AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio documentation change

Service: sagemaker-unified-studio · 2026-04-22 · Documentation low

File: sagemaker-unified-studio/latest/adminguide/working-with-domains.md

Summary

Added note about IAM Identity Center multi-Region support, stating that SageMaker domains can reside in different AWS Regions than the IAM Identity Center organization instance.

Security assessment

This change adds documentation about cross-region authentication capabilities, which is a security feature enabling centralized identity management across regions. It clarifies that IAM Identity Center must be connected to an external IdP for this feature. No evidence of addressing a specific security vulnerability.

Diff

diff --git a/sagemaker-unified-studio/latest/adminguide/working-with-domains.md b/sagemaker-unified-studio/latest/adminguide/working-with-domains.md
index db5daffa1..d07cb4fa6 100644
--- a//sagemaker-unified-studio/latest/adminguide/working-with-domains.md
+++ b//sagemaker-unified-studio/latest/adminguide/working-with-domains.md
@@ -14,0 +15,4 @@ Amazon SageMaker Unified Studio supports two distinct domain types to accommodat
+###### Note
+
+The Amazon SageMaker domain can reside in a different AWS Region than where the IAM Identity Center organization instance is located using IAM Identity Center multi-Region support. To use this feature, your IAM Identity Center instance must be connected to an external identity provider (IdP). For information about setting up IAM Identity Center multi-Region, see [Using IAM Identity Center across multiple AWS Regions](https://docs.aws.amazon.com/singlesignon/latest/userguide/multi-region-iam-identity-center.html).
+