Amazon Managed Policies for SageMaker Model Governance - Amazon SageMaker
AmazonSageMakerModelGovernanceUseAccessSageMaker Model Governance policy updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Managed Policies for SageMaker Model Governance

This Amazon managed policy adds permissions required to use SageMaker Model Governance. The policy is available in your Amazon account and is used by execution roles created from the SageMaker console.

Amazon managed policy: AmazonSageMakerModelGovernanceUseAccess

This Amazon managed policy grants permissions needed to use all Amazon SageMaker Governance features. The policy is available in your Amazon account.

This policy includes the following permissions.

  • s3 – Retrieve objects from Amazon S3 buckets. Retrievable objects are limited to those whose case-insensitive name contains the string "sagemaker".

  • kms – List the Amazon KMS keys to use for content encryption.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sagemaker:ListMonitoringAlerts",
                "sagemaker:ListMonitoringExecutions",
                "sagemaker:UpdateMonitoringAlert",
                "sagemaker:StartMonitoringSchedule",
                "sagemaker:StopMonitoringSchedule",
                "sagemaker:ListMonitoringAlertHistory",
                "sagemaker:DescribeModelPackage",
                "sagemaker:DescribeModelPackageGroup",
                "sagemaker:CreateModelCard",
                "sagemaker:DescribeModelCard",
                "sagemaker:UpdateModelCard",
                "sagemaker:DeleteModelCard",
                "sagemaker:ListModelCards",
                "sagemaker:ListModelCardVersions",
                "sagemaker:CreateModelCardExportJob",
                "sagemaker:DescribeModelCardExportJob",
                "sagemaker:ListModelCardExportJobs"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "sagemaker:ListTrainingJobs",
                "sagemaker:DescribeTrainingJob",
                "sagemaker:ListModels",
                "sagemaker:DescribeModel",
                "sagemaker:Search",     
                "sagemaker:AddTags",
                "sagemaker:DeleteTags",
                "sagemaker:ListTags"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "kms:ListAliases"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:CreateBucket",
                "s3:GetBucketLocation",
            ],
            "Resource": [
                "arn:aws:s3:::*SageMaker*",
                "arn:aws:s3:::*Sagemaker*",
                "arn:aws:s3:::*sagemaker*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "*"
        }
    ]
}

Amazon SageMaker updates to SageMaker Model Governance managed policies

View details about updates to Amazon managed policies for SageMaker Model Governance since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the SageMaker Document history page.

Policy Version Change Date

AmazonSageMakerModelGovernanceUseAccess - Update to an existing policy

2

Add sagemaker:DescribeModelPackage and DescribeModelPackageGroup permissions.

 July 17, 2023

AmazonSageMakerModelGovernanceUseAccess - New policy

1

Initial policy

 November 30, 2022