Add Permissions to Your Amazon SageMaker Studio Account for ML Workflows

GETTING STARTED GUIDE

Overview

In this tutorial, learn how to configure your Amazon SageMaker Studio account with permissions required to access SageMaker APIs and features for automating ML workflows.

What you will learn

In this guide, you will:

  • Attach the following three AWS IAM policies to your Amazon SageMaker Studio account to enable access to SageMaker APIs and features for automating ML workflows: AmazonSageMakerFullAccess, AWSCloudFormationFullAccess, and AmazonSageMakerPipelinesIntegrations

Prerequisites

Before starting this guide, you will need:

  • An AWS account: If you don't already have an account, follow the Setting Up Your Environment getting started guide for a quick overview.
  • An Amazon SageMaker Studio domain and user: If you don't already have a SageMaker Studio domain, see Onboard to Amazon SageMaker Domain in the Amazon SageMaker developer guide.

 AWS experience

Intermediate

 Time to complete

5 minutes

 Cost to complete

There is no extra cost from running this tutorial.

 Requires

You must be logged into an AWS account and you must have an Amazon SageMaker Studio account.

 Services used

Amazon SageMaker Studio, AWS IAM

 Last updated

Jun 15, 2022

Implementation

Step 1: Copy your SageMaker Studio user role id

In the SageMaker Studio Control Panel page, under the Users section, select your SageMaker Studio user name.

In the User Details page, under the Details pane, Execution role, highlight and copy only the text after arn:aws:iam::<your-account-id>:role/.

Step 2: Attach AWS IAM policies

In this step, you attach three AWS IAM policies to your SageMaker Studio account to allow the account access to SageMaker APIs and features for automating ML workflows.

Enter IAM in the search bar in the SageMaker console, and then choose IAM to open the AWS IAM console.

In the IAM console, on the Identity and Access Management (IAM) pane, under Access management, choose Roles. Under the Roles pane, in the search bar, paste the Execution role text that you copied in Step 1. Under Role name search results, choose the role displayed. 

In the Summary page, under the Permissions tab, Permissions polices, Add permissions, choose Attach policies.

In the Attach policy page, under Other permissions policies, enter AmazonSageMakerFullAccess, and press Enter. This policy is required to allow your SageMaker Studio account to access SageMaker APIs and features. Under Policy name, select AmazonSageMakerFullAccess, and then choose Attach policies. On the role Summary page, the newly added policy is displayed under the Permissions policies list.

Repeat Step 2 to add the AWSCloudFormationFullAccess and AmazonSageMakerPipelinesIntegrations policies.

Step 3: Allow access to AWS Lambda

In this step, you edit the trust policy to allow access to AWS Lambda.

In the AWS IAM console, on the role Summary page, select the Trust relationships tab, and then choose Edit trust policy.

Copy and paste the following code into the Edit trust policy editor in the location shown in the screenshot. Make sure that the indentation of the JSON code is exactly as shown in the screenshot. Do not delete the code already in the editor, instead add the following code by inserting it at the location shown in the screenshot. Choose Update policy.

 {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": "lambda.amazonaws.com"
                        },
                        "Action": "sts:AssumeRole"
 }

Conclusion

Congratulations! You have finished the Add permissions to your Amazon SageMaker Studio account for ML Workflows tutorial. 

In this tutorial, you attached three AWS IAM policies to your SageMaker Studio account to provide your account access to SageMaker APIs and features for building ML workflows.

If you came to this page by choosing a link on another tutorial, you can now go back to that tutorial and continue where you left off.

Train a deep learning model

Learn how to build, train, and tune a TensorFlow deep learning model.
Next »

Create an ML model automatically

Learn how to use AutoML to develop ML models without writing code.
Next »

Find more hands-on tutorials

Explore other machine learning tutorials to dive deeper.
Next »