Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
SageMakerStudioProjectRoleMachineLearningPolicy
Descripción: Amazon SageMaker Studio crea IAM funciones para que los usuarios de los proyectos realicen acciones de análisis de datos, inteligencia artificial y aprendizaje automático, y utiliza esta política al crear estas funciones para definir los permisos relacionados con SageMaker.
SageMakerStudioProjectRoleMachineLearningPolicy es una política administrada de AWS.
Uso de la política
Puede asociar SageMakerStudioProjectRoleMachineLearningPolicy a los usuarios, grupos y roles.
Información de la política
-
Tipo: política AWS gestionada
-
Hora de creación: 20 de noviembre de 2024 a las 21:55 UTC
-
Hora editada: 27 de noviembre de 2024, 06:21 UTC
-
ARN:
arn:aws:iam::aws:policy/SageMakerStudioProjectRoleMachineLearningPolicy
Versión de la política
Versión de la política: v4 (predeterminado)
La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita el acceso a un AWS recurso, AWS comprueba la versión predeterminada de la política para determinar si permite la solicitud.
JSONdocumento de política
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AllowManageSageMakerEniOnVpc",
"Effect" : "Allow",
"Action" : [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterfacePermission",
"ec2:CreateVpcEndpoint"
],
"Resource" : [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:route-table/*",
"arn:aws:ec2:*:*:security-group/*"
],
"Condition" : {
"StringEquals" : {
"aws:CalledViaLast" : [
"sagemaker.amazonaws.com",
"airflow.amazonaws.com"
],
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
},
"ArnLike" : {
"ec2:Vpc" : "arn:aws:ec2:*:*:vpc/${aws:PrincipalTag/VpcId}"
}
}
},
{
"Sid" : "AllowManageSageMakerTrainingEniOnVpc",
"Effect" : "Allow",
"Action" : [
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterfacePermission"
],
"Resource" : [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:route-table/*",
"arn:aws:ec2:*:*:security-group/*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
},
"ArnLike" : {
"ec2:Vpc" : "arn:aws:ec2:*:*:vpc/${aws:PrincipalTag/VpcId}"
}
}
},
{
"Sid" : "AllowManageSageMakerEni",
"Effect" : "Allow",
"Action" : [
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface"
],
"Resource" : [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:instance/*"
],
"Condition" : {
"StringEqualsIfExists" : {
"aws:CalledViaLast" : "sagemaker.amazonaws.com",
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "AllowSageMakerCreateVpcEndpointOnVpcId",
"Effect" : "Allow",
"Action" : [
"ec2:CreateVpcEndpoint"
],
"Resource" : "arn:aws:ec2:*:*:vpc/${aws:PrincipalTag/VpcId}",
"Condition" : {
"StringEquals" : {
"ec2:VpcID" : "${aws:PrincipalTag/VpcId}"
},
"StringEqualsIfExists" : {
"aws:CalledViaLast" : "sagemaker.amazonaws.com",
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "AllowSageMakerCreateVpcEndpoint",
"Effect" : "Allow",
"Action" : [
"ec2:CreateVpcEndpoint"
],
"Resource" : [
"arn:aws:ec2:*:*:vpc-endpoint/*"
],
"Condition" : {
"StringEqualsIfExists" : {
"aws:CalledViaLast" : "sagemaker.amazonaws.com",
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "AllowSageMakerDescribeVPCResources",
"Effect" : "Allow",
"Action" : [
"ec2:DescribeVpcEndpoints",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"glue:ListSessions",
"ec2:DescribeVpcs",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeDhcpOptions"
],
"Resource" : "*"
},
{
"Sid" : "AllowSageMakerLogAccess",
"Effect" : "Allow",
"Action" : [
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Resource" : "arn:aws:logs:*:*:log-group:/aws/sagemaker/*"
},
{
"Sid" : "SageMakerMlflowPermission",
