Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
SageMakerStudioFullAccess
Descripción: Esta política proporciona acceso total a Amazon SageMaker Unified Studio a través de la consola SageMaker de administración de Amazon.
SageMakerStudioFullAccess es una política administrada de AWS.
Uso de la política
Puede asociar SageMakerStudioFullAccess a los usuarios, grupos y roles.
Información de la política
-
Tipo: política AWS gestionada
-
Hora de creación: 28 de noviembre de 2024 a las 00:06 UTC
-
Hora editada: 21 de enero de 2025 a las 22:52 UTC
-
ARN:
arn:aws:iam::aws:policy/SageMakerStudioFullAccess
Versión de la política
Versión de la política: v2 (predeterminado)
La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita el acceso a un AWS recurso, AWS comprueba la versión predeterminada de la política para determinar si permite la solicitud.
Documento de política JSON
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AmazonDataZoneStatement",
"Effect" : "Allow",
"Action" : [
"datazone:*"
],
"Resource" : [
"*"
]
},
{
"Sid" : "ReadOnlyStatement",
"Effect" : "Allow",
"Action" : [
"kms:DescribeKey",
"kms:ListAliases",
"iam:ListRoles",
"sso:DescribeRegisteredRegions",
"s3:ListAllMyBuckets",
"redshift:DescribeClusters",
"redshift-serverless:ListWorkgroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"secretsmanager:ListSecrets",
"iam:ListUsers",
"glue:GetDatabases",
"codeconnections:ListConnections",
"codeconnections:ListTagsForResource",
"codewhisperer:ListProfiles",
"bedrock:ListInferenceProfiles",
"bedrock:ListFoundationModels",
"bedrock:ListTagsForResource",
"aoss:ListSecurityPolicies"
],
"Resource" : [
"*"
]
},
{
"Sid" : "BucketReadOnlyStatement",
"Effect" : "Allow",
"Action" : [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource" : "arn:aws:s3:::*"
},
{
"Sid" : "CreateBucketStatement",
"Effect" : "Allow",
"Action" : [
"s3:CreateBucket"
],
"Resource" : [
"arn:aws:s3:::amazon-datazone*",
"arn:aws:s3:::amazon-sagemaker*"
]
},
{
"Sid" : "ConfigureBucketStatement",
"Effect" : "Allow",
"Action" : [
"s3:PutBucketCORS",
"s3:PutBucketPolicy",
"s3:PutBucketVersioning"
],
"Resource" : [
"arn:aws:s3:::amazon-sagemaker*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "RamCreateResourceStatement",
"Effect" : "Allow",
"Action" : [
"ram:CreateResourceShare"
],
"Resource" : "*",
"Condition" : {
"StringEqualsIfExists" : {
"ram:RequestedResourceType" : "datazone:Domain"
}
}
},
{
"Sid" : "RamResourceStatement",
"Effect" : "Allow",
"Action" : [
"ram:DeleteResourceShare",
"ram:AssociateResourceShare",
"ram:DisassociateResourceShare",
"ram:RejectResourceShareInvitation"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"ram:ResourceShareName" : [
"DataZone*"
]
}
}
},
{
"Sid" : "RamResourceReadOnlyStatement",
"Effect" : "Allow",
"Action" : [
"ram:GetResourceShares",
"ram:GetResourceShareInvitations",
"ram:GetResourceShareAssociations",
"ram:ListResourceSharePermissions"
],
"Resource" : "*"
},
{
"Sid" : "IAMPassRoleStatement",
"Effect" : "Allow",
"Action" : "iam:PassRole",
"Resource" : [
"arn:aws:iam::*:role/AmazonDataZone*",
"arn:aws:iam::*:role/service-role/AmazonDataZone*",
"arn:aws:iam::*:role/service-role/AmazonSageMaker*"
],
"Condition" : {
"StringEquals" : {
"iam:passedToService" : "datazone.amazonaws.com"
}
}
},
{
"Sid" : "IAMGetPolicyStatement",
"Effect" : "Allow",
"Action" : "iam:GetPolicy",
"Resource" : [
"arn:aws:iam::*:policy/service-role/AmazonDataZoneRedshiftAccessPolicy*"
]
},
{
"Sid" : "DataZoneTagOnCreateDomainProjectTags",
"Effect" : "Allow",
"Action" : [
"secretsmanager:TagResource"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*",
"Condition" : {
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"AmazonDataZoneDomain",
"AmazonDataZoneProject"
]
},
"StringLike" : {
"aws:RequestTag/AmazonDataZoneDomain" : "dzd_*",
"aws:ResourceTag/AmazonDataZoneDomain" : "dzd_*"
}
}
},
{
"Sid" : "DataZoneTagOnCreate",
