AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio high security documentation change

Service: sagemaker-unified-studio · 2025-03-10 · Security-related high

File: sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md

Summary

Documented policy update addressing confused deputy issue

Security assessment

Directly references mitigation of confused deputy problem, a security vulnerability pattern.

Diff

diff --git a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
index fdb7813d9..adb5ac2ec 100644
--- a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
+++ b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
@@ -12,0 +13 @@ Change | Description | Date
+Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) |  Policy updates to the SageMakerStudioProjectProvisioningRolePolicy \- adding permission to change trust policy during project update to address confused deputy problem. Also adding permission to attach PartnerApps policy to the user role. | 3/05/2025