AWS sagemaker-unified-studio documentation change
Summary
Updated service list in Provisioning Role description (reordered Amazon Bedrock) and added a note about AWS CodeCommit deprecation for new projects.
Security assessment
The service reordering is cosmetic. The CodeCommit note indicates a feature deprecation but provides no security context or vulnerability reference. No security-specific changes are evident.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/security-accesss-control-patterns.md b/sagemaker-unified-studio/latest/adminguide/security-accesss-control-patterns.md index d19418ba0..60bb389c2 100644 --- a//sagemaker-unified-studio/latest/adminguide/security-accesss-control-patterns.md +++ b//sagemaker-unified-studio/latest/adminguide/security-accesss-control-patterns.md @@ -32 +32 @@ It is important that you understand the different IAM roles used in Amazon SageM -**Provisioning Role** \- Amazon SageMaker Unified Studio employs an IAM policy to manage and provision resources across various AWS services within an AWS account. This policy, associated with the AmazonSageMakerProvisioning role, grants access to essential services such as Amazon SageMaker, AWS Glue, Amazon S3, AWS Lake Formation, Amazon Redshift, Amazon Athena, Amazon Q, Amazon EMR, Amazon Bedrock, AWS CodeCommit, and AWS IAM. The policy enables management of SageMaker Domains and Spaces, AWS Glue components, S3 objects, Lake Formation grants, Redshift workgroups, Athena workgroups and catalogs, EMR clusters, KMS keys, CodeCommit repositories, Secrets Manager secrets, IAM roles, and Amazon Bedrock in SageMaker Unified Studio resources. This access allows Amazon SageMaker Unified Studio to effectively orchestrate and manage the lifecycle of projects and resources across the AWS ecosystem, providing users with a seamless and integrated experience for data science and machine learning tasks. +**Provisioning Role** \- Amazon SageMaker Unified Studio employs an IAM policy to manage and provision resources across various AWS services within an AWS account. This policy, associated with the AmazonSageMakerProvisioning role, grants access to essential services such as Amazon SageMaker, AWS Glue, Amazon S3, AWS Lake Formation, Amazon Redshift, Amazon Athena, Amazon Q, Amazon EMR, AWS CodeCommit, Amazon Bedrock, and AWS IAM. The policy enables management of SageMaker Domains and Spaces, AWS Glue components, S3 objects, Lake Formation grants, Redshift workgroups, Athena workgroups and catalogs, EMR clusters, KMS keys, CodeCommit repositories, Secrets Manager secrets, IAM roles, and Amazon Bedrock in SageMaker Unified Studio resources. This access allows Amazon SageMaker Unified Studio to effectively orchestrate and manage the lifecycle of projects and resources across the AWS ecosystem, providing users with a seamless and integrated experience for data science and machine learning tasks. @@ -37,0 +38,4 @@ It is important that you understand the different IAM roles used in Amazon SageM +###### Note + +You can't create new projects with AWS CodeCommit. Existing projects that were created using CodeCommit will continue to work. +