AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio medium security documentation change

Service: sagemaker-unified-studio · 2025-06-16 · Security-related medium

File: sagemaker-unified-studio/latest/adminguide/doc-history.md

Summary

Added entries documenting IAM policy updates for SageMakerStudioProjectUserRolePolicy including Bedrock permissions and security group/S3 changes

Security assessment

Documents security-related IAM policy changes: removing risky permissions (terminate EMR clusters, modify security groups) and later restoring ListBucket with justification. Directly addresses security posture through least-privilege adjustments.

Diff

diff --git a/sagemaker-unified-studio/latest/adminguide/doc-history.md b/sagemaker-unified-studio/latest/adminguide/doc-history.md
index fc5650b71..0b042ecea 100644
--- a//sagemaker-unified-studio/latest/adminguide/doc-history.md
+++ b//sagemaker-unified-studio/latest/adminguide/doc-history.md
@@ -10,0 +11,2 @@ Change| Description| Date
+Policy updates - SageMakerStudioProjectUserRolePolicy| Policy updates to the SageMakerStudioProjectUserRolePolicy - adding permissions to list Amazon Bedrock foundation models. Removing permissions to terminate EMR Cluster, change security group rules, Amazon Athena default catalog permissions, and list S3 buckets permissions at bucket level. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| June 13, 2025  
+Policy updates - SageMakerStudioProjectUserRolePolicy| Policy updates to the SageMakerStudioProjectUserRolePolicy - bring back previously removed permission to `ListBucket` to fix issues in AWS Glue sessions and connections. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| June 13, 2025