本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # AWS 受管政策:AmazonSageMakerClusterInstanceRolePolicy 此政策授予使用 Amazon SageMaker HyperPod 筆記本通常所需的許可。 **許可詳細資訊** 此 AWS 受管政策包含下列許可。 + `cloudwatch` - 允許主體張貼 Amazon CloudWatch 指標。 + `logs` - 允許主體發佈 CloudWatch 日誌串流。 + `s3` - 允許主體在您的帳戶中從 Amazon S3 儲存貯體列出和擷取生命週期指令碼檔案。這些儲存貯體限制為名稱以 "sagemaker-" 開頭的物件。 + `ssmmessages` - 允許主體開啟 AWS Systems Manager的連線。 ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement" : [ { "Sid" : "CloudwatchLogStreamPublishPermissions", "Effect" : "Allow", "Action" : [ "logs:PutLogEvents", "logs:CreateLogStream", "logs:DescribeLogStreams" ], "Resource" : [ "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*:log-stream:*" ] }, { "Sid" : "CloudwatchLogGroupCreationPermissions", "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup" ], "Resource" : [ "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*" ] }, { "Sid" : "CloudwatchPutMetricDataAccess", "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricData" ], "Resource" : [ "*" ], "Condition" : { "StringEquals" : { "cloudwatch:namespace" : "/aws/sagemaker/Clusters" } } }, { "Sid" : "DataRetrievalFromS3BucketPermissions", "Effect" : "Allow", "Action" : [ "s3:ListBucket", "s3:GetObject" ], "Resource" : [ "arn:aws:s3:::sagemaker-*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "SSMConnectivityPermissions", "Effect" : "Allow", "Action" : [ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Resource" : "*" } ] } ``` ------