AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio medium security documentation change

Service: sagemaker-unified-studio · 2025-10-01 · Security-related medium

File: sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md

Summary

Updated managed policy documentation with new security-related permissions for Trusted Identity Propagation

Security assessment

Details added permissions for security-sensitive resources (LakeFormation IdentityCenterConfiguration, AWS Glue IdentityCenterConfiguration) required for proper security configuration

Diff

diff --git a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
index 251118a95..d693f82cb 100644
--- a//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
+++ b//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
@@ -10,0 +11 @@ Change | Description | Date
+Policy update - [SageMakerStudioProjectProvisioningRolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioProjectProvisioningRolePolicy) |  Policy updates to SageMakerStudioProjectProvisioningRolePolicy - adding support for customers who opt-in to the Trusted Identity Propagation (TIP) feature, additional resources and configurations are required which require additional permissions, including LakeFormation IdentityCenterConfiguration resource permissions, AWS Glue IdentityCenterConfiguration resource permissions, EMR SecurityConfiguration `Describe` permission SSO resource permissions.  | 9/26/2025