AWS sagemaker-unified-studio medium security documentation change
Summary
Added entries for policy updates to SageMakerStudioEMRContainersSystemNamespaceRolePolicy (refactored STS actions scope) and SageMakerStudioProjectProvisioningRolePolicy (added permissions for security features like Glue catalog encryption and trusted identity propagation).
Security assessment
The STS scope refactoring indicates a security hardening effort to reduce overprivileged access. The added permissions for encryption and trusted identity propagation directly relate to security feature enhancements. Both changes address security posture improvements.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/doc-history.md b/sagemaker-unified-studio/latest/adminguide/doc-history.md index 0e1f733c8..90efc335b 100644 --- a//sagemaker-unified-studio/latest/adminguide/doc-history.md +++ b//sagemaker-unified-studio/latest/adminguide/doc-history.md @@ -10,0 +11,2 @@ Change| Description| Date +Policy update - SageMakerStudioEMRContainersSystemNamespaceRolePolicy| Policy updates to SageMakerStudioEMRContainersSystemNamespaceRolePolicy - this revision refactors the scope of STS actions required for the EMR Containers service. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| October 31, 2025 +Policy update - SageMakerStudioProjectProvisioningRolePolicy| Policy updates to SageMakerStudioProjectProvisioningRolePolicy - permissions updates for the following features: EMR on EKS compute capabilities, trusted identity propagation with user background sessions, AWS resource custom tags support, support default AWS Glue catalog encryption, Amazon SageMaker Unified Studio per project S3 bucket. For more information, see [Amazon SageMaker Unified Studio updates to AWS managed policies](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol.html).| October 30, 2025