SageMaker Roles - Amazon SageMaker

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

SageMaker Roles

As a managed service, SageMaker performs operations on your behalf on the AWS hardware that is managed by SageMaker. SageMaker can perform only operations that the user permits.

A SageMaker user can grant these permissions with an IAM role (referred to as an execution role).

To create and use a locally available execution role, you can use the following procedures.

Get execution role

When you run a notebook within SageMaker you can access the execution role with the following code:

sagemaker_session = sagemaker.Session() role = sagemaker.get_execution_role()
注意

The execution role is intended to be available only when running a notebook within SageMaker. If you run get_execution_role in a notebook not on SageMaker, expect a "region" error.

To find the IAM role ARN created when you created your the notebook instance or Studio application, go to the Notebook instances page in the console and select the relevant notebook from the list of Names. in the configuration detail page the IAM role ARN is given in the Permissions and encryption section.

To create a new role

  1. Log onto the console -> IAM -> Roles -> Create Role

  2. Create a service-linked role with sagemaker.amazonaws.com

  3. Give the role AmazonSageMakerFullAccess

  4. Give the role AmazonS3FullAccess (limit the permissions to specific buckets if possible)

  5. Make note of the ARN once it is created

With a known ARN for your role, you can programmatically check the role when running the notebook locally or on SageMaker. Replace RoleName with your known ARN:

try: role = sagemaker.get_execution_role() except ValueError: iam = boto3.client('iam') role = iam.get_role(RoleName='AmazonSageMaker-ExecutionRole-20201200T100000')['Role']['Arn']

Passing Roles

Actions like passing a role between services are a common function within SageMaker. You can find more details on Actions, Resources, and Condition Keys for SageMaker in the IAM User Guide.

You pass the role (iam:PassRole) when making these API calls: CreateAutoMLJob, CreateCompilationJob, CreateDomain, CreateFlowDefiniton, CreateHyperParameterTuningJob, CreateImage, CreateLabelingJob, CreateModel, CreateMonitoringSchedule, CreateNotebookInstance, CreateProcessingJob, CreateTrainingJob, CreateUserProfile, RenderUiTemplate, and UpdateImage.

You attach the following trust policy to the IAM role which grants SageMaker principal permissions to assume the role, and is the same for all of the execution roles:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "sagemaker.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }

您需要授予该角色的权限有所不同,具体取决于您所调用的 API。以下几节解释了这些权限。

注意

您可以使用 AWS 托管的 AmazonSageMakerFullAccess 权限策略,而不用通过创建权限策略来管理权限。The permissions in this policy are fairly broad, to allow for any actions you might want to perform in SageMaker. 有关此策略的列表,包括有关添加许多权限的原因的信息,请参阅 AmazonSageMakerFullAccess 策略。如果您更愿意创建自定义策略和管理权限以将权限限定于您需要使用执行角色执行的操作,请参阅以下主题。

For more information about IAM roles, see IAM Roles in the IAM User Guide.

CreateDomain API: 执行角色权限

The execution role for AWS SSO domains and the user/execution role for IAM domains need the following permissions when you pass an AWS KMS customer managed key (CMK) as the KmsKeyId in the CreateDomain API request. The permissions are enforced during the CreateApp API call.

For an execution role that you can pass in the CreateDomain API request, you can attach the following permission policy to the role:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:DescribeKey" ], "Resource": "arn:aws:kms:region:account-id:key/kms-key-id" }, ] }

Alternatively, if the permissions are specified in a KMS policy, you can attach the following policy to the role:

{ "Sid": "Allow use of the key", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::account-id:role/ExecutionRole" ] }, "Action": [ "kms:DescribeKey", "kms:CreateGrant" ], "Resource": "*" }

CreateImage and UpdateImage APIs: 执行角色权限

For an execution role that you can pass in a CreateImage or UpdateImage API request, you can attach the following permission policy to the role:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "sagemaker.amazonaws.com" } } } ] }

