AWS managed policies for Amazon DataZone
An AWS managed policy is a standalone policy that is created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.
Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.
You cannot change the permissions defined in AWS managed policies. If AWS updates the permissions defined in an AWS managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. AWS is most likely to update an AWS managed policy when a new AWS service is launched or new API operations become available for existing services.
For more information, see AWS managed policies in the IAM User Guide.
Contents
- AWS managed policy: AmazonDataZoneFullAccess
- AWS managed policy: AmazonDataZoneFullUserAccess
- AWS managed policy: AmazonDataZoneCustomEnvironmentDeploymentPolicy
- AWS managed policy: AmazonDataZoneEnvironmentRolePermissionsBoundary
- AWS managed policy: AmazonDataZoneRedshiftGlueProvisioningPolicy
- AWS managed policy: AmazonDataZoneGlueManageAccessRolePolicy
- AWS managed policy: AmazonDataZoneRedshiftManageAccessRolePolicy
- AWS managed policy: AmazonDataZoneCrossAccountAdmin
- AWS managed policy: AmazonDataZoneDomainExecutionRolePolicy
- AWS managed policy: AmazonDataZoneSageMakerProvisioning
- AWS managed policy: AmazonDataZoneSageMakerAccess
- AWS managed policy: AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
- Amazon DataZone updates to AWS managed policies
Amazon DataZone updates to AWS managed policies
View details about updates to AWS managed policies for Amazon DataZone since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Amazon DataZone Document history page.
| Change | Description | Date |
|---|---|---|
|
AmazonDataZoneRedshiftGlueProvisioningPolicy - policy updates |
Policy updates to the
AmazonDataZoneRedshiftGlueProvisioningPolicy
- to Adding |
October 22nd, 2024 |
|
AmazonDataZoneDomainExecutionRolePolicy and AmazonDataZoneFullUserAccess - policy updates |
Policy updates to the AmazonDataZoneDomainExecutionRolePolicy and AmazonDataZoneFullUserAccess- to enable support for the new APIs that are used to create and manage Amazon DataZone domain units and data products. |
July 31st, 2024 |
|
AmazonDataZoneGlueManageAccessRolePolicy - policy update |
Policy update to the AmazonDataZoneGlueManageAccessRolePolicy - Amazon DataZone is adding IAM permissions that are used for fine grained access control functionality in order to scope down the permission granting in Lake Formation. |
July 2nd, 2024 |
|
AmazonDataZoneExecutionRolePolicy and AmazonDataZoneFullUserAccess - policy update |
Policy update to the AmazonDataZoneExecutionRolePolicy and AmazonDataZoneFullUserAccess to enable support for the data lineage and fine grained access control APIs. |
June 27th, 2024 |
|
AmazonDataZoneGlueManageAccessRolePolicy - policy update |
Policy update to the AmazonDataZoneGlueManageAccessRolePolicy that adds IAM permissions required for the self-subscribe functionality in Amazon DataZone in order to scope down the permissions granting in lake formation. With the self-subscribe functionality, the lake formation permissions can only be granted to tagged resourcese. |
June 14th, 2024 |
|
AmazonDataZoneDomainExecutionRolePolicy - policy update |
Policy update to the AmazonDataZoneDomainExecutionRolePolicy that adds new APIs to Amazon DataZone that enable users to configure actions for their Amazon DataZone environments. |
June 14th, 2024 |
|
AmazonDataZoneFullAccess - policy update |
Policy update to the
AmazonDataZoneFullAccess that enables
the Amazon DataZone management console to create secrets on user's
behalf with both domain and project tags. Also including the
|
June 14th, 2024 |
|
AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary - new permissions boundary |
New permissions boundary called AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary . When you create an Amazon SageMaker environment via the Amazon DataZone data portal, Amazon DataZone applies this permissions boundary to the IAM roles that are produced during environment creation. The permissions boundary limits the scope of the roles that Amazon DataZone creates and any roles that you add. |
April 30th, 2024 |
|
AmazonDataZoneSageMakerAccess - new policy |
New policy called AmazonDataZoneSageMakerAccess gives Amazon DataZone permissions to publish Amazon SageMaker assets to the catalog. It also gives Amazon DataZone permissions to grant access or revoke access to the Amazon SageMaker published assets in the catalog. |
April 30th, 2024 |
|
AmazonDataZoneFullAccess - policy update |
An update to the AmazonDataZoneFullAccess
policy that adds access to |
April 30th, 2024 |
|
AmazonDataZoneSageMakerProvisioning - new policy |
New policy called AmazonDataZoneSageMakerProvisioning grants Amazon DataZone the permissions required to interoperate with Amazon SageMaker. |
April 30th, 2024 |
|
