IAM permissions and execution roles - Amazon SageMaker AI
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

IAM permissions and execution roles

To use the The Amazon SageMaker Python SDK requires permissions to interact with Amazon Web Services services. The following policies are required for full Feature Processor functionality. You can attach the AmazonSageMakerFullAccess and AmazonEventBridgeSchedulerFullAccess Amazon Managed Policies attached to your IAM role. For information on attaching policies to your IAM role, see Adding policies to your IAM role. See the following examples for details.

The trust policy of the role to which this policy is applied must allow the "scheduler.amazonaws.com", "sagemaker.amazonaws.com", and "glue.amazonaws.com" principles.

JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "scheduler.amazonaws.com",
                    "sagemaker.amazonaws.com",
                    "glue.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}