AWS sagemaker-unified-studio documentation change
Summary
Added multiple DataZone Rule-related permissions (CreateRule, DeleteRule, GetRule, etc.) to IAM policy documentation
Security assessment
Expands IAM policy documentation with new API permissions required for functionality. No evidence of addressing existing security vulnerabilities.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy.md b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy.md index 83696823f..e3b8d995e 100644 --- a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy.md +++ b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy.md @@ -41,0 +42 @@ This role provides access to all Amazon SageMaker Unified Studio APIs that are r + "datazone:CreateRule", @@ -58,0 +60 @@ This role provides access to all Amazon SageMaker Unified Studio APIs that are r + "datazone:DeleteRule", @@ -86,0 +89 @@ This role provides access to all Amazon SageMaker Unified Studio APIs that are r + "datazone:GetRule", @@ -92,0 +96 @@ This role provides access to all Amazon SageMaker Unified Studio APIs that are r + "datazone:GetUpdateEligibility", @@ -116,0 +121 @@ This role provides access to all Amazon SageMaker Unified Studio APIs that are r + "datazone:ListRules", @@ -130,0 +136 @@ This role provides access to all Amazon SageMaker Unified Studio APIs that are r + "datazone:SearchRules", @@ -144,0 +151 @@ This role provides access to all Amazon SageMaker Unified Studio APIs that are r + "datazone:UpdateRule",