本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Amazon 亚马逊 G SageMaker round Truth 的托管政策
这些 Amazon 托管策略增加了使用 G SageMaker round Truth 所需的权限。这些策略可在您的 Amazon 账户中使用,并由从 SageMaker 控制台创建的执行角色使用。
Amazon 托管策略: AmazonSageMakerGroundTruthExecution
此 Amazon 托管策略授予使用 G SageMaker round Truth 通常所需的权限。
权限详细信息
该策略包含以下权限。
-
lambda— 允许委托人调用名称包含 “sagemaker”(不区分大小写)、GtRecipe “” 或 “” 的 Lambda 函数。LabelingFunction -
s3- 允许主体从 Amazon S3 存储桶中添加和检索对象。这些对象仅限于那些不区分大小写的名称包含 “groundtruth” 或 “sagemaker”,或者标有 “” 的对象。SageMaker -
cloudwatch— 允许校长发布 CloudWatch 指标。 -
logs- 允许主体创建和访问日志流,并发布日志事件。 -
sqs- 允许主体创建 Amazon SQS 队列以及发送和接收 Amazon SQS 消息。这些权限仅限于名称包含 “GroundTruth” 的队列。 -
sns允许主体订阅名称包含“groundtruth”或“sagemaker”的 Amazon SNS 主题(不区分大小写)并向其发布消息。 -
ec2- 允许主体创建、描述和删除 VPC 端点服务名称包含“sagemaker-task-resources”或“labeling”的 Amazon VPC 端点。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "CustomLabelingJobs", "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:*GtRecipe*", "arn:aws:lambda:*:*:function:*LabelingFunction*", "arn:aws:lambda:*:*:function:*SageMaker*", "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*Sagemaker*" ] }, { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::*GroundTruth*", "arn:aws:s3:::*Groundtruth*", "arn:aws:s3:::*groundtruth*", "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/SageMaker": "true" } } }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": "*" }, { "Sid": "CloudWatch", "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "*" }, { "Sid": "StreamingQueue", "Effect": "Allow", "Action": [ "sqs:CreateQueue", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:SetQueueAttributes" ], "Resource": "arn:aws:sqs:*:*:*GroundTruth*" }, { "Sid": "StreamingTopicSubscribe", "Effect": "Allow", "Action": "sns:Subscribe", "Resource": [ "arn:aws:sns:*:*:*GroundTruth*", "arn:aws:sns:*:*:*Groundtruth*", "arn:aws:sns:*:*:*groundTruth*", "arn:aws:sns:*:*:*groundtruth*", "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sageMaker*", "arn:aws:sns:*:*:*sagemaker*" ], "Condition": { "StringEquals": { "sns:Protocol": "sqs" }, "StringLike": { "sns:Endpoint": "arn:aws:sqs:*:*:*GroundTruth*" } } }, { "Sid": "StreamingTopic", "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:*:*:*GroundTruth*", "arn:aws:sns:*:*:*Groundtruth*", "arn:aws:sns:*:*:*groundTruth*", "arn:aws:sns:*:*:*groundtruth*", "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sageMaker*", "arn:aws:sns:*:*:*sagemaker*" ] }, { "Sid": "StreamingTopicUnsubscribe", "Effect": "Allow", "Action": [ "sns:Unsubscribe" ], "Resource": "*" }, { "Sid": "WorkforceVPC", "Effect": "Allow", "Action": [ "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints" ], "Resource": "*", "Condition": { "StringLikeIfExists": { "ec2:VpceServiceName": [ "*sagemaker-task-resources*", "aws.sagemaker*labeling*" ] } } } ] }
亚马逊 SageMaker 更新 G SageMaker round Truth 托管政策
查看自该服务开始跟踪这些更改以来,Amazon SageMaker Ground Truth Amazon 托管政策更新的详细信息。
| Policy | 版本 | 更改 | Date |
|---|---|---|---|
|
AmazonSageMakerGroundTruthExecution – 对现有策略的更新 |
3 |
添加 |
2022 年 4 月 29 日 |
AmazonSageMakerGroundTruthExecution -更新现有政策 |
2 |
删除 |
2022 年 4 月 11 日 |
AmazonSageMakerGroundTruthExecution -新政策 |
1 |
初始策略 |
2020 年 7 月 20 日 |