Amazon SageMaker 的操作、资源和条件键 - 服务授权参考
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

Amazon SageMaker 的操作、资源和条件键

Amazon SageMaker(服务前缀:sagemaker)提供以下服务特定的资源、操作和条件上下文键以在 IAM 权限策略中使用。

参考:

Amazon SageMaker 定义的操作

您可以在 IAM policy 语句的 Action 元素中指定以下操作。可以使用策略授予在 Amazon 中执行操作的权限。您在策略中使用一项操作时,通常使用相同的名称允许或拒绝对 API 操作或 CLI 命令的访问。但在某些情况下,单一动作可控制对多项操作的访问。还有某些操作需要多种不同的动作。

操作表的资源类型列指示每项操作是否支持资源级权限。如果该列没有任何值,您必须在策略语句的 Resource 元素中指定策略应用的所有资源(“*”)。通过在 IAM policy 中使用条件来筛选访问权限,以控制是否可以在资源或请求中使用特定标签键。如果操作具有一个或多个必需资源,则调用方必须具有使用这些资源来使用该操作的权限。必需资源在表中以星号 (*) 表示。如果您在 IAM policy 中使用 Resource 元素限制资源访问权限,则必须为每种必需的资源类型添加 ARN 或模式。某些操作支持多种资源类型。如果资源类型是可选的(未指示为必需),则可以选择使用一种可选资源类型。

操作表的条件键列包括可以在策略语句的 Condition 元素中指定的键。有关与服务资源关联的条件键的更多信息,请参阅资源类型表的条件键列。

注意

资源条件键在资源类型表中列出。您可以在操作表的资源类型(* 为必需)列中找到应用于某项操作的资源类型的链接。资源类型表中的资源类型包括条件密钥列,这是应用于操作表中操作的资源条件键。

有关下表中各列的详细信息,请参阅操作表

操作 描述 访问级别 资源类型(* 为必需) 条件键 相关操作
AddAssociation 授予权限以将一个世系实体(构件、上下文、操作、实验、实验-试验组件)与另一个世系实体相互关联。 Write

action*

aws:ResourceTag/${TagKey}

artifact*

aws:ResourceTag/${TagKey}

context*

aws:ResourceTag/${TagKey}

experiment*

aws:ResourceTag/${TagKey}

experiment-trial-component*

aws:ResourceTag/${TagKey}

AddTags 授予权限以便为指定的 Amazon SageMaker 资源添加或覆盖一个或多个标签 Tagging

action

aws:ResourceTag/${TagKey}

algorithm

aws:ResourceTag/${TagKey}

app

aws:ResourceTag/${TagKey}

app-image-config

aws:ResourceTag/${TagKey}

artifact

aws:ResourceTag/${TagKey}

automl-job

aws:ResourceTag/${TagKey}

code-repository

aws:ResourceTag/${TagKey}

compilation-job

aws:ResourceTag/${TagKey}

context

aws:ResourceTag/${TagKey}

data-quality-job-definition

aws:ResourceTag/${TagKey}

device

aws:ResourceTag/${TagKey}

device-fleet

aws:ResourceTag/${TagKey}

domain

aws:ResourceTag/${TagKey}

edge-deployment-plan

aws:ResourceTag/${TagKey}

edge-packaging-job

aws:ResourceTag/${TagKey}

endpoint

aws:ResourceTag/${TagKey}

endpoint-config

aws:ResourceTag/${TagKey}

experiment

aws:ResourceTag/${TagKey}

experiment-trial

aws:ResourceTag/${TagKey}

experiment-trial-component

aws:ResourceTag/${TagKey}

feature-group

aws:ResourceTag/${TagKey}

flow-definition

aws:ResourceTag/${TagKey}

human-task-ui

aws:ResourceTag/${TagKey}

hyper-parameter-tuning-job

aws:ResourceTag/${TagKey}

image

aws:ResourceTag/${TagKey}

inference-recommendations-job

aws:ResourceTag/${TagKey}

labeling-job

aws:ResourceTag/${TagKey}

model

aws:ResourceTag/${TagKey}

model-bias-job-definition

aws:ResourceTag/${TagKey}

model-card

aws:ResourceTag/${TagKey}

model-explainability-job-definition

aws:ResourceTag/${TagKey}

model-package

aws:ResourceTag/${TagKey}

model-package-group

aws:ResourceTag/${TagKey}

model-quality-job-definition

aws:ResourceTag/${TagKey}

monitoring-schedule

aws:ResourceTag/${TagKey}

notebook-instance

aws:ResourceTag/${TagKey}

pipeline

aws:ResourceTag/${TagKey}

processing-job

aws:ResourceTag/${TagKey}

project

aws:ResourceTag/${TagKey}

studio-lifecycle-config

aws:ResourceTag/${TagKey}

training-job

aws:ResourceTag/${TagKey}

transform-job

aws:ResourceTag/${TagKey}

user-profile

aws:ResourceTag/${TagKey}

workteam

aws:ResourceTag/${TagKey}

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:TaggingAction

AssociateTrialComponent 授予权限以将试用组件与试用关联 Write

experiment-trial*

experiment-trial-component*

aws:ResourceTag/${TagKey}

BatchDescribeModelPackage 授予权限以描述一个或多个 ModelPackage Read

model-package*

aws:ResourceTag/${TagKey}

BatchGetMetrics [仅权限] 授予权限以检索与 SageMaker 资源(如训练作业或试用组件)关联的指标。虽然此 API 目前未公开发布,但管理员可以控制该操作 Read

experiment-trial-component*

training-job*

BatchGetRecord 授予从一个或多个功能组获取一批记录的权限 Read

feature-group*

BatchPutMetrics 授予权限以发布与 SageMaker 资源(如训练作业或试用组件)关联的指标。 Write

experiment-trial-component*

training-job*

CreateAction 授予权限以创建操作 Write

action*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateAlgorithm 授予权限以创建算法 Write

algorithm*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateApp 授予权限以为 SageMaker UserProfile 或 Space 创建应用程序 Write

app*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:ImageArns

sagemaker:ImageVersionArns

CreateAppImageConfig 授予创建 AppImageConfig 的权限 Write

app-image-config*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateArtifact 授予权限以创建构件 Write

artifact*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateAutoMLJob 授予权限以创建 AutoML 作业 Write

automl-job*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InterContainerTrafficEncryption