"Effect" : "Allow",
"Action" : [
"sagemaker:UpdateMlflowTrackingServer",
"sagemaker:StartMlflowTrackingServer",
"sagemaker:StopMlflowTrackingServer",
"sagemaker:DescribeMlflowTrackingServer",
"sagemaker:CreatePresignedMlflowTrackingServerUrl",
"sagemaker-mlflow:AccessUI",
"sagemaker-mlflow:CreateExperiment",
"sagemaker-mlflow:SearchExperiments",
"sagemaker-mlflow:GetExperiment",
"sagemaker-mlflow:GetExperimentByName",
"sagemaker-mlflow:DeleteExperiment",
"sagemaker-mlflow:RestoreExperiment",
"sagemaker-mlflow:UpdateExperiment",
"sagemaker-mlflow:CreateRun",
"sagemaker-mlflow:DeleteRun",
"sagemaker-mlflow:RestoreRun",
"sagemaker-mlflow:GetRun",
"sagemaker-mlflow:LogMetric",
"sagemaker-mlflow:LogBatch",
"sagemaker-mlflow:LogModel",
"sagemaker-mlflow:LogInputs",
"sagemaker-mlflow:SetExperimentTag",
"sagemaker-mlflow:SetTag",
"sagemaker-mlflow:DeleteTag",
"sagemaker-mlflow:LogParam",
"sagemaker-mlflow:GetMetricHistory",
"sagemaker-mlflow:SearchRuns",
"sagemaker-mlflow:ListArtifacts",
"sagemaker-mlflow:UpdateRun",
"sagemaker-mlflow:CreateRegisteredModel",
"sagemaker-mlflow:GetRegisteredModel",
"sagemaker-mlflow:RenameRegisteredModel",
"sagemaker-mlflow:UpdateRegisteredModel",
"sagemaker-mlflow:DeleteRegisteredModel",
"sagemaker-mlflow:GetLatestModelVersions",
"sagemaker-mlflow:CreateModelVersion",
"sagemaker-mlflow:GetModelVersion",
"sagemaker-mlflow:UpdateModelVersion",
"sagemaker-mlflow:DeleteModelVersion",
"sagemaker-mlflow:SearchModelVersions",
"sagemaker-mlflow:GetDownloadURIForModelVersionArtifacts",
"sagemaker-mlflow:TransitionModelVersionStage",
"sagemaker-mlflow:SearchRegisteredModels",
"sagemaker-mlflow:SetRegisteredModelTag",
"sagemaker-mlflow:DeleteRegisteredModelTag",
"sagemaker-mlflow:DeleteModelVersionTag",
"sagemaker-mlflow:DeleteRegisteredModelAlias",
"sagemaker-mlflow:SetRegisteredModelAlias",
"sagemaker-mlflow:GetModelVersionByAlias"
],
"Resource" : "arn:aws:sagemaker:*:*:mlflow-tracking-server/*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}"
}
}
},
{
"Sid" : "SageMakerBYOFSPermissions",
"Effect" : "Allow",
"Action" : [
"elasticfilesystem:DescribeMountTargets"
],
"Resource" : "*"
},
{
"Sid" : "SageMakerBYOIPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeImageVersion",
"sagemaker:ListImageVersions"
],
"Resource" : "*"
},
{
"Sid" : "SageMakerStudioAppDescribeImageActionPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeImage"
],
"Resource" : "arn:aws:sagemaker:*:*:image/*"
},
{
"Sid" : "SageMakerPipelinesSTSPermissions",
"Effect" : "Allow",
"Action" : [
"sts:GetCallerIdentity"
],
"Resource" : "*"
},
{
"Sid" : "SageMakerLogPermissions",
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:PutLogEvents"
],
"Resource" : "arn:aws:logs:*:*:log-group:/aws/sagemaker/*"
},
{
"Sid" : "SageMakerCreatePermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:CreateTrainingJob",
"sagemaker:CreateTransformJob",
"sagemaker:CreateProcessingJob",
"sagemaker:CreateAutoMLJob",
"sagemaker:CreateAutoMLJobV2",
"sagemaker:CreateHyperParameterTuningJob",
"sagemaker:CreateEndpointConfig",
"sagemaker:CreateEndpoint",
"sagemaker:CreateModel",
"sagemaker:CreateModelPackage",
"sagemaker:CreateModelPackageGroup",
"sagemaker:CreateInferenceComponent",
"sagemaker:CreatePipeline",
"sagemaker:CreateInferenceRecommendationsJob"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}",
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "SageMakerInferencePermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:StopTrainingJob",
"sagemaker:StopProcessingJob",
"sagemaker:StopAutoMLJob",
"sagemaker:StopHyperParameterTuningJob",
"sagemaker:UpdateTrainingJob",
"sagemaker:BatchGetMetrics",
