AWS sagemaker-unified-studio documentation change
Summary
Updated CloudFormation reference and added Amazon MWAA permissions requirement
Security assessment
The change adds Amazon MWAA permissions and adjusts branding for CloudFormation. No explicit security context or vulnerability mitigation is mentioned in this specific change.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy.md b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy.md index f99b30091..d8bd126e5 100644 --- a//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy.md +++ b//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy.md @@ -9 +9 @@ This is an administrative execution policy for using IAM roles with Amazon SageM -This policy provides full access to all APIs and resources for services used in Amazon SageMaker Unified Studio, such as Amazon CloudWatch Logs AWS Glue, Amazon Redshift, Amazon Redshift Data API, Amazon Redshift Serverless, Amazon S3, Amazon Athena, Amazon Bedrock, Amazon CodeWhisperer, Amazon DataZone, Amazon Q, Amazon SageMaker AI, AWS SQL Workbench, Amazon EventBridge Scheduler, and AWS CloudFormation. +This policy provides full access to all APIs and resources for services used in Amazon SageMaker Unified Studio, such as Amazon CloudWatch Logs AWS Glue, Amazon Redshift, Amazon Redshift Data API, Amazon Redshift Serverless, Amazon S3, Amazon Athena, Amazon Bedrock, Amazon CodeWhisperer, Amazon DataZone, Amazon Q, Amazon SageMaker AI, AWS SQL Workbench, Amazon EventBridge Scheduler, and CloudFormation. @@ -26,0 +27,2 @@ Additional access is provided for the following services: + * Amazon MWAA permissions are required to manage and schedule workflows. +