon Bedrock Knowledge Bases to access Amazon Bedrock models and data sources in Amazon SageMaker Unified Studio. This is the main policy for the Amazon Bedrock IDE knowledge base service role. This role is part of the AmazonBedrockKnowledgeBase environment blueprint. This policy grants the Amazon Bedrock service access to resources attached to Amazon Bedrock IDE knowledge bases, including Amazon Bedrock models, Amazon OpenSearch Serverless collections, Amazon S3 objects, and an AWS KMS key. + Amazon Bedrock permissions are required for Amazon Bedrock knowledge bases to invoke Amazon Bedrock models enabled at the project level and generate queries. + AWS SQL Workbench permissions are required to generate SQL recommendations for querying structured data sources. + Amazon OpenSearch Serverless permissions are required for Amazon Bedrock knowledge bases to access the vector search collections that store knowledge base embeddings. + Amazon S3 permissions are required for Amazon Bedrock agents to access the project's Amazon S3 bucket. + AWS KMS permissions are required to access Amazon Bedrock and Amazon S3 data encrypted with a customer managed key. This policy allows the Amazon Bedrock service to access specific resources tagged with the same project ID as the service role. This tag restriction effectively only permits access to resources in the same project. By default, project users are not allowed to change service role tags. To view the permissions for this policy, see [SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioBedrockFunctionExecutionRolePolicy SageMakerStudioBedrockFunctionExecutionRolePolicy This policy allows AWS Lambda to access an Amazon Bedrock function component's configuration in Amazon SageMaker Unified Studio. This is the main policy for the Amazon Bedrock IDE function execution role. This role is part of the AmazonBedrockFunction environment blueprint. This policy grants the AWS Lambda service access to an Amazon Bedrock IDE function’s configuration, including AWS Secrets Manager secrets and an AWS KMS key. + AWS Secrets Manager permissions are required for AWS Lambda to access the Amazon Bedrock IDE function’s API keys while fulfilling API requests. + AWS KMS permissions are required to access AWS Secrets Manager secrets encrypted with a customer managed key. This policy allows the AWS Lambda service to access specific resources tagged with the same project ID as the service role. This tag restriction effectively only permits access to resources in the same project. By default, project users are not allowed to change service role tags. To view the permissions for this policy, see [SageMakerStudioBedrockFunctionExecutionRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioBedrockFunctionExecutionRolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioUserIAMConsolePolicy SageMakerStudioUserIAMConsolePolicy This policy provides individual setup privileges for Amazon SageMaker Unified Studio using the AWS Management Console and SDK. It grants permissions for launching Amazon SageMaker Unified Studio. + Amazon DataZone permissions are required to allow principals access to Amazon DataZone actions to create a project, and to log in to Amazon SageMaker Unified Studio. + AWS Identity and Access Management permissions are required to allow principals to list and get IAM roles, get IAM users. To view the permissions for this policy, see [SageMakerStudioUserIAMConsolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioUserIAMConsolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioUserIAMDefaultExecutionPolicy SageMakerStudioUserIAMDefaultExecutionPolicy This is the default execution policy for using IAM roles with Amazon SageMaker Unified Studio. This policy grants access to users to access resources. This does not grant access to data resources. + Amazon DataZone permissions are required to access DataZone resources such as Project and Asset. + AWS Identity and Access Management permissions are required to list IAM roles, create service-linked roles, and pass roles when provisioning resources. + AWS STS permissions are required to assume other roles for accessing resources in cross-account. + Amazon S3 permissions are required to list S3 buckets and allow cross-account object read. + AWS Lake Formation permissions are required to describe AWS Lake Formation resources. + Amazon Redshift Query Editor permissions are required to interact with the query editor in Amazon SageMaker Unified Studio. + Amazon Redshift Data API API permissions are required to run SQL statements using the Data API. + Amazon Redshift Serverless permissions are required for discovery of Redshift Serverless. + Amazon Redshift permissions are required for discovery of Redshift clusters. + Amazon Bedrock permissions are required to interact with Bedrock APIs in Amazon SageMaker Unified Studio. + Amazon EventBridge Scheduler permissions are required to interact with one-click scheduling in Amazon SageMaker Unified Studio. + Amazon DynamoDB permissions are required to enable federated connections to external data. + Amazon Athena permissions are required to interact with Query Editor in Amazon SageMaker Unified Studio. + AWS Secrets Manager permissions are required to access secrets for connections. + Amazon CodeWhisperer permissions are required to generate code recommendation. + Amazon ECR permissions are required to run SageMaker training jobs. + Amazon MWAA permissions are required to manage and schedule workflows. + AWS KMS permissions are required to support customer managed key. Resources provisioned by Amazon SageMaker Unified Studio can be encrypted with your customer managed key. To view the permissions for this policy, see [SageMakerStudioUserIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioUserIAMDefaultExecutionPolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioUserIAMPermissiveExecutionPolicy SageMakerStudioUserIAMPermissiveExecutionPolicy This is an execution policy for using IAM roles with Amazon SageMaker Unified Studio. This policy grants access to users to access resources in your account, including broad access to data resources. This policy provides full access to all APIs and resources for services used in Amazon SageMaker Unified Studio, such as Amazon CloudWatch Logs AWS Glue, Amazon Redshift, Amazon Redshift Data API, Amazon Redshift Serverless, Amazon S3, Amazon Athena, Amazon Bedrock, Amazon CodeWhisperer, Amazon DataZone, Amazon Q, Amazon SageMaker AI, AWS SQL Workbench, Amazon EventBridge Scheduler, and CloudFormation. Additional access is provided for the following services: + Amazon DataZone permissions are required to access Amazon DataZone resources such as Project and Asset. + AWS Identity and Access Management permissions are required to list IAM roles, create service-linked roles, and pass roles when provisioning resources. + AWS Security Token Service permissions are required to assume other roles for accessing cross-account resources. + AWS Systems Manager permissions are required to access parameters for Amazon Q and Amazon SageMaker AI distribution. + AWS Lake Formation permissions are required to describe AWS Lake Formation Resources. + Amazon DynamoDB permissions are required to enable federated connections to external data. + AWS Secrets Manager permissions are required to access secrets for connections. + Amazon ECR permissions are required to run Amazon SageMaker AI training jobs. + Amazon MWAA permissions are required to manage and schedule workflows. + AWS KMS permissions are required to support customer managed key. Resources provisioned by Amazon SageMaker Unified Studio can be encrypted with your customer managed key. To view the permissions for this policy, see [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioUserIAMPermissiveExecutionPolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioAdminIAMConsolePolicy SageMakerStudioAdminIAMConsolePolicy This policy provides initial administrative and individual setup privileges for Amazon SageMaker Unified Studio via the AWS Management Console and SDK. It grants permissions for launching Amazon SageMaker Unified Studio. + Amazon DataZone permissions are required to allow principals full access to all Amazon DataZone actions. + AWS Identity and Access Management permissions are required to allow principals to list and get IAM roles, get IAM users and pass roles when creating Amazon DataZone resources. + AWS Systems Manager permissions are required to manage parameters to enable Amazon Q. + Amazon EC2 permissions are required to describe, create, modify, and delete VPC infrastructure including VPCs, subnets, security groups, internet gateways, NAT gateways, route tables, VPC endpoints, and elastic IP addresses for Amazon SageMaker Unified Studio environments. + CloudFormation permissions are required to create and manage infrastructure stacks for Amazon SageMaker Unified Studio deployment. + Amazon S3 permissions are required to allow CloudFormation to access template files from S3 buckets, including cross-account scenarios. + AWS KMS permissions are required to manage encryption keys, perform encrypt/decrypt operations, and create grants for Amazon DataZone resources. All EC2 resources must be tagged with `CreatedForUseWithSageMakerUnifiedStudio: true` for creation, modification, and deletion operations to ensure proper resource governance and lifecycle management. To view the permissions for this policy, see [SageMakerStudioAdminIAMConsolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioAdminIAMConsolePolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioAdminIAMDefaultExecutionPolicy SageMakerStudioAdminIAMDefaultExecutionPolicy This is the administrative execution policy for using IAM roles with Amazon SageMaker Unified Studio. This policy grants administrative access to provision, manage, and access resources in your account. This does not grant access to data resources. + Amazon DataZone permissions are required to manage Amazon DataZone resources such as Domain and Project. + AWS Identity and Access Management permissions are required to list IAM roles, create service-linked roles, and pass roles when provisioning resources. + AWS STS permissions are required to assume other roles for accessing resources in cross-account. + Amazon Q permissions are required to interact with Amazon Q within Amazon SageMaker Unified Studio. + AWS Glue permissions are required to access data in Glue and allow usage of Glue Sessions. + AWS Systems Manager permissions are required to manage parameters to enable Q and access SageMaker distribution. + Amazon SageMaker AI permissions are required to manage SageMaker Space and allow SageMaker ML workloads. + Amazon S3 permissions are required to create S3 buckets, access service CloudFormation templates in S3, and delete S3 bucket policies. + CloudFormation permissions are required to manage CloudFormation stack for managing resources of other services. + Amazon CloudWatch Logs permissions are required to access logs from workloads in Amazon SageMaker Unified Studio. + AWS Lake Formation permissions are required to manage Lake Formation grants to access data. + Amazon Redshift Query Editor permissions are required to interact with Query Editor in Amazon SageMaker Unified Studio. + Amazon Redshift Data API API permissions are required to run SQL statements using the Data API. + Amazon Redshift Serverless permissions are required for discovery of Redshift Serverless. + Amazon Redshift permissions are required for discovery of Redshift clusters. + Amazon Bedrock permissions are required to interact with Bedrock APIs in Amazon SageMaker Unified Studio. + Amazon DynamoDB permissions are required to enable federated connections to external data. + AWS Secrets Manager permissions are required to manage secrets for connections. + Amazon Athena permissions are required to interact with Query Editor in Amazon SageMaker Unified Studio. + Amazon CodeWhisperer permissions are required to generate code recommendations. + Amazon EventBridge Scheduler permissions are required to interact with one-click scheduling in Amazon SageMaker Unified Studio. + Amazon ECR permissions are required to run SageMaker training jobs. + Amazon MWAA permissions are required to manage and schedule workflows. + AWS KMS permissions are required to support customer managed key. Resources provisioned by Amazon SageMaker Unified Studio can be encrypted with your customer managed key. To view the permissions for this policy, see [SageMakerStudioAdminIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioAdminIAMDefaultExecutionPolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioAdminIAMPermissiveExecutionPolicy SageMakerStudioAdminIAMPermissiveExecutionPolicy This is an administrative execution policy for using IAM roles with Amazon SageMaker Unified Studio. This policy grants administrative access to provision, manage, and access resources in your account. This includes broad access to data resources. This policy provides full access to all APIs and resources for services used in Amazon SageMaker Unified Studio, such as Amazon CloudWatch Logs AWS Glue, Amazon Redshift, Amazon Redshift Data API, Amazon Redshift Serverless, Amazon S3, Amazon Athena, Amazon Bedrock, Amazon CodeWhisperer, Amazon DataZone, Amazon Q, Amazon SageMaker AI, AWS SQL Workbench, Amazon EventBridge Scheduler, and CloudFormation. Additional access is provided for the following services: + AWS Identity and Access Management permissions are required to list IAM roles, create service-linked roles, and pass roles when provisioning resources. + AWS Security Token Service permissions are required to assume other roles for accessing resources in cross-account. + AWS Systems Manager permissions are required to manage parameters to enable Amazon Q and access SageMaker distribution. + AWS Lake Formation permissions are required to manage AWS Lake Formation grants to access data. + Amazon DynamoDB permissions are required to enable federated connections to external data. + AWS Secrets Manager permissions are required to manage secrets for connections. + Amazon ECR permissions are required to run SageMaker training jobs. + Amazon MWAA permissions are required to manage and schedule workflows. + AWS KMS permissions are required to support customer managed key. Resources provisioned by Amazon SageMaker Unified Studio can be encrypted with your customer managed key. To view the permissions for this policy, see [SageMakerStudioAdminIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioAdminIAMPermissiveExecutionPolicy.html) in the *AWS Managed Policy Reference*. # AWS policy: SageMakerStudioAdminProjectUserRolePolicy SageMakerStudioAdminProjectUserRolePolicy This IAM policy grants an IAM role full access to AWS Glue Data Catalog (metadata) and Amazon S3 (actual data) for data lake operations, with access scoped by account, and role tags. You can attach SageMakerStudioAdminProjectUserRolePolicy to your users, groups, and roles. To view the permissions for this policy, see [SageMakerStudioAdminProjectUserRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SageMakerStudioAdminProjectUserRolePolicy.html) in the *AWS Managed Policy Reference*. # Amazon SageMaker Unified Studio updates to AWS managed policies Policy updates View details about updates to AWS managed policies for Amazon SageMaker Unified Studio since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Amazon SageMaker Unified Studio Document history page. | Change | Description | Date | | --- | --- | --- | | Policy update - [SageMakerStudioUserIAMConsolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMConsolePolicy) | Policy updates to SageMakerStudioUserIAMConsolePolicy - adding permissions for `datazone:GetConnection` and `datazone:ListConnections` to support IAM role