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateAutoMLJobV2 授予权限以创建 V2 AutoML 任务 Write

automl-job*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InterContainerTrafficEncryption

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateCodeRepository 授予权限以创建 CodeRepository Write

code-repository*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateCompilationJob 授予权限以创建编译作业 Write

compilation-job*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateContext 授予权限以创建上下文 Write

context*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateDataQualityJobDefinition 授予权限以创建数据质量作业定义 Write

data-quality-job-definition*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:InterContainerTrafficEncryption

sagemaker:MaxRuntimeInSeconds

sagemaker:NetworkIsolation

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateDeviceFleet 授予创建设备队列的权限 Write

device-fleet*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateDomain 授予权限以便为 SageMaker Studio 创建域 Write

domain*

aws:ResourceTag/${TagKey}

iam:CreateServiceLinkedRole

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:AppNetworkAccessType

sagemaker:InstanceTypes

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

sagemaker:DomainSharingOutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:ImageArns

sagemaker:ImageVersionArns

CreateEdgeDeploymentPlan 授予创建边缘部署计划的权限 Write

edge-deployment-plan*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateEdgeDeploymentStage 授予创建边缘部署阶段的权限 Write

edge-deployment-plan*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateEdgePackagingJob 授予创建边缘打包作业的权限 Write

edge-packaging-job*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateEndpoint 授予权限以使用在请求中指定的终端节点配置创建终端节点 Write

endpoint*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

endpoint-config*

aws:ResourceTag/${TagKey}

aws:RequestTag/${TagKey}

aws:TagKeys

CreateEndpointConfig 授予权限以创建可以使用 Amazon SageMaker 托管服务部署的终端节点配置 Write

endpoint-config*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:AcceleratorTypes

sagemaker:InstanceTypes

sagemaker:ModelArn

sagemaker:VolumeKmsKey

sagemaker:ServerlessMaxConcurrency

sagemaker:ServerlessMemorySize

CreateExperiment 授予权限以创建实验 Write

experiment*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateFeatureGroup 授予权限以创建功能组 Write

feature-group*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:FeatureGroupOnlineStoreKmsKey

sagemaker:FeatureGroupOfflineStoreKmsKey

sagemaker:FeatureGroupOfflineStoreS3Uri

sagemaker:FeatureGroupEnableOnlineStore

sagemaker:FeatureGroupOfflineStoreConfig

sagemaker:FeatureGroupDisableGlueTableCreation

CreateFlowDefinition 授予权限以创建用于定义人工工作流程设置的流定义 Write

flow-definition*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

sagemaker:WorkteamArn

sagemaker:WorkteamType

aws:RequestTag/${TagKey}

aws:TagKeys

CreateHub 授予权限以创建中心 Write

hub*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateHumanTaskUi 授予权限以定义将用于人工审查工作流程用户界面的设置 Write

human-task-ui*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateHyperParameterTuningJob 授予权限以创建可以使用 Amazon SageMaker 部署的超参数优化作业 Write

hyper-parameter-tuning-job*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:FileSystemAccessMode

sagemaker:FileSystemDirectoryPath

sagemaker:FileSystemId

sagemaker:FileSystemType

sagemaker:InstanceTypes

sagemaker:InterContainerTrafficEncryption

sagemaker:MaxRuntimeInSeconds

sagemaker:NetworkIsolation

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateImage 授予权限以创建 SageMaker 映像 Write

image*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateImageVersion 授予权限以创建 SageMaker ImageVersion Write

image*

aws:ResourceTag/${TagKey}

CreateInferenceExperiment 授予权限以创建推理实验 Write

inference-experiment*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateInferenceRecommendationsJob 授予创建推理建议任务的权限 Write

inference-recommendations-job*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateLabelingJob 授予权限以启动标记作业。标记作业提取未标记的数据并生成标记的数据以作为输出,可用于训练 SageMaker 模型 Write

labeling-job*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

sagemaker:WorkteamArn

sagemaker:WorkteamType

sagemaker:VolumeKmsKey

sagemaker:OutputKmsKey

aws:RequestTag/${TagKey}

aws:TagKeys

CreateLineageGroupPolicy 授予权限以创建谱系组策略 Write
CreateModel 授予权限以在 Amazon SageMaker 中创建模型。在请求中,您可以指定模型的名称并描述一个或多个容器 Write

model*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:NetworkIsolation

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateModelBiasJobDefinition 授予权限以创建模型偏差作业定义 Write

model-bias-job-definition*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:InterContainerTrafficEncryption

sagemaker:MaxRuntimeInSeconds

sagemaker:NetworkIsolation

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateModelCard 授予权限以创建模型卡 Write

model-card*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateModelCardExportJob 授予权限以创建模型卡的导出作业 Write

model-card*

aws:ResourceTag/${TagKey}

CreateModelExplainabilityJobDefinition 授予权限以创建模型可解释性作业定义 Write

model-explainability-job-definition*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:InterContainerTrafficEncryption

sagemaker:MaxRuntimeInSeconds

sagemaker:NetworkIsolation

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateModelPackage 授予权限以创建 ModelPackage Write

model-package

aws:ResourceTag/${TagKey}

sagemaker:AddTags

model-package-group

aws:ResourceTag/${TagKey}

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:ModelApprovalStatus

sagemaker:CustomerMetadataProperties/${MetadataKey}

CreateModelPackageGroup 授予权限以创建 ModelPackageGroup Write

model-package-group*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateModelQualityJobDefinition 授予权限以创建模型质量作业定义 Write

model-quality-job-definition*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:InterContainerTrafficEncryption

sagemaker:MaxRuntimeInSeconds

sagemaker:NetworkIsolation

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateMonitoringSchedule 授予权限以创建监控计划 Write

monitoring-schedule*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:InterContainerTrafficEncryption

sagemaker:MaxRuntimeInSeconds

sagemaker:NetworkIsolation

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateNotebookInstance 授予权限以创建 Amazon SageMaker 笔记本实例。笔记本实例是在 Jupyter Notebook 上运行的 Amazon EC2 实例 Write

notebook-instance*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:AcceleratorTypes

sagemaker:DirectInternetAccess

sagemaker:InstanceTypes

sagemaker:MinimumInstanceMetadataServiceVersion

sagemaker:RootAccess

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

CreateNotebookInstanceLifecycleConfig 授予权限以创建可以使用 Amazon SageMaker 部署的笔记本实例生命周期配置 Write

