AWS Security ChangesHomeSearch

AWS sagemaker documentation change

Service: sagemaker · 2026-07-01 · Documentation low

File: sagemaker/latest/dg/security-iam-awsmanpol-model-customization.md

Summary

Added servicequotas:ListServiceQuotas permission to IAM policy and updated policy history

Security assessment

Added read-only permission for service quota checks to improve operational visibility. Enhances security documentation by updating IAM policy details but doesn't fix vulnerabilities.

Diff

diff --git a/sagemaker/latest/dg/security-iam-awsmanpol-model-customization.md b/sagemaker/latest/dg/security-iam-awsmanpol-model-customization.md
index b264ccb94..a336c8dd0 100644
--- a//sagemaker/latest/dg/security-iam-awsmanpol-model-customization.md
+++ b//sagemaker/latest/dg/security-iam-awsmanpol-model-customization.md
@@ -51,0 +52,2 @@ This AWS managed policy includes the following permissions.
+  * `servicequotas` – Allows principals to list service quotas for Amazon SageMaker AI. This enables the Studio UI to look up instance-type-specific quota codes and provide direct links to the Service Quotas console when a quota limit is reached. Read-only.
+
@@ -361 +363,2 @@ This AWS managed policy includes the following permissions.
-                    "ec2:DescribeVpcs"
+                    "ec2:DescribeVpcs",
+                    "servicequotas:ListServiceQuotas"
@@ -565,0 +569 @@ Policy | Version | Change | Date
+AWS managed policy: AmazonSageMakerModelCustomizationCoreAccess – Updated policy | 2 |  Added `servicequotas:ListServiceQuotas` to the `SageMakerJobAdvancedSettings` statement. This allows the Amazon SageMaker AI Studio UI to look up instance-type-specific service quota codes and provide direct links to the Service Quotas console when a quota limit is reached during model customization workflows. | June 30, 2026