federation in Local IDE. | 03/31/2026 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to SageMakerStudioProjectUserRolePolicy - adding AWS Glue permissions scoped to S3 Tables catalog resource to support querying S3 Tables from SageMaker Unified Studio IdC domains. | 03/24/2026 | | Policy update - [SageMakerStudioAdminIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMDefaultExecutionPolicy - adding cloudwatch:GetMetricData, SageMaker Feature store, LakeFormation data filter, SSO and Admin UI permission to SageMaker Unified Studio. | 03/30/2026 | | Policy update - [SageMakerStudioUserIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioUserIAMDefaultExecutionPolicy - adding cloudwatch:GetMetricData, notebook import and export functionality for permissive users SageMaker Feature store, and LakeFormation data filter for SageMaker Unified Studio. These permissions are applied to default IAM users. | 03/30/2026 | | Policy update - [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioUserIAMPermissiveExecutionPolicy - adds notebook import and export functionality for permissive users. These permissions are applied to default IAM users when using the permissive role. | 03/30/2026 | | Policy update - [SageMakerStudioAdminIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMPermissiveExecutionPolicy - adds SSO permissions for permissive admin policies. Also adds Admin and LakeFormation data filter permissions to permissive admin roles. | 03/30/2026 | | Policy update - [SageMakerStudioAdminIAMConsolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMConsolePolicy) | Policy updates to SageMakerStudioAdminIAMConsolePolicy - adding sso:DeleteApplication permission to allow deleting DataZone domain integrated with AWS IAM Identity Center. Adding KMS permissions required for IAM Identity Center instances that use customer managed keys for encryption. | 03/30/2026 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding iam:CreateServiceLinkedRole permission to allow creating the Amazon Athena service-linked role for Athena Spark workgroup provisioning. | 03/09/2026 | | Policy update - [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy) | Policy updates to SageMakerStudioDomainExecutionRolePolicy - adding support for the new API action - `QueryGraph` to enable graph-based entity search capabilities. | 02/25/2026 | | Policy update - [SageMakerStudioProjectRoleMachineLearningPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectRoleMachineLearningPolicy) | Policy updates to SageMakerStudioProjectRoleMachineLearningPolicy - adding permissions to support SageMaker Notebooks, Data Agent, and Airflow Serverless workflows | 02/26/2026 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding permissions to pass roles to Amazon Athena for Athena Spark workgroup support | 03/02/2026 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to SageMakerStudioProjectUserRolePolicy - adding permissions to support Airflow Serverless | 03/02/2026 | | Policy update - [SageMakerStudioAdminIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMPermissiveExecutionPolicy - adding Amazon S3 Tables permissions to support integration with S3 table buckets IAM mode. | 02/27/2026 | | Policy update - [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioUserIAMPermissiveExecutionPolicy - adding Amazon S3 Tables permissions to support integration with S3 table buckets IAM mode. | 02/27/2026 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding permissions to support integration with encrypted Identity Center instances | 02/05/2026 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding permissions to support integration with MLflow App to track runs and experiments | 01/27/2026 | | Policy update - [ SageMakerStudioProjectRoleMachineLearningPolicy ](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectRoleMachineLearningPolicy) | Policy updates to SageMakerStudioProjectRoleMachineLearningPolicy - adding permissions to support integration with MLflow App to track runs and experiments | 01/27/2026 | | Policy update - [ SageMakerStudioUserIAMDefaultExecutionPolicy ](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioUserIAMDefaultExecutionPolicy - adding permissions to support integration with MLflow App to track runs and experiments | 01/27/2026 | | Policy update - [ SageMakerStudioAdminIAMDefaultExecutionPolicy ](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMDefaultExecutionPolicy - adding permissions to support integration with MLflow App to track runs and experiments | 01/27/2026 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to SageMakerStudioProjectUserRolePolicy - adding permissions to support integration with SageMaker Unified Studio MCP. | 11/21/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to SageMakerStudioProjectUserRolePolicy - fix KMS permissions for integration with Scheduler. | 11/20/2025 | | Policy update - [SageMakerStudioAdminIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMDefaultExecutionPolicy - fix KMS permissions for integration with Workflows, Scheduler, and DataZone Data Notebook. | 11/18/2025 | | Policy update - [SageMakerStudioAdminIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMPermissiveExecutionPolicy - fix KMS permissions for integration with Workflows, Scheduler, and DataZone Data Notebook. | 11/18/2025 | | Policy update - [SageMakerStudioUserIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioUserIAMDefaultExecutionPolicy - fix KMS permissions for integration with Workflows, Scheduler, and DataZone Data Notebook. | 11/18/2025 | | Policy update - [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioUserIAMPermissiveExecutionPolicy - fix KMS permissions for integration with Workflows, Scheduler, and DataZone Data Notebook. | 11/18/2025 | | Policy update - [SageMakerStudioAdminIAMConsolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMConsolePolicy) | Policy updates to SageMakerStudioAdminIAMConsolePolicy - adding KMS, CloudFormation and EC2 permissions for Amazon SageMaker Unified Studio. | 11/14/2025 | | Policy update - [SageMakerStudioUserIAMConsolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMConsolePolicy) | Policy updates to SageMakerStudioUserIAMConsolePolicy - removing pass role permissions. | 11/14/2025 | | Policy update - [SageMakerStudioAdminIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMDefaultExecutionPolicy - adding permissions for new APIs for SageMaker Unified Studio MCP, Airflow Serverless, and Athena sessions. Improve isolation for Glue and Athena sessions by making sure users can only access their own sessions. | 11/14/2025 | | Policy update - [SageMakerStudioAdminIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMPermissiveExecutionPolicy - adding permissions for new APIs for SageMaker Unified Studio MCP, Airflow Serverless, and Athena sessions. Improve isolation for Glue and Athena sessions by making sure users can only access their own sessions. | 11/14/2025 | | Policy update - [SageMakerStudioUserIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioUserIAMDefaultExecutionPolicy - adding permissions for new APIs for SageMaker Unified Studio MCP, Airflow Serverless, and Athena sessions. Improve isolation for Glue and Athena sessions by making sure users can only access their own sessions. | 11/14/2025 | | Policy update - [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioUserIAMPermissiveExecutionPolicy - adding permissions for new APIs for SageMaker Unified Studio MCP, Airflow Serverless, and Athena sessions. Improve isolation for Glue and Athena sessions by making sure users can only access their own sessions. | 11/14/2025 | | Policy update - [SageMakerStudioAdminIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMDefaultExecutionPolicy - adding permissions to support integration with multiple services including Amazon EMR Serverless, Amazon Redshift, AWS Secrets Manager, AWS Lake Formation, Amazon SageMaker AI, Amazon S3, AWS CodeConnections, and AWS Glue. Adding KMS permissions to manage resources encrypted with CMK. Adding IAM CreateRole permission to allow creating new execution roles. | 11/11/2025 | | Policy update - [SageMakerStudioAdminIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMPermissiveExecutionPolicy - adding permissions to support integration with multiple services including Amazon EMR Serverless, Amazon Redshift, AWS Secrets Manager, AWS Lake Formation, Amazon SageMaker AI, Amazon S3, AWS CodeConnections, and AWS Glue. Adding KMS permissions to manage resources encrypted with CMK. Adding IAM CreateRole permission to allow creating new execution roles. | 11/10/2025 | | Policy update - [SageMakerStudioUserIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioUserIAMDefaultExecutionPolicy - adding permissions to support integration with multiple services including Amazon EMR Serverless, Amazon Redshift, AWS Secrets Manager, AWS Lake Formation, Amazon SageMaker AI, Amazon S3, AWS CodeConnections, and AWS Glue. Adding KMS permissions to manage resources encrypted with CMK. Adding IAM CreateRole permission to allow creating new execution roles. | 11/10/2025 | | Policy update - [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioUserIAMPermissiveExecutionPolicy - adding permissions to support integration with multiple services including Amazon EMR Serverless, Amazon Redshift, AWS Secrets Manager, AWS Lake Formation, Amazon SageMaker AI, Amazon S3, AWS CodeConnections, and AWS Glue. Adding KMS permissions to manage resources encrypted with CMK. Adding IAM CreateRole permission to allow creating new execution roles. | 11/10/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to SageMakerStudioProjectProvisioningRolePolicy - permissions updates for the following features: EMR on EKS compute capabilities, trusted identity propagation with user background sessions, AWS resource custom tags support, support default AWS Glue catalog encryption, Amazon SageMaker Unified Studio per project S3 bucket. | 10/31/2025 | | Policy update - [SageMakerStudioEMRContainersSystemNamespaceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioEMRContainersSystemNamespaceRolePolicy) | Policy updates to SageMakerStudioEMRContainersSystemNamespaceRolePolicy this revision refactors the scope of STS actions required for the EMR Containers service. | 10/31/2025 | | New policy - [SageMakerStudioEMRContainersSystemNamespaceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioEMRContainersSystemNamespaceRolePolicy) | New policy - SageMakerStudioEMRContainersSystemNamespaceRolePolicy - Amazon SageMaker Unified Studio creates IAM roles for project users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the permissions related to Amazon EMR. | 10/24/2025 | | Policy update - [SageMakerStudioUserIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioUserIAMDefaultExecutionPolicy - adding `sagemaker:StartSession` to allow users to connect to a space from the local IDE. Also adding `glue:UntagResource` permission. | 10/10/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding support for customers who opt-in to the Trusted Identity Propagation (TIP) feature, additional resources and configurations are required which require additional permissions, including LakeFormation IdentityCenterConfiguration resource permissions, AWS Glue IdentityCenterConfiguration resource permissions, EMR SecurityConfiguration `Describe` permission SSO resource permissions. | 9/26/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to SageMakerStudioProjectUserRolePolicy - restoring table tag visibility in the asset page of Amazon SageMaker Unified Studio for Amazon SageMaker unified domains. | 9/18/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to SageMakerStudioProjectUserRolePolicy - adding AWS Glue permissions to enable users to delete AWS Glue databases in their Amazon SageMaker Unified Studio projects. | 9/12/2025 | | Policy update - [SageMakerStudioProjectRoleMachineLearningPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectRoleMachineLearningPolicy) | Policy updates to SageMakerStudioProjectRoleMachineLearningPolicy - adding support for the SageMaker:StartSession permission to enable remote connections to Amazon SageMaker spaces. | 9/08/2025 | | Policy update - [SageMakerStudioAdminIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMPermissiveExecutionPolicy - adding iam:CreateServiceLinkedRole permissions for resource management. | 8/29/2025 | | Policy update - [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMPermissiveExecutionPolicy) | Policy updates to SageMakerStudioUserIAMPermissiveExecutionPolicy - adding iam:CreateServiceLinkedRole permissions for resource management. | 8/29/2025 | | Policy update - [SageMakerStudioUserIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioUserIAMDefaultExecutionPolicy - adding iam:CreateServiceLinkedRole permissions for resource management. | 8/29/2025 | | Policy update - [SageMakerStudioAdminIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | Policy updates to SageMakerStudioAdminIAMDefaultExecutionPolicy - adding permissions iam:CreateServiceLinkedRole and s3:DeleteBucketPolicy for resource management. | 8/29/2025 | | Policy update - [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy) | Policy updates to SageMakerStudioDomainExecutionRolePolicy - adding support for the new API actions - AssociateGovernedTerms and DisassociateGovernedTerms for the asset classification using restricted glossary terms feature in the catalog where users can associate or disassociate restricted glossary terms to an asset. | 8/20/2025 | | New policy - [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | This is an execution policy for using IAM roles with Amazon SageMaker Unified Studio. It grants access to users to access resources, including broad access to data resources. | 8/20/2025 | | New policy - [SageMakerStudioAdminIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | This is an administrative execution policy for using IAM roles with Amazon SageMaker Unified Studio. It grants administrative access to provision, manage and access resources, including broad access to data resources. | 8/20/2025 | | New policy - [SageMakerStudioUserIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | This is an execution policy for using IAM roles with Amazon SageMaker Unified Studio. It grants access to users to access resources, excluding access to data resources. | 8/20/2025 | | New policy - [SageMakerStudioAdminIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) | This is an administrative execution policy for using IAM roles with Amazon SageMaker Unified Studio. It grants administrative access to provision, manage and access resources in your account, excluding access to data resources. | 8/20/2025 | | New policy - [SageMakerStudioAdminIAMConsolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMConsolePolicy) | This policy provides administrative and individual setup privileges for Amazon SageMaker Unified Studio using the AWS Management Console and SDK. It grants permissions for launching Amazon SageMaker Unified Studio. | 8/20/2025 | | New policy - [SageMakerStudioUserIAMConsolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMConsolePolicy) | This policy provides individual setup privileges for Amazon SageMaker Unified Studio using the AWS Management Console and SDK. It grants permissions for launching Amazon SageMaker Unified Studio. | 8/20/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding permissions to untag Amazon Athena, AWS CodeCommit, logs, scheduler, and Amazon EC2 resources. Also adding permissions to update Amazon Athena workgroups and delete the IAM role policy for Amazon SageMaker Unified Studio projects. | 8/15/2025 | | Policy update - [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy) | Policy updates to SageMakerStudioDomainExecutionRolePolicy - adding support for the new API actions - AssociateGovernedTerms and DisassociateGovernedTerms for the asset classification via restricted glossary terms feature in the catalog where users can associate or disassociate restricted glossary terms to an asset. | 8/11/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to the SageMakerStudioProjectUserRolePolicy - adding permissions to support Amazon SageMaker Unified Studio seamlessly for customers with Data Catalog Encryption. Also adding `STS:SetContext` permission to support trusted identity propagation for external computes. Also updaing CloudWatch log groups to be more specific. | 7/30/2025 | | Policy update - [SageMakerStudioFullAccess](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioFullAccess) | Policy update - generalizing the scope for SecretsManager `create` and `tag` permissions for new domains that will have the format of `dzd-` instead of `dzd_..