Amazon SageMaker Studio now supports trusted identity propagation

We are excited to announce that Amazon SageMaker Studio now supports trusted identity propagation (TIP), enabling admins to trace actions taken in SageMaker Studio back to a human user. It also enables administrators to manage permissions based on user identity to AWS Lake Formation and Amazon S3 Access Grants.

Starting today, SageMaker Studio now supports trusted identity propagation for AWS services, including AWS Lake Formation, Amazon S3, Amazon EMR, Amazon EMR-Serverless, Amazon Redshift and Amazon Athena. Customers can enable trusted identity propagation for SageMaker Studio domains, either at domain creation or while updating an existing domain. With this capability, customers can apply fine grained access controls using S3 Access Grants, Lake Formation, or Redshift Data APIs to govern user access to data in their SageMaker Studio notebooks. Customers’ Training and Processing jobs in Studio notebooks will integrate with S3 Access Grants.

With this change, administrators can trace creation of user interactive sessions as well as user background sessions across Studio applications (JupyterLab and CodeEditor) via AWS CloudTrail events. As an example, administrators can now track which user creates SageMaker Pipeline steps to run experiments using SageMaker MLFlow, trains ML models using SageMaker Training, and deploys using SageMaker Inference.

This feature is available in all AWS Regions where Amazon SageMaker Studio with IdC support is currently available, excluding China regions, and GovCloud (US) regions. To learn more, visit our documentation.

Categories:

Source: Amazon Web Services

Latest Posts