AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio medium security documentation change

Service: sagemaker-unified-studio · 2025-10-01 · Security-related medium

File: sagemaker-unified-studio/latest/adminguide/doc-history.md

Summary

Added entry for SageMakerStudioProjectProvisioningRolePolicy update supporting Trusted Identity Propagation (TIP)

Security assessment

Explicitly documents expanded permissions for security-related configurations (LakeFormation, Glue, EMR SecurityConfiguration, SSO) required for TIP feature - a security-focused identity management capability

Diff

diff --git a/sagemaker-unified-studio/latest/adminguide/doc-history.md b/sagemaker-unified-studio/latest/adminguide/doc-history.md
index f6d416ddb..839c61335 100644
--- a//sagemaker-unified-studio/latest/adminguide/doc-history.md
+++ b//sagemaker-unified-studio/latest/adminguide/doc-history.md
@@ -10,0 +11 @@ Change| Description| Date
+Policy update - SageMakerStudioProjectProvisioningRolePolicy| Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding support for customers who opt-in to the Trusted Identity Propagation (TIP) feature, additional resources and configurations are required which require additional permissions, including LakeFormation IdentityCenterConfiguration resource permissions, AWS Glue IdentityCenterConfiguration resource permissions, EMR SecurityConfiguration `Describe` permission SSO resource permissions. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| September 26, 2025