notebook-instance-lifecycle-config*

CreatePipeline 授予权限以创建管道 Write

pipeline*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreatePresignedDomainUrl 授予权限以返回一个 URL,当 AuthMode 为“IAM”时,可以从浏览器中使用此 URL 连接到作为指定 UserProfile 的域。 Write

user-profile*

aws:ResourceTag/${TagKey}

CreatePresignedNotebookInstanceUrl 授予权限以创建一个您可用来从您的浏览器连接到笔记本实例的 URL Write

notebook-instance*

aws:ResourceTag/${TagKey}

CreateProcessingJob 授予权限以启动处理运行。处理完成后,Amazon SageMaker 将生成的构件和其他可选输出保存到您指定的 Amazon S3 位置 Write

processing-job*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:MaxRuntimeInSeconds

sagemaker:NetworkIsolation

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

sagemaker:InterContainerTrafficEncryption

CreateProject 授予权限以创建项目 Write

project*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateSharedModel [仅权限] 授予权限以在 SageMaker Studio 应用程序中创建共享模型 Write

shared-model*

CreateSpace 授予权限以为 SageMaker 域创建 Space Write

space*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:ImageArns

sagemaker:ImageVersionArns

CreateStudioLifecycleConfig 授予权限以创建可以使用 Amazon SageMaker 部署的 Studio 生命周期配置 Write

studio-lifecycle-config*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateTrainingJob 授予权限以启动模型训练作业。训练完成后,Amazon SageMaker 将生成的模型构件和其他可选输出保存到您指定的 Amazon S3 位置 Write

training-job*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:FileSystemAccessMode

sagemaker:FileSystemDirectoryPath

sagemaker:FileSystemId

sagemaker:FileSystemType

sagemaker:InstanceTypes

sagemaker:InterContainerTrafficEncryption

sagemaker:MaxRuntimeInSeconds

sagemaker:NetworkIsolation

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

sagemaker:KeepAlivePeriod

CreateTransformJob 授予权限以启动转换作业。在获取结果后,Amazon SageMaker 将其保存到您指定的 Amazon S3 位置中 Write

transform-job*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:ModelArn

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

CreateTrial 授予权限以创建试用 Write

experiment*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

experiment-trial*

aws:ResourceTag/${TagKey}

aws:RequestTag/${TagKey}

aws:TagKeys

CreateTrialComponent 授予权限以创建试用组件 Write

experiment-trial-component*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateUserProfile 授予权限以为 SageMaker 域创建 UserProfile Write

user-profile*

aws:ResourceTag/${TagKey}

iam:PassRole

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:VpcSecurityGroupIds

sagemaker:InstanceTypes

sagemaker:DomainSharingOutputKmsKey

sagemaker:ImageArns

sagemaker:ImageVersionArns

CreateWorkforce 授予权限以创建人力 Write

workforce*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

CreateWorkteam 授予权限以创建工作组 Write

workteam*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

aws:RequestTag/${TagKey}

aws:TagKeys

DeleteAction 授予权限以删除操作 Write

action*

aws:ResourceTag/${TagKey}

DeleteAlgorithm 授予权限以删除算法 Write

algorithm*

aws:ResourceTag/${TagKey}

DeleteApp 授予权限以删除应用程序 Write

app*

aws:ResourceTag/${TagKey}

DeleteAppImageConfig 授予删除 AppImageConfig 的权限 Write

app-image-config*

aws:ResourceTag/${TagKey}

DeleteArtifact 授予权限以删除构件 Write

artifact*

aws:ResourceTag/${TagKey}

DeleteAssociation 授予权限以删除一个世系实体(构件、上下文、操作、实验、试验-试验组件)与另一个世系实体之间的关联 Write

action*

aws:ResourceTag/${TagKey}

artifact*

aws:ResourceTag/${TagKey}

context*

aws:ResourceTag/${TagKey}

experiment*

aws:ResourceTag/${TagKey}

experiment-trial-component*

aws:ResourceTag/${TagKey}

DeleteCodeRepository 授予权限以删除 CodeRepository Write

code-repository*

aws:ResourceTag/${TagKey}

DeleteContext 授予权限以删除上下文 Write

context*

aws:ResourceTag/${TagKey}

DeleteDataQualityJobDefinition 授予权限以删除使用 CreateDataQualityJobDefinition API 创建的数据质量任务定义 Write

data-quality-job-definition*

aws:ResourceTag/${TagKey}

DeleteDeviceFleet 授予删除设备队列的权限 Write

device-fleet*

aws:ResourceTag/${TagKey}

DeleteDomain 授予权限以删除域 Write

domain*

aws:ResourceTag/${TagKey}

DeleteEdgeDeploymentPlan 授予删除边缘部署计划的权限 Write

edge-deployment-plan*

aws:ResourceTag/${TagKey}

DeleteEdgeDeploymentStage 授予删除边缘部署阶段的权限 Write

edge-deployment-plan*

aws:ResourceTag/${TagKey}

DeleteEndpoint 授予权限以删除终端节点。Amazon SageMaker 释放在创建终端节点时部署的所有资源 Write

endpoint*

aws:ResourceTag/${TagKey}

DeleteEndpointConfig 授予权限以删除使用 CreateEndpointConfig API 创建的终端节点配置 DeleteEndpointConfig API 只删除指定的配置。它不删除使用此配置创建的任何终端节点 Write

endpoint-config*

aws:ResourceTag/${TagKey}

DeleteExperiment 授予权限以删除实验 Write

experiment*

aws:ResourceTag/${TagKey}

DeleteFeatureGroup 授予权限以删除功能组 Write

feature-group*

aws:ResourceTag/${TagKey}

aws:RequestTag/${TagKey}

DeleteFlowDefinition 授予权限以删除指定的流定义 Write

flow-definition*

aws:ResourceTag/${TagKey}

DeleteHub 授予权限以删除中心 Write

hub*

aws:ResourceTag/${TagKey}

DeleteHubContent 授予权限以删除中心内容 Write

hub*

aws:ResourceTag/${TagKey}

hub-content*

aws:ResourceTag/${TagKey}

DeleteHumanLoop 授予权限以删除指定的人工循环 Write

human-loop*

DeleteHumanTaskUi 授予权限以删除指定的人工任务用户界面(工作人员任务模板) Write

human-task-ui*

aws:ResourceTag/${TagKey}

DeleteImage 授予权限以删除 SageMaker 映像 Write

image*

aws:ResourceTag/${TagKey}

DeleteImageVersion 授予权限以删除 SageMaker ImageVersion Write

image-version*

DeleteInferenceExperiment 授予权限以删除推理实验 Write

inference-experiment*

aws:ResourceTag/${TagKey}

DeleteLineageGroupPolicy 授予权限以删除谱系组策略 Write
DeleteModel 授予权限以删除使用 CreateModel API 创建的模型。DeleteModel API 仅删除 Amazon SageMaker 中您通过调用 CreateModel API 创建的模型条目。它不会删除模型构件、推理代码或在创建模型时指定的 IAM 角色 Write

