| Amazon SageMaker AI API Operations | Required Permissions (API Actions) | Resources |
| DeleteEarthObservationJob
| sagemaker-geospatial:DeleteEarthObservationJob
| arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
|
| DeleteVectorEnrichmentJob
| sagemaker-geospatial:DeleteVectorEnrichmentJob
| arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
|
| ExportEarthObservationJob
| sagemaker-geospatial:ExportEarthObservationJob
| arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
|
| ExportVectorEnrichmentJob
| sagemaker-geospatial:ExportVectorEnrichmentJob
| arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
|
| GetEarthObservationJob
| sagemaker-geospatial:GetEarthObservationJob
| arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
|
| GetRasterDataCollection
| sagemaker-geospatial:GetRasterDataCollection
| arn:aws:sagemaker-geospatial:region:account-id:raster-data-collection/public/id
|
| GetTile
| sagemaker-geospatial:GetTile
| arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
|
| GetVectorEnrichmentJob
| sagemaker-geospatial:GetVectorEnrichmentJob
| arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
|
| ListEarthObservationJobs
| sagemaker-geospatial:ListEarthObservationJobs
| *
|
| ListRasterDataCollections
| sagemaker-geospatial:ListRasterDataCollections
| *
|
| ListTagsForResource
| sagemaker-geospatial:ListTagsForResource
| arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
|
| ListVectorEnrichmentJobs
| sagemaker-geospatial:ListVectorEnrichmentJobs
| *
|
| SearchRasterDataCollection
| sagemaker-geospatial:SearchRasterDataCollection
| arn:aws:sagemaker-geospatial:region:account-id:raster-data-collection/public/id
|
| StartEarthObservationJob
| sagemaker-geospatial:StartEarthObservationJob
| arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
|
| StartVectorEnrichmentJob
| sagemaker-geospatial:StartVectorEnrichmentJob
| arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
|
| StopEarthObservationJob
| sagemaker-geospatial:StopEarthObservationJob
| arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
|
| StopVectorEnrichmentJob
| sagemaker-geospatial:StopVectorEnrichmentJob
| arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
|
| TagResource
| sagemaker-geospatial:TagResource
| arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
|
| UntagResource
| sagemaker-geospatial:UntagResource
| arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
|
| AddTags
| sagemaker:AddTags
| arn:aws:sagemaker:region:account-id:*
|
| CreateApp
| sagemaker:CreateApp
| arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName
|
| CreateAppImageConfig
| sagemaker:CreateAppImageConfig
| arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName
|
| CreateAutoMLJob
| sagemaker:CreateAutoMLJob
iam:PassRole
The following permission is required only if any of the associated ResourceConfig have a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action: kms:CreateGrant
| arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName |
| CreateAutoMLJobV2
| sagemaker:CreateAutoMLJobV2
iam:PassRole
The following permission is required only if any of the associated ResourceConfig have a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action: kms:CreateGrant
| arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName |
| CreateDomain
| sagemaker:CreateDomain
iam:CreateServiceLinkedRole
iam:PassRole
Required if a KMS customer managed key is specified for KmsKeyId: elasticfilesystem:CreateFileSystem
kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKeyWithoutPlainText
Required to create a domain that supports RStudio: sagemaker:CreateApp
| arn:aws:sagemaker:region:account-id:domain/domain-id
|
| CreateEndpoint
| sagemaker:CreateEndpoint
kms:CreateGrant (required only if the associated EndPointConfig has a KmsKeyId specified)
| arn:aws:sagemaker:region:account-id:endpoint/endpointName
arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName
|
| CreateEndpointConfig
| sagemaker:CreateEndpointConfig
| arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName
|
| CreateFlowDefinition
| sagemaker:CreateFlowDefinition
iam:PassRole
| arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName
|
| CreateHumanTaskUi