"sagemaker:BatchPutMetrics",
"sagemaker:DeleteEndpointConfig",
"sagemaker:DeleteEndpoint",
"sagemaker:UpdateEndpoint",
"sagemaker:UpdateEndpointWeightsAndCapacities",
"sagemaker:UpdateInferenceComponentRuntimeConfig",
"sagemaker:BatchDescribeModelPackage",
"sagemaker:UpdateModelPackage",
"sagemaker:DeleteModel",
"sagemaker:DeleteModelPackage",
"sagemaker:DeleteModelPackageGroup",
"sagemaker:DeleteInferenceComponent",
"sagemaker:InvokeEndpoint",
"sagemaker:InvokeEndpointAsync",
"sagemaker:InvokeEndpointWithResponseStream",
"sagemaker:DescribeInferenceComponent",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeModel",
"sagemaker:DescribeOptimizationJob",
"sagemaker:DescribeEndpoint"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}",
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "SageMakerUpdateInferenceComponentRuntimeConfigAutoscalingPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:UpdateInferenceComponentRuntimeConfig"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:CalledViaLast" : "application-autoscaling.amazonaws.com",
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "SageMakerDescribeUpdateDeletePermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeInferenceRecommendationsJob",
"sagemaker:DescribeModelPackage",
"sagemaker:DescribeModelPackageGroup",
"sagemaker:UpdatePipeline",
"sagemaker:DescribePipeline",
"sagemaker:DescribePipelineExecution",
"sagemaker:DescribePipelineDefinitionForExecution",
"sagemaker:DeletePipeline",
"sagemaker:UpdatePipelineExecution",
"sagemaker:StartPipelineExecution",
"sagemaker:StopPipelineExecution",
"sagemaker:DescribeTransformJob",
"sagemaker:StopTransformJob",
"sagemaker:RetryPipelineExecution",
"sagemaker:SendPipelineExecutionStepSuccess",
"sagemaker:SendPipelineExecutionStepFailure",
"sagemaker:DescribeHyperParameterTuningJob",
"sagemaker:DescribeAutoMLJob",
"sagemaker:DescribeProcessingJob",
"sagemaker:DescribeTrainingJob"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}",
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "SageMakerLineageSpecialPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:CreateContext",
"sagemaker:CreateArtifact",
"sagemaker:CreateAction",
"sagemaker:AddAssociation",
"sagemaker:DeleteAssociation",
"sagemaker:DeleteContext",
"sagemaker:DeleteAction",
"sagemaker:DeleteArtifact"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}",
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "SageMakerModelRegistryLineageSpecialPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:QueryLineage",
"sagemaker:DescribeAction",
"sagemaker:DescribeArtifact",
"sagemaker:DescribeTrialComponent",
"sagemaker:DescribeContext"
],
"Resource" : "*"
},
{
"Sid" : "SageMakerListPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:Search",
"sagemaker:GetSearchSuggestions",
"sagemaker:ListTrainingJobs",
"sagemaker:ListTransformJobs",
"sagemaker:ListProcessingJobs",
"sagemaker:ListAutoMLJobs",
"sagemaker:ListCandidatesForAutoMLJob",
"sagemaker:ListHyperParameterTuningJobs",
"sagemaker:ListTrainingJobsForHyperParameterTuningJob",
"sagemaker:ListInferenceComponents",
"sagemaker:ListEndpoints",
"sagemaker:ListEndpointConfigs",
"sagemaker:ListModels",
"sagemaker:ListModelPackages",
"sagemaker:ListModelPackageGroups",
"sagemaker:ListModelMetadata",
"sagemaker:ListMlflowTrackingServers",
"sagemaker:ListArtifacts",
"sagemaker:ListAssociations",
"sagemaker:ListHubContents",
"sagemaker:ListHubs",
"sagemaker:ListPipelineExecutionSteps",
"sagemaker:ListPipelineExecutions",
"sagemaker:ListPipelineParametersForExecution",
"sagemaker:ListPipelines",
"sagemaker:ListContexts"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "SageMakerECRPermissions",
