AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio documentation change

Service: sagemaker-unified-studio · 2026-03-22 · Documentation medium

File: sagemaker-unified-studio/latest/adminguide/git-connections.md

Summary

Added and emphasized important warnings about Git connections granting all users in the account read/write access to all repositories, with no repository-level isolation, and advises against storing sensitive information unless all users are authorized. Also changed a note to 'Important' and updated content about connection behavior.

Security assessment

This change significantly expands security warnings about the access model of Git connections, explicitly stating there is no repository-level isolation and advising against storing sensitive information. While this highlights a security consideration, there is no evidence of a specific security vulnerability being addressed; it appears to be clarifying existing behavior to prevent misconfiguration and data exposure.

Diff

diff --git a/sagemaker-unified-studio/latest/adminguide/git-connections.md b/sagemaker-unified-studio/latest/adminguide/git-connections.md
index 4d8996940..58603cbb6 100644
--- a//sagemaker-unified-studio/latest/adminguide/git-connections.md
+++ b//sagemaker-unified-studio/latest/adminguide/git-connections.md
@@ -10,0 +11,4 @@ Git connections enable you to check in and check out files, and manage your code
+###### Important
+
+When you enable a Git connection, all users who can sign in to any domain in the account have read and write access to all repositories on that connection. This access applies regardless of the user's project membership or permission level. To enforce isolation between repositories, use separate AWS accounts.
+
@@ -228 +232,3 @@ After a 3P Git connection is created and updated to become available, you can en
-###### Note
+###### Important
+
+When you enable a Git connection, all users who can sign in to any domain in the account have read and write access to all repositories on that connection. This access applies regardless of the user's project membership or permission level. There is no repository-level isolation within a single account. To enforce isolation between repositories, use separate AWS accounts. Do not store sensitive information in connected repositories unless all users in the account are authorized to access that information.
@@ -230 +236 @@ After a 3P Git connection is created and updated to become available, you can en
-All tagged connections will be accessible from all domains in the account and all projects in the associated accounts.
+The following note describes the behavior when a connection is later disabled or deleted.