AWS Security ChangesHomeSearch

AWS sagemaker documentation change

Service: sagemaker · 2025-03-23 · Documentation low

File: sagemaker/latest/dg/sagemaker-hyperpod-prerequisites-iam.md

Summary

Added note about using IAM condition keys for granular access control in CreateCluster and UpdateCluster actions.

Security assessment

The change provides guidance on implementing granular access controls for cluster management actions, which enhances security documentation but does not address a specific security vulnerability.

Diff

diff --git a/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites-iam.md b/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites-iam.md
index 2a109c726..828841f87 100644
--- a/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites-iam.md
+++ b/sagemaker/latest/dg/sagemaker-hyperpod-prerequisites-iam.md
@@ -75,0 +76,4 @@ Cluster administrators (admins) operate and configure SageMaker HyperPod cluster
+###### Note
+
+IAM users with cluster admin roles can use condition keys to provide granular access control when managing SageMaker HyperPod cluster resources specifically for the `CreateCluster` and `UpdateCluster` actions. To find the condition keys supported for these actions, search for `CreateCluster` or `UpdateCluster` in the [Actions defined by SageMaker AI](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsagemaker.html#amazonsagemaker-actions-as-permissions).
+