CreateNotebookInstance API: 执行角色权限

您向执行角色授予调用 CreateNotebookInstance API 的权限取决于您计划对笔记本实例执行的操作。If you plan to use it to invoke SageMaker APIs and pass the same role when calling the CreateTrainingJob and CreateModel APIs, attach the following permissions policy to the role:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:*", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:SetRepositoryPolicy", "ecr:CompleteLayerUpload", "ecr:BatchDeleteImage", "ecr:UploadLayerPart", "ecr:DeleteRepositoryPolicy", "ecr:InitiateLayerUpload", "ecr:DeleteRepository", "ecr:PutImage", "ecr:CreateRepository", "cloudwatch:PutMetricData", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:GetLogEvents", "s3:CreateBucket", "s3:ListBucket", "s3:GetBucketLocation", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "robomaker:CreateSimulationApplication", "robomaker:DescribeSimulationApplication", "robomaker:DeleteSimulationApplication", "robomaker:CreateSimulationJob", "robomaker:DescribeSimulationJob", "robomaker:CancelSimulationJob", "ec2:CreateVpcEndpoint", "ec2:DescribeRouteTables", "fsx:DescribeFileSystem", "elasticfilesystem:DescribeMountTargets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "codecommit:GitPull", "codecommit:GitPush" ], "Resource": [ "arn:aws:codecommit:*:*:*sagemaker*", "arn:aws:codecommit:*:*:*SageMaker*", "arn:aws:codecommit:*:*:*Sagemaker*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "sagemaker.amazonaws.com" } } } ] }

To tighten the permissions, limit them to specific Amazon S3 and Amazon ECR resources, by restricting "Resource": "*", as follows:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:*", "ecr:GetAuthorizationToken", "cloudwatch:PutMetricData", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:GetLogEvents" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "sagemaker.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::inputbucket" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::inputbucket/object1", "arn:aws:s3:::outputbucket/path", "arn:aws:s3:::inputbucket/object2", "arn:aws:s3:::inputbucket/object3" ] }, { "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": [ "arn:aws:ecr:::repository/my-repo1", "arn:aws:ecr:::repository/my-repo2", "arn:aws:ecr:::repository/my-repo3" ] } ] }

If you plan to access other resources, such as Amazon DynamoDB or Amazon Relational Database Service, add the relevant permissions to this policy.

在上一个策略中,您按如下方式确定策略范围:

  • 仅向您在 s3:ListBucket 请求中指定作为 InputDataConfig.DataSource.S3DataSource.S3Uri 的特定存储桶授予 CreateTrainingJob 权限。

  • Scope s3:GetObject , s3:PutObject, and s3:DeleteObject permissions as follows:

    • 将范围限定为您在 CreateTrainingJob 请求中指定的以下值:

      InputDataConfig.DataSource.S3DataSource.S3Uri

      OutputDataConfig.S3OutputPath

    • 将范围限定为您在 CreateModel 请求中指定的以下值:

      PrimaryContainer.ModelDataUrl

      SuplementalContainers.ModelDataUrl

  • 按如下方式确定 ecr 权限的范围:

    • 将范围限定为您在 AlgorithmSpecification.TrainingImage 请求中指定的 CreateTrainingJob 值。

    • 将范围限定为您在 PrimaryContainer.Image 请求中指定的 CreateModel 值:

cloudwatchlogs 操作适用于“*”资源。For more information, see CloudWatch Resources and Operations in the Amazon CloudWatch User Guide.

CreateHyperParameterTuningJob API: 执行角色权限

对于可在 CreateHyperParameterTuningJob API 请求中传递的执行角色,您可以将以下权限策略附加到该角色:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", "s3:GetObject", "s3:PutObject", "s3:ListBucket", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "*" } ] }

Instead of the specifying "Resource": "*", you could scope these permissions to specific Amazon S3 and Amazon ECR resources:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", "ecr:GetAuthorizationToken" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::inputbucket" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::inputbucket/object", "arn:aws:s3:::outputbucket/path" ] }, { "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "arn:aws:ecr:::repository/my-repo" } ] }

If the training container associated with the hyperparameter tuning job needs to access other data sources, such as DynamoDB or Amazon RDS resources, add relevant permissions to this policy.

