Give your users permissions to perform time series forecasting - Amazon SageMaker

Give your users permissions to perform time series forecasting

To give your users permissions to perform time series analyses in Amazon SageMaker Canvas, you must add additional permissions to the AWS IAM role you chose when setting up the user's profile.

To give your users the IAM permissions required to do time series forecasting, do the following.

  1. Sign in to the Amazon SageMaker console and choose SageMaker Domain.

  2. From the list of Users, select the profile of the user you to whom want to give time series forecasting permissions.

  3. Under Details, copy or make a note of the name of the user's Execution role. The name of the IAM role should be similar to the following: AmazonSageMaker-ExecutionRole-111122223333444.

    
      Screenshot of the user's profile in the SageMaker console.
  4. Once you have the name of the user's IAM role, go to the IAM console.

  5. Choose Roles.

  6. Search for the user's IAM role by name from the list of roles and select it.

    
      Screenshot of the search box in the IAM console.
  7. Under Permissions, choose Add permissions.

  8. Choose Attach policies.

    
      Screenshot of the Attach policies button under Add permissions.
  9. Search for the AmazonForecastFullAccess managed policy and select it. Choose Attach policies to attach the policy to the role.

    After attaching the policy, the role's Permissions section should now include AmazonForecastFullAccess, as shown in the following screenshot.

    
      Screenshot of the AmazonForecastFullAccess managed policy listed in the role's Permissions section.
  10. Return to the IAM role's page, and under Trust relationships, choose Edit trust policy.

  11. In the Edit trust policy editor, update the trust policy to add Forecast as a service principal. The policy should look like the following example.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "sagemaker.amazonaws.com", "forecast.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
  12. After editing the trust policy, choose Update policy. The trust relationship should now look like the following screenshot.

    
      Screenshot of the IAM role's trust relationship, which includes Forecast and SageMaker.

The user should now have permission to perform time series forecasting in SageMaker Canvas. For information about AWS managed policies, see Managed policies and inline policies.