@cloud-copilot/iam-data
Version:
1,925 lines • 211 kB
JSON
{
"accessmodelpackage": {
"name": "AccessModelPackage",
"isPermissionOnly": true,
"description": "Grants permission to access model package that can be used in Amazon SageMaker training or hosting services",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "model-package",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"addassociation": {
"name": "AddAssociation",
"description": "Grants permission to associate a lineage entity (artifact, context, action, experiment, experiment-trial-component) to each other",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "action",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "artifact",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "context",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "experiment",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "experiment-trial-component",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"addtags": {
"name": "AddTags",
"description": "Grants permission to add or overwrite one or more tags for the specified Amazon SageMaker resource",
"accessLevel": "Tagging",
"resourceTypes": [
{
"name": "action",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "ai-benchmark-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "ai-recommendation-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "ai-workload-config",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "algorithm",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "app",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "app-image-config",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "artifact",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "automl-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "cluster-scheduler-config",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "code-repository",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "compilation-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "compute-quota",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "context",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "data-quality-job-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "device",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "device-fleet",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "domain",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "edge-deployment-plan",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "edge-packaging-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "endpoint",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "endpoint-config",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "experiment",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "experiment-trial",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "experiment-trial-component",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "feature-group",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "flow-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "hub",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "hub-content",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "human-task-ui",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "hyper-parameter-tuning-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "image",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "inference-component",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "inference-recommendations-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "labeling-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "mlflow-app",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "mlflow-tracking-server",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "model",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "model-bias-job-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "model-card",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "model-explainability-job-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "model-package",
"required": false,
"conditionKeys": [
"sagemaker:CurrentModelLifeCycleStageStatus",
"sagemaker:CurrentModelLifeCycleStage",
"sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}"
],
"dependentActions": []
},
{
"name": "model-package-group",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "model-quality-job-definition",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "monitoring-schedule",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "notebook-instance",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "notebook-instance-lifecycle-config",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "optimization-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "partner-app",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "pipeline",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "processing-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "project",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "reserved-capacity",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "space",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "studio-lifecycle-config",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "training-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "training-plan",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "transform-job",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "user-profile",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "workteam",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:TaggingAction"
],
"dependentActions": []
},
"associatetrialcomponent": {
"name": "AssociateTrialComponent",
"description": "Grants permission to associate a trial component with a trial",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "experiment-trial",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "experiment-trial-component",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"attachclusternodevolume": {