model*

aws:ResourceTag/${TagKey}

DeleteModelBiasJobDefinition 授予权限以删除使用 CreateModelBiasJobDefinition API 创建的模型偏差任务定义 Write

model-bias-job-definition*

aws:ResourceTag/${TagKey}

DeleteModelCard 授予权限以删除模型卡 Write

model-card*

aws:ResourceTag/${TagKey}

DeleteModelExplainabilityJobDefinition 授予权限以删除使用 CreateModelExplainabilityJobDefinition API 创建的模型可解释性任务定义 Write

model-explainability-job-definition*

aws:ResourceTag/${TagKey}

DeleteModelPackage 授予权限以删除 ModelPackage Write

model-package*

aws:ResourceTag/${TagKey}

DeleteModelPackageGroup 授予权限以删除 ModelPackageGroup Write

model-package-group*

aws:ResourceTag/${TagKey}

DeleteModelPackageGroupPolicy 授予权限以删除 ModelPackageGroup 策略 Write

model-package-group*

aws:ResourceTag/${TagKey}

DeleteModelQualityJobDefinition 授予权限以删除使用 CreateModelQualityJobDefinition API 创建的模型质量任务定义 Write

model-quality-job-definition*

aws:ResourceTag/${TagKey}

DeleteMonitoringSchedule 授予权限以删除监控计划 Write

monitoring-schedule*

aws:ResourceTag/${TagKey}

DeleteNotebookInstance 授予权限以删除 Amazon SageMaker 笔记本实例。在可以删除笔记本实例之前,您必须调用 StopNotebookInstance API Write

