Step 2: Set up permissions - Amazon Lookout for Vision

Step 2: Set up permissions

To use Amazon Lookout for Vision, you needs access permissions to the Lookout for Vision console, AWS SDK operations, and the Amazon S3 bucket that you use for model training.


If you only use AWS SDK operations, you can use policies that are scoped to AWS SDK operations. For more information, see Set up SDK permissions.

Setting console access with AWS managed policies

Use the following AWS managed policies to apply appropriate access permissions for the Amazon Lookout for Vision console and SDK operations.

To assign permissions, see Assigning permissions.

For information about AWS managed policies, see AWS managed policies.

Setting Amazon S3 bucket permissions

Amazon Lookout for Vision uses an Amazon S3 bucket to store the following files:

If you use the console, Lookout for Vision creates an Amazon S3 bucket (console bucket) to manage your projects. The LookoutVisionConsoleReadOnlyAccess and LookoutVisionConsoleFullAccess managed policies include Amazon S3 access permissions for the console bucket.

You can use the console bucket to store dataset images and SageMaker Ground Truth format manifest files. Alternatively, You can use a different Amazon S3 bucket. The bucket must be owned by your AWS account and must be located in the AWS Region in which you are using Lookout for Vision.

To use a different bucket, add the following policy to the desired user or group. Replace my-bucket with the name of the desired bucket. For information about adding IAM policies, see Creating IAM Policies.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "LookoutVisionS3BucketAccessPermissions", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::my-bucket" ] }, { "Sid": "LookoutVisionS3ObjectAccessPermissions", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::my-bucket/*" ] } ] }

To assign permissions, see Assigning permissions.

Assigning permissions

To provide access, add permissions to your users, groups, or roles: