AWS sagemaker-unified-studio medium security documentation change
Summary
Added entries for policy updates to SageMakerStudioProjectUserRolePolicy and SageMakerStudioProjectProvisioningRolePolicy
Security assessment
Documents IAM policy changes including Bedrock integration permissions, Trusted Identity Propagation support, and Schedule deletion capabilities. These changes directly impact access control and resource management security configurations.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/doc-history.md b/sagemaker-unified-studio/latest/adminguide/doc-history.md index 9d23f835a..bb6e85068 100644 --- a//sagemaker-unified-studio/latest/adminguide/doc-history.md +++ b//sagemaker-unified-studio/latest/adminguide/doc-history.md @@ -10,0 +11,2 @@ Change| Description| Date +Policy update - SageMakerStudioProjectUserRolePolicy| Policy updates to the SageMakerStudioProjectUserRolePolicy - adding permissions for integration with Amazon Bedrock Data Automation. Adding permissions to show Amazon Bedrock agent versions and their details to users. Adding permission to support Trusted Identity Propagation in QEv2. Ensuring project isolation for Amazon Bedrock Inline Agents. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| April 28, 2025 +Policy update - SageMakerStudioProjectProvisioningRolePolicy| Policy updates to the SageMakerStudioProjectProvisioningRolePolicy - adding IAM permissions for the AmazonSageMakerQueryExecution role to support query execution role creation during enabling of the Tooling blueprint. Adding the DeleteSchedule permission so that when projects are deleted, the Schedule Group can be deleted. EventBridge runs DeleteSchedule automatically on Schedule Groups when it attempts to delete them, regardless of whether the Schedule Group actually has schedules in it. This permission allows for that deleteSchedule call to be made during project deletion. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| April 28, 2025