| sagemaker:CreateHumanTaskUi
| arn:aws:sagemaker:region:account-id:human-task-ui/humanTaskUiName
|
| CreateInferenceRecommendationsJob
| sagemaker:CreateInferenceRecommendationsJob
iam:PassRole
The following permissions are required only if you specify an encryption key: kms:CreateGrant
kms:Decrypt
kms:DescribeKey
kms:GenerateDataKey
| arn:aws:sagemaker:region:account-id:inference-recommendations-job/inferenceRecommendationsJobName
|
| CreateHyperParameterTuningJob
| sagemaker:CreateHyperParameterTuningJob
iam:PassRole
The following permission is required only if any of the associated ResourceConfig have a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action: kms:CreateGrant
| arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJobName
|
| CreateImage
| sagemaker:CreateImage
iam:PassRole
| arn:aws:sagemaker:region:account-id:image/*
|
| CreateImageVersion
| sagemaker:CreateImageVersion
| arn:aws:sagemaker:region:account-id:image-version/imageName/*
|
| CreateLabelingJob
| sagemaker:CreateLabelingJob iam:PassRole | arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName
|
| CreateModel
| sagemaker:CreateModel
iam:PassRole
| arn:aws:sagemaker:region:account-id:model/modelName
|
| CreateModelPackage
| sagemaker:CreateModelPackage
| arn:aws:sagemaker:region:account-id:model-package/modelPackageName
|
| CreateModelPackageGroup
| sagemaker:CreateModelPackageGroup
| arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
|
| CreateNotebookInstance
| sagemaker:CreateNotebookInstance
iam:PassRole
The following permissions are required only if you specify a VPC for your notebook instance: ec2:CreateNetworkInterface
ec2:DescribeSecurityGroups
ec2:DescribeSubnets
ec2:DescribeVpcs
The following permissions are required only if you specify an encryption key: kms:DescribeKey
kms:CreateGrant
The following permission is required only if you specify an AWS Secrets Manager secret to access a private Git repository: secretsmanager:GetSecretValue
| arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
|
| CreatePipeline
| sagemaker:CreatePipeline
iam:PassRole
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
arn:aws-partition:iam::account-id:role/role-name
|
| CreatePresignedDomainUrl
| sagemaker:CreatePresignedDomainUrl
| arn:aws:sagemaker:region:account-id:app/domain-id/userProfileName/*
|
| CreatePresignedNotebookInstanceUrl
| sagemaker:CreatePresignedNotebookInstanceUrl
| arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
|
| CreateProcessingJob
| sagemaker:CreateProcessingJob
iam:PassRole
kms:CreateGrant (required only if the associated ProcessingResources has a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action)
ec2:CreateNetworkInterface (required only if you specify a VPC)
| arn:aws:sagemaker:region:account-id:processing-job/processingJobName
|
| CreateSpace
| sagemaker:CreateSpace
| arn:aws:sagemaker:region:account-id:space/domain-id/spaceName
|
| CreateStudioLifecycleConfig
| sagemaker:CreateStudioLifecycleConfig
| arn:aws:sagemaker:region:account-id:studio-lifecycle-config/.*
|
| CreateTrainingJob
| sagemaker:CreateTrainingJob
iam:PassRole
kms:CreateGrant (required only if the associated ResourceConfig has a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action)
| arn:aws:sagemaker:region:account-id:training-job/trainingJobName
|
| CreateTrainingPlan
| sagemaker:CreateTrainingPlan
sagemaker:CreateReservedCapacity
sagemaker:AddTags
| arn:aws:sagemaker:region:account-id:training-plan/*"
arn:aws:sagemaker:region:account-id:reserved-capacity/*
|
| CreateTransformJob
| sagemaker:CreateTransformJob
kms:CreateGrant (required only if the associated TransformResources has a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action)
| arn:aws:sagemaker:region:account-id:transform-job/transformJobName
|
| CreateUserProfile
| sagemaker:CreateUserProfile
iam:PassRole
| arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName
|
| CreateWorkforce
| sagemaker:CreateWorkforce
cognito-idp:DescribeUserPoolClient
cognito-idp:UpdateUserPool
cognito-idp:DescribeUserPool
cognito-idp:UpdateUserPoolClient
| arn:aws:sagemaker:region:account-id:workforce/* |
| CreateWorkteam
| sagemaker:CreateWorkteam
cognito-idp:DescribeUserPoolClient
cognito-idp:UpdateUserPool