"name": "AttachClusterNodeVolume",
"description": "Grants permission to attach an Amazon EBS volume to a SageMaker HyperPod cluster node",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"ec2:AttachVolume",
"ec2:DescribeVolumes",
"eks:DescribeCluster"
]
},
"batchaddclusternodes": {
"name": "BatchAddClusterNodes",
"description": "Grants permission to add multiple nodes at a time to a SageMaker HyperPod cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"eks:DescribeCluster"
]
},
"batchdeleteclusternodes": {
"name": "BatchDeleteClusterNodes",
"description": "Grants permission to batch delete SageMaker HyperPod cluster nodes",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": [
"eks:DescribeCluster"
]
},
"batchdescribemodelpackage": {
"name": "BatchDescribeModelPackage",
"description": "Grants permission to describe one or more ModelPackages",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "model-package",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"sagemaker:CurrentModelLifeCycleStageStatus",
"sagemaker:CurrentModelLifeCycleStage",
"sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}"
],
"dependentActions": []
},
"batchgetmetrics": {
"name": "BatchGetMetrics",
"description": "Grants permission to retrieve metrics associated with SageMaker Resources such as Training Jobs or Trial Components",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "experiment-trial-component",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "training-job",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchgetrecord": {
"name": "BatchGetRecord",
"description": "Grants permission to get a batch of records from one or more feature groups",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "feature-group",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"batchputmetrics": {
"name": "BatchPutMetrics",
"description": "Grants permission to publish metrics associated with a SageMaker Resource such as a Training Job or Trial Component",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "experiment-trial-component",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "training-job",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"callmlflowappapi": {
"name": "CallMlflowAppApi",
"description": "Grants permission to invoke MLflow APIs",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "mlflow-app",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"callpartnerappapi": {
"name": "CallPartnerAppApi",
"description": "Grants permission for Partner App SDK to access the Partner App for reading or writing data use cases",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "partner-app",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createaibenchmarkjob": {
"name": "CreateAIBenchmarkJob",
"description": "Grants permission to create an AI benchmark job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "ai-benchmark-job",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createairecommendationjob": {
"name": "CreateAIRecommendationJob",
"description": "Grants permission to create an AI recommendation job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "ai-recommendation-job",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createaiworkloadconfig": {
"name": "CreateAIWorkloadConfig",
"description": "Grants permission to create an AI workload configuration",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "ai-workload-config",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createaction": {
"name": "CreateAction",
"description": "Grants permission to create an action",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "action",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createalgorithm": {
"name": "CreateAlgorithm",
"description": "Grants permission to create an algorithm",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "algorithm",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createapp": {
"name": "CreateApp",
"description": "Grants permission to create an App for a SageMaker UserProfile or Space",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "app",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:InstanceTypes",
"sagemaker:ImageArns",
"sagemaker:ImageVersionArns",
"sagemaker:OwnerUserProfileArn",
"sagemaker:SpaceSharingType",
"sagemaker:StudioLifecycleConfigArns"
],
"dependentActions": []
},
"createappimageconfig": {
"name": "CreateAppImageConfig",
"description": "Grants permission to create an AppImageConfig",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "app-image-config",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createartifact": {
"name": "CreateArtifact",
"description": "Grants permission to create an artifact",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "artifact",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createautomljob": {
"name": "CreateAutoMLJob",
"description": "Grants permission to create an AutoML job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "automl-job",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:InterContainerTrafficEncryption",
"sagemaker:OutputKmsKey",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createautomljobv2": {
"name": "CreateAutoMLJobV2",
"description": "Grants permission to create a V2 AutoML job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "automl-job",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:InterContainerTrafficEncryption",
"sagemaker:OutputKmsKey",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createcluster": {
"name": "CreateCluster",