AmazonDataZoneS3Manage-<region>-<domainId> - new role |
New role called AmazonDataZoneS3Manage-<region>-<domainId> that is used when Amazon DataZone calls AWS Lake Formation to register an Amazon Simple Storage Service (Amazon S3) location. AWS Lake Formation assumes this role when accessing the data in that location. |
April 1st, 2024 |
|
AmazonDataZoneGlueManageAccessRolePolicy - Policy update |
Updated the AmazonDataZoneGlueManageAccessRolePolicy to enable support for permissions that allow Amazon DataZone to enable publishing and access grants to data. |
April 1st, 2024 |
|
AmazonDataZoneDomainExecutionRolePolicy and AmazonDataZoneFullUserAccess - Policy update |
Updated the
AmazonDataZoneDomainExecutionRolePolicy
and AmazonDataZoneFullUserAccess to enable
support for the |
March 29, 2024 |
|
AmazonDataZoneFullAccess - Policy update |
Updated the |
March 13, 2024 |
|
AmazonDataZoneDomainExecutionRolePolicy - Policy update |
Updated the
AmazonDataZoneDomainExecutionRolePolicy
to enable support for the
|
February 01, 2024 |
|
AmazonDataZoneGlueManageAccessRolePolicy - Policy update |
Updated the AmazonDataZoneGlueManageAccessRolePolicy to enable support for the AWS Lake Formation hybrid mode. |
December 14, 2023 |
|
AmazonDataZoneFullUserAccess and AmazonDataZoneDomainExecutionRolePolicy - Policy updates |
Updated the AmazonDataZoneFullUserAccess and the AmazonDataZoneDomainExecutionRolePolicy policies to support the generative AI-powered data descriptions functionality in Amazon DataZone. |
November 28, 2023 |
|
AmazonDataZoneEnvironmentRolePermissionsBoundary - Policy update |
Amazon DataZone made an update to the
AmazonDataZoneEnvironmentRolePermissionsBoundary
managed policy that consists of an additional
|
November 17, 2023 |
|
AmazonDataZoneRedshiftManageAccessRolePolicy - Policy update |
Amazon DataZone updated the
AmazonDataZoneRedshiftManageAccessRolePolicy
by removing the check on organization ID for the
|
November 16, 2023 |
|
AmazonDataZoneFullUserAccess - Policy update |
Amazon DataZone updated the AmazonDataZoneFullUserAccess policy that grants full access to Amazon DataZone, but it does not allow the management of domains, users, or associated accounts. |
October 02, 2023 |
|
AmazonDataZonePortalFullAccessPolicy - policy deprecated |
Amazon DataZone deprecated the AmazonDataZonePortalFullAccessPolicy. |
September 29, 2023 |
|
AmazonDataZonePreviewConsoleFullAccess - policy deprecated |
Amazon DataZone deprecated the AmazonDataZonePreviewConsoleFullAccess. |
September 29, 2023 |
|
AmazonDataZoneDomainExecutionRolePolicy - New policy |
Amazon DataZone added a new policy called AmazonDataZoneDomainExecutionRolePolicy. This is the default policy for the Amazon DataZone
You can attach the
|
September 25, 2023 |
|
AmazonDataZoneCrossAccountAdmin - New policy |
Amazon DataZone added a new policy called AmazonDataZoneCrossAccountAdmin that enables users to work with Amazon DataZone and its associated accounts. |
September 19, 2023 |
|
AmazonDataZoneFullUserAccess - New policy |
Amazon DataZone added a new policy called AmazonDataZoneFullUserAccess that grants full access to Amazon DataZone, but it does not allow the management of domains, users, or associated accounts. |
September 12, 2023 |
|
AmazonDataZoneRedshiftManageAccessRolePolicy - New policy |
Amazon DataZone added a new policy called AmazonDataZoneRedshiftManageAccessRolePolicy that grants permissions to allow Amazon DataZone to enable publishing and access grants to data. |
September 12, 2023 |
|
AmazonDataZoneGlueManageAccessRolePolicy - New policy |
Amazon DataZone added a new policy called AmazonDataZoneGlueManageAccessRolePolicy that grants Amazon DataZone permissions to publish AWS Glue data to the catalog. It also gives Amazon DataZone permissions to grant access or revoke access to AWS Glue published assets in the catalog. |
September 12, 2023 |
|
AmazonDataZoneRedshiftGlueProvisioningPolicy - New policy |
Amazon DataZone added a new policy called AmazonDataZoneRedshiftGlueProvisioningPolicy that grants Amazon DataZone the permissions required to interoperate with the supported data sources. |
September 12, 2023 |
|
AmazonDataZoneEnvironmentRolePermissionsBoundary - New policy |
Amazon DataZone added a new policy called AmazonDataZoneEnvironmentRolePermissionsBoundary that limits the provisioned IAM principal to which it is attached. |
September 12, 2023 |
|
AmazonDataZoneFullAccess - New policy |
Amazon DataZone added a new policy called AmazonDataZoneFullAccess that provides full access to Amazon DataZone via the AWS Management Console. |
September 12, 2023 |
|
Managed policy update |
Updates to the
AmazonDataZonePreviewConsoleFullAccess
managed policy that consists of an additional
|
June 13, 2023 |
|
Amazon DataZone started tracking changes |
Amazon DataZone started tracking changes for its AWS managed policies. |
March 20, 2023 |
