AWS sagemaker-unified-studio medium security documentation change
Summary
Added entry for SageMakerStudioProjectProvisioningRolePolicy update supporting Trusted Identity Propagation (TIP)
Security assessment
Explicitly documents expanded permissions for security-related configurations (LakeFormation, Glue, EMR SecurityConfiguration, SSO) required for TIP feature - a security-focused identity management capability
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/doc-history.md b/sagemaker-unified-studio/latest/adminguide/doc-history.md index f6d416ddb..839c61335 100644 --- a//sagemaker-unified-studio/latest/adminguide/doc-history.md +++ b//sagemaker-unified-studio/latest/adminguide/doc-history.md @@ -10,0 +11 @@ Change| Description| Date +Policy update - SageMakerStudioProjectProvisioningRolePolicy| Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding support for customers who opt-in to the Trusted Identity Propagation (TIP) feature, additional resources and configurations are required which require additional permissions, including LakeFormation IdentityCenterConfiguration resource permissions, AWS Glue IdentityCenterConfiguration resource permissions, EMR SecurityConfiguration `Describe` permission SSO resource permissions. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| September 26, 2025