"Effect" : "Allow",
"Action" : [
"ecr:BatchGetImage",
"ecr:DescribeImages",
"ecr:GetDownloadUrlForLayer"
],
"Resource" : "arn:aws:ecr:*:*:repository/*"
},
{
"Sid" : "SageMakerECRGetAuthorizationTokenPermissions",
"Effect" : "Allow",
"Action" : [
"ecr:GetAuthorizationToken"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "AmazonSageMakerModelRegistryResourceGroupGetPermission",
"Effect" : "Allow",
"Action" : [
"resource-groups:GetGroupQuery"
],
"Resource" : "arn:aws:resource-groups:*:*:group/*",
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}",
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "AmazonSageMakerModelRegistryResourceGroupListPermission",
"Effect" : "Allow",
"Action" : [
"resource-groups:ListGroupResources"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "AmazonSageMakerModelRegistryResourceGroupWritePermission",
"Effect" : "Allow",
"Action" : [
"resource-groups:CreateGroup",
"resource-groups:Tag"
],
"Resource" : "arn:aws:resource-groups:*:*:group/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/sagemaker:collection" : "false"
},
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}",
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "AmazonSageMakerModelRegistryResourceGroupDeletePermission",
"Effect" : "Allow",
"Action" : [
"resource-groups:DeleteGroup"
],
"Resource" : "arn:aws:resource-groups:*:*:group/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/sagemaker:collection" : "false"
},
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}",
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "SageMakerMLFlowModelRegistrationPermission",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeModelPackageGroup"
],
"Resource" : "arn:aws:sagemaker:*:*:model-package-group/*",
"Condition" : {
"StringEquals" : {
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "SageMakerStudioCreatePresignedDomainUrlForUserProfile",
"Effect" : "Allow",
"Action" : [
"sagemaker:CreatePresignedDomainUrl"
],
"Resource" : "arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}",
"aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions" : "true"
}
}
},
{
"Sid" : "SageMakerStudioAppListActionsPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:ListApps",
"sagemaker:ListDomains",
"sagemaker:ListUserProfiles",
"sagemaker:ListSpaces"
],
"Resource" : "*"
},
{
"Sid" : "SageMakerStudioAppDescribeDomainActionsPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeDomain"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}"
}
}
},
{
"Sid" : "SageMakerStudioAppDescribeJupyterLabAppActionPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeApp"
],
"Resource" : [
"arn:aws:sagemaker:*:*:app/*/*/jupyterlab/*",
"arn:aws:sagemaker:*:*:app/*/*/JupyterLab/*"
]
},
{
"Sid" : "SageMakerStudioAppDescribeUserProfileActionPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeUserProfile"
],
"Resource" : "arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}"
}
}
},
{
"Sid" : "SMStudioAppDescribeSpaceActionPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeSpace"
],
"Resource" : "*"
},
{
"Sid" : "SageMakerTagPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:AddTags",
"sagemaker:DeleteTags"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}"
},
"ForAllValues:StringNotLike" : {
"aws:TagKeys" : [
"AmazonDataZone*",
"sagemaker:shared-with:*"
]
},
"ForAllValues:StringLike" : {
"aws:TagKeys" : [
"ProjectUserTag*",
"sagemaker*",
"sm-jumpstart*",
"endpoint-has-jumpstart-model"
]
}
}
},
{
"Sid" : "SageMakerStudioAllowCreatingDeletingOwnerUserProfile",
"Effect" : "Allow",
"Action" : [
"sagemaker:CreateUserProfile",
