Add permissions to your Amazon SageMaker Studio account
Overview
In this tutorial, learn how to configure your Amazon SageMaker Studio account with permissions required to access SageMaker APIs and features.
What you will learn
In this guide, you will:
- Attach two AWS IAM policies, AmazonSageMakerFullAccess and AWSCloudFormationFullAccess, to your Amazon SageMaker Studio account to enable access to SageMaker APIs and features.
Prerequisites
Before starting this guide, you will need:
- An AWS account: If you don't already have an account, follow the Setting Up Your Environment getting started guide for a quick overview.
- An Amazon SageMaker Studio domain and user: If you don't already have a SageMaker Studio domain, see Onboard to Amazon SageMaker Domain in the Amazon SageMaker developer guide.
AWS experience
Intermediate
Time to complete
5 minutes
Cost to complete
There is no extra cost from running this tutorial.
Requires
You must be logged into an AWS account and you must have an Amazon SageMaker Studio account.
Services used
Amazon SageMaker Studio, AWS IAM
Last updated
Jun 15, 2022
Implementation
Step 1: Copy your SageMaker Studio user role id
In the SageMaker Studio domain page, click on the domain and then under the Users section, select your SageMaker Studio user name
In the User Details page, under the Details pane, Execution role, highlight and copy only the text after arn:aws:iam::<your-account-id>:role/.
Note:
Step 1: User Details can be found in the Domains tab now.
The following can also be done: SageMaker Domains-> Users and copy the execution role
Step 2: If role is not found in IAM Roles, it must be created with that name found in step 1
In the SageMaker Studio Domain page, under the Users section, select your SageMaker Studio user name.
Step 2: Attach AWS IAM policies
In this step, you attach two AWS IAM policies to your SageMaker Studio account to allow the account access to SageMaker APIs and features.
Enter IAM in the search bar in the SageMaker console, and then choose IAM to open the AWS IAM console.
In the IAM console, on the Identity and Access Management (IAM) pane, under Access management, choose Roles. Under the Roles pane, in the search bar, paste the Execution role text that you copied in Step 1. Under Role name search results, choose the role displayed.
In the Summary page, under the Permissions tab, Permissions polices, Add permissions, choose Attach policies.
In the Attach policy page, under Other permissions policies, enter AmazonSageMakerFullAccess, and press Enter. This policy is required to allow your SageMaker Studio account to access SageMaker APIs and features. Under Policy name, select a. AmazonSageMakerFullAccess, and then choose Attach policies. On the role Summary page, the newly added policy is displayed under the Permissions policies list.
Repeat Step 2 to add the AWSCloudFormationFullAccess policy.
Conclusion
Congratulations! You have finished the Add permissions to your Amazon SageMaker Studio account tutorial.
In this tutorial, you attached two AWS IAM policies to your SageMaker Studio account to provide your account access to SageMaker APIs and features.
If you came to this page by choosing a link on another tutorial, you can now go back to that tutorial and continue where you left off.