AWS Security ChangesHomeSearch

AWS sagemaker documentation change

Service: sagemaker · 2025-07-19 · Documentation medium

File: sagemaker/latest/dg/nova-model-recipes.md

Summary

Added IAM permissions requirement for accessing recipes pages and specified required SageMaker distribution image versions

Security assessment

The change adds required IAM permissions (s3:GetObject on model-customization-recipes bucket) which relates to access control security, but there's no evidence this addresses an active vulnerability. The image version requirements suggest using updated components but don't explicitly mention security patches.

Diff

diff --git a/sagemaker/latest/dg/nova-model-recipes.md b/sagemaker/latest/dg/nova-model-recipes.md
index 09d21601f..d7c099356 100644
--- a//sagemaker/latest/dg/nova-model-recipes.md
+++ b//sagemaker/latest/dg/nova-model-recipes.md
@@ -12,0 +13,20 @@ You can also access Nova recipes through Amazon SageMaker Studio and Amazon Sage
+To access the recipes pages in Amazon SageMaker Studio, the execution role must have the following permissions.
+    
+    
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:GetObject"
+                ],
+                "Resource": [
+                    "arn:aws:s3:::*model-customization-recipes*"
+                ]
+            }
+        ]
+    }
+
+To execute the sample notebooks on SageMaker training jobs and SageMaker HyperPod, use one of the following SageMaker distribution image versions: `2.7.1+`, `2.8.0+`, `3.2.1+`, `3.3.0+`. This applies to both Amazon SageMaker Studio and Amazon SageMaker Unified Studio.
+