ML activity reference
ML activities are common Amazon tasks related to machine learning with SageMaker that require specific IAM permissions. Each persona suggests related ML activities when creating a role with Amazon SageMaker Role Manager. You can select any additional ML activities or deselect any suggested ML activities to create a role that meets your unique business needs.
Amazon SageMaker Role Manager provides predefined permissions for the following ML activities:
| ML activity | Description |
|---|---|
| Access Required Amazon Services | Permissions to access Amazon S3, Amazon ECR, Amazon CloudWatch, and Amazon EC2. Required for execution roles for jobs and endpoints. |
| Run Studio Classic Applications | Permissions to operate within a Studio Classic environment. Required for domain and user profile execution roles. |
| Manage ML Jobs | Permissions to audit, query lineage, and visualize experiments. |
| Manage Models | Permissions to manage SageMaker jobs across their lifecycles. |
| Manage Endpoints | Permissions to manage SageMaker endpoint deployments and updates. |
| Manage Pipelines | Permissions to manage SageMaker pipelines and pipeline executions. |
| Manage Experiments | Permissions to manage SageMaker experiments and trials. |
| Search and Visualize Experiments | Permissions to audit, query lineage, and visualize experiments. |
| Manage Model Monitoring | Permissions to manage monitoring schedules for SageMaker Model Monitor. |
| S3 Full Access | Permissions to perform all Amazon S3 operations. |
| S3 Bucket Access | Permissions to perform operations on specified S3 buckets. |
| Query Athena Workgroups | Permissions to run and manage Amazon Athena queries. |
| Use MLflow | Permissions to manage experiments, runs, and models in MLflow. |
| Manage MLflow Tracking Servers | Permissions to manage, start, and stop MLflow Tracking Servers. |
| Access required to Amazon Services for MLflow | Permissions for MLflow Tracking Servers to access S3, Secrets Manager, and Model Registry. |