AWS Security ChangesHomeSearch

AWS sagemaker high security documentation change

Service: sagemaker · 2025-08-25 · Security-related high

File: sagemaker/latest/dg/remote-access-remote-setup-abac.md

Summary

Added warning about avoiding overly permissive resource definitions in tag-based access control policies

Security assessment

Explicitly warns against using 'Resource: *' in production due to potential unauthorized access risks. This addresses security best practices for IAM policies by emphasizing least privilege principles.

Diff

diff --git a/sagemaker/latest/dg/remote-access-remote-setup-abac.md b/sagemaker/latest/dg/remote-access-remote-setup-abac.md
index 83fddbacb..299dabe22 100644
--- a//sagemaker/latest/dg/remote-access-remote-setup-abac.md
+++ b//sagemaker/latest/dg/remote-access-remote-setup-abac.md
@@ -71,0 +72,4 @@ You can ensure users can only access resources appropriate for their role and pr
+###### Warning
+
+The tag-based access control policy shown in the following example is for demonstration purposes only. You should **not** use `"Resource": "*"` in production environments. Using overly permissive resource definitions could allow unintended unauthorized access. You should always restrict the resource scope in your IAM policies to follow best practices.
+