`. Also adding permissions to allow users to use custom blueprint templates from Amazon S3 as well as upload their own template files to Amazon S3. | 7/23/2025 | | Policy update - [SageMakerStudioEMRServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioEMRServiceRolePolicy) | Policy update - removing unwanted KMS permissions for EMR cluster AtRestEncryption in the Amazon SageMaker Unified Studio EmrOnEc2 blueprint and adding permissions for EMR clsuter to encrypt customer data using customer managed KMS for logs pushed to Amazon S3 bucket in Amazon SageMaker Unified Studio when using EmrOnEc2 blueprint with customer managed encryption. | 7/23/2025 | | Policy update - [SageMakerStudioProjectRoleMachineLearningPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectRoleMachineLearningPolicy) | Policy updates to the SageMakerStudioProjectRoleMachineLearningPolicy - adding permissions to support cross-account Amazon S3 asset subscription fulfillment using Amazon S3 access grants. | 7/23/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding permissions to create and manage Amazon S3 table buckets and also adding permissions to automate S3 table analytics integration flow within Amazon SageMaker Unified Studio. Also adding permissions to read templates from users' S3 buckets and permissions to validate the template using AWS Cloud Formation. Also adding permissions to get and create an S3 access grant instance in the project account to support managing subscriptions for S3 asset types. Also adding `neptune-graph:*` and `s3vectors:*` permissions to support Knowledge Base vector store management of two new vector store services in Amazon SageMaker Unified Studio: S3Vectors vector buckets and Neptune Analytics graphs. Also adding permissions to allow cross-account project access for encrypted domains. And adding support for the data onboarding in Amazon SageMaker Unified Studio. | 7/15/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy update - adding permissions to allow deletion of AWS Glue databases in Amazon Datalake, adding `sqlworkbench` service principals for the `redshift-serverless:GetCredentials` action, adding permissions to fetch jobs based on tags and resources, adding permissions to update Amazon CloudWatch metrics from job runs and read/write job logs, and adding permissions to support Amazon S3 access grants. Also adding permissions to allow cross-account project access for encrypted domains and adding support for `ProjectRole` and `DescribeResource` actions in order to check for the Amazon S3 tables' Lake Formation registration. | 7/15/2025 | | New policy - [SageMakerStudioAdminProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminProjectUserRolePolicy) | New policy - This IAM policy grants an IAM role full access to the AWS Glue Data Catalog (metadata) and Amazon S3 (actual data) for the data lake operations, with access scoped by region, account, and role tags. | 7/15/2025 | | Policy update - [SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy) | Policy updates to the SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy - adding `neptune-graph:*` and `s3vectors:*` permissions to support vector read/write on vector stores for two new vector store services: S3Vectors vector buckets and Neptune Analytics graphs. | 7/15/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy update - adding permissions to access Amazon Athena default catalog resource. | 6/25/2025 | | Policy update - [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy) | Policy updates to the SageMakerStudioDomainExecutionRolePolicy - adding support for the Amazon Q `GetIdentityMetadata` API action in order to obtain user's Q subscription information to set an appropriate subscription tier badge. | 6/18/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy ](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy ) | Policy updates to the SageMakerStudioProjectUserRolePolicy - bring back previously removed permission to `ListBucket` to fix issues in AWS Glue sessions and connections. | 6/13/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to the SageMakerStudioProjectUserRolePolicy - adding permissions to list Amazon Bedrock foundation models. Removing permissions to terminate EMR Cluster, change security group rules, Amazon Athena default catalog permissions, and list S3 buckets permissions at bucket level. | 6/13/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding the untag role permission to fix project update failure. Also adding permissions to integrate with Amazon QuickSight. Also optimizing to reduce the policy size. And adding permissions to enable automatic sync of repositories. | 6/04/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to the SageMakerStudioProjectUserRolePolicy - removing RedshiftDbUser format restriction. Adding KMS permissions required by dependent services for Federated Data Connection. Adding permissions to support Amazon QuickSight integration. | 6/04/2025 | | Policy update - [AmazonDataZoneBedrockModelConsumptionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-AmazonDataZoneBedrockModelConsumptionPolicy) | Policy updates to the AmazonDataZoneBedrockModelConsumptionPolicy - adding permissions to call the `ListFoundationModels` action. This permission is added to help get model metadata more programmatically when the user is selecting which models to invoke. | 5/28/2025 | | Policy update - [SageMakerStudioFullAccess](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioFullAccess) | Policy updates to the SageMakerStudioFullAccess - adding permissions to support attaching or updating AWS managed permissions in AWS RAM resource shares in the Amazon SageMaker console. | 5/22/2025 | | Policy update - [AmazonDataZoneBedrockModelConsumptionPolicy ](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-AmazonDataZoneBedrockModelConsumptionPolicy) | Policy updates to the AmazonDataZoneBedrockModelConsumptionPolicy - adding support for the conversation history feature powered by Amazon Bedrock session management in generative AI playgrounds. | 5/13/2025 | | Policy update - [SageMakerStudioProjectRoleMachineLearningPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectRoleMachineLearningPolicy) | Policy updates to the SageMakerStudioProjectRoleMachineLearningPolicy - as CodeEditor (VS Code) is introduced into Amazon SageMaker Unified Studio, users need the ability to create/delete CodeEditor space applications in Amazon SageMaker. Currently, only Amazon SageMaker space apps are allowed to be created with the JupyterLab app type. This change extends the current capability of creating/deleting JupyterLab space applications to CodeEditor (VS Code). | 5/01/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy ) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding IAM permissions for the AmazonSageMakerQueryExecution role to support query execution role creation during enabling of the Tooling blueprint. Adding the DeleteSchedule permission so that when projects are deleted, the Schedule Group can be deleted. EventBridge runs DeleteSchedule automatically on Schedule Groups when it attempts to delete them, regardless of whether the Schedule Group actually has schedules in it. This permission allows for that deleteSchedule call to be made during project deletion. | 4/28/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to the SageMakerStudioProjectUserRolePolicy - adding permissions for integration with Amazon Bedrock Data Automation. Adding permissions to show Amazon Bedrock agent versions and their details to users. Adding permission to support Trusted Identity Propagation in QEv2. Ensuring project isolation for Amazon Bedrock Inline Agents. | 4/28/2025 | | Policy update - [SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy ](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy) | Policy updates to the SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy - adding support for structured data sources in Amazon Bedrock knowledge bases for generative AI app development projects. | 4/16/2025 | | Policy update - [SageMakerStudioBedrockFlowServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockFlowServiceRolePolicy) | Policy updates to the SageMakerStudioBedrockFlowServiceRolePolicy - adding support for using Amazon Bedrock agent nodes in Amazon Bedrock flows for generative AI app development projects. | 4/09/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to the SageMakerStudioProjectUserRolePolicy - preventing sharing provisioned Amazon Redshift-Serverless across all projects. Adding EventBridge Scheduler permissions for users to create schedules in the project schedule group. Adding permissions to handle Amazon SageMaker Studio migration to Amazon SageMaker Unified Studio. Adding support for the Amazon SageMaker App type CodeEditor. | 4/09/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding `lakeformation:DescribeResource` to improve deregistering of federated connections. Adding EventBridge Scheduler permissions to manage a schedule group for each project. Adding permission to manage Amazon Bedrock resources directly from the Amazon DataZone service. Add support for the Amazon SageMaker App type CodeEditor. | 4/09/2025 | | Policy update - [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy) | Policy updates to the SageMakerStudioDomainExecutionRolePolicy - adding support for the GetUpdateEligibility API required by Amazon SageMaker Unified Studio to fetch update comments and determine project's eligibility for the workflow of updating projects. Also adding support for the existing Amazon DataZone Rule APIs required by Amazon SageMaker Unified Studio to mange and enforce rules. | 3/25/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to the SageMakerStudioProjectUserRolePolicy - preventing default AWS Glue database from being listed as it causes issues with Spark SQL. Also adding permission to use new project-wide Amazon Bedrock service role for improved scalability. | 3/21/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding permission to describe stack event for better error reporting. | 3/21/2025 | | Policy update - [SageMakerStudioBedrockFlowServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockFlowServiceRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding KMS permissions to decrypt Amazon Bedrock guardrails attached to the Amazon Bedrock flows. | 3/10/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding permission to change trust policy during project update to address confused deputy problem. Also adding permission to attach PartnerApps policy to the user role. | 3/05/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding support for ProjectUpdate for EMR Serverless blueprint to proactively notify users on invalid updates on EMR Serverless application. | 3/04/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - renaming Amazon Bedrock tag and adding permission to remove deprecated tag on roles. | 2/28/2025 | | Policy update - [SageMakerStudioProjectRoleMachineLearningPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectRoleMachineLearningPolicy) | Policy updates to the SageMakerStudioProjectRoleMachineLearningPolicy - adding support for the MLFlow Tracking Server for Shared VPC, applying visibility condition to Amazon SageMaker Search API. | 2/28/2025 | | Policy update - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePolicy) | Policy updates to the SageMakerStudioProjectUserRolePolicy - changes to support shared VPC by removing ResourceAccount condition on actions dependent on VPC/subnets. Moving permissions from inline to this AWS managed policy for Amazon EMR, EMR-Serverless, and federated connections. Adding support for buckets with public access blocked with permission `s3:GetBucketPublicAccessBlock`. Adding permission to support data lineage in Amazon DataZone. Supporting Amazon LakeFormation ABAC by adding session tag the access role. Supporting users operating on private ECR. Also adding support for managing AWS Glue subscriptions by the user. | 2/28/2025 | | Policy update - [SageMakerStudioEMRServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioEMRServiceRolePolicy) | Policy updates to the SageMakerStudioEMRServiceRolePolicy - adding permissions to allow Amazon EMR to create network interfaces against Shared VPC. | 2/28/2025 | | New policy - [SageMakerStudioEMRInstanceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioEMRInstanceRolePolicy.html) | Amazon SageMaker Unified Studio creates IAM roles for project users to perform data analytics, artificial intelligence, and machine learning actions and uses this policy when creating these roles to define the permissions related to EMR. | 2/28/2025 | | New policy - [SageMakerStudioBedrockFunctionExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockFunctionExecutionRolePolicy) | This policy allows AWS Lambda to access an Amazon Bedrock function component's configuration in Amazon SageMaker Unified Studio. | 2/25/2025 | | New policy - [SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy) | This policy provides access to configure vector stores and Amazon Bedrock knowledge bases in Amazon SageMaker Unified Studio. | 2/25/2025 | | New policy - [SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy) | This policy allows Amazon Bedrock Knowledge Bases to access Amazon Bedrock models and data sources in Amazon SageMaker Unified Studio. | 2/25/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding permissions for batch grants in AWS LakeFormation to give grants to IDC users. Adding various `Update*` permissions to allow managing project resources. Removing `ResourceAccount` condition on resources depending on VPC to allow usage of shared VPC. Using new Amazon Bedrock managed policy name. Adding permissions to clean up Amazon EMR project level resources during project deletion. | 2/24/2025 | | New policy - [SageMakerStudioBedrockEvaluationJobServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockEvaluationJobServiceRolePolicy) | This policy allows Amazon Bedrock to access Amazon Bedrock models and datasets for evaluation jobs in Amazon SageMaker Unified Studio. | 2/14/2025 | | New policy - [SageMakerStudioBedrockPromptUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockPromptUserRolePolicy) | This policy provides access to an Amazon Bedrock prompt and its configuration in Amazon SageMaker Unified Studio. | 2/14/2025 | | New policy - [SageMakerStudioBedrockFlowServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockFlowServiceRolePolicy) | This policy allows Amazon Bedrock Flows to access Amazon Bedrock models and other resources attached to a flow in Amazon SageMaker Unified Studio. | 2/14/2025 | | New policy - [SageMakerStudioBedrockChatAgentUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockChatAgentUserRolePolicy) | This policy provides access to an Amazon Bedrock chat