notebook-instance*

aws:ResourceTag/${TagKey}

DeleteNotebookInstanceLifecycleConfig 授予权限以删除笔记本实例生命周期配置 Write

notebook-instance-lifecycle-config*

DeletePipeline 授予权限以删除管道 Write

pipeline*

aws:ResourceTag/${TagKey}

DeleteProject 授予权限以删除项目 Write

project*

aws:ResourceTag/${TagKey}

DeleteRecord 授予权限以从功能组中删除记录 Write

feature-group*

DeleteSpace 授予权限以删除 Space Write

space*

aws:ResourceTag/${TagKey}

DeleteStudioLifecycleConfig 授予权限以删除 Studio 生命周期配置 Write

studio-lifecycle-config*

aws:ResourceTag/${TagKey}

DeleteTags 授予权限以从 Amazon SageMaker 资源删除指定标签集 Tagging

action

aws:ResourceTag/${TagKey}

algorithm

aws:ResourceTag/${TagKey}

app

aws:ResourceTag/${TagKey}

app-image-config

aws:ResourceTag/${TagKey}

artifact

aws:ResourceTag/${TagKey}

automl-job

aws:ResourceTag/${TagKey}

code-repository

aws:ResourceTag/${TagKey}

compilation-job

aws:ResourceTag/${TagKey}

context

aws:ResourceTag/${TagKey}

data-quality-job-definition

aws:ResourceTag/${TagKey}

device

aws:ResourceTag/${TagKey}

device-fleet

aws:ResourceTag/${TagKey}

domain

aws:ResourceTag/${TagKey}

edge-deployment-plan

aws:ResourceTag/${TagKey}

edge-packaging-job

aws:ResourceTag/${TagKey}

endpoint

aws:ResourceTag/${TagKey}

endpoint-config

aws:ResourceTag/${TagKey}

experiment

aws:ResourceTag/${TagKey}

experiment-trial

aws:ResourceTag/${TagKey}

experiment-trial-component

aws:ResourceTag/${TagKey}

feature-group

aws:ResourceTag/${TagKey}

flow-definition

aws:ResourceTag/${TagKey}

human-task-ui

aws:ResourceTag/${TagKey}

hyper-parameter-tuning-job

aws:ResourceTag/${TagKey}

image

aws:ResourceTag/${TagKey}

inference-recommendations-job

aws:ResourceTag/${TagKey}

labeling-job

aws:ResourceTag/${TagKey}

model

aws:ResourceTag/${TagKey}

model-bias-job-definition

aws:ResourceTag/${TagKey}

model-card

aws:ResourceTag/${TagKey}

model-explainability-job-definition

aws:ResourceTag/${TagKey}

model-package

aws:ResourceTag/${TagKey}

model-package-group

aws:ResourceTag/${TagKey}

model-quality-job-definition

aws:ResourceTag/${TagKey}

monitoring-schedule

aws:ResourceTag/${TagKey}

notebook-instance

aws:ResourceTag/${TagKey}

pipeline

aws:ResourceTag/${TagKey}

processing-job

aws:ResourceTag/${TagKey}

project

aws:ResourceTag/${TagKey}

studio-lifecycle-config

aws:ResourceTag/${TagKey}

training-job

aws:ResourceTag/${TagKey}

transform-job

aws:ResourceTag/${TagKey}

user-profile

aws:ResourceTag/${TagKey}

workteam

aws:ResourceTag/${TagKey}

aws:TagKeys

DeleteTrial 授予权限以删除试用 Write

experiment-trial*

aws:ResourceTag/${TagKey}

DeleteTrialComponent 授予权限以删除试用组件 Write

experiment-trial-component*

aws:ResourceTag/${TagKey}

DeleteUserProfile 授予权限以删除 UserProfile Write

user-profile*

aws:ResourceTag/${TagKey}

DeleteWorkforce 授予权限以删除人力 Write

workforce*

aws:ResourceTag/${TagKey}

DeleteWorkteam 授予权限以删除工作组 Write

workteam*

aws:ResourceTag/${TagKey}

DeregisterDevices 授予注销一组设备的权限 Write

device*

aws:ResourceTag/${TagKey}

DescribeAction 授予权限以获取有关操作的信息 Read

action*

aws:ResourceTag/${TagKey}

DescribeAlgorithm 授予描述算法的权限 Read

algorithm*

aws:ResourceTag/${TagKey}

DescribeApp 授予权限以描述应用程序 Read

app*

aws:ResourceTag/${TagKey}

DescribeAppImageConfig 授予描述 AppImageConfig 的权限 Read

app-image-config*

aws:ResourceTag/${TagKey}

DescribeArtifact 授予权限以获取有关构件的信息 Read

artifact*

aws:ResourceTag/${TagKey}

DescribeAutoMLJob 授权权限,以描述通过 CreateAutoMLJob API 创建的 AutoML 任务 Read

automl-job*

aws:ResourceTag/${TagKey}

DescribeAutoMLJobV2 授予权限以描述通过 CreateAutoMLJobV2 API 创建的 AutoML 任务 Read

automl-job*

aws:ResourceTag/${TagKey}

DescribeCodeRepository 授予权限以描述 CodeRepository Read

code-repository*

aws:ResourceTag/${TagKey}

DescribeCompilationJob 授予权限以返回有关编译作业的信息 Read

compilation-job*

aws:ResourceTag/${TagKey}

DescribeContext 授予权限以获取有关上下文的信息 Read

context*

aws:ResourceTag/${TagKey}

DescribeDataQualityJobDefinition 授予权限以返回有关数据质量作业定义的信息 Read

data-quality-job-definition*

aws:ResourceTag/${TagKey}

DescribeDevice 授予访问设备相关信息的权限 Read

device*

aws:ResourceTag/${TagKey}

DescribeDeviceFleet 授予访问设备队列相关信息的权限 Read

device-fleet*

aws:ResourceTag/${TagKey}

DescribeDomain 授予权限以描述域 Read

domain*

aws:ResourceTag/${TagKey}

DescribeEdgeDeploymentPlan 授予访问边缘部署计划相关信息的权限 Read

edge-deployment-plan*

aws:ResourceTag/${TagKey}

DescribeEdgePackagingJob 授予访问边缘打包作业相关信息的权限 Read

edge-packaging-job*

aws:ResourceTag/${TagKey}

DescribeEndpoint 授予权限以返回终端节点的描述 Read

endpoint*

aws:ResourceTag/${TagKey}

DescribeEndpointConfig 授予权限以返回使用 CreateEndpointConfig API 创建的终端节点配置的描述 Read

endpoint-config*

aws:ResourceTag/${TagKey}

DescribeExperiment 授予权限以返回有关实验的信息 Read

experiment*

aws:ResourceTag/${TagKey}

DescribeFeatureGroup 授予权限以返回有关功能组的信息 Read

feature-group*

aws:ResourceTag/${TagKey}

DescribeFeatureMetadata 授予返回有关功能元数据的信息的权限 Read

feature-group*

aws:ResourceTag/${TagKey}

DescribeFlowDefinition 授予权限以返回有关指定的流定义的信息 Read

flow-definition*

aws:ResourceTag/${TagKey}

DescribeHub 授予权限以描述中心 Read

hub*

aws:ResourceTag/${TagKey}

DescribeHubContent 授予权限以描述中心内容 Read

hub*

aws:ResourceTag/${TagKey}

hub-content*

aws:ResourceTag/${TagKey}

DescribeHumanLoop 授予权限以返回有关指定的人工循环的信息 Read

human-loop*

DescribeHumanTaskUi 授予权限以返回有关指定的人工审查工作流程用户界面的详细信息 Read

human-task-ui*

aws:ResourceTag/${TagKey}

DescribeHyperParameterTuningJob 授予权限以描述通过 CreateHyperParameterTuningJob API 创建的超参数优化任务 Read

hyper-parameter-tuning-job*

aws:ResourceTag/${TagKey}

DescribeImage 授予权限以返回有关 SageMaker 映像的信息 Read

image*

aws:ResourceTag/${TagKey}

DescribeImageVersion 授予权限以返回有关 SageMaker ImageVersion 的信息 Read

image-version*

DescribeInferenceExperiment 授予权限以获取有关推理实验的信息 Read

inference-experiment*

aws:ResourceTag/${TagKey}

DescribeInferenceRecommendationsJob 授予权限以获取有关推理建议任务的信息 Read

inference-recommendations-job*

aws:ResourceTag/${TagKey}

DescribeLabelingJob 授予权限以返回有关标记作业的信息 Read

labeling-job*

aws:ResourceTag/${TagKey}

DescribeLineageGroup 授予权限以描述谱系组 Read
DescribeModel 授予权限以描述您使用 CreateModel API 创建的模型 Read

model*

aws:ResourceTag/${TagKey}

DescribeModelBiasJobDefinition 授予权限以返回有关模型偏差作业定义的信息 Read

model-bias-job-definition*

aws:ResourceTag/${TagKey}

DescribeModelCard 授予权限以获取有关模型卡的信息 Read

model-card*

aws:ResourceTag/${TagKey}

DescribeModelCardExportJob 授予权限以获取有关模型卡导出作业的信息 Read

model-card-export-job*

DescribeModelExplainabilityJobDefinition 授予权限以返回有关模型可解释性作业定义的信息 Read

model-explainability-job-definition*

aws:ResourceTag/${TagKey}

DescribeModelPackage 授予权限以描述 ModelPackage Read

model-package*

aws:ResourceTag/${TagKey}

DescribeModelPackageGroup 授予权限以描述 ModelPackageGroup Read

model-package-group*

aws:ResourceTag/${TagKey}

DescribeModelQualityJobDefinition 授予权限以返回有关模型质量作业定义的信息 Read

model-quality-job-definition*

aws:ResourceTag/${TagKey}

DescribeMonitoringSchedule 授予权限以返回有关监控计划的信息 Read

monitoring-schedule*

aws:ResourceTag/${TagKey}

DescribeNotebookInstance 授予权限以返回有关笔记本实例的信息 Read

notebook-instance*

aws:ResourceTag/${TagKey}

DescribeNotebookInstanceLifecycleConfig 授予权限以描述通过 CreateNotebookInstanceLifecycleConfig API 创建的笔记本实例生命周期配置 Read