"description": "Grants permission to create a SageMaker HyperPod cluster",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"ec2:DescribeImages",
"ec2:DescribeSnapshots",
"ec2:ModifyImageAttribute",
"ec2:ModifySnapshotAttribute",
"eks:AssociateAccessPolicy",
"eks:CreateAccessEntry",
"eks:DeleteAccessEntry",
"eks:DescribeAccessEntry",
"eks:DescribeCluster",
"iam:CreateServiceLinkedRole",
"iam:PassRole",
"sagemaker:AddTags"
]
},
{
"name": "reserved-capacity",
"required": false,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "training-plan",
"required": false,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:InstanceTypes",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createclusterschedulerconfig": {
"name": "CreateClusterSchedulerConfig",
"description": "Grants permission to create a cluster scheduler config",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"eks:AssociateAccessPolicy",
"eks:DescribeCluster",
"eks:ListAssociatedAccessPolicies",
"sagemaker:AddTags",
"sagemaker:DescribeCluster"
]
},
{
"name": "cluster-scheduler-config",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createcoderepository": {
"name": "CreateCodeRepository",
"description": "Grants permission to create a CodeRepository",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "code-repository",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createcompilationjob": {
"name": "CreateCompilationJob",
"description": "Grants permission to create a compilation job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "compilation-job",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createcomputequota": {
"name": "CreateComputeQuota",
"description": "Grants permission to create a compute quota",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "cluster",
"required": true,
"conditionKeys": [],
"dependentActions": [
"eks:AssociateAccessPolicy",
"eks:DescribeCluster",
"eks:ListAssociatedAccessPolicies",
"sagemaker:AddTags",
"sagemaker:DescribeCluster"
]
},
{
"name": "compute-quota",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createcontext": {
"name": "CreateContext",
"description": "Grants permission to create a context",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "context",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createdataqualityjobdefinition": {
"name": "CreateDataQualityJobDefinition",
"description": "Grants permission to create a data quality job definition",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "data-quality-job-definition",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:InstanceTypes",
"sagemaker:InterContainerTrafficEncryption",
"sagemaker:MaxRuntimeInSeconds",
"sagemaker:NetworkIsolation",
"sagemaker:OutputKmsKey",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createdevicefleet": {
"name": "CreateDeviceFleet",
"description": "Grants permission to create a device fleet",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "device-fleet",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createdomain": {
"name": "CreateDomain",
"description": "Grants permission to create a Domain for SageMaker Studio",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "domain",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:CreateServiceLinkedRole",
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:AppNetworkAccessType",
"sagemaker:InstanceTypes",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets",
"sagemaker:DomainSharingOutputKmsKey",
"sagemaker:VolumeKmsKey",
"sagemaker:ImageArns",
"sagemaker:ImageVersionArns",
"sagemaker:StudioLifecycleConfigArns"
],
"dependentActions": []
},
"createedgedeploymentplan": {
"name": "CreateEdgeDeploymentPlan",
"description": "Grants permission to create an edge deployment plan",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "edge-deployment-plan",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createedgedeploymentstage": {
"name": "CreateEdgeDeploymentStage",
"description": "Grants permission to create an edge deployment stage",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "edge-deployment-plan",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createedgepackagingjob": {
"name": "CreateEdgePackagingJob",
"description": "Grants permission to create an edge packaging job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "edge-packaging-job",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createendpoint": {
"name": "CreateEndpoint",
"description": "Grants permission to create an endpoint using the endpoint configuration specified in the request",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "endpoint",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
},
{
"name": "endpoint-config",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createendpointconfig": {
"name": "CreateEndpointConfig",
"description": "Grants permission to create an endpoint configuration that can be deployed using Amazon SageMaker hosting services",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "endpoint-config",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:AcceleratorTypes",
"sagemaker:InstanceTypes",
"sagemaker:ModelArn",
"sagemaker:VolumeKmsKey",
"sagemaker:ServerlessMaxConcurrency",
"sagemaker:ServerlessMemorySize",
"sagemaker:NetworkIsolation",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createexperiment": {
"name": "CreateExperiment",
"description": "Grants permission to create an experiment",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "experiment",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createfeaturegroup": {
"name": "CreateFeatureGroup",
"description": "Grants permission to create a feature group",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "feature-group",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:FeatureGroupOnlineStoreKmsKey",