agent app's configuration and Amazon Bedrock agent in Amazon SageMaker Unified Studio. | 2/14/2025 | | New policy - [SageMakerStudioBedrockAgentServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioBedrockAgentServiceRolePolicy) | This policy allows Amazon Bedrock Agents to access Amazon Bedrock models and other resources attached to an agent in Amazon SageMaker Unified Studio. | 2/14/2025 | | Policy update - [SageMakerStudioProjectRoleMachineLearningPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectRoleMachineLearningPolicy) | Policy updates to the SageMakerStudioProjectRoleMachineLearningPolicy - adding permission for `DescribeAutoMLJobV2`, moving multiple Amazon SageMaker `List` operations to tag based authorization, adding CMK permissions for JupyterLab, add Amazon SageMaker `ListModelPackages` and `CreateModel` permissions for cross-account use case. | 2/14/2025 | | New Policy - [SageMakerStudioEMRServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioEMRServiceRolePolicy) | New policy SageMakerStudioEMRServiceRolePolicy - Amazon SageMaker Unified Studio creates IAM roles for project users to perform data analytics, artificial intelligence, and machine learning actions and uses this policy when creating these roles to define the permissions related to Amazon EMR. | 1/31/2025 | | New Policy - [SageMakerStudioQueryExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioQueryExecutionRolePolicy) | New policy SageMakerStudioQueryExecutionRolePolicy - this is the default policy for the SageMakerQueryExecutionRole role. This policy provides permissions to run query executions on federated connections. | 1/31/2025 | | Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding permissions to manage IAM roles with only AWS managed policies attached to them and no permissions boundary. Also adding permissions to update the AWS Lambda function for Amazon Athena federated connections. | 1/31/2025 | | Policy update - [SageMakerStudioFullAccess](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioFullAccess) | Policy updates to SageMakerStudioFullAccess - updating the CodeConnections tagging permissions to support tagging for CodeConnections host resources in the Amazon SageMaker console. | 1/24/2025 | | Policy update - [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy.html) | Policy updates to SageMakerStudioDomainExecutionRolePolicy - adding support for the AWS CodeConnections APIs in order to make the Copy button available for self-managed Git providers. | 1/24/2025 | | Policy updates to [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy.html) | Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding permissions to support CMK in CodeCommit, AWS Glue Catalog, and Amazon Redshift Serverless. | 12/18/2024 | | Policy updates to [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-AmazonDataZoneProjectRolePolicy.html). | Policy updates to SageMakerStudioProjectUserRolePolicy - adding permissions to support CMK in CodeCommit, and AWS Glue Catalog. | 12/18/2024 | | Policy updates to [SageMakerStudioProjectUserRolePermissionsBoundary](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePermissionsBoundary.html) | Policy updates to SageMakerStudioProjectUserRolePermissionsBoundary - adding permissions to support CMK in CodeCommit, AWS Glue Catalog, Amazon Redshift Serverless, and EMR on EC2. | 12/18/2024 | | New policy - [SageMakerStudioFullAccess](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioFullAccess.html) | Adding a new managed policy - this policy provides full access to Amazon SageMaker Unified Studio via the Amazon SageMaker management console. | 12/02/2024 | | New policy - [SageMakerStudioProjectUserRolePermissionsBoundary](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectUserRolePermissionsBoundary.html) | Adding a new managed policy - SageMakerStudioProjectUserRolePermissionsBoundary. Amazon SageMaker Unified Studio creates IAM roles for Projects users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the boundary of their permissions. | 12/02/2024 | | New policy - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy.html) | Adding a new managed policy - SageMakerStudioProjectProvisioningRolePolicy. Amazon SageMaker Unified Studio uses this policy to provision and manage resources in your account. | 12/02/2024 | | New policy - [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy.html) | Adding a new managed policy - SageMakerStudioDomainExecutionRolePolicy - Default policy for the SageMakerUnifiedStudioDomainExecutionRole service role. This role is used by Amazon SageMaker Unified Studio to catalog, discover, govern, share, and analyze data in the Amazon SageMaker Unified Studio domain. | 12/02/2024 | | New policy - [SageMakerStudioDomainServiceRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainServiceRolePolicy.html) | Adding a new managed policy - SageMakerStudioDomainServiceRolePolic. This is the default policy for the SageMakerUnifiedStudioDomainServiceRole service role. This policy is used by Amazon SageMaker Unified Studio to access the SSM parameters in the user’s account. Those parameters are set by the administrator in the Amazon SageMaker Unified Studio project profiles. This policy also has permissions to AWS KMS for encrypted SSM parameters. The KMS key must be tagged with EnableKeyForAmazonDataZone to allow decrypting the SSM parameters. | 12/02/2024 | | New policy - [SageMakerStudioProjectUserRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-AmazonDataZoneProjectRolePolicy.html) | Adding a new managed policy - SageMakerStudioProjectUserRolePolicy. Amazon SageMaker Unified Studio creates IAM roles for projects users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the permissions. | 12/02/2024 | | New policy - [SageMakerStudioProjectRoleMachineLearningPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-AmazonDataZoneSageMakerProjectRolePolicy.html) | Adding a new managed policy - SageMakerStudioProjectRoleMachineLearningPolicy. Amazon SageMaker Unified Studio creates IAM roles for projects users to perform data analytics, artificial intelligence, and machine learning actions, and uses this policy when creating these roles to define the permissions. | 12/02/2024 | | New policy - [AmazonDataZoneBedrockModelManagementPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-AmazonDataZoneBedrockModelManagementPolicy.html) | Adding a new managed policy - AmazonDataZoneBedrockModelManagementPolicy - that provides permissions to manage Amazon Bedrock model access, including creating, tagging and deleting application inference profiles. | 12/02/2024 | | New policy - [AmazonDataZoneBedrockModelConsumptionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-AmazonDataZoneBedrockModelConsumptionPolicy.html) | Adding a new managed policy - AmazonDataZoneBedrockModelConsumptionPolicy - that provides permissions to consume Amazon Bedrock models, including invoking Amazon Bedrock application inference profile created for particular Amazon DataZone domain. | 12/02/2024 | | Amazon SageMaker Unified Studio started tracking changes | Amazon SageMaker Unified Studio started tracking changes for its AWS managed policies. | December 2nd, 2024 | # IAM roles for Amazon SageMaker Unified Studio **Topics** + [ # AmazonSageMakerDomainExecution role ](AmazonSageMakerDomainExecution.md) + [ # AmazonSageMakerDomainService role ](AmazonSageMakerDomainService.md) + [ # AmazonSageMakerManageAccess-- role ](AmazonSageMakerManageAccess.md) + [ # AmazonSageMakerProvisioning- role ](AmazonSageMakerProvisioning.md) + [ # AmazonDataZoneBedrockModelManagementRole ](AmazonDataZoneBedrockModelManagementRole.md) + [ # AmazonDataZoneBedrockFMConsumptionRole ](AmazonDataZoneBedrockFMConsumptionRole.md) + [ # AmazonSageMakerQueryExecution ](AmazonSageMakerQueryExecution.md) # AmazonSageMakerDomainExecution role The AmazonSageMakerDomainExecution role has the [AWS policy: SageMakerStudioDomainExecutionRolePolicy](security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy.md) attached. This is an IAM role that Amazon SageMaker Unified Studio requires to call APIs on behalf of authorized users, including those logged in to Amazon SageMaker Unified Studio. The default `AmazonSageMakerDomainExecution` role has the following trust policy attached: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "datazone.amazonaws.com" }, "Action": [ "sts:AssumeRole", "sts:TagSession", "sts:SetContext" ], "Condition": { "StringEquals": { "aws:SourceAccount": "{{source_account_id}}" }, "ForAllValues:StringLike": { "aws:TagKeys": "datazone*" } } } ] } ``` ------ # AmazonSageMakerDomainService role The AmazonSageMakerDomainService role has the [AWS policy: SageMakerStudioDomainServiceRolePolicy](security-iam-awsmanpol-SageMakerStudioDomainServiceRolePolicy.md) attached. This is a service role for domain level actions performed by Amazon SageMaker Unified Studio. The default `AmazonSageMakerDomainService` role has the following trust policy attached: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "datazone.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{{domain_account}}" } } } ] } ``` ------ # AmazonSageMakerManageAccess-- role AmazonSageMakerManageAccess-- role grants Amazon SageMaker Unified Studio permissions to publish, grant access, and revoke access to Amazon SageMaker Lakehouse, AWS Glue Data Catalog and Amazon Redshift data. It also grants Amazon SageMaker Unified Studio access to publish and manage subscriptions on Amazon SageMaker Catalog data and AI assets. AmazonSageMakerManageAccess-- role has the following Amazon DataZone managed policies attached: + AmazonDataZoneGlueManageAccessRolePolicy + AmazonDataZoneRedshiftManageAccessRolePolicy + AmazonDataZoneSageMakerAccess The default `AmazonSageMakerManageAccess--` role has the following inline policy attached: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement":[ { "Sid": "RedshiftSecretStatement", "Effect":"Allow", "Action":"secretsmanager:GetSecretValue", "Resource":"*", "Condition":{ "StringEquals":{ "secretsmanager:ResourceTag/AmazonDataZoneDomain":"{{domainId}}" } } } ] } ``` ------ The default `AmazonSageMakerManageAccess--` role has the following trust policy attached: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "datazone.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "111122223333" }, "ArnEquals": { "aws:SourceArn": "arn:aws:datazone:us-east-1:111122223333:domain/dzd-12345" } } } ] } ``` ------ # AmazonSageMakerProvisioning- role AmazonSageMakerProvisioning- role is used by Amazon SageMaker Unified Studio to provision and manage resources defined in the selected blueprints in your account. AmazonSageMakerProvisioning- role has the [AWS policy: SageMakerStudioProjectProvisioningRolePolicy](security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy.md) attached. The default `AmazonSageMakerProvisioning-` role has the following trust policy attached: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "datazone.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceAccount": "{{domain_account}}" } } } ] } ``` ------ **Important** If you are using your own query execution role (instead of the default [AmazonSageMakerQueryExecution](AmazonSageMakerQueryExecution.md) role), then you must modify the permissions of your provisioning role (whether you're using this default AmazonSageMakerProvisioning role or your own custom provisioning role) to include `iam:PassRole` and `iam:GetRole` permissions. These permissions enable your provisioning role to pass the query execution role to AWS LakeFormation during creation of federated connections. You can include these permissions by attaching the following inline policy to your provisioning role: **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "IamRolePermissionsForQueryExecution", "Effect": "Allow", "Action": [ "iam:PassRole", "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/{your-role}" } ] } ``` # AmazonDataZoneBedrockModelManagementRole Amazon SageMaker Unified Studio uses this role to create an inference profile for an Amazon Bedrock model in a project. The inference profile is required for the project to interact with the model. You can either let Amazon SageMaker Unified Studio automatically create a unique provisioning role, or you can provide a custom provisioning role. The AmazonDataZoneBedrockModelManagementRole has the [AWS policy: AmazonDataZoneBedrockModelManagementPolicy](security-iam-awsmanpol-AmazonDataZoneBedrockModelManagementPolicy.md) attached. The default `AmazonDataZoneBedrockModelManagementRole` has the following trust policy attached: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "datazone.amazonaws.com" }, "Action": [ "sts:AssumeRole", "sts:SetContext" ], "Condition": { "StringEquals": { "aws:SourceAccount": "{{accountId}}" } } } ] } ``` ------ # AmazonDataZoneBedrockFMConsumptionRole A consumption role is required for each Amazon Bedrock model that you want to enable in the playground for non-builders. Amazon SageMaker Unified Studio can create a consumption role per model by default or you have the option to configure a single existing consumption role for all models. The AmazonDataZoneBedrockFMConsumptionRole has the [AWS policy: AmazonDataZoneBedrockModelConsumptionPolicy](security-iam-awsmanpol-AmazonDataZoneBedrockModelConsumptionPolicy.md) attached. The default `AmazonDataZoneBedrockFMConsumptionRole` has the following inline policy attached: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "AllowInferenceProfileToInvokeFoundationModels", "Effect": "Allow", "Action": [ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Resource": [ "arn:aws:bedrock:us-east-1::foundation-model/{{modelId}}" ], "Condition": { "ArnLike": { "bedrock:InferenceProfileArn": "arn:aws:bedrock:*:111122223333:application-inference-profile/*" } } } ] } ``` ------ The default `AmazonDataZoneBedrockFMConsumptionRole` has the following trust policy attached: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "datazone.amazonaws.com" }, "Action": [ "sts:AssumeRole", "sts:SetContext" ], "Condition": { "StringEquals": { "aws:SourceAccount": "{{accountId}}" } } } ] } ``` ------ # AmazonSageMakerQueryExecution This role is used while running a query execution. AWS LakeFormation assumes this role to vend credentials needed by Amazon Athena during query execution. The AmazonSageMakerQueryExecution role has the [AWS policy: SageMakerStudioQueryExecutionRolePolicy](security-iam-awsmanpol-SageMakerStudioQueryExecutionRolePolicy.md) attached. The default `AmazonSageMakerQueryExecution` role has the following trust policy attached: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lakeformation.amazonaws.com", "glue.amazonaws.com" ] }, "Action": [ "sts:AssumeRole", "sts:SetContext" ], "Condition": { "StringEquals": { "aws:SourceAccount": "{{source_account}}" } } } ] } ``` ------ **Important** If you are using your own query execution role (instead of this default AmazonSageMakerQueryExecution role), then you must modify the permissions of your provisioning role (whether you're using this default [AmazonSageMakerProvisioning- role](AmazonSageMakerProvisioning.md) role or your own custom provisioning role) to include `iam:PassRole` and `iam:GetRole` permissions. These permissions enable your provisioning role to pass the query execution role to AWS LakeFormation during creation of federated connections. You can include these permissions by attaching the following inline policy to your provisioning role: **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "IamRolePermissionsForQueryExecution", "Effect": "Allow", "Action": [ "iam:PassRole", "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/{your-role}" } ] } ``` # Access control patterns Amazon SageMaker Unified Studio Effective data management and governance are crucial to deriving value