notebook-instance-lifecycle-config*

DescribePipeline 授予权限以获取有关管道的信息 Read

pipeline*

aws:ResourceTag/${TagKey}

DescribePipelineDefinitionForExecution 授予权限以获取管道执行的管道定义 Read

pipeline-execution*

DescribePipelineExecution 授予权限以获取有关管道执行的信息 Read

pipeline-execution*

DescribeProcessingJob 授予权限以返回有关处理作业的信息 Read

processing-job*

aws:ResourceTag/${TagKey}

DescribeProject 授予权限以描述项目 Read

project*

aws:ResourceTag/${TagKey}

DescribeSharedModel [仅权限] 授予权限以描述 SageMaker Studio 应用程序中的共享模型 Read

shared-model*

DescribeSpace 授予权限以描述 Space Read

space*

aws:ResourceTag/${TagKey}

DescribeStudioLifecycleConfig 授予权限以描述 Studio 生命周期配置 Read

studio-lifecycle-config*

aws:ResourceTag/${TagKey}

DescribeSubscribedWorkteam 授予权限以返回有关订阅的工作组的信息 Read

workteam*

aws:ResourceTag/${TagKey}

DescribeTrainingJob 授予权限以返回有关训练作业的信息 Read

training-job*

aws:ResourceTag/${TagKey}

DescribeTransformJob 授予权限以返回有关转换作业的信息 Read

transform-job*

aws:ResourceTag/${TagKey}

DescribeTrial 授予权限以返回有关试用的信息 Read

experiment-trial*

aws:ResourceTag/${TagKey}

DescribeTrialComponent 授予权限以返回有关试用组件的信息 Read

experiment-trial-component*

aws:ResourceTag/${TagKey}

DescribeUserProfile 授予权限以描述 UserProfile Read

user-profile*

aws:ResourceTag/${TagKey}

DescribeWorkforce 授予权限以返回有关人力的信息 Read

workforce*

aws:ResourceTag/${TagKey}

DescribeWorkteam 授予权限以返回有关工作组的信息 Read

workteam*

aws:ResourceTag/${TagKey}

DisableSagemakerServicecatalogPortfolio 授予权限以禁用 SageMaker Service Catalog Portfolio Write
DisassociateTrialComponent 授予权限以取消试用组件与试用的关联 Write

experiment-trial*

aws:ResourceTag/${TagKey}

experiment-trial-component*

aws:ResourceTag/${TagKey}

processing-job*

aws:ResourceTag/${TagKey}

EnableSagemakerServicecatalogPortfolio 授予权限以启用 SageMaker Service Catalog Portfolio Write
GetDeployments 授予权限以获取设备的部署计划 Read

device*

GetDeviceFleetReport 授予访问设备队列中设备摘要的权限 Read

device-fleet*

GetDeviceRegistration 授予获取设备注册的权限。将模型部署到边缘设备之后,此 API 用于获取当前设备注册 Read

device*

GetLineageGroupPolicy 授予权限以检索谱系组策略 Read
GetModelPackageGroupPolicy 授予权限以获取 ModelPackageGroup 策略 Read

model-package-group*

aws:ResourceTag/${TagKey}

GetRecord 授予权限以从功能组获取记录 Read

feature-group*

GetSagemakerServicecatalogPortfolioStatus 授予权限以获取 SageMaker Service Catalog Portfolio Read
GetScalingConfigurationRecommendation 授予权限以获取扩展策略配置建议 Read

inference-recommendations-job*

aws:ResourceTag/${TagKey}

GetSearchSuggestions 授予权限以在随关键字提供时,获取搜索建议 Read
ImportHubContent 授予权限以导入中心内容 Write

hub*

aws:ResourceTag/${TagKey}

sagemaker:AddTags

hub-content*

aws:ResourceTag/${TagKey}

aws:RequestTag/${TagKey}

aws:TagKeys

InvokeEndpoint 授予权限以调用终端节点。在使用 Amazon SageMaker 托管服务将模型部署到生产阶段后,您的客户端应用程序使用此 API 从托管在指定终端节点的模型中获得推理 Read

endpoint*

sagemaker:TargetModel

InvokeEndpointAsync 授予以异步方式从指定端点的托管模型获取推断的权限 Read

endpoint*

ListActions 授予权限以列出操作 List
ListAlgorithms 授予权限以列出算法 List
ListAliases 授予权限以列出属于 SageMaker 映像或 Sagemaker ImageVersion 的别名 List

image*

aws:ResourceTag/${TagKey}

image-version*

ListAppImageConfigs 授予列出账户中 AppImageConfig 的权限 List
ListApps 授予权限以列出您账户中的应用程序 List
ListArtifacts 授予权限以列出构件 List
ListAssociations 授予权限以列出关联 List
ListAutoMLJobs 授予权限以列出 AutoML 作业 List
ListCandidatesForAutoMLJob 授予权限以列出 AutoML 作业的候选项 List
ListCodeRepositories 授予权限以列出代码存储库 List
ListCompilationJobs 授予权限以列出编译作业 List
ListContexts 授予列出上下文的权限 List
ListDataQualityJobDefinitions 授予权限以列出数据质量作业定义 List
ListDeviceFleets 授予列出设备队列的权限 List
ListDevices 授予权限以列出设备 List
ListDomains 授予权限以列出您账户中的域名 List
ListEdgeDeploymentPlans 授予列出边缘部署计划的权限 List
ListEdgePackagingJobs 授予列出边缘打包作业的权限 List
ListEndpointConfigs 授予权限以列出终端节点配置 List
ListEndpoints 授予列出终端节点的权限 List
ListExperiments 授予权限以列出实验 List
ListFeatureGroups 授予权限以列出功能组 List
ListFlowDefinitions 授予权限以返回有关流定义的摘要信息(在给定指定参数的情况下) List
ListHubContentVersions 授予权限以列出中心内容的所有版本 List

hub*

aws:ResourceTag/${TagKey}

hub-content*

ListHubContents 授予权限以列出中心内容的最新版本 List

hub*

aws:ResourceTag/${TagKey}

ListHubs 授予权限以列出中心 List
ListHumanLoops 授予权限以返回有关人工循环的摘要信息(在给定指定参数的情况下) List
ListHumanTaskUis 授予权限以返回有关人工审查工作流程用户界面的摘要信息(在给定指定参数的情况下) List
ListHyperParameterTuningJobs 授予权限以列出超参数优化作业 List
ListImageVersions 授予权限以列出属于 SageMaker 映像的 ImageVersion List