"sagemaker:FeatureGroupOfflineStoreKmsKey",
"sagemaker:FeatureGroupOfflineStoreS3Uri",
"sagemaker:FeatureGroupEnableOnlineStore",
"sagemaker:FeatureGroupOfflineStoreConfig",
"sagemaker:FeatureGroupDisableGlueTableCreation"
],
"dependentActions": []
},
"createflowdefinition": {
"name": "CreateFlowDefinition",
"description": "Grants permission to create a flow definition, which defines settings for a human workflow",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "flow-definition",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"sagemaker:WorkteamArn",
"sagemaker:WorkteamType",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createhub": {
"name": "CreateHub",
"description": "Grants permission to create a hub",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "hub",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createhubcontentpresignedurls": {
"name": "CreateHubContentPresignedUrls",
"description": "Grants permission to generate S3 presigned URLs with GetObject permission for accessing model artifacts",
"accessLevel": "Read",
"resourceTypes": [
{
"name": "hub",
"required": true,
"conditionKeys": [],
"dependentActions": []
},
{
"name": "hub-content",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createhubcontentreference": {
"name": "CreateHubContentReference",
"description": "Grants permission to create hub content reference",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "hub",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
},
{
"name": "hub-content",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createhumantaskui": {
"name": "CreateHumanTaskUi",
"description": "Grants permission to define the settings you will use for the human review workflow user interface",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "human-task-ui",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createhyperparametertuningjob": {
"name": "CreateHyperParameterTuningJob",
"description": "Grants permission to create a hyper parameter tuning job that can be deployed using Amazon SageMaker",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "hyper-parameter-tuning-job",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:FileSystemAccessMode",
"sagemaker:FileSystemDirectoryPath",
"sagemaker:FileSystemId",
"sagemaker:FileSystemType",
"sagemaker:InstanceTypes",
"sagemaker:InterContainerTrafficEncryption",
"sagemaker:MaxRuntimeInSeconds",
"sagemaker:NetworkIsolation",
"sagemaker:OutputKmsKey",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createimage": {
"name": "CreateImage",
"description": "Grants permission to create a SageMaker Image",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "image",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createimageversion": {
"name": "CreateImageVersion",
"description": "Grants permission to create a SageMaker ImageVersion",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "image",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createinferencecomponent": {
"name": "CreateInferenceComponent",
"description": "Grants permission to create an inference component on an endpoint",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "endpoint",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
},
{
"name": "inference-component",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:ModelArn"
],
"dependentActions": []
},
"createinferenceexperiment": {
"name": "CreateInferenceExperiment",
"description": "Grants permission to create an inference experiment",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "inference-experiment",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createinferencerecommendationsjob": {
"name": "CreateInferenceRecommendationsJob",
"description": "Grants permission to create an inference recommendations job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "inference-recommendations-job",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createlabelingjob": {
"name": "CreateLabelingJob",
"description": "Grants permission to start a labeling job. A labeling job takes unlabeled data in and produces labeled data as output, which can be used for training SageMaker models",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "labeling-job",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"sagemaker:WorkteamArn",
"sagemaker:WorkteamType",
"sagemaker:VolumeKmsKey",
"sagemaker:OutputKmsKey",
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createlineagegrouppolicy": {
"name": "CreateLineageGroupPolicy",
"description": "Grants permission to create a lineage group policy",
"accessLevel": "Write",
"resourceTypes": [],
"conditionKeys": [],
"dependentActions": []
},
"createmlflowapp": {
"name": "CreateMlflowApp",
"description": "Grants permission to create an MLflow app",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "mlflow-app",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createmlflowtrackingserver": {
"name": "CreateMlflowTrackingServer",
"description": "Grants permission to create an MLflow tracking server",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "mlflow-tracking-server",
"required": true,
"conditionKeys": [
"sagemaker:ResourceTag/${TagKey}",
"aws:ResourceTag/${TagKey}"
],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createmodel": {
"name": "CreateModel",
"description": "Grants permission to create a model in Amazon SageMaker. In the request, you specify a name for the model and describe one or more containers",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "model",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:NetworkIsolation",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets",
"sagemaker:DirectGatedModelAccess"
],
"dependentActions": []
},
"createmodelbiasjobdefinition": {
"name": "CreateModelBiasJobDefinition",