"Effect" : "Allow",
"Action" : [
"secretsmanager:TagResource"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*",
"Condition" : {
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"AmazonDataZoneDomain"
]
},
"StringLike" : {
"aws:RequestTag/AmazonDataZoneDomain" : "dzd_*",
"aws:ResourceTag/AmazonDataZoneDomain" : "dzd_*"
}
}
},
{
"Sid" : "CreateSecretStatement",
"Effect" : "Allow",
"Action" : [
"secretsmanager:CreateSecret"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*",
"Condition" : {
"StringLike" : {
"aws:RequestTag/AmazonDataZoneDomain" : "dzd_*"
}
}
},
{
"Sid" : "ConnectionStatement",
"Effect" : "Allow",
"Action" : [
"codeconnections:GetConnection"
],
"Resource" : [
"arn:aws:codeconnections:*:*:connection/*"
]
},
{
"Sid" : "TagCodeConnectionsStatement",
"Effect" : "Allow",
"Action" : [
"codeconnections:TagResource"
],
"Resource" : [
"arn:aws:codeconnections:*:*:connection/*",
"arn:aws:codeconnections:*:*:host/*"
],
"Condition" : {
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"for-use-with-all-datazone-projects"
]
},
"StringEquals" : {
"aws:RequestTag/for-use-with-all-datazone-projects" : "true"
}
}
},
{
"Sid" : "UntagCodeConnectionsStatement",
"Effect" : "Allow",
"Action" : [
"codeconnections:UntagResource"
],
"Resource" : [
"arn:aws:codeconnections:*:*:connection/*",
"arn:aws:codeconnections:*:*:host/*"
],
"Condition" : {
"ForAllValues:StringEquals" : {
"aws:TagKeys" : "for-use-with-all-datazone-projects"
}
}
},
{
"Sid" : "SSMParameterStatement",
"Effect" : "Allow",
"Action" : [
"ssm:GetParameter",
"ssm:GetParametersByPath",
"ssm:PutParameter",
"ssm:DeleteParameter"
],
"Resource" : [
"arn:aws:ssm:*:*:parameter/amazon/datazone/q*",
"arn:aws:ssm:*:*:parameter/amazon/datazone/genAI*",
"arn:aws:ssm:*:*:parameter/amazon/datazone/profiles*"
]
},
{
"Sid" : "UseKMSKeyPermissionsStatement",
"Effect" : "Allow",
"Action" : [
"kms:Decrypt"
],
"Resource" : [
"*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/EnableKeyForAmazonDataZone" : "true"
},
"Null" : {
"aws:ResourceTag/EnableKeyForAmazonDataZone" : "false"
},
"StringLike" : {
"kms:ViaService" : "ssm.*.amazonaws.com"
}
}
},
{
"Sid" : "SecurityPolicyStatement",
"Effect" : "Allow",
"Action" : [
"aoss:GetSecurityPolicy",
"aoss:CreateSecurityPolicy"
],
"Resource" : [
"*"
],
"Condition" : {
"StringLike" : {
"aoss:collection" : "bedrock-ide-*"
}
}
},
{
"Sid" : "GetFoundationModelStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:GetFoundationModel",
"bedrock:GetFoundationModelAvailability"
],
"Resource" : [
"arn:aws:bedrock:*::foundation-model/*"
]
},
{
"Sid" : "GetInferenceProfileStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:GetInferenceProfile"
],
"Resource" : [
"arn:aws:bedrock:*:*:inference-profile/*",
"arn:aws:bedrock:*:*:application-inference-profile/*"
]
},
{
"Sid" : "ApplicationInferenceProfileStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:CreateInferenceProfile"
],
"Resource" : [
"arn:aws:bedrock:*:*:application-inference-profile/*"
],
"Condition" : {
"Null" : {
"aws:RequestTag/AmazonDataZoneProject" : "true",
"aws:RequestTag/AmazonDataZoneDomain" : "false"
}
}
},
{
"Sid" : "TagApplicationInferenceProfileStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:TagResource"
],
"Resource" : [
"arn:aws:bedrock:*:*:application-inference-profile/*"
],
"Condition" : {
"Null" : {
"aws:ResourceTag/AmazonDataZoneProject" : "true",
"aws:RequestTag/AmazonDataZoneProject" : "true",
"aws:ResourceTag/AmazonDataZoneDomain" : "false",
"aws:RequestTag/AmazonDataZoneDomain" : "false"
}
}
},
{
"Sid" : "DeleteApplicationInferenceProfileStatement",
"Effect" : "Allow",
"Action" : [
"bedrock:DeleteInferenceProfile"
],
"Resource" : [
"arn:aws:bedrock:*:*:application-inference-profile/*"
],
"Condition" : {
"Null" : {
"aws:ResourceTag/AmazonDataZoneProject" : "true",
"aws:ResourceTag/AmazonDataZoneDomain" : "false"
}
}
}
]
}Más información