image*

aws:ResourceTag/${TagKey}

ListImages 授予权限以列出账户中 SageMaker 映像 List
ListInferenceExperiments 授予权限以列出推理实验 List
ListInferenceRecommendationsJobSteps 授予列出推理建议任务步骤的权限 List
ListInferenceRecommendationsJobs 授予列出推理建议任务的权限 List
ListLabelingJobs 授予权限以列出标记作业 List
ListLabelingJobsForWorkteam 授予权限以列出工作组的标记作业 List

workteam*

aws:ResourceTag/${TagKey}

ListLineageGroups 授予列出谱系组的权限 List
ListModelBiasJobDefinitions 授予权限以列出模型偏差作业定义 List
ListModelCardExportJobs 授予权限以列出模型卡的导出作业 List

model-card*

aws:ResourceTag/${TagKey}

ListModelCardVersions 授予权限以列出模型卡的版本 List

model-card*

aws:ResourceTag/${TagKey}

ListModelCards 授予权限以列出模型卡 List
ListModelExplainabilityJobDefinitions 授予权限以列出模型可解释性作业定义 List
ListModelMetadata 授予权限以列出推理建议任务的模型元数据 List
ListModelPackageGroups 授予权限以列出 ModelPackageGroup List
ListModelPackages 授予权限以列出 ModelPackage List

model-package

aws:ResourceTag/${TagKey}

ListModelQualityJobDefinitions 授予权限以列出模型质量作业定义 List
ListModels 授予权限以列出使用 CreateModel API 创建的模型 List
ListMonitoringAlertHistory 授予权限以列出监控警报的历史记录 List
ListMonitoringAlerts 授予权限以列出监控警报 List
ListMonitoringExecutions 授予权限以列出监控执行 List
ListMonitoringSchedules 授予权限以列出监控计划 List
ListNotebookInstanceLifecycleConfigs 授予权限以列出可以使用 Amazon SageMaker 部署的笔记本实例生命周期配置 List
ListNotebookInstances 授予权限以列出 Amazon Web Services 区域 中请求者账户中的 Amazon SageMaker 笔记本实例的列表 List
ListPipelineExecutionSteps 授予列出管道执行步骤的权限 List

pipeline-execution*

ListPipelineExecutions 授予列出管道执行的权限 List

pipeline*

aws:ResourceTag/${TagKey}

ListPipelineParametersForExecution 授予列出管道执行参数的权限 List

pipeline-execution*

ListPipelines 授予权限以列出管道 List
ListProcessingJobs 授予权限以列出处理作业 List
ListProjects 授予权限以列出项目 List
ListResourceCatalogs 授予权限以列出资源目录 List
ListSharedModelEvents [仅权限] 授予权限以列出共享模型事件 List
ListSharedModelVersions [仅权限] 授予权限以列出共享模型版本 List

shared-model*

ListSharedModels [仅权限] 授予权限以列出共享模型 List
ListSpaces 授予权限以列出账户中的 Space List
ListStageDevices 授予列出阶段设备的权限 List
ListStudioLifecycleConfigs 授予权限以列出可以使用 Amazon SageMaker 部署的 Studio 生命周期配置 List
ListSubscribedWorkteams 授予权限以列出订阅的工作组 List
ListTags 授予权限以列出与指定资源关联的标签集 List

action

aws:ResourceTag/${TagKey}

algorithm

aws:ResourceTag/${TagKey}

app

aws:ResourceTag/${TagKey}

app-image-config

aws:ResourceTag/${TagKey}

artifact

aws:ResourceTag/${TagKey}

automl-job

aws:ResourceTag/${TagKey}

code-repository

aws:ResourceTag/${TagKey}

compilation-job

aws:ResourceTag/${TagKey}

context

aws:ResourceTag/${TagKey}

data-quality-job-definition

aws:ResourceTag/${TagKey}

device

aws:ResourceTag/${TagKey}

device-fleet

aws:ResourceTag/${TagKey}

domain

aws:ResourceTag/${TagKey}

edge-deployment-plan

aws:ResourceTag/${TagKey}

edge-packaging-job

aws:ResourceTag/${TagKey}

endpoint

aws:ResourceTag/${TagKey}

endpoint-config

aws:ResourceTag/${TagKey}

experiment

aws:ResourceTag/${TagKey}

experiment-trial

aws:ResourceTag/${TagKey}

experiment-trial-component

aws:ResourceTag/${TagKey}

feature-group

aws:ResourceTag/${TagKey}

flow-definition

aws:ResourceTag/${TagKey}

human-task-ui

aws:ResourceTag/${TagKey}

hyper-parameter-tuning-job

aws:ResourceTag/${TagKey}

image

aws:ResourceTag/${TagKey}

inference-recommendations-job

aws:ResourceTag/${TagKey}

labeling-job

aws:ResourceTag/${TagKey}

model

aws:ResourceTag/${TagKey}

model-bias-job-definition

aws:ResourceTag/${TagKey}

model-card

aws:ResourceTag/${TagKey}

model-explainability-job-definition

aws:ResourceTag/${TagKey}

model-package

aws:ResourceTag/${TagKey}

model-package-group

aws:ResourceTag/${TagKey}

model-quality-job-definition

aws:ResourceTag/${TagKey}

monitoring-schedule

aws:ResourceTag/${TagKey}

notebook-instance

aws:ResourceTag/${TagKey}

pipeline

aws:ResourceTag/${TagKey}

processing-job

aws:ResourceTag/${TagKey}

project

aws:ResourceTag/${TagKey}

studio-lifecycle-config

aws:ResourceTag/${TagKey}

training-job

aws:ResourceTag/${TagKey}

transform-job

aws:ResourceTag/${TagKey}

user-profile

aws:ResourceTag/${TagKey}

workteam

aws:ResourceTag/${TagKey}

ListTrainingJobs 授予权限以列出训练作业 List
ListTrainingJobsForHyperParameterTuningJob 授予权限以列出超参数优化作业的训练作业 List

