AWS Security ChangesHomeSearch

AWS sagemaker documentation change

Service: sagemaker · 2026-03-25 · Documentation low

File: sagemaker/latest/dg/sagemaker-roles.md

Summary

Added specific IAM policy requirement for 'sagemaker:DescribeAlgorithm' permission when using AlgorithmArn parameter in training jobs.

Security assessment

This change documents additional IAM permissions needed for algorithm resources, improving security documentation but not addressing a specific security incident.

Diff

diff --git a/sagemaker/latest/dg/sagemaker-roles.md b/sagemaker/latest/dg/sagemaker-roles.md
index 0dfc83775..2f0112901 100644
--- a//sagemaker/latest/dg/sagemaker-roles.md
+++ b//sagemaker/latest/dg/sagemaker-roles.md
@@ -1279,0 +1280,11 @@ If `CreateTrainingJob.AlgorithSpecifications.TrainingImage` needs to access othe
+If you specify an algorithm resource by using the `AlgorithmSpecification.AlgorithmArn` parameter, the execution role must also have the following permission:
+    
+    
+    {
+        "Effect": "Allow",
+        "Action": [
+            "sagemaker:DescribeAlgorithm"
+        ],
+        "Resource": "arn:aws:sagemaker:*:*:algorithm/*"
+    }
+