from data assets while maintaining compliance and security. In Amazon SageMaker Unified Studio, you can use projects to simplify development and collaboration. Projects contain one or more IAM roles, and there is at least one project role for each account in which the project has resources. You have access to all the tools, compute, data, and AIML assets this role has access to. When you access a project from Amazon SageMaker Unified Studio, it is equivalent to logging into an account in a specific region and assuming one of the project’s roles. There are two ways to manage what these roles have access to. First, you can simply add the IAM permissions directly to the project’s IAM role. Second, you can publish data and AI/ML assets to the Amazon SageMaker catalog and enable project members to subscribe to those assets. Both of these approaches are covered in this section. **Topics** + [ ## Using IAM to configure access in Amazon SageMaker Unified Studio ](#security-accesss-control-patterns-iam) + [ ## Data access and subscription workflows using Amazon SageMaker catalog ](#security-accesss-control-patterns-datazone) ## Using IAM to configure access in Amazon SageMaker Unified Studio In Amazon SageMaker Unified Studio, a domain is the fundamental organizational unit that enables you to manage multiple AWS Regions, accounts, and workloads through a single interface. Each domain has its own unique URL and provides centralized management of studio settings, accounts, users, and network configurations. Within domains, projects streamline and enable collaboration. Projects can be located in different regions or in different accounts within a given region. Project metadata contains information about the project's git repository, members, and their permissions. There is at least one project role for each account in which the project has resources. The project IAM role defines what tools, compute resources, data, and AI/ML assets project members can access. You can think of entering a project in Amazon SageMaker Unified Studio as logging into a regional account where you take on a designated role. To manage access to data, you can simply modify the IAM permissions to the project’s IAM role. It is important that you understand the different IAM roles used in Amazon SageMaker Unified Studio and their functions in detail. This section covers those details. When you modify an IAM role to manage data access, you must factor in the region, account, and role you need to give permissions to. For more information on simplifying configuring permissions and customizing role assignments, see the [AWS IAM Roles section](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/bring-resources-scripts.html#resource-scripts-iam) in "Bringing existing resources into Amazon SageMaker Unified Studio". **Domain execution role** - the AmazonSageMakerDomainExecution role is an IAM role that enables Amazon SageMaker Unified Studio to execute API calls on behalf of authorized users. It provides access to all APIs that are required for Amazon SageMaker Unified Studio to use, as well as RAM permissions to support usage of associated accounts in an Amazon SageMaker unified domain. It also provides access to services used outside of a project scope, including AWS CodeConnections, Amazon Q, AWS Systems Manager, and Amazon Bedrock. **Service role** - the AmazonSageMakerDomainService role is a specialized service role that enables domain-level actions in Amazon SageMaker Unified Studio. It is responsible for managing critical operations within the domain, particularly the handling of blueprint parameters in Systems Manager (SSM). These parameters are essential for executing privileged calls, ensuring secure and controlled access to domain-level functionalities. **Provisioning Role** - Amazon SageMaker Unified Studio employs an IAM policy to manage and provision resources across various AWS services within an AWS account. This policy, associated with the AmazonSageMakerProvisioning role, grants access to essential services such as Amazon SageMaker, AWS Glue, Amazon S3, AWS Lake Formation, Amazon Redshift, Amazon Athena, Amazon Q, Amazon EMR, AWS CodeCommit, Amazon Bedrock, and AWS IAM. The policy enables management of SageMaker Domains and Spaces, AWS Glue components, S3 objects, Lake Formation grants, Redshift workgroups, Athena workgroups and catalogs, EMR clusters, KMS keys, CodeCommit repositories, Secrets Manager secrets, IAM roles, and Amazon Bedrock in SageMaker Unified Studio resources. This access allows Amazon SageMaker Unified Studio to effectively orchestrate and manage the lifecycle of projects and resources across the AWS ecosystem, providing users with a seamless and integrated experience for data science and machine learning tasks. **Manage Access Role** - the AmazonSageMakerManageAccess role is designed to manage access and permissions across various data services. This role enables Amazon SageMaker Unified Studio to publish, grant, and revoke access to data within Amazon SageMaker Lakehouse, AWS Glue Data Catalog, and Amazon Redshift. Additionally, it facilitates the management of subscriptions for data and AI assets in the Amazon SageMaker catalog. To achieve these functionalities, the role incorporates three Amazon DataZone managed policies: AmazonDataZoneGlueManageAccessRolePolicy, AmazonDataZoneRedshiftManageAccessRolePolicy, and AmazonDataZoneSageMakerAccess. These policies collectively provide the necessary permissions for seamless data management and access control, ensuring efficient collaboration and resource utilization across different AWS services. **Project role** - Amazon SageMaker Unified Studio creates IAM roles that enable project users to perform data analytics, AI, and machine learning tasks. There are two IAM policies governing these permissions: SageMakerStudioProjectUserRolePolicy and SageMakerStudioProjectRoleMachineLearningPolicy. This role grants users read and write access to relevant AWS services including Amazon SageMaker, AWS Glue, Amazon S3, AWS Lake Formation, Amazon Redshift, Amazon Athena, Amazon Q, and Amazon EMR. Additionally, it provides necessary permissions for infrastructure resources such as network interfaces, AWS KMS keys, AWS CodeCommit, and AWS Secrets Manager. Administrators maintain granular control over these permissions through role tagging - for example, they can disable Glue Spark workload permissions by applying the tag 'EnableGlueSparkWorkloads=false', or restrict Generative AI Studio access using the tag 'EnableGenAIStudio=false'. **Note** You can't create new projects with AWS CodeCommit. Existing projects that were created using CodeCommit will continue to work. **Amazon Bedrock service role** - in each Generative AI app development project, Amazon SageMaker Unified Studio creates an IAM role that allows the Amazon Bedrock service to access generative AI application resources in the project. This role governs the access and permissions for various Amazon Bedrock components within Amazon SageMaker Unified Studio. It encompasses four main service roles: Amazon Bedrock Agent, Amazon Bedrock Knowledge Base, Amazon Bedrock Flows, and Amazon Bedrock Evaluation. Each role is designed to grant specific permissions to Amazon Bedrock services, allowing them to interact with relevant resources such as Amazon Bedrock models, AWS Lambda functions, Amazon S3 buckets, AWS KMS keys, and OpenSearch Serverless collections. The policies ensure that Amazon Bedrock Agents, Knowledge Bases, Flows, and Evaluations can access necessary resources while maintaining security through project-specific tag restrictions. These roles enable seamless integration of Amazon Bedrock capabilities with Amazon SageMaker Unified Studio, facilitating tasks like model invocation, data access, encryption, and resource management within the confines of each project's scope. This structured approach ensures efficient operation of Amazon Bedrock services while maintaining appropriate access controls and resource isolation. This role is attached with the following AWS managed policies: + [AWS policy: SageMakerStudioBedrockAgentServiceRolePolicy](security-iam-awsmanpol-SageMakerStudioBedrockAgentServiceRolePolicy.md) + [AWS policy: SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy](security-iam-awsmanpol-SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy.md) + [AWS policy: SageMakerStudioBedrockFlowServiceRolePolicy](security-iam-awsmanpol-SageMakerStudioBedrockFlowServiceRolePolicy.md) + [AWS policy: SageMakerStudioBedrockEvaluationJobServiceRolePolicy](security-iam-awsmanpol-SageMakerStudioBedrockEvaluationJobServiceRolePolicy.md) **Amazon Bedrock Lambda execution role** - in each Generative AI app development project, Amazon SageMaker Unified Studio creates an IAM role that allows the AWS Lambda service to access generative AI application resources in the project. This role encompasses two key roles within Amazon SageMaker Unified Studio: the Amazon Bedrock Knowledge Base custom resource service role and the Amazon Bedrock function execution role. The knowledge base custom resource role enables configuration of vector stores and Amazon Bedrock knowledge bases, granting AWS Lambda-backed CloudFormation custom resources access to Amazon Bedrock knowledge bases and OpenSearch Serverless collections. It allows for starting and querying knowledge base ingestion jobs and preparing OpenSearch collections. It permits AWS Lambda to access Amazon Bedrock function component configurations, including Secrets Manager secrets and KMS keys, which are necessary for handling API requests. Additionally, this role provides write permissions to CloudWatch Logs for monitoring and logging purposes. This facilitates the seamless integration and management of Amazon Bedrock components within the Amazon SageMaker Unified Studio while maintaining appropriate access controls. This role is attached with the following AWS managed policies: + [AWSLambdaBasicExecutionRole](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSLambdaBasicExecutionRole.html) + [AWS policy: SageMakerStudioBedrockFunctionExecutionRolePolicy](security-iam-awsmanpol-SageMakerStudioBedrockFunctionExecutionRolePolicy.md) + [AWS policy: SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy](security-iam-awsmanpol-SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy.md) **Amazon Bedrock chat agent user role** - in each Amazon Bedrock chat agent, Amazon SageMaker Unified Studio creates an IAM role that allows the Amazon DataZone service to provide shared users access to an Amazon Bedrock chat agent app's configuration and Amazon Bedrock chat agent. As part of the AmazonBedrockChatAgent blueprint, it defines the main policy for the Amazon Bedrock chat agent user role. It grants users the ability to interact with shared Amazon Bedrock chat agent apps, including invoking Amazon Bedrock chat agents, retrieving configurations from Amazon S3, and utilizing AWS KMS keys for encryption. It provides necessary permissions for users to read and invoke Amazon Bedrock chat agents, access specific S3 objects within the project's bucket, and use KMS keys for encrypted data access. The role is designed to allow access only to individually shared Amazon Bedrock chat agent apps, maintaining security by restricting domain and project users from modifying user role tags. It ensures that users can effectively utilize Amazon Bedrock chat agent applications while adhering to appropriate access controls and data protection measures. This role is attached with the following AWS managed policies: **Amazon Bedrock prompt user role** - in each Amazon Bedrock prompt, Amazon SageMaker Unified Studio creates an IAM role that allows the Amazon DataZone service to provide shared users access to an Amazon Bedrock prompt and its configuration. It defines the access permissions for users of Amazon Bedrock prompts within Amazon SageMaker Unified Studio. As part of the AmazonBedrockPrompt blueprint, it serves as the main policy for the Amazon Bedrock prompt user role. It grants users access to shared Amazon Bedrock prompts, including the ability to read Amazon Bedrock prompts, access their configurations stored in Amazon S3, and use AWS KMS keys for encryption. It provides necessary permissions for users to interact with Amazon Bedrock prompts, retrieve specific objects from the project's S3 bucket, and utilize KMS keys for encrypted data access. It is designed to allow access only to individually shared Amazon Bedrock prompts, maintaining security by restricting domain and project users from modifying user role tags. This ensures that users can effectively work with Amazon Bedrock prompts while adhering to appropriate access controls and data protection measures within Amazon SageMaker Unified Studio. **Query execution role for federated connection** - this role is used when executing a query using Amazon Athena. AWS LakeFormation assumes this role to vend credentials needed by Amazon Athena during query execution. The SageMakerQueryExecutionRole has the AWS policy: SageMakerStudioQueryExecutionRolePolicy attached. **EMR Service role** - this role defines the necessary permissions for Amazon EMR instances running on EC2, ensuring secure and controlled access to EC2 networking, IAM roles, and AWS KMS for encryption. It grants permissions to create network interfaces and launch instances, restricting these actions to VPCs that match the principal’s VPC ID tag. To support secure data handling, it provides AWS KMS encryption and decryption permissions for a specified KMS key, allowing EMR instances to manage encrypted data and EBS volumes. It also enables EMR to manage KMS grants, including listing, revoking, and describing keys, specifically for EC2 services within the same AWS account. Furthermore, the policy permits EMR to list KMS key aliases, ensuring seamless access to encryption keys. This policy ensures that EMR instances operate within a well-defined network, securely handle encrypted data, and adhere to account-specific security constraints. **EMR Instance Profile role** - this role grants permissions necessary for Amazon EMR instances operating within Amazon SageMaker Unified Studio, ensuring secure access to S3, IAM, and KMS resources. It allows EMR instances to retrieve SSL certificates from an S3 bucket, ensuring secure communication, and access patching RPMs stored in a predefined S3 location. Additionally, it permits retrieval of bootstrap action scripts from S3, enabling customized EMR cluster configurations, and allows the uploading of EMR cluster logs to a designated S3 location for monitoring and debugging purposes. The role also enables EMR instances to assume runtime roles with specific session tags, ensuring authorized access to Lake Formation resources. Furthermore, it grants permissions for AWS KMS operations, including encryption, decryption, and key generation, allowing secure handling of sensitive data and EBS volume encryption. By enforcing conditions based on resource ownership, principal tags, and account constraints, this IAM role ensures that EMR clusters operate securely within a well-defined Amazon DataZone framework, maintaining compliance and access control best practices. **Partner Apps IAM role** - this role enables Amazon SageMaker partner app users to access applications, list available applications, launch application web UIs, and connect via the application SDK. Access is restricted to partner apps owned by the same AWS account as the requesting principal (enforced by the aws:ResourceAccount condition). This ensures that the user can only interact with partner apps within their own AWS account, preventing cross-account access. ## Data access and subscription workflows using Amazon SageMaker catalog You get a comprehensive framework for data discovery, subscription, and