Give your users permissions to perform time series forecasting
To give your users permissions to perform time series analyses in Amazon SageMaker Canvas, you must add additional permissions to the AWS IAM role you chose when setting up the user's profile.
To give your users the IAM permissions required to do time series forecasting, do the following.
-
Sign in to the Amazon SageMaker console
and choose SageMaker Domain. -
From the list of Users, select the profile of the user you to whom want to give time series forecasting permissions.
-
Under Details, copy or make a note of the name of the user's Execution role. The name of the IAM role should be similar to the following:
AmazonSageMaker-ExecutionRole-111122223333444.
-
Once you have the name of the user's IAM role, go to the IAM console
. -
Choose Roles.
-
Search for the user's IAM role by name from the list of roles and select it.
-
Under Permissions, choose Add permissions.
-
Choose Attach policies.
-
Search for the
AmazonForecastFullAccessmanaged policy and select it. Choose Attach policies to attach the policy to the role.After attaching the policy, the role's Permissions section should now include
AmazonForecastFullAccess, as shown in the following screenshot.
-
Return to the IAM role's page, and under Trust relationships, choose Edit trust policy.
-
In the Edit trust policy editor, update the trust policy to add Forecast as a service principal. The policy should look like the following example.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "sagemaker.amazonaws.com", "forecast.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] } -
After editing the trust policy, choose Update policy. The trust relationship should now look like the following screenshot.
The user should now have permission to perform time series forecasting in SageMaker Canvas. For information about AWS managed policies, see Managed policies and inline policies.
