AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio medium security documentation change

Service: sagemaker-unified-studio · 2025-11-19 · Security-related medium

File: sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md

Summary

Added policy update entries documenting improved session isolation and new API permissions

Security assessment

The updates explicitly mention improving isolation for Glue and Athena sessions to restrict users to their own sessions, which addresses a security concern of unauthorized cross-session access. This is a documented security enhancement.

Diff

diff --git a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
index 811099e2e..1d3e20f6b 100644
--- a//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
+++ b//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md
@@ -10,0 +11,4 @@ Change | Description | Date
+Policy update - [SageMakerStudioAdminIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMDefaultExecutionPolicy) |  Policy updates to SageMakerStudioAdminIAMDefaultExecutionPolicy - adding permissions for new APIs for SageMaker Unified Studio MCP, Airflow Serverless, and Athena sessions. Improve isolation for Glue and Athena sessions by making sure users can only access their own sessions. | 11/14/2025  
+Policy update - [SageMakerStudioAdminIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMPermissiveExecutionPolicy) |  Policy updates to SageMakerStudioAdminIAMPermissiveExecutionPolicy - adding permissions for new APIs for SageMaker Unified Studio MCP, Airflow Serverless, and Athena sessions. Improve isolation for Glue and Athena sessions by making sure users can only access their own sessions. | 11/14/2025  
+Policy update - [SageMakerStudioUserIAMDefaultExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMDefaultExecutionPolicy) |  Policy updates to SageMakerStudioUserIAMDefaultExecutionPolicy - adding permissions for new APIs for SageMaker Unified Studio MCP, Airflow Serverless, and Athena sessions. Improve isolation for Glue and Athena sessions by making sure users can only access their own sessions. | 11/14/2025  
+Policy update - [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMPermissiveExecutionPolicy) |  Policy updates to SageMakerStudioUserIAMPermissiveExecutionPolicy - adding permissions for new APIs for SageMaker Unified Studio MCP, Airflow Serverless, and Athena sessions. Improve isolation for Glue and Athena sessions by making sure users can only access their own sessions. | 11/14/2025