consumption through the Amazon SageMaker catalog. It enables seamless collaboration between data publishers and subscribers, facilitating controlled access to valuable data assets across an organization. By implementing a structured process for asset discovery, subscription requests, and approval workflows, Amazon SageMaker Unified Studio ensures that data access is granted based on justified needs and adheres to organizational policies. Once an asset is published to a domain, subscribers can discover and request a subscription to this asset. The subscription process begins with a subscriber searching for and browsing the catalog to discover an asset they want. From Amazon SageMaker Unified Studio, they choose to subscribe to the asset by submitting a subscription request that includes justification and the reason for the request. The subscription approver then reviews the access request. They can either approve or reject the request. After a subscription is granted, a fulfillment process starts to facilitate access to the asset for the subscriber. For more information, see [Request subscription to assets in Amazon DataZone](https://docs.aws.amazon.com/datazone/latest/userguide/subscribe-to-data-assets-managed-by-datazone.html). In Amazon SageMaker catalog, subscription requests to assets are managed by subscription approvers. A subscription approver for an asset is determined by the publishing agreement with which this asset was published into the Amazon SageMaker catalog. For some assets, Amazon SageMaker catalog can manage access grants and auto-approve subscription requests. These assets are called managed assets and include Lake Formation-managed AWS Glue Data Catalog tables and Amazon Redshift tables and views. Alternatively, for manual approvals, Amazon SageMaker catalog kicks of a workflow via an EventBridge integration so the subscription approver can review and approve/reject the request. After a subscription is granted, Amazon SageMaker catalog starts a fulfillment process starts to facilitate access to the asset for the subscriber and takes care of managing and orchestrating the permissions setup across regions and accounts. To learn more about how Amazon SageMaker catalog facilitates asset discovery, subscription requests, approval processes, and access controls, see [Amazon DataZone data discovery, subscription, and consumption](https://docs.aws.amazon.com/datazone/latest/userguide/discover-subscribe-consume-data.html). # Troubleshooting Amazon SageMaker Unified Studio identity and access Troubleshooting Use the following information to help you diagnose and fix common issues that you might encounter when working with Amazon SageMaker Unified Studio and IAM. **Topics** + [ ## I am not authorized to perform an action in Amazon SageMaker Unified Studio ](#security_iam_troubleshoot-no-permissions) + [ ## I am not authorized to perform iam:PassRole ](#security_iam_troubleshoot-passrole) + [ ## I want to allow people outside of my AWS account to access my Amazon SageMaker Unified Studio resources ](#security_iam_troubleshoot-cross-account-access) ## I am not authorized to perform an action in Amazon SageMaker Unified Studio If you receive an error that you're not authorized to perform an action, your policies must be updated to allow you to perform the action. The following example error occurs when the `mateojackson` IAM user tries to use the console to view details about a fictional `my-example-widget` resource but doesn't have the fictional `:GetWidget` permissions. ``` User: arn:aws:iam::123456789012:user/mateojackson is not authorized to perform: :GetWidget on resource: my-example-widget ``` In this case, the policy for the `mateojackson` user must be updated to allow access to the `my-example-widget` resource by using the `:GetWidget` action. If you need help, contact your AWS administrator. Your administrator is the person who provided you with your sign-in credentials. ## I am not authorized to perform iam:PassRole If you receive an error that you're not authorized to perform the `iam:PassRole` action, your policies must be updated to allow you to pass a role to Amazon SageMaker Unified Studio. Some AWS services allow you to pass an existing role to that service instead of creating a new service role or service-linked role. To do this, you must have permissions to pass the role to the service. The following example error occurs when an IAM user named `marymajor` tries to use the console to perform an action in Amazon SageMaker Unified Studio. However, the action requires the service to have permissions that are granted by a service role. Mary does not have permissions to pass the role to the service. ``` User: arn:aws:iam::123456789012:user/marymajor is not authorized to perform: iam:PassRole ``` In this case, Mary's policies must be updated to allow her to perform the `iam:PassRole` action. If you need help, contact your AWS administrator. Your administrator is the person who provided you with your sign-in credentials. ## I want to allow people outside of my AWS account to access my Amazon SageMaker Unified Studio resources You can create a role that users in other accounts or people outside of your organization can use to access your resources. You can specify who is trusted to assume the role. For services that support resource-based policies or access control lists (ACLs), you can use those policies to grant people access to your resources. To learn more, consult the following: + To learn whether Amazon SageMaker Unified Studio supports these features, see [How Amazon SageMaker Unified Studio works with IAM](security_iam_service-with-iam.md). + To learn how to provide access to your resources across AWS accounts that you own, see [Providing access to an IAM user in another AWS account that you own](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_aws-accounts.html) in the *IAM User Guide*. + To learn how to provide access to your resources to third-party AWS accounts, see [Providing access to AWS accounts owned by third parties](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html) in the *IAM User Guide*. + To learn how to provide access through identity federation, see [Providing access to externally authenticated users (identity federation)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_federated-users.html) in the *IAM User Guide*. + To learn the difference between using roles and resource-based policies for cross-account access, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the *IAM User Guide*. # Data protection in Amazon SageMaker Unified Studio Data protection The AWS [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) applies to data protection in Amazon SageMaker Unified Studio. As described in this model, AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. You are also responsible for the security configuration and management tasks for the AWS services that you use. For more information about data privacy, see the [Data Privacy FAQ](https://aws.amazon.com/compliance/data-privacy-faq/). For information about data protection in Europe, see the [AWS Shared Responsibility Model and GDPR](https://aws.amazon.com/blogs/security/the-aws-shared-responsibility-model-and-gdpr/) blog post on the *AWS Security Blog*. For data protection purposes, we recommend that you protect AWS account credentials and set up individual users with AWS IAM Identity Center or AWS Identity and Access Management (IAM). That way, each user is given only the permissions necessary to fulfill their job duties. We also recommend that you secure your data in the following ways: + Use multi-factor authentication (MFA) with each account. + Use SSL/TLS to communicate with AWS resources. We require TLS 1.2 and recommend TLS 1.3. + Set up API and user activity logging with AWS CloudTrail. For information about using CloudTrail trails to capture AWS activities, see [Working with CloudTrail trails](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-trails.html) in the *AWS CloudTrail User Guide*. + Use AWS encryption solutions, along with all default security controls within AWS services. + Use advanced managed security services such as Amazon Macie, which assists in discovering and securing sensitive data that is stored in Amazon S3. + If you require FIPS 140-3 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint. For more information about the available FIPS endpoints, see [Federal Information Processing Standard (FIPS) 140-3](https://aws.amazon.com/compliance/fips/). We strongly recommend that you never put confidential or sensitive information, such as your customers' email addresses, into tags or free-form text fields such as a **Name** field. This includes when you work with Amazon SageMaker Unified Studio or other AWS services using the console, API, AWS CLI, or AWS SDKs. Any data that you enter into tags or free-form text fields used for names may be used for billing or diagnostic logs. If you provide a URL to an external server, we strongly recommend that you do not include credentials information in the URL to validate your request to that server. For more information about data protection, inluding data encryption, encryption at rest, encryption in transit, key management, and inter-network traffic privacy for various AWS services that inter-operate with Amazon SageMaker Unified Studio, see the following: + [Data Protection in Amazon SageMaker](https://docs.aws.amazon.com/sagemaker/latest/dg/data-protection.html) + [Data Protection in Amazon Managed Workflows for Apache Airflow](https://docs.aws.amazon.com/mwaa/latest/userguide/data-protection.html) + [Data protection in Amazon Redshift](https://docs.aws.amazon.com/redshift/latest/mgmt/security-data-protection.html) + [Data protection in Amazon EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/data-protection.html) + [Data protection in Amazon DataZone](https://docs.aws.amazon.com/datazone/latest/userguide/data-protection.html) + [Data protection in Amazon Q Business](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/data-protection.html) and [Data protection in Amazon Q Developer](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/data-protection.html) + [Data protection in Athena](https://docs.aws.amazon.com/athena/latest/ug/security-data-protection.html) + [Data protection in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html) + [Data protection in AWS Glue](https://docs.aws.amazon.com/glue/latest/dg/data-protection.html) # KMS Permissions for resources provisioned by Amazon SageMaker Unified Studio You can encrypt the resources provisioned by Amazon SageMaker Unified Studio with your customer managed AWS KMS keys. You can do this by adding to your default KMS key policy the permissions that you can find in the following policy for the Tooling blueprint config. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Id": "key-policy-for-smus", "Statement": [ { "Sid": "AllowKmsPermissionsForCloudWatch", "Effect": "Allow", "Principal": { "Service": "logs.us-east-1.amazonaws.com" }, "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*" ], "Resource": "*", "Condition": { "ArnLike": { "kms:EncryptionContext:aws:logs:arn": [ "arn:aws:logs:us-east-1:111122223333:log-group:datazone-*", "arn:aws:logs:us-east-1:111122223333:log-group:airflow-*", "arn:aws:logs:us-east-1:111122223333:log-group:aws/mwaa-serverless*" ] } } }, { "Sid": "RedshiftCreateGrantKmsPermissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": "kms:CreateGrant", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" }, "StringLike": { "kms:ViaService": [ "redshift-serverless.*.amazonaws.com" ] } } }, { "Sid": "AthenaKmsPermissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": "kms:GenerateDataKey", "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaLast": "athena.amazonaws.com", "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "EmrServerlessKmsPermissions", "Effect": "Allow", "Principal": { "Service": "emr-serverless.amazonaws.com" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:emr-serverless:us-east-1:111122223333:/applications/*" } } }, { "Sid": "EmrServerlessKmsPermissionsForProvisioning", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*" }, { "Sid": "AirflowCreateGrantKmsPermissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": "kms:CreateGrant", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" }, "StringLike": { "kms:ViaService": [ "airflow.*.amazonaws.com", "airflow-serverless.*.amazonaws.com" ] } } }, { "Sid": "AllowKmsKeyUsageForSageMakerDomain", "Effect": "Allow", "Principal": { "Service": [ "datazone.amazonaws.com" ], "AWS": [ "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerDomainExecution" ] }, "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey", "kms:CreateGrant" ], "Resource": "*" }, { "Sid": "AllowSageMakerDomainKmsGrantPermissions", "Effect": "Allow", "Principal": { "Service": [ "datazone.amazonaws.com" ], "AWS": [ "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerDomainExecution" ] }, "Action": [ "kms:ListGrants", "kms:RevokeGrant" ], "Resource": "*" }, { "Sid": "GrantKMSPermissionsForAllProjectRoles", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Condition": { "StringEquals": { "aws:PrincipalTag/AmazonDataZoneDomain": "dzd_0123456789", "kms:EncryptionContext:aws:datazone:domainId": "dzd_0123456789", "kms:ViaService": [ "datazone.us-east-1.amazonaws.com" ] } } } ] } ``` ------ # KMS permissions for exporting asset metadata in Amazon SageMaker Unified Studio **Topics** + [ ## Granting the Amazon SageMaker Catalog export service principal and S3 Tables maintenance service principal permissions to your KMS key ](#export-asset-metadata-kms-permissions-service-principal) + [ ## IAM permissions required for the principal for exporting ](#export-asset-metadata-kms-permissions-service-principal-exporting) ## Granting the Amazon SageMaker Catalog export service principal and S3 Tables maintenance service principal permissions to your KMS key All data in S3 tables are encrypted with SSE-S3 encryption by default. You can choose to encrypt your data with AWS Key Management Service (AWS KMS) keys (SSE-KMS). If you choose to encrypt your data with KMS keys, you must have additional permissions. For Amazon SageMaker Catalog, these permissions are required so that your data can be encrypted when exporting the data into the S3 tables. Note that the KMS key used for export feature can be same or different than the one used for Amazon SageMaker Catalog domain. To read more about how Amazon SageMaker Catalog domain data encryption works at rest, see [Data encryption at rest for Amazon DataZone](https://docs.aws.amazon.com/datazone/latest/userguide/encryption-rest-datazone.html). To allow Amazon SageMaker Catalog access on SSE-KMS encrypted tables, you can use the following example key policy. The policy allows `maintenance.s3tables.amazonaws.com` service principal to use a specific KMS key for encrypting and decrypting tables in a specific table bucket. To use the policy, replace the user input placeholders with your own information: To read more about the S3 maintenance service principal, see [Permissions required for S3 Tables SSE-KMS encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-kms-permissions.html). ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "EnableSystemTablesKeyUsage", "Effect": "Allow", "Principal": { "Service": "systemtables.sagemaker-catalog.amazonaws.com" }, "Action": [ "kms:DescribeKey", "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:region:111122223333:key/key-id", "Condition": { "StringEquals": { "aws:SourceAccount": "111122223333" } } }, { "Sid": "EnableKeyUsage", "Effect": "Allow", "Principal": { "Service": "maintenance.s3tables.