Posted On: Jul 26, 2021

Amazon SageMaker Autopilot automatically builds, trains and tunes the best machine learning models based on your data, while giving you full control and visibility, and Amazon SageMaker Automatic Model Tuning (AMT) automatically finds the best version of a machine learning model for any algorithm and data set. Autopilot and AMT now support enhanced access control using Amazon SageMaker-specific condition keys. You can use these keys in the Condition element of an Identity and Access Management (IAM) policy to further refine the conditions under which the policy statement applies.

Specifically, both Autopilot and AMT previously already supported Customer Managed Key (CMK) to encrypt data on storage volumes used during training. Now, you can also use the fine-grained policy condition kms:GrantIsForAWSResource to manage AWS Key Management Service (KMS) key permissions. With this condition key, you can allow Autopilot and AMT to manage grants for KMS to help meet security best practices and compliance requirements.

The IAM condition key policy is supported in all AWS regions where Amazon SageMaker Autopilot and AMT are available. To learn more about IAM condition keys, see KMS developer guide.