Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
SageMakerStudioFullAccess
Descripción: Esta política proporciona acceso total a Amazon SageMaker Unified Studio a través de la consola SageMaker de administración de Amazon.
SageMakerStudioFullAccess es una política administrada de AWS.
Uso de la política
Puede asociar SageMakerStudioFullAccess a los usuarios, grupos y roles.
Información de la política
-
Tipo: política AWS gestionada
-
Hora de creación: 28 de noviembre de 2024, 00:06 UTC
-
Hora editada: 28 de noviembre de 2024, 00:06 UTC
-
ARN:
arn:aws:iam::aws:policy/SageMakerStudioFullAccess
Versión de la política
Versión de la política: v1 (predeterminado)
La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita el acceso a un AWS recurso, AWS comprueba la versión predeterminada de la política para determinar si permite la solicitud.
JSONdocumento de política
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AmazonDataZoneStatement", "Effect" : "Allow", "Action" : [ "datazone:*" ], "Resource" : [ "*" ] }, { "Sid" : "ReadOnlyStatement", "Effect" : "Allow", "Action" : [ "kms:DescribeKey", "kms:ListAliases", "iam:ListRoles", "sso:DescribeRegisteredRegions", "s3:ListAllMyBuckets", "redshift:DescribeClusters", "redshift-serverless:ListWorkgroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "secretsmanager:ListSecrets", "iam:ListUsers", "glue:GetDatabases", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "codewhisperer:ListProfiles", "bedrock:ListInferenceProfiles", "bedrock:ListFoundationModels", "bedrock:ListTagsForResource", "aoss:ListSecurityPolicies" ], "Resource" : [ "*" ] }, { "Sid" : "BucketReadOnlyStatement", "Effect" : "Allow", "Action" : [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource" : "arn:aws:s3:::*" }, { "Sid" : "CreateBucketStatement", "Effect" : "Allow", "Action" : [ "s3:CreateBucket" ], "Resource" : [ "arn:aws:s3:::amazon-datazone*", "arn:aws:s3:::amazon-sagemaker*" ] }, { "Sid" : "ConfigureBucketStatement", "Effect" : "Allow", "Action" : [ "s3:PutBucketCORS", "s3:PutBucketPolicy", "s3:PutBucketVersioning" ], "Resource" : [ "arn:aws:s3:::amazon-sagemaker*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "RamCreateResourceStatement", "Effect" : "Allow", "Action" : [ "ram:CreateResourceShare" ], "Resource" : "*", "Condition" : { "StringEqualsIfExists" : { "ram:RequestedResourceType" : "datazone:Domain" } } }, { "Sid" : "RamResourceStatement", "Effect" : "Allow", "Action" : [ "ram:DeleteResourceShare", "ram:AssociateResourceShare", "ram:DisassociateResourceShare", "ram:RejectResourceShareInvitation" ], "Resource" : "*", "Condition" : { "StringLike" : { "ram:ResourceShareName" : [ "DataZone*" ] } } }, { "Sid" : "RamResourceReadOnlyStatement", "Effect" : "Allow", "Action" : [ "ram:GetResourceShares", "ram:GetResourceShareInvitations", "ram:GetResourceShareAssociations", "ram:ListResourceSharePermissions" ], "Resource" : "*" }, { "Sid" : "IAMPassRoleStatement", "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : [ "arn:aws:iam::*:role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonSageMaker*" ], "Condition" : { "StringEquals" : { "iam:passedToService" : "datazone.amazonaws.com" } } }, { "Sid" : "IAMGetPolicyStatement", "Effect" : "Allow", "Action" : "iam:GetPolicy", "Resource" : [ "arn:aws:iam::*:policy/service-role/AmazonDataZoneRedshiftAccessPolicy*" ] }, { "Sid" : "DataZoneTagOnCreateDomainProjectTags", "Effect" : "Allow", "Action" : [ "secretsmanager:TagResource" ], "Resource" : "arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Condition" : { "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "AmazonDataZoneDomain", "AmazonDataZoneProject" ] }, "StringLike" : { "aws:RequestTag/AmazonDataZoneDomain" : "dzd_*", "aws:ResourceTag/AmazonDataZoneDomain" : "dzd_*" } } }, { "Sid" : "DataZoneTagOnCreate", "Effect" : "Allow", "Action" : [ "secretsmanager:TagResource" ], "Resource" : "arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Condition" : { "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "AmazonDataZoneDomain" ] }, "StringLike" : { "aws:RequestTag/AmazonDataZoneDomain" : "dzd_*", "aws:ResourceTag/AmazonDataZoneDomain" : "dzd_*" } } }, { "Sid" : "CreateSecretStatement", "Effect" : "Allow", "Action" : [ "secretsmanager:CreateSecret" ], "Resource" : "arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Condition" : { "StringLike" : { "aws:RequestTag/AmazonDataZoneDomain" : "dzd_*" } } }, { "Sid" : "ConnectionStatement", "Effect" : "Allow", "Action" : [ "codeconnections:GetConnection" ], "Resource" : [ "arn:aws:codeconnections:*:*:connection/*" ] }, { "Sid" : "TagCodeConnectionsStatement", "Effect" : "Allow", "Action" : [ "codeconnections:TagResource" ], "Resource" : [ "arn:aws:codeconnections:*:*:connection/*" ], "Condition" : { "ForAllValues:StringEquals" : { "aws:TagKeys" : [ "for-use-with-all-datazone-projects" ] }, "StringEquals" : { "aws:RequestTag/for-use-with-all-datazone-projects" : "true" } } }, { "Sid" : "UntagCodeConnectionsStatement", "Effect" : "Allow", "Action" : [ "codeconnections:UntagResource" ], "Resource" : [ "arn:aws:codeconnections:*:*:connection/*" ], "Condition" : { "ForAllValues:StringEquals" : { "aws:TagKeys" : "for-use-with-all-datazone-projects" } } }, { "Sid" : "SSMParameterStatement", "Effect" : "Allow", "Action" : [ "ssm:GetParameter", "ssm:GetParametersByPath", "ssm:PutParameter", "ssm:DeleteParameter" ], "Resource" : [ "arn:aws:ssm:*:*:parameter/amazon/datazone/q*", "arn:aws:ssm:*:*:parameter/amazon/datazone/genAI*", "arn:aws:ssm:*:*:parameter/amazon/datazone/profiles*" ] }, { "Sid" : "UseKMSKeyPermissionsStatement", "Effect" : "Allow", "Action" : [ "kms:Decrypt" ], "Resource" : [ "*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/EnableKeyForAmazonDataZone" : "true" }, "Null" : { "aws:ResourceTag/EnableKeyForAmazonDataZone" : "false" }, "StringLike" : { "kms:ViaService" : "ssm.*.amazonaws.com" } } }, { "Sid" : "SecurityPolicyStatement", "Effect" : "Allow", "Action" : [ "aoss:GetSecurityPolicy", "aoss:CreateSecurityPolicy" ], "Resource" : [ "*" ], "Condition" : { "StringLike" : { "aoss:collection" : "bedrock-ide-*" } } }, { "Sid" : "GetFoundationModelStatement", "Effect" : "Allow", "Action" : [ "bedrock:GetFoundationModel", "bedrock:GetFoundationModelAvailability" ], "Resource" : [ "arn:aws:bedrock:*::foundation-model/*" ] }, { "Sid" : "GetInferenceProfileStatement", "Effect" : "Allow", "Action" : [ "bedrock:GetInferenceProfile" ], "Resource" : [ "arn:aws:bedrock:*:*:inference-profile/*", "arn:aws:bedrock:*:*:application-inference-profile/*" ] }, { "Sid" : "ApplicationInferenceProfileStatement", "Effect" : "Allow", "Action" : [ "bedrock:CreateInferenceProfile" ], "Resource" : [ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Condition" : { "Null" : { "aws:RequestTag/AmazonDataZoneProject" : "true", "aws:RequestTag/AmazonDataZoneDomain" : "false" } } }, { "Sid" : "TagApplicationInferenceProfileStatement", "Effect" : "Allow", "Action" : [ "bedrock:TagResource" ], "Resource" : [ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Condition" : { "Null" : { "aws:ResourceTag/AmazonDataZoneProject" : "true", "aws:RequestTag/AmazonDataZoneProject" : "true", "aws:ResourceTag/AmazonDataZoneDomain" : "false", "aws:RequestTag/AmazonDataZoneDomain" : "false" } } }, { "Sid" : "DeleteApplicationInferenceProfileStatement", "Effect" : "Allow", "Action" : [ "bedrock:DeleteInferenceProfile" ], "Resource" : [ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Condition" : { "Null" : { "aws:ResourceTag/AmazonDataZoneProject" : "true", "aws:ResourceTag/AmazonDataZoneDomain" : "false" } } } ] }
Más información