"description": "Grants permission to create a model bias job definition",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "model-bias-job-definition",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:InstanceTypes",
"sagemaker:InterContainerTrafficEncryption",
"sagemaker:MaxRuntimeInSeconds",
"sagemaker:NetworkIsolation",
"sagemaker:OutputKmsKey",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createmodelcard": {
"name": "CreateModelCard",
"description": "Grants permission to create a model card",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "model-card",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createmodelcardexportjob": {
"name": "CreateModelCardExportJob",
"description": "Grants permission to create an export job for a model card",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "model-card",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createmodelexplainabilityjobdefinition": {
"name": "CreateModelExplainabilityJobDefinition",
"description": "Grants permission to create a model explainability job definition",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "model-explainability-job-definition",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:InstanceTypes",
"sagemaker:InterContainerTrafficEncryption",
"sagemaker:MaxRuntimeInSeconds",
"sagemaker:NetworkIsolation",
"sagemaker:OutputKmsKey",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createmodelpackage": {
"name": "CreateModelPackage",
"description": "Grants permission to create a ModelPackage",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "model-package",
"required": false,
"conditionKeys": [
"sagemaker:CurrentModelLifeCycleStageStatus",
"sagemaker:CurrentModelLifeCycleStage",
"sagemaker:CurrentCustomerMetadataProperties/${MetadataKey}"
],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:ModelApprovalStatus",
"sagemaker:CustomerMetadataProperties/${MetadataKey}",
"sagemaker:ModelLifeCycle:Stage",
"sagemaker:ModelLifeCycle:StageStatus"
],
"dependentActions": []
},
"createmodelpackagegroup": {
"name": "CreateModelPackageGroup",
"description": "Grants permission to create a ModelPackageGroup",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "model-package-group",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createmodelqualityjobdefinition": {
"name": "CreateModelQualityJobDefinition",
"description": "Grants permission to create a model quality job definition",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "model-quality-job-definition",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:InstanceTypes",
"sagemaker:InterContainerTrafficEncryption",
"sagemaker:MaxRuntimeInSeconds",
"sagemaker:NetworkIsolation",
"sagemaker:OutputKmsKey",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createmonitoringschedule": {
"name": "CreateMonitoringSchedule",
"description": "Grants permission to create a monitoring schedule",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "monitoring-schedule",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:InstanceTypes",
"sagemaker:InterContainerTrafficEncryption",
"sagemaker:MaxRuntimeInSeconds",
"sagemaker:NetworkIsolation",
"sagemaker:OutputKmsKey",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createnotebookinstance": {
"name": "CreateNotebookInstance",
"description": "Grants permission to create an Amazon SageMaker notebook instance. A notebook instance is an Amazon EC2 instance running on a Jupyter Notebook",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "notebook-instance",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys",
"sagemaker:AcceleratorTypes",
"sagemaker:DirectInternetAccess",
"sagemaker:InstanceTypes",
"sagemaker:MinimumInstanceMetadataServiceVersion",
"sagemaker:NotebookInstanceLifecycleConfigArns",
"sagemaker:RootAccess",
"sagemaker:VolumeKmsKey",
"sagemaker:VpcSecurityGroupIds",
"sagemaker:VpcSubnets"
],
"dependentActions": []
},
"createnotebookinstancelifecycleconfig": {
"name": "CreateNotebookInstanceLifecycleConfig",
"description": "Grants permission to create a notebook instance lifecycle configuration that can be deployed using Amazon SageMaker",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "notebook-instance-lifecycle-config",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createoptimizationjob": {
"name": "CreateOptimizationJob",
"description": "Grants permission to create an optimization job",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "optimization-job",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createpartnerapp": {
"name": "CreatePartnerApp",
"description": "Grants permission to create an Amazon SageMaker Partner AI App",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "partner-app",
"required": true,
"conditionKeys": [],
"dependentActions": [
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createpartnerapppresignedurl": {
"name": "CreatePartnerAppPresignedUrl",
"description": "Grants permission to return a URL that you can use from your browser to connect to the Amazon SageMaker Partner AI App",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "partner-app",
"required": true,
"conditionKeys": [],
"dependentActions": []
}
],
"conditionKeys": [],
"dependentActions": []
},
"createpipeline": {
"name": "CreatePipeline",
"description": "Grants permission to create a pipeline",
"accessLevel": "Write",
"resourceTypes": [
{
"name": "pipeline",
"required": true,
"conditionKeys": [],
"dependentActions": [
"iam:PassRole",
"sagemaker:AddTags"
]
}
],
"conditionKeys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependentActions": []
},
"createpresigneddomainurl": {
"name": "CreatePresignedDomainUrl",
"description": "Grants permission to return a URL that you can use from your b