AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio documentation change

Service: sagemaker-unified-studio · 2025-06-19 · Documentation low

File: sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md

Summary

Added policy update entry for SageMakerStudioDomainExecutionRolePolicy supporting Amazon Q GetIdentityMetadata API

Security assessment

Documents addition of GetIdentityMetadata API permission for subscription tier management. While this updates security-related IAM policy documentation, there's no indication it addresses an existing security vulnerability. The change appears to enable new functionality rather than fix a security issue.

Diff

diff --git a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
index a0709b37b..1ad82f1ad 100644
--- a//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
+++ b//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
@@ -10,0 +11 @@ Change | Description | Date
+Policy update - [SageMakerStudioDomainExecutionRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioDomainExecutionRolePolicy) |  Policy updates to the SageMakerStudioDomainExecutionRolePolicy - adding support for the Amazon Q `GetIdentityMetadata` API action in order to obtain user's Q subscription information to set an appropriate subscription tier badge.  | 6/18/2025