Amazon SageMaker Unified Studio now supports custom IAM permissions boundaries, so organizations that enforce Service Control Policies (SCPs) requiring permissions boundaries on all IAM roles can adopt SageMaker Unified Studio without modifying their security posture.
When a user creates a project, SageMaker Unified Studio provisions three IAM roles: a project user role, an Amazon Bedrock service role, and a Bedrock Lambda execution role. With this launch, administrators can specify a permissions boundary in the Tooling blueprint configuration, and all three roles are created with that permissions boundary attached. This satisfies SCP requirements at creation time, and project provisioning succeeds without administrator intervention. The permissions boundary also limits what the provisioned roles can do, so administrators retain control over project-level permissions even as new projects are created. Because the permissions boundary is set at the blueprint level, it applies to every new project automatically.
This feature is available in all AWS Regions where Amazon SageMaker Unified Studio is available. To learn more, visit the Manage Tooling blueprint parameters documentation.
Categories: general:products/amazon-sagemaker,marketing:marchitecture/analytics
Source: Amazon Web Services
Latest Posts
- Dynamics 365 Project Operations – Post project invoice proposals using multithreaded batch tasks [MC1390348]
- (Updated) New entry point for “Create pages with Copilot in SharePoint” [MC1324284]
- Amazon MSK now offers AI Agent Skills to help developers operate MSK efficiently and accelerate migrations to MSK
- AWS HealthOmics now supports Nextflow profiles
