Pilih preferensi cookie Anda

Kami menggunakan cookie penting serta alat serupa yang diperlukan untuk menyediakan situs dan layanan. Kami menggunakan cookie performa untuk mengumpulkan statistik anonim sehingga kami dapat memahami cara pelanggan menggunakan situs dan melakukan perbaikan. Cookie penting tidak dapat dinonaktifkan, tetapi Anda dapat mengklik “Kustom” atau “Tolak” untuk menolak cookie performa.

Jika Anda setuju, AWS dan pihak ketiga yang disetujui juga akan menggunakan cookie untuk menyediakan fitur situs yang berguna, mengingat preferensi Anda, dan menampilkan konten yang relevan, termasuk iklan yang relevan. Untuk menerima atau menolak semua cookie yang tidak penting, klik “Terima” atau “Tolak”. Untuk membuat pilihan yang lebih detail, klik “Kustomisasi”.

AmazonSageMakerCanvasFullAccess - AWS Kebijakan Terkelola

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

AmazonSageMakerCanvasFullAccess

Deskripsi: Menyediakan akses penuh ke sumber daya dan operasi Amazon SageMaker Canvas. Kebijakan ini juga menyediakan akses tertentu ke layanan terkait (misalnya, S3,,,, CloudWatch Logs IAMVPC, ECR Redshift, Secrets Manager, dan Forecast). Kebijakan ini harus dilampirkan ke peran eksekusi SageMaker Domain/Profil Pengguna Amazon.

AmazonSageMakerCanvasFullAccessadalah kebijakan yang AWS dikelola.

Menggunakan kebijakan ini

Anda dapat melampirkan AmazonSageMakerCanvasFullAccess ke pengguna, grup, dan peran Anda.

Rincian kebijakan

  • Jenis: kebijakan AWS terkelola

  • Waktu pembuatan: 09 September 2022, 00:44 UTC

  • Waktu telah diedit: 16 Agustus 2024, 04:35 UTC

  • ARN: arn:aws:iam::aws:policy/AmazonSageMakerCanvasFullAccess

Versi kebijakan

Versi kebijakan: v11 (default)

Versi default kebijakan adalah versi yang menentukan izin untuk kebijakan tersebut. Saat pengguna atau peran dengan kebijakan membuat permintaan untuk mengakses AWS sumber daya, AWS periksa versi default kebijakan untuk menentukan apakah akan mengizinkan permintaan tersebut.