在上一个策略中,您按如下方式确定策略范围:

  • 仅向您在 s3:ListBucket 请求中指定作为 InputDataConfig.DataSource.S3DataSource.S3Uri 的特定存储桶授予 CreateTrainingJob 权限。

  • 仅向您在 s3:GetObject 请求的输入和输出数据配置中指定的以下对象授予 s3:PutObjectCreateHyperParameterTuningJob 权限:

    InputDataConfig.DataSource.S3DataSource.S3Uri

    OutputDataConfig.S3OutputPath

  • Scope Amazon ECR permissions to the registry path (AlgorithmSpecification.TrainingImage) that you specify in a CreateHyperParameterTuningJob request.

cloudwatchlogs 操作适用于“*”资源。For more information, see CloudWatch Resources and Operations in the Amazon CloudWatch User Guide.

如果您为超参数优化作业指定一个私有 VPC,请添加以下权限:

{ "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ] }

如果您的输入采用服务器端加密加 AWS KMS 托管密钥 (SSE-KMS) 进行加密,则添加以下权限:

{ "Effect": "Allow", "Action": [ "kms:Decrypt" ] }

如果在超参数优化作业的输出配置中指定一个 KMS 密钥,则添加以下权限:

{ "Effect": "Allow", "Action": [ "kms:Encrypt" ] }

如果在超参数优化作业的资源配置中指定一个批量 KMS 密钥,则添加以下权限:

{ "Effect": "Allow", "Action": [ "kms:CreateGrant" ] }

CreateProcessingJob API: 执行角色权限

对于可在 CreateProcessingJob API 请求中传递的执行角色,您可以将以下权限策略附加到该角色:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", "s3:GetObject", "s3:PutObject", "s3:ListBucket", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "*" } ] }

Instead of the specifying "Resource": "*", you could scope these permissions to specific Amazon S3 and Amazon ECR resources:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", "ecr:GetAuthorizationToken" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::inputbucket" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::inputbucket/object", "arn:aws:s3:::outputbucket/path" ] }, { "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "arn:aws:ecr:::repository/my-repo" } ] }

If CreateProcessingJob.AppSpecification.ImageUri needs to access other data sources, such as DynamoDB or Amazon RDS resources, add relevant permissions to this policy.

在上一个策略中,您按如下方式确定策略范围:

  • 仅向您在 s3:ListBucket 请求中指定作为 ProcessingInputs 的特定存储桶授予 CreateProcessingJob 权限。

  • s3:GetObject s3:PutObject 权限的范围限定在 CreateProcessingJob 请求中要在 ProcessingInputsProcessingOutputConfig 中下载或上传的对象。

  • Scope Amazon ECR permissions to the registry path (AppSpecification.ImageUri) that you specify in a CreateProcessingJob request.

cloudwatchlogs 操作适用于“*”资源。For more information, see CloudWatch Resources and Operations in the Amazon CloudWatch User Guide.

如果您为处理作业指定一个私有 VPC,请添加以下权限:

{ "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups"

如果您的输入采用服务器端加密加 AWS KMS 托管密钥 (SSE-KMS) 进行加密,则添加以下权限:

{ "Effect": "Allow", "Action": [ "kms:Decrypt" ] }

如果在处理作业的输出配置中指定一个 KMS 密钥,则添加以下权限:

{ "Effect": "Allow", "Action": [ "kms:Encrypt" ] }

如果在处理作业的资源配置中指定一个批量 KMS 密钥,则添加以下权限:

{ "Effect": "Allow", "Action": [ "kms:CreateGrant" ] }

CreateTrainingJob API: 执行角色权限

对于可在 CreateTrainingJob API 请求中传递的执行角色,您可以将以下权限策略附加到该角色:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", "s3:GetObject", "s3:PutObject", "s3:ListBucket", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "*" } ] }

Instead of the specifying "Resource": "*", you could scope these permissions to specific Amazon S3 and Amazon ECR resources:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", "ecr:GetAuthorizationToken" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::inputbucket" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::inputbucket/object", "arn:aws:s3:::outputbucket/path" ] }, { "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "arn:aws:ecr:::repository/my-repo" } ] }

If CreateTrainingJob.AlgorithSpecifications.TrainingImage needs to access other data sources, such as DynamoDB or Amazon RDS resources, add relevant permissions to this policy.