cognito-idp:DescribeUserPool
cognito-idp:UpdateUserPoolClient
| arn:aws:sagemaker:region:account-id:workteam/private-crowd/work team name
|
| DeleteApp
| sagemaker:DeleteApp
| arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName
|
| DeleteAppImageConfig
| sagemaker:DeleteAppImageConfig
| arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName
|
| DeleteDomain
| sagemaker:DeleteDomain
| arn:aws:sagemaker:region:account-id:domain/domainId
|
| DeleteEndpoint
| sagemaker:DeleteEndpoint
| arn:aws:sagemaker:region:account-id:endpoint/endpointName
|
| DeleteEndpointConfig
| sagemaker:DeleteEndpointConfig
| arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName
|
| DeleteFlowDefinition
| sagemaker:DeleteFlowDefinition
| arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName
|
| DeleteHumanLoop
| sagemaker:DeleteHumanLoop
| arn:aws:sagemaker:region:account-id:human-loop/humanLoopName
|
| DeleteImage
| sagemaker:DeleteImage
| arn:aws:sagemaker:region:account-id:image/imageName
|
| DeleteImageVersion
| sagemaker:DeleteImageVersion
| arn:aws:sagemaker:region:account-id:image-version/imageName/versionNumber
|
| DeleteModel
| sagemaker:DeleteModel
| arn:aws:sagemaker:region:account-id:model/modelName
|
| DeleteModelPackage
| sagemaker:DeleteModelPackage
| arn:aws:sagemaker:region:account-id:model-package/modelPackageName
|
| DeleteModelPackageGroup
| sagemaker:DeleteModelPackageGroup
| arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
|
| DeleteModelPackageGroupPolicy
| sagemaker:DeleteModelPackageGroupPolicy
| arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
|
| DeleteNotebookInstance
| sagemaker:DeleteNotebookInstance
The following permission is required only if you specified a VPC for your notebook instance: ec2:DeleteNetworkInterface
The following permissions are required only if you specified an encryption key when you created the notebook instance: kms:DescribeKey
| arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
|
| DeletePipeline
| sagemaker:DeletePipeline
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
|
| DeleteSpace
| sagemaker:DeleteSpace
| arn:aws:sagemaker:region:account-id:space/domain-id/spaceName
|
| DeleteTags
| sagemaker:DeleteTags
| arn:aws:sagemaker:region:account-id:*
|
| DeleteUserProfile
| sagemaker:DeleteUserProfile
| arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName
|
| DeleteWorkforce
| sagemaker:DeleteWorkforce
| arn:aws:sagemaker:region:account-id:workforce/*
|
| DeleteWorkteam
| sagemaker:DeleteWorkteam
| arn:aws:sagemaker:region:account-id:workteam/private-crowd/*
|
| DescribeApp
| sagemaker:DescribeApp
| arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName
|
| DescribeAppImageConfig
| sagemaker:DescribeAppImageConfig
| arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName
|
| DescribeAutoMLJob
| sagemaker:DescribeAutoMLJob
| arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName |
| DescribeAutoMLJobV2
| sagemaker:DescribeAutoMLJobV2
| arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName |
| DescribeDomain
| sagemaker:DescribeDomain
| arn:aws:sagemaker:region:account-id:domain/domainId
|
| DescribeEndpoint
| sagemaker:DescribeEndpoint
| arn:aws:sagemaker:region:account-id:endpoint/endpointName
|
| DescribeEndpointConfig
| sagemaker:DescribeEndpointConfig
| arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName
|
| DescribeFlowDefinition
| sagemaker:DescribeFlowDefinition
| arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName
|
| DescribeHumanLoop
| sagemaker:DescribeHumanLoop
| arn:aws:sagemaker:region:account-id:human-loop/humanLoopName
|
| DescribeHumanTaskUi
| sagemaker:DescribeHumanTaskUi
| arn:aws:sagemaker:region:account-id:human-task-ui/humanTaskUiName
|
| DescribeHyperParameterTuningJob
| sagemaker:DescribeHyperParameterTuningJob
| arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob
|
| DescribeImage
| sagemaker:DescribeImage
| arn:aws:sagemaker:region:account-id:image/imageName
|
| DescribeImageVersion
| sagemaker:DescribeImageVersion
| arn:aws:sagemaker:region:account-id:image-version/imageName/versionNumber
|
| DescribeLabelingJob
| sagemaker:DescribeLabelingJob
| arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName
|
| DescribeModel
