本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
SageMakerStudioDomainExecutionRolePolicy
描述:Amazon Studio 使用此政策对亚马逊 SageMaker 工作 SageMaker 室域中的数据进行分类、发现、管理、共享和分析。
SageMakerStudioDomainExecutionRolePolicy
是一项 AWS 托管式策略。
使用此策略
您可以将 SageMakerStudioDomainExecutionRolePolicy
附加到您的用户、组和角色。
策略详细信息
-
类型:服务角色策略
-
创建时间:世界标准时间 2024 年 11 月 20 日 21:56
-
编辑时间:世界标准时间 2025 年 1 月 14 日 21:22
-
ARN:
arn:aws:iam::aws:policy/service-role/SageMakerStudioDomainExecutionRolePolicy
策略版本
策略版本:v2 (默认值)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "DataZonePermissions",
"Effect" : "Allow",
"Action" : [
"datazone:AcceptPredictions",
"datazone:AcceptSubscriptionRequest",
"datazone:AddEntityOwner",
"datazone:AddPolicyGrant",
"datazone:CancelMetadataGenerationRun",
"datazone:CancelSubscription",
"datazone:CreateAsset",
"datazone:CreateAssetFilter",
"datazone:CreateAssetRevision",
"datazone:CreateAssetType",
"datazone:CreateConnection",
"datazone:CreateDataProduct",
"datazone:CreateDataProductRevision",
"datazone:CreateDataSource",
"datazone:CreateDomainUnit",
"datazone:CreateEnvironment",
"datazone:CreateEnvironmentProfile",
"datazone:CreateFormType",
"datazone:CreateGlossary",
"datazone:CreateGlossaryTerm",
"datazone:CreateListingChangeSet",
"datazone:CreateProject",
"datazone:CreateProjectMembership",
"datazone:CreateSubscriptionGrant",
"datazone:CreateSubscriptionRequest",
"datazone:DeleteAsset",
"datazone:DeleteAssetFilter",
"datazone:DeleteAssetType",
"datazone:DeleteConnection",
"datazone:DeleteDataProduct",
"datazone:DeleteDataSource",
"datazone:DeleteDomainUnit",
"datazone:DeleteEnvironment",
"datazone:DeleteEnvironmentProfile",
"datazone:DeleteFormType",
"datazone:DeleteGlossary",
"datazone:DeleteGlossaryTerm",
"datazone:DeleteListing",
"datazone:DeleteProject",
"datazone:DeleteProjectMembership",
"datazone:DeleteSubscriptionGrant",
"datazone:DeleteSubscriptionRequest",
"datazone:DeleteSubscriptionTarget",
"datazone:DeleteTimeSeriesDataPoints",
"datazone:GetAsset",
"datazone:GetAssetFilter",
"datazone:GetAssetType",
"datazone:GetConnection",
"datazone:GetDataProduct",
"datazone:GetDataSource",
"datazone:GetDataSourceRun",
"datazone:GetDomain",
"datazone:GetDomainUnit",
"datazone:GetEnvironment",
"datazone:GetEnvironmentAction",
"datazone:GetEnvironmentActionLink",
"datazone:GetEnvironmentBlueprint",
"datazone:GetEnvironmentBlueprintConfiguration",
"datazone:GetEnvironmentCredentials",
"datazone:GetEnvironmentProfile",
"datazone:GetFormType",
"datazone:GetGlossary",
"datazone:GetGlossaryTerm",
"datazone:GetGroupProfile",
"datazone:GetLineageNode",
"datazone:GetListing",
"datazone:GetMetadataGenerationRun",
"datazone:GetProject",
"datazone:GetSubscription",
"datazone:GetSubscriptionEligibility",
"datazone:GetSubscriptionGrant",
"datazone:GetSubscriptionRequestDetails",
"datazone:GetSubscriptionTarget",
"datazone:GetTimeSeriesDataPoint",
"datazone:GetUserProfile",
"datazone:ListAccountEnvironments",
"datazone:ListAssetFilters",
"datazone:ListAssetRevisions",
"datazone:ListConnections",
"datazone:ListDataProductRevisions",
"datazone:ListDataSourceRunActivities",
"datazone:ListDataSourceRuns",
"datazone:ListDataSources",
"datazone:ListDomainUnitsForParent",
"datazone:ListEntityOwners",
"datazone:ListEnvironmentActions",
"datazone:ListEnvironmentBlueprintConfigurationSummaries",
"datazone:ListEnvironmentBlueprintConfigurations",
"datazone:ListEnvironmentBlueprints",
