AWS Security ChangesHomeSearch

AWS sagemaker documentation change

Service: sagemaker · 2026-04-10 · Documentation low

File: sagemaker/latest/dg/sagemaker-roles.md

Summary

Added IAM permission requirement for 'sagemaker:DescribeAlgorithm' when using AlgorithmArn parameter

Security assessment

This change adds IAM policy documentation for proper access control when using algorithm resources. It's security documentation but doesn't fix a specific vulnerability.

Diff

diff --git a/sagemaker/latest/dg/sagemaker-roles.md b/sagemaker/latest/dg/sagemaker-roles.md
index b044600e4..20197032f 100644
--- a//sagemaker/latest/dg/sagemaker-roles.md
+++ b//sagemaker/latest/dg/sagemaker-roles.md
@@ -1279,0 +1280,11 @@ If `CreateTrainingJob.AlgorithSpecifications.TrainingImage` needs to access othe
+If you specify an algorithm resource by using the `AlgorithmSpecification.AlgorithmArn` parameter, the execution role must also have the following permission:
+    
+    
+    {
+        "Effect": "Allow",
+        "Action": [
+            "sagemaker:DescribeAlgorithm"
+        ],
+        "Resource": "arn:aws:sagemaker:*:*:algorithm/*"
+    }
+