AWS sagemaker documentation change
Summary
Added IAM permission requirement for 'sagemaker:DescribeAlgorithm' when using AlgorithmArn parameter
Security assessment
This change adds IAM policy documentation for proper access control when using algorithm resources. It's security documentation but doesn't fix a specific vulnerability.
Diff
diff --git a/sagemaker/latest/dg/sagemaker-roles.md b/sagemaker/latest/dg/sagemaker-roles.md index b044600e4..20197032f 100644 --- a//sagemaker/latest/dg/sagemaker-roles.md +++ b//sagemaker/latest/dg/sagemaker-roles.md @@ -1279,0 +1280,11 @@ If `CreateTrainingJob.AlgorithSpecifications.TrainingImage` needs to access othe +If you specify an algorithm resource by using the `AlgorithmSpecification.AlgorithmArn` parameter, the execution role must also have the following permission: + + + { + "Effect": "Allow", + "Action": [ + "sagemaker:DescribeAlgorithm" + ], + "Resource": "arn:aws:sagemaker:*:*:algorithm/*" + } +