| sagemaker:DescribeModel
| arn:aws:sagemaker:region:account-id:model/modelName
|
| DescribeModelPackage
| sagemaker:DescribeModelPackage
| arn:aws:sagemaker:region:account-id:model-package/modelPackageName
|
| DescribeModelPackageGroup
| sagemaker:DescribeModelPackageGroup
| arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
|
| DescribeNotebookInstance
| sagemaker:DescribeNotebookInstance
| arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
|
| DescribePipeline
| sagemaker:DescribePipeline
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
|
| DescribePipelineDefinitionForExecution
| sagemaker:DescribePipelineDefinitionForExecution
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
|
| DescribePipelineExecution
| sagemaker:DescribePipelineExecution
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
|
| DescribeProcessingJob
| sagemaker:DescribeProcessingJob
| arn:aws:sagemaker:region:account-id:processing-job/processingjobname
|
| DescribeSpace
| sagemaker:DescribeSpace
| arn:aws:sagemaker:region:account-id:space/domain-id/spaceName
|
| DescribeSubscribedWorkteam
| sagemaker:DescribeSubscribedWorkteam
aws-marketplace:ViewSubscriptions
| arn:aws:sagemaker:region:account-id:workteam/vendor-crowd/*
|
| DescribeTrainingJob
| sagemaker:DescribeTrainingJob
| arn:aws:sagemaker:region:account-id:training-job/trainingjobname
|
| DescribeTransformJob
| sagemaker:DescribeTransformJob
| arn:aws:sagemaker:region:account-id:transform-job/transformjobname
|
| DescribeUserProfile
| sagemaker:DescribeUserProfile
| arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName
|
| DescribeWorkforce
| sagemaker:DescribeWorkforce
| arn:aws:sagemaker:region:account-id:workforce/*
|
| DescribeWorkteam
| sagemaker:DescribeWorkteam
| arn:aws:sagemaker:region:account-id:workteam/private-crowd/*
|
| GetModelPackageGroupPolicy
| sagemaker:GetModelPackageGroupPolicy
| arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
|
| InvokeEndpoint
| sagemaker:InvokeEndpoint
| arn:aws:sagemaker:region:account-id:endpoint/endpointName
|
| ListAppImageConfigs
| sagemaker:ListAppImageConfigs
| arn:aws:sagemaker:region:account-id:app-image-config/*
|
| ListApps
| sagemaker:ListApps
| arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/*
|
| ListDomains
| sagemaker:ListDomains
| arn:aws:sagemaker:region:account-id:domain/*
|
| ListEndpointConfigs
| sagemaker:ListEndpointConfigs
| *
|
| ListEndpoints
| sagemaker:ListEndpoints
| *
|
| ListFlowDefinitions
| sagemaker:ListFlowDefinitions
| *
|
| ListHumanLoops
| sagemaker:ListHumanLoops
| *
|
| ListHumanTaskUis
| sagemaker:ListHumanTaskUis
| *
|
| ListHyperParameterTuningJobs
| sagemaker:ListHyperParameterTuningJobs
| arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob
|
| ListImages
| sagemaker:ListImages
| *
|
| ListImageVersions
| sagemaker:ListImageVersions
| arn:aws:sagemaker:region:account-id:image/*
|
| ListLabelingJobs
| sagemaker:ListLabelingJobs
| *
|
| ListLabelingJobsForWorkteam
| sagemaker:ListLabelingJobForWorkteam
| *
|
| ListModelPackageGroups
| sagemaker:ListModelPackageGroups
| arn:aws:sagemaker:region:account-id :model-package-group/ModelPackageGroupName
|
| ListModelPackages
| sagemaker:ListModelPackages
| arn:aws:sagemaker:region:account-id :model-package/ModelPackageName
|
| ListModels
| sagemaker:ListModels
| *
|
| ListNotebookInstances
| sagemaker:ListNotebookInstances
| *
|
| ListPipelineExecutions
| sagemaker:ListPipelineExecutions
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
|
| ListPipelineExecutionSteps
| sagemaker:ListPipelineExecutionSteps
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
|
| ListPipelineParametersForExecution
| sagemaker:ListPipelineParametersForExecution
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
|
| ListPipelines
| sagemaker:ListPipelines
| * |
| ListProcessingJobs
| sagemaker:ListProcessingJobs
| *
|
| ListSpaces
| sagemaker:ListSpaces
| arn:aws:sagemaker:region:account-id:space/domain-id/*
|
| ListSubscribedWorkteams
| sagemaker:ListSubscribedWorkteams
aws-marketplace:ViewSubscriptions
| *
|
| ListTags
| sagemaker:ListTags
| arn:aws:sagemaker:region:account-id:*
|
| ListTrainingJobs
| sagemaker:ListTrainingJobs
| *
|
| ListTrainingJobsForHyperParameterTuningJob
