AWS Security ChangesHomeSearch

AWS sagemaker medium security documentation change

Service: sagemaker · 2025-08-10 · Security-related medium

File: sagemaker/latest/dg/samurai-vpc-labeling-job.md

Summary

Updated bucket names and VPC endpoint IDs in resource policy examples

Security assessment

Removed wildcard '*' principal and specified concrete VPC endpoint IDs, demonstrating proper access restriction. This change shows how to limit access to specific VPC endpoints, which is a security best practice for reducing attack surface.

Diff

diff --git a/sagemaker/latest/dg/samurai-vpc-labeling-job.md b/sagemaker/latest/dg/samurai-vpc-labeling-job.md
index 1a029b65e..db5de7e64 100644
--- a//sagemaker/latest/dg/samurai-vpc-labeling-job.md
+++ b//sagemaker/latest/dg/samurai-vpc-labeling-job.md
@@ -92,2 +92 @@ JSON
-                "Sid": "Access-to-specific-VPCE-only",
-                "Principal": "*",
+                "Sid": "AccessToSpecificVPCEOnly",
@@ -100,2 +99,2 @@ JSON
-                    "arn:aws:s3:::<bucket-name>",
-                    "arn:aws:s3:::<bucket-name>/*"
+                    "arn:aws:s3:::amzn-s3-demo-bucket",
+                    "arn:aws:s3:::amzn-s3-demo-bucket/*"
@@ -106,2 +105,2 @@ JSON
-                            "<vpc-endpoint>",
-                            "<vpc>"
+                            "vpce-12345678",
+                            "vpce-12345678901234567"