AWS sagemaker-unified-studio documentation change
Summary
Added multiple entries for new IAM policies (SageMakerStudioUserIAMPermissiveExecutionPolicy, SageMakerStudioUserIAMDefaultExecutionPolicy, SageMakerStudioUserIAMConsolePolicy, SageMakerStudioAdminIAMPermissiveExecutionPolicy, SageMakerStudioAdminIAMDefaultExecutionPolicy, SageMakerStudioAdminIAMConsolePolicy) and updated SageMakerStudioDomainExecutionRolePolicy with new API actions for governed terms.
Security assessment
The changes document new IAM execution policies and policy updates for governance features, which are security controls. However, there is no evidence of a specific security vulnerability being addressed; these appear to be routine enhancements to access management capabilities.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/doc-history.md b/sagemaker-unified-studio/latest/adminguide/doc-history.md index a447d257e..c43102308 100644 --- a//sagemaker-unified-studio/latest/adminguide/doc-history.md +++ b//sagemaker-unified-studio/latest/adminguide/doc-history.md @@ -10,0 +11,8 @@ Change| Description| Date +Support for account pools in Amazon SageMaker Unified Studio| You can configure your domain to create and manage account pools for your custom project profile. For more information, see [Account pools in Amazon SageMaker Unified Studio](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/account-pools.html) and [Custom project profile](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/custom.html).| August 21, 2025 +Policy update - SageMakerStudioDomainExecutionRolePolicy| Policy updates to SageMakerStudioDomainExecutionRolePolicy - adding support for the new API actions - AssociateGovernedTerms and DisassociateGovernedTerms for the asset classification using restricted glossary terms feature in the catalog where users can associate or disassociate restricted glossary terms to an asset. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| August 20, 2025 +New policy - SageMakerStudioUserIAMPermissiveExecutionPolicy| New policy - This is an execution policy for using IAM roles with Amazon SageMaker Unified Studio. This policy grants access to users to access resources, including broad access to data resources. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| August 20, 2025 +New policy - SageMakerStudioUserIAMDefaultExecutionPolicy| New policy - This is the execution policy for using IAM roles with Amazon SageMaker Unified Studio. This policy grants access to users to resources. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| August 20, 2025 +New policy - SageMakerStudioUserIAMConsolePolicy| New policy - This policy provides individual setup privileges for Amazon SageMaker Unified Studio using the AWS Management Console and SDK. It grants permissions for launching Amazon SageMaker Unified Studio. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| August 20, 2025 +New policy - SageMakerStudioAdminIAMPermissiveExecutionPolicy| New policy - This is an administrative execution policy for using IAM roles with Amazon SageMaker Unified Studio. This policy grants administrative access to provision, manage, and access resources, including broad access to data resources. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| August 20, 2025 +New policy - SageMakerStudioAdminIAMDefaultExecutionPolicy| New policy - This is the administrative execution policy for using IAM roles with Amazon SageMaker Unified Studio. This policy grants administrative access to provision, manage, and access resources (excluding data resources) in your account. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| August 20, 2025 +New policy - SageMakerStudioAdminIAMConsolePolicy| New policy - This policy provides administrative and individual setup privileges for Amazon SageMaker Unified Studio using the AWS Management Console and SDK. It grants permissions for launching Amazon SageMaker Unified Studio. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| August 20, 2025