ExportVectorEnrichmentJob API: Execution Role Permissions - Amazon SageMaker AI
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

ExportVectorEnrichmentJob API: Execution Role Permissions

For an execution role that you can pass in a ExportVectorEnrichmentJob API request, you can attach the following minimum permissions policy to the role:

JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": [
                "arn:aws:s3:::*SageMaker*",
                "arn:aws:s3:::*Sagemaker*",
                "arn:aws:s3:::*sagemaker*"
            ]
        },
        {
        "Effect": "Allow",
        "Action": "sagemaker-geospatial:GetVectorEnrichmentJob",
        "Resource":  "arn:aws:sagemaker-geospatial:*:*:vector-enrichment-job/*"
        }
    ]
    }

If your input Amazon S3 bucket is encrypted using server-side encryption with an Amazon KMS managed key (SSE-KMS), see Using Amazon S3 Bucket Keys.