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:region:111122223333:key/key-id", "Condition": { "StringLike": { "kms:EncryptionContext:aws:s3:arn": "arn:aws:s3tables:region:111122223333:bucket/*" } } } ] } ``` ## IAM permissions required for the principal for exporting When your Amazon SageMaker Catalog domain is encrypted using AWS Key Management Service (AWS KMS) keys, you need to grant permissions to the principals that will allow them to enable [exporting](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/export-asset-metadata.html) the asset metadata. The policy below grants the IAM principal access to decrypt a specific Amazon SageMaker Catalog domain. To read more about how Amazon SageMaker Catalog domain data encryption works at rest, see [Data encryption at rest for Amazon DataZone](https://docs.aws.amazon.com/datazone/latest/userguide/encryption-rest-datazone.html). ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "Allow access to principal to manage an Amazon SageMaker catalog domain with the given domain id", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/ExampleRole" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:region:111122223333:key/key-id", "Condition": { "StringEquals": { "kms:EncryptionContext:aws:datazone:domainId": "dzd_sampleid" } } } ] } ``` # Amazon Bedrock in SageMaker Unified Studio KMS Permissions + **KMS Key Policy — Amazon DataZone domain key and the Tooling blueprint Key**: manually set the following key policy to the domain key and the Tooling blueprint key. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "Allow administrators to manage key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::444455556666:role/ExampleAdminRole" }, "Action": [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:TagResource", "kms:UntagResource", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion", "kms:RotateKeyOnDemand" ], "Resource": "*" }, { "Sid": "Allow administrators and SageMaker domain execution role to encrypt and decrypt DataZone data", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::444455556666:role/ExampleAdminRole", "arn:aws:iam::444455556666:role/ExampleDomainUser", "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerDomainExecution" ] }, "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "StringLike": { "kms:EncryptionContext:aws:datazone:DOMAIN_ID": "domain_id" } } }, { "Sid": "Allow SageMaker provisioning role to encrypt and decrypt Amazon Bedrock resources", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", "kms:GenerateDataKey" ], "Resource": "*" }, { "Sid": "Allow SageMaker project roles to describe key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": "kms:DescribeKey", "Resource": "*", "Condition": { "Null": { "aws:PrincipalTag/AmazonDataZoneProject": "false" } } }, { "Sid": "Allow SageMaker project roles to encrypt and decrypt data in Tooling blueprint S3 bucket", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "Null": { "aws:PrincipalTag/AmazonDataZoneProject": "false" }, "StringLike": { "kms:ViaService": "s3.*.amazonaws.com" } } }, { "Sid": "Allow SageMaker project roles to encrypt and decrypt Amazon Bedrock secrets", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "Null": { "aws:PrincipalTag/AmazonDataZoneProject": "false" }, "StringLike": { "kms:ViaService": "secretsmanager.*.amazonaws.com" }, "ArnLike": { "kms:EncryptionContext:SecretARN": "arn:aws:secretsmanager:*:*:secret:amazon-bedrock*" } } }, { "Sid": "Allow SageMaker project roles to encrypt and decrypt Amazon Bedrock data", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "Null": { "aws:PrincipalTag/AmazonDataZoneProject": "false" }, "ForAnyValue:StringLike": { "kms:EncryptionContextKeys": [ "aws:bedrock*", "evaluationJobArn" ] } } }, { "Sid": "Allow Amazon Bedrock to encrypt and decrypt Amazon Bedrock data", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "ForAnyValue:StringLike": { "kms:EncryptionContextKeys": [ "aws:bedrock*", "evaluationJobArn" ] } } }, { "Sid": "Allow Amazon Bedrock to create and revoke grants for Amazon Bedrock resources", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ], "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" } } }, { "Sid": "Allow CloudWatch Logs to encrypt and decrypt Amazon Bedrock log groups", "Effect": "Allow", "Principal": { "Service": "logs.amazonaws.com" }, "Action": [ "kms:Decrypt*", "kms:Describe*", "kms:Encrypt*", "kms:GenerateDataKey*", "kms:ReEncrypt*" ], "Resource": "*", "Condition": { "ArnLike": { "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:*:*:log-group:/aws/lambda/amazon-bedrock*" } } } ] } ``` ------ + **AmazonSageMakerDomainExecution role — inline Policy**: manually attach the following to the AmazonSageMakerDomainExecution role or any role that is used for domain execution role in IAM console. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "KmsDescribeKeyPermissions", "Effect": "Allow", "Action": "kms:DescribeKey", "Resource": "arn:aws:kms:us-east-1:111122223333:key/dzd-12345" }, { "Sid": "KmsPermissions", "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/dzd-12345", "Condition": { "StringLike": { "kms:EncryptionContext:aws:datazone:domainId": "dzd*" } } } ] } ``` ------ + **AmazonSageMakerProvisioning- role - inline Policy**: manually attach the following to the AmazonSageMakerProvisioning- role or the role that is used as the provisioning role in the IAM console. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "KmsDescribeKeyPermissions", "Effect": "Allow", "Action": "kms:DescribeKey", "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "Sid": "ToolingBlueprintS3BucketKmsPermissions", "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Condition": { "StringLike": { "kms:ViaService": "s3.*.amazonaws.com" } } }, { "Sid": "LambdaFunctionKmsPermissions", "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:Encrypt" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Condition": { "StringLike": { "kms:ViaService": "lambda.*.amazonaws.com" }, "ArnLike": { "kms:EncryptionContext:aws:lambda:FunctionArn": "arn:aws:lambda:*:*:function:amazon-bedrock*" } } }, { "Sid": "SecretsManagerKmsPermissions", "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Condition": { "StringLike": { "kms:ViaService": "secretsmanager.*.amazonaws.com" }, "ArnLike": { "kms:EncryptionContext:SecretARN": "arn:aws:secretsmanager:*:*:secret:amazon-bedrock*" } } }, { "Sid": "BedrockKmsPermissions", "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Condition": { "StringLike": { "kms:ViaService": "bedrock.*.amazonaws.com" }, "ForAnyValue:StringLike": { "kms:EncryptionContextKeys": "aws:bedrock*:arn" } } } ] } ``` ------ # Authorization in Amazon SageMaker Unified Studio Authorization in Amazon SageMaker Unified Studio Amazon SageMaker Unified Studio’s interface consists of a management console within AWS and an off-console web application. The Amazon SageMaker Unified Studio management console can be used by AWS administrators for top-level-resource APIs, including creating and managing domains, AWS account associations for these domains, and data sources for which you want to delegate access management to Amazon SageMaker Unified Studio. You can use the Amazon SageMaker Unified Studio management console to manage all of the IAM roles and configuration needed to delegate access management control to the Amazon SageMaker Unified Studio service for their explicitly configured AWS accounts. The Amazon SageMaker Unified Studio is a first-party AWS Identity Center application for SSO users. If enabled, the console can also be used by authorized IAM principals to federate into the Amazon SageMaker Unified Studio instead of using an SSO identity. Amazon SageMaker Unified Studio is designed to be used principally by AWS IAM Identity Center-authenticated users or third party Identity Providers who support SAML to manage access to data and perform data publishing, discovery, subscription, and analytics tasks. ## Authorization in the Amazon SageMaker Unified Studio console The Amazon SageMaker Unified Studio console authorization model uses IAM authorization. The console is used by administrators primarily for setup. Amazon SageMaker Unified Studio uses the concept of a domain administrator AWS account, and member AWS accounts, and the console is used from all of these accounts to build the trust relationships while respecting AWS Organization boundaries. ## Authorization in Amazon SageMaker Unified Studio The Amazon SageMaker Unified Studio authorization model is a hierarchical ACL with static role archetypes (profiles) that include administrators and viewers. For example, users can have a profile of administrator or user. At the level of a domain, they may have a domain user owner designation. At the level of a project, a user can be an owner or contributor. These profiles can be configured as one of two types: users and groups. Within this authorization model, Amazon SageMaker Unified Studio allows users to manage user and group permissions. Users manage project membership, request membership to projects, and approve memberships. Users publish data, define data subscription approvers, subscribe to data, and approve subscriptions. Users perform data analytics in specific projects when their Amazon SageMaker Unified Studio client requests IAM session credentials that Amazon SageMaker Unified Studio generates based on the user's effective profile in the specific project context. This session is scoped both to the user's permissions and also the specific project's resources. Users then use the projects tools (i.e. Amazon Athena or Amazon Redshift) to query the relevant data, and all of the underlying IAM work is completely abstracted away. Note that only IAM users and SSO users can access the Amazon SageMaker Unified Studio UI. IAM roles cannot access the Amazon SageMaker Unified Studio UI. But but IAM roles can interact with the Amazon SageMaker Unified Studio through APIs (searching assets, creating and managing projects, etc.) ## Amazon SageMaker Unified Studio profiles and roles Once a user is authenticated, the authenticated context maps to a user profile ID. This user profile can have multiple, different associations (project owner, domain owner etc.) which is used for authorizing users. Each association (for example, project owner, domain administrator, etc.) has permissions for certain activities based on the context. For example, a user that has a domain owner association can create additional domains andcan assign other domain owners to the domain. A project owner can add or remove project members for their project, they can create publishing agreements with a domain, and publish assets to a domain. # Compliance validation for Amazon SageMaker Unified Studio Compliance validation To learn whether an AWS service is within the scope of specific compliance programs, see [AWS services in Scope by Compliance Program](https://aws.amazon.com/compliance/services-in-scope/) and choose the compliance program that you are interested in. For general information, see [AWS Compliance Programs](https://aws.amazon.com/compliance/programs/). You can download third-party audit reports using AWS Artifact. For more information, see [Downloading Reports in AWS Artifact](https://docs.aws.amazon.com/artifact/latest/ug/downloading-documents.html). Your compliance responsibility when using AWS services is determined by the sensitivity of your data, your company's compliance objectives, and applicable laws and regulations. For more information about your compliance responsibility when using AWS services, see [AWS Security Documentation](https://docs.aws.amazon.com/security/). # Security Best Practices for Amazon SageMaker Unified Studio Security Best Practices Amazon SageMaker Unified Studio provides a number of security features to consider as you develop and implement your own security policies. The following best practices are general guidelines and don’t represent a complete security solution. Because these best practices might not be appropriate or sufficient for your environment, treat them as helpful considerations rather than prescriptions. ## Implement least privilege access When granting permissions, you decide who is getting what permissions to which Amazon SageMaker Unified Studio resources. You enable specific actions that you want to allow on those resources. Therefore you should grant only the permissions that are required to perform a task. Implementing least privilege access is fundamental in reducing security risk and the impact that could result from errors or malicious intent. ## Use IAM roles Producer and client applications must have valid credentials to access Amazon SageMaker Unified Studio resources. You should not store AWS credentials directly in a client application or in an Amazon S3 bucket. These are long-term credentials that are not automatically rotated and could have a significant business impact if they are compromised. Instead, you should use an IAM role to manage temporary credentials for your producer and client applications to access Amazon SageMaker Unified Studio resources. When you use a role, you don't have to use long-term credentials (such as a user name and password or access keys) to access other resources. For more information, see the following topics in the *IAM User Guide*: + [IAM Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) + [Common Scenarios for Roles: Users, Applications, and Services](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios.html) ## Implement Server-Side Encryption in Dependent Resources Data at rest and data in transit can be encrypted in Amazon SageMaker Unified Studio. ## Use CloudTrail to Monitor API Calls Amazon SageMaker Unified Studio is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Amazon SageMaker Unified Studio. Using the information collected by CloudTrail, you can determine the request that was made to Amazon SageMaker Unified Studio, the IP address from which the request was made, who made the request, when it was made, and additional details. # Resilience in Amazon SageMaker Unified Studio Resilience The AWS global infrastructure is built around AWS Regions and Availability Zones. AWS Regions provide multiple physically separated and isolated Availability Zones, which are connected with low-latency, high-throughput, and highly redundant networking. With Availability Zones, you can design and operate applications and databases that automatically fail over between zones without interruption. Availability Zones are more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures. For more information about AWS Regions and Availability Zones, see [AWS Global Infrastructure](https://aws.amazon.com/about-aws/global-infrastructure/). In addition to the AWS global infrastructure, Amazon SageMaker Unified Studio offers several features to help support your data resiliency and backup needs. # Infrastructure Security in Amazon SageMaker Unified Studio Infrastructure Security As a managed service, Amazon SageMaker Unified Studio is protected by the AWS global network security procedures that are described in the [Amazon Web Services: Overview of Security Processes](https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf) whitepaper. You use AWS published API calls to access Amazon SageMaker Unified Studio through the network. Clients must support Transport Layer Security (TLS) 1.0 or later. We recommend TLS 1.2 or later. Clients must also support cipher suites with perfect forward secrecy (PFS) such as DHE (Ephemeral Diffie-Hellman) or ECDHE (Elliptic Curve Ephemeral Diffie-Hellman). Most modern systems such as Java 7 and later support these modes. Additionally, requests must be signed by using an access key ID and a secret access key that is associated with an IAM principal. Or you can use the [AWS Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html) (AWS STS) to generate temporary security credentials to sign requests. # Network