AWS sagemaker medium security documentation change
Summary
Updated AWS managed policy documentation for HyperPod observability permissions
Security assessment
The policy update fixes role scoping and adds required EKS pod identity association permissions, which directly impacts access control and privilege management security aspects.
Diff
diff --git a/sagemaker/latest/dg/doc-history.md b/sagemaker/latest/dg/doc-history.md index 50c40de90..f2657f301 100644 --- a//sagemaker/latest/dg/doc-history.md +++ b//sagemaker/latest/dg/doc-history.md @@ -11,0 +12 @@ AWS managed policy updates - new policy| SageMaker AI added the AWS managed poli +AWS managed policy: AmazonSageMakerHyperPodObservabilityAdminAccess| Updated the policy to fix the role scope-down to include the `service-role` prefix. Also added permissions for `eks:DeletePodIdentityAssociation` and `eks:UpdatePodIdentityAssociation` that are required for end-to-end administrative actions.| August 21, 2025 @@ -18,0 +20 @@ AWS managed policy updates - New policy| SageMaker AI added the following new AW +Amazon SageMaker HyperPod observability with Amazon Managed Grafana and Amazon Managed Service for Prometheus| Amazon SageMaker HyperPod now supports a new observability add-on that provides a unified observability solution, automatically publishes key metrics to Amazon Managed Service for Prometheus, and displays them in Amazon Managed Grafana dashboards.| July 10, 2025