AWS sagemaker-unified-studio documentation change
Summary
Added policy updates to SageMakerStudioProjectProvisioningRolePolicy, including permissions to untag resources, update Athena workgroups, and delete IAM role policies
Security assessment
The changes describe expanded permissions but do not explicitly address a security vulnerability or weakness. While modifying IAM policies can have security implications, there is no evidence this was in response to a specific security issue.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md index 723485e77..3cc0ce229 100644 --- a//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md +++ b//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md @@ -10,0 +11 @@ Change | Description | Date +Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) | Policy updates to the SageMakerStudioProjectProvisioningRolePolicy \- adding permissions to untag Amazon Athena, AWS CodeCommit, logs, scheduler, and Amazon EC2 resources. Also adding permissions to update Amazon Athena workgroups and delete the IAM role policy for Amazon SageMaker Unified Studio projects. | 8/15/2025