AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio documentation change

Service: sagemaker-unified-studio · 2026-03-22 · Documentation medium

File: sagemaker-unified-studio/latest/userguide/concepts.md

Summary

Added warning about Git connections granting all users in the account read/write access to all repositories, regardless of project membership or permission level, and recommends using separate AWS accounts for isolation.

Security assessment

This change adds a security warning to the user guide about the broad access model of Git connections. It mirrors the warning added in the admin guide and is intended to inform users about security considerations. No specific security vulnerability is indicated; it is a documentation update to prevent misconfiguration.

Diff

diff --git a/sagemaker-unified-studio/latest/userguide/concepts.md b/sagemaker-unified-studio/latest/userguide/concepts.md
index 2204d3afe..68cced285 100644
--- a//sagemaker-unified-studio/latest/userguide/concepts.md
+++ b//sagemaker-unified-studio/latest/userguide/concepts.md
@@ -143 +143 @@ In Amazon SageMaker Unified Studio, a business glossary is a collection of busin
-Use git connections to check in and check out files and manage your code repository. When you create an Amazon SageMaker unified domain, a default git connection to CodeCommit is provided for you to manage your code. You can also create and enable new 3P Git connections to GitHub, GitHub Enterprise Server, GitLab, and GitLab Self-Managed. 
+Use git connections to check in and check out files and manage your code repository. When you create an Amazon SageMaker unified domain, a default git connection to CodeCommit is provided for you to manage your code. You can also create and enable new 3P Git connections to GitHub, GitHub Enterprise Server, GitLab, and GitLab Self-Managed. When you enable a Git connection, all users who can sign in to any domain in the account have read and write access to all repositories on that connection. This access applies regardless of the user's project membership or permission level. To enforce isolation between repositories, use separate AWS accounts.