Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
AmazonSageMakerCanvasFullAccess
Descripción: Proporciona acceso completo a los recursos y operaciones de Amazon SageMaker Canvas. La política también proporciona acceso selecto a servicios relacionados (por ejemplo, S3, IAM, VPC, ECR, CloudWatch Logs, Redshift, Secrets Manager y Forecast). Esta política debe adjuntarse a la función de ejecución del SageMaker dominio o perfil de usuario de Amazon.
AmazonSageMakerCanvasFullAccesses una política AWS gestionada.
Uso de la política
Puede asociar AmazonSageMakerCanvasFullAccess a los usuarios, grupos y roles.
Información de la política
-
Tipo: política AWS gestionada
-
Hora de creación: 9 de septiembre de 2022 a las 00:44 UTC
-
Hora editada: 9 de julio de 2024 a las 23:10 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonSageMakerCanvasFullAccess
Versión de la política
Versión de la política: v10 (predeterminada)
La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita el acceso a un AWS recurso, AWS comprueba la versión predeterminada de la política para determinar si permite la solicitud.
Documento de política JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "SageMakerUserDetailsAndPackageOperations", "Effect" : "Allow", "Action" : [ "sagemaker:DescribeDomain", "sagemaker:DescribeUserProfile", "sagemaker:ListTags", "sagemaker:ListModelPackages", "sagemaker:ListModelPackageGroups", "sagemaker:ListEndpoints" ], "Resource" : "*" }, { "Sid" : "SageMakerPackageGroupOperations", "Effect" : "Allow", "Action" : [ "sagemaker:CreateModelPackageGroup", "sagemaker:CreateModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeModelPackage" ], "Resource" : [ "arn:aws:sagemaker:*:*:model-package/*", "arn:aws:sagemaker:*:*:model-package-group/*" ] }, { "Sid" : "SageMakerTrainingOperations", "Effect" : "Allow", "Action" : [ "sagemaker:CreateCompilationJob", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateModel", "sagemaker:CreateProcessingJob", "sagemaker:CreateAutoMLJob", "sagemaker:CreateAutoMLJobV2", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:DeleteEndpoint", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeAutoMLJobV2", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:StopAutoMLJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:AddTags", "sagemaker:DeleteApp" ], "Resource" : [ "arn:aws:sagemaker:*:*:*Canvas*", "arn:aws:sagemaker:*:*:*canvas*", "arn:aws:sagemaker:*:*:*model-compilation-*" ] }, { "Sid" : "SageMakerHostingOperations", "Effect" : "Allow", "Action" : [ "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteModel", "sagemaker:InvokeEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:InvokeEndpointAsync" ], "Resource" : [ "arn:aws:sagemaker:*:*:*Canvas*", "arn:aws:sagemaker:*:*:*canvas*" ] }, { "Sid" : "EC2VPCOperation", "Effect" : "Allow", "Action" : [ "ec2:CreateVpcEndpoint", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices" ], "Resource" : "*" }, { "Sid" : "ECROperations", "Effect" : "Allow", "Action" : [ "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", "ecr:GetAuthorizationToken" ], "Resource" : "*" }, { "Sid" : "IAMGetOperations", "Effect" : "Allow", "Action" : [ "iam:GetRole" ], "Resource" : "arn:aws:iam::*:role/*" }, { "Sid" : "IAMPassOperation", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : "arn:aws:iam::*:role/*", "Condition" : { "StringEquals" : { "iam:PassedToService" : "sagemaker.amazonaws.com" } } }, { "Sid" : "LoggingOperation", "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource" : "arn:aws:logs:*:*:log-group:/aws/sagemaker/*" }, { "Sid" : "S3Operations", "Effect" : "Allow", "Action" : [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:CreateBucket", "s3:GetBucketCors", "s3:GetBucketLocation" ], "Resource" : [ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Sid" : "ReadSageMakerJumpstartArtifacts", "Effect" : "Allow", "Action" : "s3:GetObject", "Resource" : [ "arn:aws:s3:::jumpstart-cache-prod-us-west-2/*", "arn:aws:s3:::jumpstart-cache-prod-us-east-1/*", "arn:aws:s3:::jumpstart-cache-prod-us-east-2/*", "arn:aws:s3:::jumpstart-cache-prod-eu-west-1/*", "arn:aws:s3:::jumpstart-cache-prod-eu-central-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-south-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-2/*", "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-2/*" ] }, { "Sid" : "S3ListOperations", "Effect" : "Allow", "Action" : [ "s3:ListBucket", "s3:ListAllMyBuckets" ], "Resource" : "*" }, { "Sid" : "GlueOperations", "Effect" : "Allow", "Action" : "glue:SearchTables", "Resource" : [ "arn:aws:glue:*:*:table/*/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:catalog" ] }, { "Sid" : "SecretsManagerARNBasedOperation", "Effect" : "Allow", "Action" : [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:CreateSecret", "secretsmanager:PutResourcePolicy" ], "Resource" : [ "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" ] }, { "Sid" : "SecretManagerTagBasedOperation", "Effect" : "Allow", "Action" : [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Resource" : "*", "Condition" : { "StringEquals" : { "secretsmanager:ResourceTag/SageMaker" : "true" } } }, { "Sid" : "RedshiftOperations", "Effect" : "Allow", "Action" : [ "redshift-data:ExecuteStatement", "redshift-data:DescribeStatement", "redshift-data:CancelStatement", "redshift-data:GetStatementResult", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-data:DescribeTable" ], "Resource" : "*" }, { "Sid" : "RedshiftGetCredentialsOperation", "Effect" : "Allow", "Action" : [ "redshift:GetClusterCredentials" ], "Resource" : [ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", "arn:aws:redshift:*:*:dbname:*" ] }, { "Sid" : "ForecastOperations", "Effect" : "Allow", "Action" : [ "forecast:CreateExplainabilityExport", "forecast:CreateExplainability", "forecast:CreateForecastEndpoint", "forecast:CreateAutoPredictor", "forecast:CreateDatasetImportJob", "forecast:CreateDatasetGroup", "forecast:CreateDataset", "forecast:CreateForecast", "forecast:CreateForecastExportJob", "forecast:CreatePredictorBacktestExportJob", "forecast:CreatePredictor", "forecast:DescribeExplainabilityExport", "forecast:DescribeExplainability", "forecast:DescribeAutoPredictor", "forecast:DescribeForecastEndpoint", "forecast:DescribeDatasetImportJob", "forecast:DescribeDataset", "forecast:DescribeForecast", "forecast:DescribeForecastExportJob", "forecast:DescribePredictorBacktestExportJob", "forecast:GetAccuracyMetrics", "forecast:InvokeForecastEndpoint", "forecast:GetRecentForecastContext", "forecast:DescribePredictor", "forecast:TagResource", "forecast:DeleteResourceTree" ], "Resource" : [ "arn:aws:forecast:*:*:*Canvas*" ] }, { "Sid" : "RDSOperation", "Effect" : "Allow", "Action" : "rds:DescribeDBInstances", "Resource" : "*" }, { "Sid" : "IAMPassOperationForForecast", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : "arn:aws:iam::*:role/*", "Condition" : { "StringEquals" : { "iam:PassedToService" : "forecast.amazonaws.com" } } }, { "Sid" : "AutoscalingOperations", "Effect" : "Allow", "Action" : [ "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget" ], "Resource" : "arn:aws:application-autoscaling:*:*:scalable-target/*", "Condition" : { "StringEquals" : { "application-autoscaling:service-namespace" : "sagemaker", "application-autoscaling:scalable-dimension" : "sagemaker:variant:DesiredInstanceCount" } } }, { "Sid" : "AsyncEndpointOperations", "Effect" : "Allow", "Action" : [ "cloudwatch:DescribeAlarms", "sagemaker:DescribeEndpointConfig" ], "Resource" : "*" }, { "Sid" : "DescribeScalingOperations", "Effect" : "Allow", "Action" : [ "application-autoscaling:DescribeScalingActivities" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "SageMakerCloudWatchUpdate", "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Resource" : [ "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" ], "Condition" : { "StringEquals" : { "aws:CalledViaLast" : "application-autoscaling.amazonaws.com" } } }, { "Sid" : "AutoscalingSageMakerEndpointOperation", "Action" : "iam:CreateServiceLinkedRole", "Effect" : "Allow", "Resource" : "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", "Condition" : { "StringLike" : { "iam:AWSServiceName" : "sagemaker.application-autoscaling.amazonaws.com" } } }, { "Sid" : "AthenaOperation", "Action" : [ "athena:ListTableMetadata", "athena:ListDataCatalogs", "athena:ListDatabases" ], "Effect" : "Allow", "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "GlueOperation", "Action" : [ "glue:GetDatabases", "glue:GetPartitions", "glue:GetTables" ], "Effect" : "Allow", "Resource" : [ "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "QuicksightOperation", "Action" : [ "quicksight:ListNamespaces" ], "Effect" : "Allow", "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "AllowUseOfKeyInAccount", "Effect" : "Allow", "Action" : [ "kms:DescribeKey" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceTag/Source" : "SageMakerCanvas", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessCreateApplicationOperation", "Effect" : "Allow", "Action" : "emr-serverless:CreateApplication", "Resource" : "arn:aws:emr-serverless:*:*:/*", "Condition" : { "StringEquals" : { "aws:RequestTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessListApplicationOperation", "Effect" : "Allow", "Action" : "emr-serverless:ListApplications", "Resource" : "arn:aws:emr-serverless:*:*:/*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessApplicationOperations", "Effect" : "Allow", "Action" : [ "emr-serverless:UpdateApplication", "emr-serverless:StopApplication", "emr-serverless:GetApplication", "emr-serverless:StartApplication" ], "Resource" : "arn:aws:emr-serverless:*:*:/applications/*", "Condition" : { "StringEquals" : { "aws:ResourceTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessStartJobRunOperation", "Effect" : "Allow", "Action" : "emr-serverless:StartJobRun", "Resource" : "arn:aws:emr-serverless:*:*:/applications/*", "Condition" : { "StringEquals" : { "aws:RequestTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessListJobRunOperation", "Effect" : "Allow", "Action" : "emr-serverless:ListJobRuns", "Resource" : "arn:aws:emr-serverless:*:*:/applications/*", "Condition" : { "StringEquals" : { "aws:ResourceTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessJobRunOperations", "Effect" : "Allow", "Action" : [ "emr-serverless:GetJobRun", "emr-serverless:CancelJobRun" ], "Resource" : "arn:aws:emr-serverless:*:*:/applications/*/jobruns/*", "Condition" : { "StringEquals" : { "aws:ResourceTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessTagResourceOperation", "Effect" : "Allow", "Action" : "emr-serverless:TagResource", "Resource" : "arn:aws:emr-serverless:*:*:/*", "Condition" : { "StringEquals" : { "aws:RequestTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "IAMPassOperationForEMRServerless", "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : "arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*", "Condition" : { "StringEquals" : { "iam:PassedToService" : "emr-serverless.amazonaws.com", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } } ] }
Más información