| sagemaker:ListTrainingJobsForHyperParameterTuningJob
| arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob
|
| ListTransformJobs
| sagemaker:ListTransformJobs
| *
|
| ListUserProfiles
| sagemaker:ListUserProfiles
| arn:aws:sagemaker:region:account-id:user-profile/domain-id/*
|
| ListWorkforces
| sagemaker:ListWorkforces
| * |
| ListWorkteams
| sagemaker:ListWorkteams
| *
|
| PutModelPackageGroupPolicy
| sagemaker:PutModelPackageGroupPolicy
| arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
|
| RetryPipelineExecution
| sagemaker:RetryPipelineExecution
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
|
| Search
| sagemaker:Search
| *
|
| SendPipelineExecutionStepFailure
| sagemaker:SendPipelineExecutionStepFailure
| *
|
| SendPipelineExecutionStepSuccess
| sagemaker:SendPipelineExecutionStepSuccess
| *
|
| StartHumanLoop
| sagemaker:StartHumanLoop
| arn:aws:sagemaker:region:account-id:human-loop/humanLoopName
|
| StartNotebookInstance
| sagemaker:StartNotebookInstance
The following permissions are required only if you specified a VPC when you created your notebook instance: ec2:CreateNetworkInterface
ec2:DescribeNetworkInterfaces
ec2:DescribeSecurityGroups
ec2:DescribeSubnets
ec2:DescribeVpcs
The following permissions are required only if you specified an encryption key when you created the notebook instance: kms:DescribeKey
kms:CreateGrant
The following permission is required only if you specified an AWS Secrets Manager secret to access a private Git repository when you created the notebook instance: secretsmanager:GetSecretValue
| arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
|
| StartPipelineExecution
| sagemaker:StartPipelineExecution
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
|
| StopHumanLoop
| sagemaker:StopHumanLoop
| arn:aws:sagemaker:region:account-id:human-loop/humanLoopName
|
| StopHyperParameterTuningJob
| sagemaker:StopHyperParameterTuningJob
| arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob
|
| StopLabelingJob
| sagemaker:StopLabelingJob
| arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName
|
| StopNotebookInstance
| sagemaker:StopNotebookInstance
| arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
|
| StopPipelineExecution
| sagemaker:StopPipelineExecution
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
|
| StopProcessingJob
| sagemaker:StopProcessingJob
| arn:aws:sagemaker:region:account-id:processing-job/processingJobName
|
| StopTrainingJob
| sagemaker:StopTrainingJob
| arn:aws:sagemaker:region:account-id:training-job/trainingJobName
|
| StopTransformJob
| sagemaker:StopTransformJob
| arn:aws:sagemaker:region:account-id:transform-job/transformJobName
|
| UpdateAppImageConfig
| sagemaker:UpdateAppImageConfig
| arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName
|
| UpdateDomain
| sagemaker:UpdateDomain
| arn:aws:sagemaker:region:account-id:domain/domainId
|
| UpdateEndpoint
| sagemaker:UpdateEndpoint
| arn:aws:sagemaker:region:account-id:endpoint/endpointName
|
| UpdateEndpointWeightsAndCapacities
| sagemaker:UpdateEndpointWeightsAndCapacities
| arn:aws:sagemaker:region:account-id:endpoint/endpointName
|
| UpdateImage
| sagemaker:UpdateImage
iam:PassRole
| arn:aws:sagemaker:region:account-id:image/imageName
|
| UpdateModelPackage
| sagemaker:UpdateModelPackage
| arn:aws:sagemaker:region:account-id:model-package/modelPackageName
|
| UpdateNotebookInstance
| sagemaker:UpdateNotebookInstance
iam:PassRole
| arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
|
| UpdatePipeline
| sagemaker:UpdatePipeline
iam:PassRole
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
arn:aws-partition:iam::account-id:role/role-name
|
| UpdatePipelineExecution
| sagemaker:UpdatePipelineExecution
| arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
|
| UpdateSpace
| sagemaker:UpdateSpace
| arn:aws:sagemaker:region:account-id:space/domain-id/spaceName
|
| UpdateUserProfile
| sagemaker:UpdateUserProfile
| arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName
|
| UpdateWorkforce
| sagemaker:UpdateWorkforce
| arn:aws:sagemaker:region:account-id:workforce/*
|
| UpdateWorkteam
| sagemaker:UpdateWorkteam
| arn:aws:sagemaker:region:account-id:workteam/private-crowd/*
|