JSONdokumen kebijakan

{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "SageMakerUserDetailsAndPackageOperations", "Effect" : "Allow", "Action" : [ "sagemaker:DescribeDomain", "sagemaker:DescribeUserProfile", "sagemaker:ListTags", "sagemaker:ListModelPackages", "sagemaker:ListModelPackageGroups", "sagemaker:ListEndpoints" ], "Resource" : "*" }, { "Sid" : "SageMakerPackageGroupOperations", "Effect" : "Allow", "Action" : [ "sagemaker:CreateModelPackageGroup", "sagemaker:CreateModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeModelPackage" ], "Resource" : [ "arn:aws:sagemaker:*:*:model-package/*", "arn:aws:sagemaker:*:*:model-package-group/*" ] }, { "Sid" : "SageMakerTrainingOperations", "Effect" : "Allow", "Action" : [ "sagemaker:CreateCompilationJob", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateModel", "sagemaker:CreateProcessingJob", "sagemaker:CreateAutoMLJob", "sagemaker:CreateAutoMLJobV2", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:DeleteEndpoint", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeAutoMLJobV2", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:StopAutoMLJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:AddTags", "sagemaker:DeleteApp" ], "Resource" : [ "arn:aws:sagemaker:*:*:*Canvas*", "arn:aws:sagemaker:*:*:*canvas*", "arn:aws:sagemaker:*:*:*model-compilation-*" ] }, { "Sid" : "SageMakerHostingOperations", "Effect" : "Allow", "Action" : [ "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteModel", "sagemaker:InvokeEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:InvokeEndpointAsync" ], "Resource" : [ "arn:aws:sagemaker:*:*:*Canvas*", "arn:aws:sagemaker:*:*:*canvas*" ] }, { "Sid" : "EC2VPCOperation", "Effect" : "Allow", "Action" : [ "ec2:CreateVpcEndpoint", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices" ], "Resource" : "*" }, { "Sid" : "ECROperations", "Effect" : "Allow", "Action" : [ "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", "ecr:GetAuthorizationToken" ], "Resource" : "*" }, { "Sid" : "IAMGetOperations", "Effect" : "Allow", "Action" : [ "iam:GetRole" ], "Resource" : "arn:aws:iam::*:role/*" }, { "Sid" : "IAMPassOperation", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : "arn:aws:iam::*:role/*", "Condition" : { "StringEquals" : { "iam:PassedToService" : "sagemaker.amazonaws.com" } } }, { "Sid" : "LoggingOperation", "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource" : "arn:aws:logs:*:*:log-group:/aws/sagemaker/*" }, { "Sid" : "S3Operations", "Effect" : "Allow", "Action" : [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:CreateBucket", "s3:GetBucketCors", "s3:GetBucketLocation" ], "Resource" : [ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Sid" : "ReadSageMakerJumpstartArtifacts", "Effect" : "Allow", "Action" : "s3:GetObject", "Resource" : [ "arn:aws:s3:::jumpstart-cache-prod-us-west-2/*", "arn:aws:s3:::jumpstart-cache-prod-us-east-1/*", "arn:aws:s3:::jumpstart-cache-prod-us-east-2/*", "arn:aws:s3:::jumpstart-cache-prod-eu-west-1/*", "arn:aws:s3:::jumpstart-cache-prod-eu-central-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-south-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-2/*", "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-2/*" ] }, { "Sid" : "S3ListOperations", "Effect" : "Allow", "Action" : [ "s3:ListBucket", "s3:ListAllMyBuckets" ], "Resource" : "*" }, { "Sid" : "GlueOperations", "Effect" : "Allow", "Action" : "glue:SearchTables", "Resource" : [ "arn:aws:glue:*:*:table/*/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:catalog" ] }, { "Sid" : "SecretsManagerARNBasedOperation", "Effect" : "Allow", "Action" : [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:CreateSecret", "secretsmanager:PutResourcePolicy" ], "Resource" : [ "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" ] }, { "Sid" : "SecretManagerTagBasedOperation", "Effect" : "Allow", "Action" : [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Resource" : "*", "Condition" : { "StringEquals" : { "secretsmanager:ResourceTag/SageMaker" : "true" } } }, { "Sid" : "RedshiftOperations", "Effect" : "Allow", "Action" : [ "redshift-data:ExecuteStatement", "redshift-data:DescribeStatement", "redshift-data:CancelStatement", "redshift-data:GetStatementResult", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-data:DescribeTable" ], "Resource" : "*" }, { "Sid" : "RedshiftGetCredentialsOperation", "Effect" : "Allow", "Action" : [ "redshift:GetClusterCredentials" ], "Resource" : [ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", "arn:aws:redshift:*:*:dbname:*" ] }, { "Sid" : "ForecastOperations", "Effect" : "Allow", "Action" : [ "forecast:CreateExplainabilityExport", "forecast:CreateExplainability", "forecast:CreateForecastEndpoint", "forecast:CreateAutoPredictor", "forecast:CreateDatasetImportJob", "forecast:CreateDatasetGroup", "forecast:CreateDataset", "forecast:CreateForecast", "forecast:CreateForecastExportJob", "forecast:CreatePredictorBacktestExportJob", "forecast:CreatePredictor", "forecast:DescribeExplainabilityExport", "forecast:DescribeExplainability", "forecast:DescribeAutoPredictor", "forecast:DescribeForecastEndpoint", "forecast:DescribeDatasetImportJob", "forecast:DescribeDataset", "forecast:DescribeForecast", "forecast:DescribeForecastExportJob", "forecast:DescribePredictorBacktestExportJob", "forecast:GetAccuracyMetrics", "forecast:InvokeForecastEndpoint", "forecast:GetRecentForecastContext", "forecast:DescribePredictor", "forecast:TagResource", "forecast:DeleteResourceTree" ], "Resource" : [ "arn:aws:forecast:*:*:*Canvas*" ] }, { "Sid" : "RDSOperation", "Effect" : "Allow", "Action" : "rds:DescribeDBInstances", "Resource" : "*" }, { "Sid" : "IAMPassOperationForForecast", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : "arn:aws:iam::*:role/*", "Condition" : { "StringEquals" : { "iam:PassedToService" : "forecast.amazonaws.com" } } }, { "Sid" : "AutoscalingOperations", "Effect" : "Allow", "Action" : [ "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget" ], "Resource" : "arn:aws:application-autoscaling:*:*:scalable-target/*", "Condition" : { "StringEquals" : { "application-autoscaling:service-namespace" : "sagemaker", "application-autoscaling:scalable-dimension" : "sagemaker:variant:DesiredInstanceCount" } } }, { "Sid" : "AsyncEndpointOperations", "Effect" : "Allow", "Action" : [ "cloudwatch:DescribeAlarms", "sagemaker:DescribeEndpointConfig" ], "Resource" : "*" }, { "Sid" : "DescribeScalingOperations", "Effect" : "Allow", "Action" : [ "application-autoscaling:DescribeScalingActivities" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "SageMakerCloudWatchUpdate", "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Resource" : [ "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" ], "Condition" : { "StringEquals" : { "aws:CalledViaLast" : "application-autoscaling.amazonaws.com" } } }, { "Sid" : "AutoscalingSageMakerEndpointOperation", "Action" : "iam:CreateServiceLinkedRole", "Effect" : "Allow", "Resource" : "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", "Condition" : { "StringLike" : { "iam:AWSServiceName" : "sagemaker.application-autoscaling.amazonaws.com" } } }, { "Sid" : "AthenaOperation", "Action" : [ "athena:ListTableMetadata", "athena:ListDataCatalogs", "athena:ListDatabases" ], "Effect" : "Allow", "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "GlueOperation", "Action" : [ "glue:GetDatabases", "glue:GetPartitions", "glue:GetTables" ], "Effect" : "Allow", "Resource" : [ "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "QuicksightOperation", "Action" : [ "quicksight:ListNamespaces" ], "Effect" : "Allow", "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "AllowUseOfKeyInAccount", "Effect" : "Allow", "Action" : [ "kms:DescribeKey" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceTag/Source" : "SageMakerCanvas", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessCreateApplicationOperation", "Effect" : "Allow", "Action" : "emr-serverless:CreateApplication", "Resource" : "arn:aws:emr-serverless:*:*:/*", "Condition" : { "StringEquals" : { "aws:RequestTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessListApplicationOperation", "Effect" : "Allow", "Action" : "emr-serverless:ListApplications", "Resource" : "arn:aws:emr-serverless:*:*:/*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessApplicationOperations", "Effect" : "Allow", "Action" : [ "emr-serverless:UpdateApplication", "emr-serverless:StopApplication", "emr-serverless:GetApplication", "emr-serverless:StartApplication" ], "Resource" : "arn:aws:emr-serverless:*:*:/applications/*", "Condition" : { "StringEquals" : { "aws:ResourceTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessStartJobRunOperation", "Effect" : "Allow", "Action" : "emr-serverless:StartJobRun", "Resource" : "arn:aws:emr-serverless:*:*:/applications/*", "Condition" : { "StringEquals" : { "aws:RequestTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessListJobRunOperation", "Effect" : "Allow", "Action" : "emr-serverless:ListJobRuns", "Resource" : "arn:aws:emr-serverless:*:*:/applications/*", "Condition" : { "StringEquals" : { "aws:ResourceTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessJobRunOperations", "Effect" : "Allow", "Action" : [ "emr-serverless:GetJobRun", "emr-serverless:CancelJobRun" ], "Resource" : "arn:aws:emr-serverless:*:*:/applications/*/jobruns/*", "Condition" : { "StringEquals" : { "aws:ResourceTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "EMRServerlessTagResourceOperation", "Effect" : "Allow", "Action" : "emr-serverless:TagResource", "Resource" : "arn:aws:emr-serverless:*:*:/*", "Condition" : { "StringEquals" : { "aws:RequestTag/sagemaker:is-canvas-resource" : "True", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "IAMPassOperationForEMRServerless", "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : [ "arn:aws:iam::*:role/service-role/AmazonSageMakerCanvasEMRSExecutionAccess-*", "arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*" ], "Condition" : { "StringEquals" : { "iam:PassedToService" : "emr-serverless.amazonaws.com", "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } } ] }

Pelajari selengkapnya

PrivasiSyarat situsPreferensi cookie
© 2025, Amazon Web Services, Inc. atau afiliasinya. Semua hak dilindungi undang-undang.