AWS sagemaker documentation change
Summary
Added servicequotas:ListServiceQuotas permission to IAM policy and updated policy history
Security assessment
Added read-only permission for service quota checks to improve operational visibility. Enhances security documentation by updating IAM policy details but doesn't fix vulnerabilities.
Diff
diff --git a/sagemaker/latest/dg/security-iam-awsmanpol-model-customization.md b/sagemaker/latest/dg/security-iam-awsmanpol-model-customization.md index b264ccb94..a336c8dd0 100644 --- a//sagemaker/latest/dg/security-iam-awsmanpol-model-customization.md +++ b//sagemaker/latest/dg/security-iam-awsmanpol-model-customization.md @@ -51,0 +52,2 @@ This AWS managed policy includes the following permissions. + * `servicequotas` – Allows principals to list service quotas for Amazon SageMaker AI. This enables the Studio UI to look up instance-type-specific quota codes and provide direct links to the Service Quotas console when a quota limit is reached. Read-only. + @@ -361 +363,2 @@ This AWS managed policy includes the following permissions. - "ec2:DescribeVpcs" + "ec2:DescribeVpcs", + "servicequotas:ListServiceQuotas" @@ -565,0 +569 @@ Policy | Version | Change | Date +AWS managed policy: AmazonSageMakerModelCustomizationCoreAccess – Updated policy | 2 | Added `servicequotas:ListServiceQuotas` to the `SageMakerJobAdvancedSettings` statement. This allows the Amazon SageMaker AI Studio UI to look up instance-type-specific service quota codes and provide direct links to the Service Quotas console when a quota limit is reached during model customization workflows. | June 30, 2026