"datazone:ListEnvironmentProfiles",
"datazone:ListEnvironments",
"datazone:ListGroupsForUser",
"datazone:ListLineageNodeHistory",
"datazone:ListMetadataGenerationRuns",
"datazone:ListNotifications",
"datazone:ListPolicyGrants",
"datazone:ListProjectMemberships",
"datazone:ListProjects",
"datazone:ListSubscriptionGrants",
"datazone:ListSubscriptionRequests",
"datazone:ListSubscriptionTargets",
"datazone:ListSubscriptions",
"datazone:ListTimeSeriesDataPoints",
"datazone:ListWarehouseMetadata",
"datazone:RejectPredictions",
"datazone:RejectSubscriptionRequest",
"datazone:RemoveEntityOwner",
"datazone:RemovePolicyGrant",
"datazone:RevokeSubscription",
"datazone:Search",
"datazone:SearchGroupProfiles",
"datazone:SearchListings",
"datazone:SearchTypes",
"datazone:SearchUserProfiles",
"datazone:StartDataSourceRun",
"datazone:StartMetadataGenerationRun",
"datazone:UpdateAssetFilter",
"datazone:UpdateConnection",
"datazone:UpdateDataSource",
"datazone:UpdateDomainUnit",
"datazone:UpdateEnvironment",
"datazone:UpdateEnvironmentDeploymentStatus",
"datazone:UpdateEnvironmentProfile",
"datazone:UpdateGlossary",
"datazone:UpdateGlossaryTerm",
"datazone:UpdateProject",
"datazone:UpdateSubscriptionGrantStatus",
"datazone:UpdateSubscriptionRequest"
],
"Resource" : "*"
},
{
"Sid" : "RAMResourceShareStatement",
"Effect" : "Allow",
"Action" : [
"ram:GetResourceShareAssociations",
"ram:GetResourceShares"
],
"Resource" : "*"
},
{
"Sid" : "AmazonQPermissionsStatement",
"Effect" : "Allow",
"Action" : [
"q:StartConversation",
"q:SendMessage",
"q:ListConversations",
"q:GetConversation",
"q:PassRequest",
"glue:StartCompletion",
"glue:GetCompletion"
],
"Resource" : "*"
},
{
"Sid" : "AllowSetTrustedIdentity",
"Effect" : "Allow",
"Action" : [
"sts:SetContext"
],
"Resource" : "arn:aws:sts::*:self"
},
{
"Sid" : "SSMGetParameterStatement",
"Effect" : "Allow",
"Action" : [
"ssm:GetParameter"
],
"Resource" : [
"arn:aws:ssm:*:*:parameter/amazon/datazone/q/${aws:PrincipalTag/datazone-domainId}*",
"arn:aws:ssm:*:*:parameter/amazon/datazone/genAI/${aws:PrincipalTag/datazone-domainId}/*"
],
"Condition" : {
"StringEquals" : {
"aws:ResourceAccount" : "${aws:PrincipalAccount}"
}
}
},
{
"Sid" : "GetCodeConnectionsPermissionsStatement",
"Effect" : "Allow",
"Action" : [
"codeconnections:GetConnection",
"codeconnections:GetHost",
"codestar-connections:GetConnection",
"codestar-connections:GetHost"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/for-use-with-all-datazone-projects" : "false"
},
"StringEquals" : {
"aws:ResourceTag/for-use-with-all-datazone-projects" : "true"
}
}
},
{
"Sid" : "ListCodeConnectionsPermissionsStatement",
"Effect" : "Allow",
"Action" : [
"codeconnections:ListConnections",
"codeconnections:ListTagsForResource",
"codestar-connections:ListConnections",
"codestar-connections:ListTagsForResource"
],
"Resource" : "*"
},
{
"Sid" : "UseCodeConnectionsPermissionsStatement",
"Effect" : "Allow",
"Action" : [
"codeconnections:UseConnection",
"codestar-connections:UseConnection"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/for-use-with-all-datazone-projects" : "false"
},
"StringEquals" : {
"aws:ResourceTag/for-use-with-all-datazone-projects" : "true"
}
}
},
{
"Sid" : "ProjectProfilePermissionsStatement",
"Effect" : "Allow",
"Action" : [
"datazone:GetProjectProfile",
"datazone:ListProjectProfiles"
],
"Resource" : "arn:aws:datazone:*:*:domain/*"
}
]
}