AWS sagemaker-unified-studio documentation change
Summary
Added policy update entry for SageMakerStudioDomainExecutionRolePolicy supporting Amazon Q GetIdentityMetadata API
Security assessment
Documents addition of GetIdentityMetadata API permission for subscription tier management. While this updates security-related IAM policy documentation, there's no indication it addresses an existing security vulnerability. The change appears to enable new functionality rather than fix a security issue.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md index a0709b37b..1ad82f1ad 100644 --- a//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md +++ b//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md @@ -10,0 +11 @@ Change | Description | Date +Policy update - [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy) | Policy updates to the SageMakerStudioDomainExecutionRolePolicy - adding support for the Amazon Q `GetIdentityMetadata` API action in order to obtain user's Q subscription information to set an appropriate subscription tier badge. | 6/18/2025