SageMaker Studio Permissions Required to Use Projects - Amazon SageMaker
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

SageMaker Studio Permissions Required to Use Projects

Users can view SageMaker provided project templates and create projects with those templates when you grant Projects permissions for users. You can grant these permissions when you onboard or update Amazon SageMaker Studio Classic. There are two permissions to grant.

  1. Grant Projects permissions for the Studio Classic administrator to permit the Studio Classic administrator to view the SageMaker-provided templates in the Service Catalog console. The administrator can see what other Studio Classic users create if you grant them permission to use SageMaker projects. The administrator can also view the Amazon CloudFormation template that the SageMaker-provided project templates define in the Service Catalog console. For information about using the Service Catalog console, see What Is Service Catalog in the Service Catalog User Guide.

  2. Allow Studio Classic users who are configured to use the same execution role as the domain to create projects. This grants Studio Classic users permission to use the SageMaker-provided project templates to create a project from within Studio Classic.

Important

Do not manually create your roles. Always create roles through Studio Classic Settings using the steps described in the following procedure.

For users who use any role other than the domain's execution role to view and use SageMaker-provided project templates, you need to grant Projects permissions to the individual user profiles.

The following procedures show how to grant Projects permissions after you onboard to Studio Classic. For more information about onboarding to Studio Classic, see Amazon SageMaker domain overview.

To grant Projects permissions for the administrator and domain execution role users
  1. Open the SageMaker console.

  2. On the left navigation pane, choose Admin configurations.

  3. Under Admin configurations, choose domains.

  4. Choose Create domain.

  5. If you choose Quick setup to set up your SageMaker Domain, you have permissions to use project templates by default.

  6. If you choose Standard setup to set up your SageMaker Domain, make sure you turn on the following options when you configure Studio Classic settings:

    • Enable Amazon SageMaker project templates and Amazon SageMaker JumpStart for this account

    • Enable Amazon SageMaker project templates and Amazon SageMaker JumpStart for Studio Classic users

  7. To confirm that your SageMaker Domain has active project template permissions:

    1. Open the SageMaker console.

    2. On the left navigation pane, choose Admin configurations.

    3. Under Admin configurations, choose domains.

    4. Select your domain.

    5. Choose the Domain Settings tab.

    6. Under SageMaker Projects and JumpStart, make sure the following options are turned on:

      • Enable Amazon SageMaker project templates and Amazon SageMaker JumpStart for this account

      • Enable Amazon SageMaker project templates and Amazon SageMaker JumpStart for Studio Classic users

  8. To view a list of your roles:

    1. Open the SageMaker console.

    2. On the left navigation pane, choose Admin configurations.

    3. Under Admin configurations, choose domains.

    4. Select your domain.

    5. Choose the Domain Settings tab.

    6. A list of your roles appears in the Apps card under the Studio tab.

      Important

      As of July 25, we require additional roles to use project templates. Here is the complete list of roles you should see under Projects:

      AmazonSageMakerServiceCatalogProductsLaunchRole AmazonSageMakerServiceCatalogProductsUseRole AmazonSageMakerServiceCatalogProductsApiGatewayRole AmazonSageMakerServiceCatalogProductsCloudformationRole AmazonSageMakerServiceCatalogProductsCodeBuildRole AmazonSageMakerServiceCatalogProductsCodePipelineRole AmazonSageMakerServiceCatalogProductsEventsRole AmazonSageMakerServiceCatalogProductsFirehoseRole AmazonSageMakerServiceCatalogProductsGlueRole AmazonSageMakerServiceCatalogProductsLambdaRole AmazonSageMakerServiceCatalogProductsExecutionRole

      For descriptions of these roles, see Amazon Managed Policies for SageMaker projects and JumpStart.