AWS sagemaker documentation change
Summary
Added clarification about IAM credential usage for remote IDE connections and opt-out instructions
Security assessment
Documents authentication method details and security controls (RemoteAccess conditional key) but does not address a specific vulnerability. Enhances security awareness rather than fixing an existing issue.
Diff
diff --git a/sagemaker/latest/dg/remote-access-remote-setup.md b/sagemaker/latest/dg/remote-access-remote-setup.md index 8f0cd3ceb..4f709e379 100644 --- a//sagemaker/latest/dg/remote-access-remote-setup.md +++ b//sagemaker/latest/dg/remote-access-remote-setup.md @@ -13 +13 @@ Different connection methods require different IAM permissions. Configure the ap - 1. Choose one of the following connection method permissions that align with your users’ [Connection methods](./remote-access.html#remote-access-connection-methods) +###### Important @@ -15 +15,5 @@ Different connection methods require different IAM permissions. Configure the ap - 2. [Create a custom IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) based on the connection method permission +Currently remote IDE connections are authenticated using IAM credentials, not IAM Identity Center. This applies for domains that use the IAM Identity Center [authentication method](https://docs.aws.amazon.com/sagemaker/latest/dg/onboard-custom.html#onboard-custom-authentication-details) for your users to access the domain. If you prefer not to use IAM authentication for remote connections, you can opt-out by disabling this feature using the `RemoteAccess` conditional key in your IAM policies. For more information, see [Remote access enforcement](./remote-access-remote-setup-abac.html#remote-access-remote-setup-abac-remote-access-enforcement). + + 1. Choose one of the following connection method permissions that align with your users’ [Connection methods](./remote-access.html#remote-access-connection-methods). + + 2. [Create a custom IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) based on the connection method permission.