isolation in Amazon SageMaker Unified Studio Network isolation Amazon SageMaker Unified Studio can be configured to limit from where your data is accessed and exposure of that data over the public internet. You can interact with Amazon SageMaker Unified Studio, and dependent AWS services, directly through [interface endpoints](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html) in your Amazon VPC instead of connecting over the internet. When using Amazon VPC interface endpoints, communication between your Amazon VPC and Amazon SageMaker Unified Studio happens within the AWS network. This topic discusses how customers can isolate their Amazon SageMaker Unified Studio portal experience by restricting Amazon SageMaker Unified Studio network traffic to stay within the AWS network. ## Prerequisites Before implementing these solutions, ensure you have: + Working knowledge of [Amazon SageMaker Unified Studio](https://aws.amazon.com/sagemaker/unified-studio/) + Experience with [Amazon VPC](https://aws.amazon.com/vpc/) and [subnet](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) configuration + Administrator access to [IAM](https://aws.amazon.com/iam/) + Understanding of VPC [interface](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html) and [gateway](https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html) endpoints + Understanding of [Security best practices for your Amazon VPC](https://aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html) + AWS CLI or AWS Console access with appropriate permissions ## Restrict Amazon SageMaker Unified Studio network traffic to within the AWS network Your Amazon SageMaker Unified Studio domain and the data within can be configured to limit all traffic to only use the AWS network - and not pass through the public internet. With [AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html), AWS service endpoints can be provisioned within your Amazon VPC, keeping customer data within the AWS network. This level of network isolation means: + Customers can only use Amazon SageMaker Unified Studio within a configured Amazon VPC. AWS services, accessed through Amazon SageMaker Unified Studio, that support AWS PrivateLink do not send customer data over the public internet. + Customer access to Amazon SageMaker Unified Studio and other AWS services from outside the Amazon VPC is denied. Customers cannot use Amazon SageMaker Unified Studio outside of the Amazon VPC. This includes denying access from the public internet. + Access to the public internet is denied from the Amazon VPC. All network traffic must be served within the Amazon VPC, there is no access to the public internet. Access to public internet for non-customer data for items such as Amazon SageMaker Unified Studio web clients and client operations may be required. **Note** If Amazon VPC endpoints are missing or misconfigured, network calls to Amazon SageMaker Unified Studio and other AWS services will be routed over the public Internet when that network path is available. The Amazon SageMaker Unified Studio portal calls the following AWS services, each of which supports AWS PrivateLink Amazon VPC endpoints. The network traffic between the Amazon SageMaker Unified Studio portal and AWS services stays within the AWS network when the Amazon VPC endpoints are created in the Amazon VPC. Create the Amazon VPC endpoint for each required AWS service API and any optional AWS service APIs from the tables below. To create a Amazon VPC endpoint see, [Access an AWS service using an interface Amazon VPC endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html). For the list of AWS Services with support for AWS PrivateLink see, [AWS services that integrate with AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html). Amazon VPC endpoint considerations: + For high availability it is recommended that Amazon VPC endpoints be deployed to multiple Availability Zones (AZ). The recommended minimum number of Availability Zones is two. + Refer to [AWS PrivateLink pricing](https://aws.amazon.com/privatelink/pricing/) to understand the costs associated with Amazon VPC endpoints across Availability Zones. These Amazon VPC endpoints are required for Amazon SageMaker Unified Studio and supporting services to function correctly. | AWS service name | Amazon VPC endpoint service name (API endpoint) | | --- | --- | | Amazon Athena | com.amazonaws..athena | | Amazon DataZone | com.amazonaws..datazone com.amazonaws..datazone-fips | | Amazon EC2 | com.amazonaws..ec2 com.amazonaws..ec2-fips com.amazonaws..ec2messages | | Amazon Q Developer | com.amazonaws..q com.amazonaws.us-east-1.codewhisperer Available only in us-east-1 region. Domains in different regions will use this endpoint. | | Amazon Simple Storage Service | com.amazonaws..s3 | | Amazon SageMaker AI | com.amazonaws..sagemaker.api com.amazonaws..sagemaker.runtime com.amazonaws..sagemaker.api-fips com.amazonaws..sagemaker.runtime-fips | | AWS Glue | com.amazonaws..glue | | AWS KMS | com.amazonaws..kms com.amazonaws..kms-fips | | AWS Secrets Manager | com.amazonaws..secretsmanager | | AWS Security Token Service | com.amazonaws..sts com.amazonaws..sts-fips | | AWS Systems Manager | com.amazonaws..ssm com.amazonaws..ssmmessages | Create these Amazon VPC endpoints if you plan to deploy Amazon SageMaker Unified Studio projects that include blueprints using the services listed below. | AWS service name | Amazon VPC endpoint service name (API endpoint) | | --- | --- | | Amazon Bedrock | com.amazonaws..bedrock-agent com.amazonaws..bedrock-agent-runtime com.amazonaws..bedrock-runtime | | Amazon CloudWatch | com.amazonaws..logs | | Amazon EMR | com.amazonaws..elasticmapreduce com.amazonaws..emr-serverless com.amazonaws..emr-serverless-services.livy com.amazonaws..elasticmapreduce-fips | | Amazon EMR on Amazon EKS | com.amazonaws..emr-containers | | Amazon RDS | com.amazonaws..rds com.amazonaws..rds-fips | | Amazon Redshift | com.amazonaws..redshift com.amazonaws..redshift-data com.amazonaws..redshift-serverless com.amazonaws..redshift-fips com.amazonaws..redshift-data-fips com.amazonaws..redshift-serverless-fips | | Portal Query Editors | com.amazonaws..sqlworkbench com.amazonaws..sqlworkbench-v2 | | AWS CodeCommit | com.amazonaws..codecommit com.amazonaws..git-codecommit com.amazonaws..codecommit-fips com.amazonaws..git-codecommit-fips | | AWS CodeConnections | com.amazonaws..codeconnections.api com.amazonaws..codestar-connections.api | Create an IAM policy that only allows the Amazon SageMaker Unified Studio Portal web client to call AWS service APIs through VPC endpoints deployed in an allowed VPC(s). The global context condition key [aws:SourceVpc](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcevpc) in the IAM policy can be used to enforce this access for AWS service callers ([Amazon SageMaker domain execution role](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/AmazonSageMakerDomainExecution.html), IAM user or role), and [AWS Organizations service control policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html). This policy denies the Amazon SageMaker Unified Studio portal's access to all AWS service APIs when the API calls do not originate from within an allowed Amazon VPC. The `Deny` policy is applied when all of the three policy `Conditions` evaluate to `true`. You will need to replace the example VPC ID with your VPC ID or VPC ID list. This policy may need to be modified if the domain execution role credentials are used in other contexts, or if this policy is applied to a role other than the domain execution role. ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "DenyUserAccessFromUnauthorizedVPCs", "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "StringNotEquals": { "aws:SourceVpc": [ "vpc-1234567890abcdef0" ] }, "StringLike": { "aws:userid": "*:user-*" }, "BoolIfExists": { "aws:ViaAWSService": "false" } } } ] } ``` The following are details about the policy conditions: ``` "StringNotEquals": { "aws:SourceVpc": [ "vpc-1234567890abcdef0" ] } ``` This condition evaluates to `true` when the API call originates from a network location other than a VPC endpoint deployed in one of the allowed source Amazon VPC IDs. ``` "StringLike": { "aws:userid": "*:user-*" } ``` This condition evaluates to `true` for the domain execution role credentials issued to the Amazon SageMaker Unified Studio portal, so that the `Deny` policy is only applied for portal users. For example, the condition evaluates to `false` and the `Deny` policy is not applied when the Amazon SageMaker Unified Studio catalog service executes tasks that use the domain execution role. ``` "BoolIfExists": { "aws:ViaAWSService": "false" } ``` This condition evaluates to `true` when the API caller is not an AWS service (`aws:ViaAWSService` is `false`), which is the case for the Amazon SageMaker Unified Studio portal. When an AWS service calls another AWS service on behalf of the original caller, `aws:ViaAWSService` is `true` and the condition evaluates to `false` - allowing the AWS service call to another AWS service to succeed. Attach the new custom policy to the SageMaker AI domain execution role. If SageMaker AI created this role for you it will be called [AmazonSageMakerDomainExecution](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/AmazonSageMakerDomainExecution.html). The Amazon SageMaker Unified Studio portal uses the domain execution role for the Amazon SageMaker Unified Studio domain to call all AWS services. When a DENY by source Amazon VPC policy is added to the domain execution role, Amazon SageMaker Unified Studio portal calls to AWS service APIs from outside the allowed Amazon VPC will fail with `Access denied`. This policy can also be applied to an IAM user, IAM role or to an AWS Organizations service control policy. ## Public internet access Public internet access is required to load Amazon SageMaker Unified Studio clients and for client operations that do not handle customer data. Running the Amazon SageMaker Unified Studio portal web client requires public internet access to download client assets (portal web application, plugins, and user interface components) and to call client management APIs. Customer data is not transmitted through these calls. These endpoints are used by the Amazon SageMaker Unified Studio portal. | Action | Endpoint | | --- | --- | | Portal asset delivery | https://.sagemaker..on.aws The Amazon SageMaker Unified Studio portal URL for your domain. https://\$1.cdn.console.awsstatic.com https://\$1.cdn.uis.awsstatic.com https://\$1.shortbread.aws.dev https://public.lotus.awt.aws.a2z.com | | Portal client APIs (Cookie management, customer feedback, UI business and operational metrics, etc.) | https://\$1.console.api.aws https://\$1.console.aws.a2z.com https://\$1.execute-api..amazonaws.com https://\$1.sagemaker.aws https://\$1.sagemaker.aws.dev https://agent.datazone..api.aws https://monitoring..amazonaws.com https://sagemaker-unified-studio..api.aws | When the Amazon SageMaker Unified Studio portal web client logs into a domain using AWS Identity and Access Management Identity Center (IDC) Single Sign-On (IAM Identity Center), public internet access is required. These endpoints are used by the Amazon SageMaker Unified Studio portal. | Action | Endpoint | | --- | --- | | AWS Identity and Access Management Identity Center (IDC), Single Sign-On (IAM Identity Center) | https://assets.sso-portal..amazonaws.com https://d35uxhjf90umnp.cloudfront.net https://oidc..amazonaws.com https://d-12345abcde.awsapps.com IDC IAM Identity Center application URL for the Amazon SageMaker Unified Studio domain https://portal.sso..amazonaws.com https://log.sso-portal..amazonaws.com https://.signin.aws | Running the Amazon SageMaker Unified Studio console web client requires public internet access to download client assets (console web application, plugins, and user interface components) and to call AWS console platform APIs. Customer data is not transmitted through these calls. These endpoints are used by the AWS console. | Action | Endpoint | | --- | --- | | Console asset delivery | https://console.aws.amazon.com https://\$1.console.aws.amazon.com https://\$1.cdn.console.awsstatic.com https://cdn.1.as2.amazonaws.com https://cdn.2.as2.amazonaws.com https://cdn.assets.as2.amazonaws.com https://\$1.cloudfront.net One distribution endpoint needed for each region. | | Sign-in | https://signin.aws.amazon.com https://\$1.signin.aws.amazon.com | | Console Control Service (console management / settings) | https://\$1.ccs.amazonaws.com | | AWS User Notifications - AWS Health category | https://health.aws.amazon.com https://phd.aws.amazon.com https://\$1.ctrl.prod.os.notifications.aws.dev | | AWS User Experience Customization (UXC) | https://uxc.us-east-1.api.aws Endpoint is in us-east-1 only. | | Amazon Q for console | https://conversational-experience-worker.widget.console.aws.amazon.com | | Console unified search | https://unifiedsearch.amazonaws.com/ https://\$1.unifiedsearch.amazonaws.com | | Console platform APIs | https://account.\$1.api.aws https://\$1.console.api.aws https://\$1.console-api.aws.amazon.com https://\$1.console.aws.a2z.com https://freetier.us-east-1.api.aws Endpoint is in us-east-1 only. For regions in the [AWS Regions (partition)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html) | Amazon SageMaker Unified Studio domains that use IAM login for the Portal web client require the Amazon SageMaker Unified Studio Console. See the public internet access requirements for the Amazon SageMaker Unified Studio on AWS console above. # Configuration and vulnerability analysis for Amazon SageMaker Unified Studio Configuration and vulnerability analysis in for Amazon SageMaker Unified Studio AWS handles basic security tasks like guest operating system (OS) and database patching, firewall configuration, and disaster recovery. These procedures have been reviewed and certified by the appropriate third parties. For more information, see the AWS [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/). # Cross-service confused deputy prevention The confused deputy problem is a security issue where an entity that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. In AWS, cross-service impersonation can result in the confused deputy problem. Cross-service impersonation can occur when one service (the *calling service*) calls another service (the *called service*). The calling service can be manipulated to use its permissions to act on another customer's resources in a way it should not otherwise have permission to access. To prevent this, AWS provides tools that help you protect your data for all services with service principals that have been given access to resources in your account. We recommend using the [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn) and [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount) global condition context keys in resource policies to limit the permissions that ServiceNameLongEntity gives another service to the resource. Use `aws:SourceArn` if you want only one resource to be associated with the cross-service access. Use `aws:SourceAccount` if you want to allow any resource in that account to be associated with the cross-service use. The most effective way to protect against the confused deputy problem is to use the `aws:SourceArn` global condition context key with the full ARN of the resource. If you don't know the full ARN of the resource or if you are specifying multiple resources, use the `aws:SourceArn` global context condition key with wildcard characters (`*`) for the unknown portions of the ARN. For example, `arn:aws:servicename:*:123456789012:*`. If the `aws:SourceArn` value does not contain the account ID, such as an Amazon S3 bucket ARN, you must use both global condition context keys to limit permissions.