Setting up permissions - Amazon Personalize
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Setting up permissions

You must give users, groups, or roles permission to interact with Amazon Personalize resources. And you must give Amazon Personalize permission to access the resources you create in Amazon Personalize and to perform tasks on your behalf.

To set up permissions
  1. Give your users, groups, or roles permission to interact with Amazon Personalize resources and pass a role to Amazon Personalize. See Giving users permission to access Amazon Personalize.

  2. Give Amazon Personalize permission to access your resources in Amazon Personalize and permission to perform tasks on your behalf. See Giving Amazon Personalize permission to access your resources.

  3. Modify your Amazon Personalize service role's trust policy so it prevents the confused deputy problem. For a trust relationship policy example, see Cross-service confused deputy prevention. For information modifying a role's trust policy, see Modifying a role.

  4. If you use Amazon Key Management Service (Amazon KMS) for encryption, you must grant Amazon Personalize and your Amazon Personalize IAM service role permission to use your key. For more information, see Giving Amazon Personalize permission to use your Amazon KMS key.

  5. Complete the steps in Giving Amazon Personalize access to Amazon S3 resources to use IAM and Amazon S3 bucket policies to give Amazon Personalize access to your Amazon S3 resources.