"sagemaker:DeleteUserProfile"
],
"Resource" : "arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}"
}
}
},
{
"Sid" : "SageMakerStudioRestrictPrivateSpaceToOwnerUserProfile",
"Effect" : "Allow",
"Action" : [
"sagemaker:CreateSpace",
"sagemaker:UpdateSpace",
"sagemaker:DeleteSpace"
],
"Resource" : "arn:aws:sagemaker:*:*:space/*",
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}",
"sagemaker:SpaceSharingType" : [
"Private"
]
},
"ArnLike" : {
"sagemaker:OwnerUserProfileArn" : "arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}"
}
}
},
{
"Sid" : "SageMakerStudioRestrictPrivateSpaceAppsToOwnerUserProfile",
"Effect" : "Allow",
"Action" : [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource" : [
"arn:aws:sagemaker:*:*:app/*/*/jupyterlab/*",
"arn:aws:sagemaker:*:*:app/*/*/JupyterLab/*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}",
"sagemaker:SpaceSharingType" : [
"Private"
]
},
"ArnLike" : {
"sagemaker:OwnerUserProfileArn" : "arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}"
}
}
},
{
"Sid" : "PublishSagemakerMetric",
"Effect" : "Allow",
"Action" : [
"cloudwatch:PutMetricData"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"cloudwatch:namespace" : "/aws/sagemaker/*"
}
}
},
{
"Sid" : "ManageSageMakerEndpointsAutoscalingAlarms",
"Effect" : "Allow",
"Action" : [
"cloudwatch:DescribeAlarms"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "MutateSageMakerEndpointsAutoscalingAlarms",
"Effect" : "Allow",
"Action" : [
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms"
],
"Resource" : "arn:aws:cloudwatch:*:*:alarm:TargetTracking*",
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}",
"aws:CalledViaLast" : "application-autoscaling.amazonaws.com"
}
}
},
{
"Sid" : "SSMPermissions",
"Effect" : "Allow",
"Action" : [
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:GetParametersByPath"
],
"Resource" : "arn:aws:ssm:*::parameter/aws/service/sagemaker-distribution/*"
},
{
"Sid" : "SageMakerJumpstartS3Access",
"Effect" : "Allow",
"Action" : [
"s3:GetObject"
],
"Resource" : [
"arn:aws:s3:::jumpstart-cache-prod-*/*"
],
"Condition" : {
"StringNotEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "SageMakerCrossAccountReadPermissions",
"Effect" : "Allow",
"Action" : [
"sagemaker:DescribeModelPackage",
"sagemaker:DescribeModelPackageGroup",
"sagemaker:BatchDescribeModelPackage"
],
"Resource" : "*",
"Condition" : {
"StringNotEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "SageMakerListTagsRestrictionOnSharedResources",
"Effect" : "Allow",
"Action" : [
"sagemaker:ListTags"
],
"Resource" : [
"*"
],
"Condition" : {
"StringEqualsIfExists" : {
"aws:ResourceTag/AmazonDataZoneProject" : "${aws:PrincipalTag/AmazonDataZoneProject}"
}
}
},
{
"Sid" : "SageMakerAutoScalingPermissionsWithserviceNamespace",
"Effect" : "Allow",
"Action" : [
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:RegisterScalableTarget"
],
"Resource" : "arn:aws:application-autoscaling:*:*:scalable-target/*",
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}",
"application-autoscaling:service-namespace" : "sagemaker"
}
}
},
{
"Sid" : "SageMakerAutoScalingPermissions",
"Effect" : "Allow",
"Action" : [
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions"
],
"Resource" : "arn:aws:application-autoscaling:*:*:scalable-target/*",
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "SageMakerSLRForAutoScalingPermissions",
"Effect" : "Allow",
"Action" : "iam:CreateServiceLinkedRole",
"Resource" : "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint",
"Condition" : {
"StringLike" : {
"iam:AWSServiceName" : "sagemaker.application-autoscaling.amazonaws.com"
}
}
}
]
}Más información
