AWS sagemaker-unified-studio high security documentation change
Summary
Added policy updates for SageMakerStudioAdminIAMConsolePolicy (added KMS/CloudFormation/EC2 permissions) and SageMakerStudioUserIAMConsolePolicy (removed pass role permissions)
Security assessment
Removing pass role permissions from user policies directly addresses privilege escalation risks. Adding KMS permissions relates to encryption controls. Both changes demonstrate security-conscious policy hardening.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md b/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md index 46451e27b..c423f261d 100644 --- a//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md +++ b//sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-updates.md @@ -16,0 +17,2 @@ Policy update - [SageMakerStudioUserIAMPermissiveExecutionPolicy](https://docs.a +Policy update - [SageMakerStudioAdminIAMConsolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioAdminIAMConsolePolicy) | Policy updates to SageMakerStudioAdminIAMConsolePolicy - adding KMS, CloudFormation and EC2 permissions for Amazon SageMaker Unified Studio. | 11/14/2025 +Policy update - [SageMakerStudioUserIAMConsolePolicy](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/adminguide/security-iam-awsmanpol-SageMakerStudioUserIAMConsolePolicy) | Policy updates to SageMakerStudioUserIAMConsolePolicy - removing pass role permissions. | 11/14/2025