AWS sagemaker-unified-studio documentation change
Summary
Added documentation about disabling SageMaker Data Agent in IAM Identity Center domains, including a new section explaining how administrators can disable it through domain configuration.
Security assessment
This change adds security documentation about a control feature (disabling Data Agent) that administrators can use to restrict access. It provides a security configuration option but doesn't indicate it's addressing a specific security vulnerability or incident.
Diff
diff --git a/sagemaker-unified-studio/latest/userguide/data-agent-security.md b/sagemaker-unified-studio/latest/userguide/data-agent-security.md index c9751609c..0c418a08d 100644 --- a//sagemaker-unified-studio/latest/userguide/data-agent-security.md +++ b//sagemaker-unified-studio/latest/userguide/data-agent-security.md @@ -7 +7 @@ -Required IAM permissions to use SageMaker Data Agent +Required IAM permissions to use SageMaker Data AgentDisable the SageMaker Data Agent in IdC domains @@ -14,0 +15,2 @@ Required IAM permissions to use SageMaker Data Agent + * Disable the SageMaker Data Agent in IdC domains + @@ -21,0 +24,8 @@ To use the SageMaker Data Agent in Notebooks or Query Editor, your project role +## Disable the SageMaker Data Agent in IdC domains + +In IAM Identity Center (IdC) domains, administrators can disable the SageMaker Data Agent through the domain configuration. When disabled, users in the domain don't have access to the Data Agent in Notebooks or Query Editor. + +The following image shows the domain configuration option for disabling the SageMaker Data Agent. + + + @@ -28 +38 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Best Practices for the SageMaker Data Agent +Best practices for the SageMaker Data Agent