AWS sagemaker high security documentation change
Summary
Added warning about avoiding overly permissive resource definitions in tag-based access control policies
Security assessment
Explicitly warns against using 'Resource: *' in production due to potential unauthorized access risks. This addresses security best practices for IAM policies by emphasizing least privilege principles.
Diff
diff --git a/sagemaker/latest/dg/remote-access-remote-setup-abac.md b/sagemaker/latest/dg/remote-access-remote-setup-abac.md index 83fddbacb..299dabe22 100644 --- a//sagemaker/latest/dg/remote-access-remote-setup-abac.md +++ b//sagemaker/latest/dg/remote-access-remote-setup-abac.md @@ -71,0 +72,4 @@ You can ensure users can only access resources appropriate for their role and pr +###### Warning + +The tag-based access control policy shown in the following example is for demonstration purposes only. You should **not** use `"Resource": "*"` in production environments. Using overly permissive resource definitions could allow unintended unauthorized access. You should always restrict the resource scope in your IAM policies to follow best practices. +