在上一个策略中,您按如下方式确定策略范围:

  • 仅向您在 s3:ListBucket 请求中指定作为 InputDataConfig.DataSource.S3DataSource.S3Uri 的特定存储桶授予 CreateTrainingJob 权限。

  • 仅向您在 s3:GetObject 请求的输入和输出数据配置中指定的以下对象授予 s3:PutObjectCreateTrainingJob 权限:

    InputDataConfig.DataSource.S3DataSource.S3Uri

    OutputDataConfig.S3OutputPath

  • Scope Amazon ECR permissions to the registry path (AlgorithmSpecification.TrainingImage) that you specify in a CreateTrainingJob request.

cloudwatchlogs 操作适用于“*”资源。For more information, see CloudWatch Resources and Operations in the Amazon CloudWatch User Guide.

如果您为训练作业指定一个私有 VPC,请添加以下权限:

{ "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups"

如果您的输入采用服务器端加密加 AWS KMS 托管密钥 (SSE-KMS) 进行加密,则添加以下权限:

{ "Effect": "Allow", "Action": [ "kms:Decrypt" ] }

如果在训练作业的输出配置中指定一个 KMS 密钥,则添加以下权限:

{ "Effect": "Allow", "Action": [ "kms:Encrypt" ] }

如果在训练作业的资源配置中指定一个批量 KMS 密钥,则添加以下权限:

{ "Effect": "Allow", "Action": [ "kms:CreateGrant" ] }

CreateModel API: 执行角色权限

对于可在 CreateModel API 请求中传递的执行角色,您可以将以下权限策略附加到该角色:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", "s3:GetObject", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "*" } ] }

Instead of the specifying "Resource": "*", you can scope these permissions to specific Amazon S3 and Amazon ECR resources:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", "ecr:GetAuthorizationToken" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::inputbucket/object", "arn:aws:s3:::inputbucket/object" ] }, { "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": [ "arn:aws:ecr:::repository/my-repo", "arn:aws:ecr:::repository/my-repo" ] } ] }

如果 CreateModel.PrimaryContainer.Image 需要访问其他数据源 (如 Amazon DynamoDB 或 Amazon RDS 资源),则向此策略添加相关权限。

在上一个策略中,您按如下方式确定策略范围:

  • Scope S3 permissions to objects that you specify in the PrimaryContainer.ModelDataUrl in a CreateModel request.

  • Scope Amazon ECR permissions to a specific registry path that you specify as the PrimaryContainer.Image and SecondaryContainer.Image in a CreateModel request.

cloudwatchlogs 操作适用于“*”资源。For more information, see CloudWatch Resources and Operations in the Amazon CloudWatch User Guide.

如果您为模型指定一个私有 VPC,请添加以下权限:

{ "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups"

AmazonSageMakerFullAccess 策略

The AmazonSageMakerFullAccess managed policy includes all of the necessary permissions to perform most actions in SageMaker. You can use attach this policy to any role that you pass to a SageMaker execution role. 如果您希望更精细地控制您授予执行角色的权限,也可以创建作用域更窄的策略。

下表说明了为什么需要 AmazonSageMakerFullAccess 策略中某些类别的权限。

application-autoscaling

Needed for automatically scaling a SageMaker real-time inference endpoint.

aws-marketplace

Needed to view AWS AI Marketplace subscriptions.

cloudwatch

Needed to post CloudWatch metrics, interact with alarms, and upload CloudWatch Logs logs in your account.

codecommit

Needed for AWS CodeCommit integration with SageMaker notebook instances.

cognito

Needed for SageMaker Ground Truth to define your private workforce and work teams.

ec2

Needed to manage elastic network interfaces when you specify a Amazon VPC for your SageMaker jobs and notebook instances.

ec2:DescribeVpcs

All SageMaker services launch Amazon EC2 instances and require this permission set.

ecr

提取和存储 Docker 项目以进行培训和推理时所需。This is required only if you use your own container in SageMaker.

elastic-inference

Needed to integrate Amazon Elastic Inference with SageMaker.

glue

Needed for inference pipeline pre-processing from within SageMaker notebook instances.

groundtruthlabeling

Needed for SageMaker Ground Truth.

iam:ListRoles

Needed to give the SageMaker console access to list available roles.

kms

Needed to give the SageMaker console access to list the available AWS KMS keys.

logs

Needed to allow SageMaker jobs and endpoints to publish log streams.