hyper-parameter-tuning-job*

aws:ResourceTag/${TagKey}

ListTransformJobs 授予权限以列出转换作业 List
ListTrialComponents 授予权限以列出试用组件 List
ListTrials 授予权限以列出试用 List
ListUserProfiles 授予权限以列出您账户中的 UserProfile List
ListWorkforces 授予权限以列出人力 List
ListWorkteams 授予权限以列出工作组 List
PutLineageGroupPolicy 授予权限以放置谱系组策略 Write
PutModelPackageGroupPolicy 授予权限以放置 ModelPackageGroup 策略 Write

model-package-group*

PutRecord 授予权限以将记录放入功能组 Write

feature-group*

QueryLineage 授予探索谱系图的权限 List
RegisterDevices 授予注册一组设备的权限 Write

device*

aws:ResourceTag/${TagKey}

aws:RequestTag/${TagKey}

aws:TagKeys

RenderUiTemplate 提供用于人工注释任务的 UI 模板 Read

iam:PassRole

RetryPipelineExecution 授予权限以重试管道执行 Write

pipeline-execution*

授予权限以搜索 SageMaker 对象 Read
SendHeartbeat 授予从设备发布检测信号数据的权限。将模型部署到边缘设备后,此 API 用于报告设备状态 Write

device*

SendPipelineExecutionStepFailure 授予权限以使待处理的回调步骤失败 Write

pipeline-execution*

SendPipelineExecutionStepSuccess 授予权限以使待处理的回调步骤取得成功 Write

pipeline-execution*

SendSharedModelEvent [仅权限] 授予权限以发送共享模型事件 Write

shared-model-event*

StartEdgeDeploymentStage 授予启动边缘部署阶段的权限 Write

edge-deployment-plan*

aws:ResourceTag/${TagKey}

StartHumanLoop 授予权限以启动人工循环 Write

flow-definition*

StartInferenceExperiment 授予权限以开始推理实验 Write

inference-experiment*

aws:ResourceTag/${TagKey}

StartMonitoringSchedule 授予权限以启动监控计划 Write

monitoring-schedule*

aws:ResourceTag/${TagKey}

StartNotebookInstance 授予权限以启动笔记本实例。这使用最新版本的库启动 EC2 实例并附加您的 EBS 卷 Write

notebook-instance*

aws:ResourceTag/${TagKey}

StartPipelineExecution 授予权限以启动管道执行 Write

pipeline*

aws:ResourceTag/${TagKey}

StopAutoMLJob 授予权限以停止运行的 AutoML 作业 Write

automl-job*

aws:ResourceTag/${TagKey}

StopCompilationJob 授予权限以停止编译作业 Write

compilation-job*

aws:ResourceTag/${TagKey}

StopEdgeDeploymentStage 授予停止边缘部署阶段的权限 Write

edge-deployment-plan*

aws:ResourceTag/${TagKey}

StopEdgePackagingJob 授予停止边缘打包作业的权限 Write

edge-packaging-job*

aws:ResourceTag/${TagKey}

StopHumanLoop 授予权限以停止指定的人工循环 Write

human-loop*

StopHyperParameterTuningJob 授予权限以停止通过 CreateHyperParameterTuningJob 创建的正在运行的超参数优化任务 Write

hyper-parameter-tuning-job*

aws:ResourceTag/${TagKey}

StopInferenceExperiment 授予权限以停止推理实验 Write

inference-experiment*

aws:ResourceTag/${TagKey}

StopInferenceRecommendationsJob 授予停止推理建议任务的权限 Write

inference-recommendations-job*

aws:ResourceTag/${TagKey}

StopLabelingJob 授予权限以停止标记作业。将在停止之前导出已生成的任何标签 Write

labeling-job*

aws:ResourceTag/${TagKey}

StopMonitoringSchedule 授予权限以停止监控计划 Write

monitoring-schedule*

aws:ResourceTag/${TagKey}

StopNotebookInstance 授予权限以停止笔记本实例。这将终止 EC2 实例。在终止实例前,Amazon SageMaker 从此实例断开 EBS 卷。Amazon SageMaker 将保留 EBS 卷 Write

notebook-instance*

aws:ResourceTag/${TagKey}

StopPipelineExecution 授予权限以停止管道执行 Write

pipeline-execution*

StopProcessingJob 授予权限以停止处理作业。要停止任务,Amazon SageMaker 向算法发送 SIGTERM 信号,这会将作业终止延迟 120 秒 Write

processing-job*

aws:ResourceTag/${TagKey}

StopTrainingJob 授予权限以停止训练作业。要停止任务,Amazon SageMaker 向算法发送 SIGTERM 信号,这会将作业终止延迟 120 秒 Write

training-job*

aws:ResourceTag/${TagKey}

StopTransformJob 授予权限以停止转换作业。在 Amazon SageMaker 收到 StopTransformJob 请求时,任务状态将变为 Stopping。在 Amazon SageMaker 停止作业后,状态将设置为 Stopped Write

transform-job*

aws:ResourceTag/${TagKey}

UpdateAction 授予权限以更新操作 Write

action*

aws:ResourceTag/${TagKey}

UpdateAppImageConfig 授予更新 AppImageConfig 的权限 Write

app-image-config*

aws:ResourceTag/${TagKey}

UpdateArtifact 授予权限以更新构件 Write

artifact*

aws:ResourceTag/${TagKey}

UpdateCodeRepository 授予权限以更新 CodeRepository Write

code-repository*

aws:ResourceTag/${TagKey}

UpdateContext 授予权限以更新上下文 Write

context*

aws:ResourceTag/${TagKey}

UpdateDeviceFleet 授予更新设备队列的权限 Write

device-fleet*

aws:ResourceTag/${TagKey}

UpdateDevices 授予更新一组设备的权限 Write

device*

aws:ResourceTag/${TagKey}

UpdateDomain 授予权限以更新域 Write

domain*

aws:ResourceTag/${TagKey}

sagemaker:VpcSecurityGroupIds

sagemaker:InstanceTypes

sagemaker:DomainSharingOutputKmsKey

sagemaker:ImageArns

sagemaker:ImageVersionArns

UpdateEndpoint 授予权限以更新终端节点以使用在请求中指定的终端节点配置 Write

endpoint*

aws:ResourceTag/${TagKey}

UpdateEndpointWeightsAndCapacities 授予权限以更新变体权重、容量或与终端节点关联的这一个或多个变体 Write

endpoint*

aws:ResourceTag/${TagKey}

UpdateExperiment 授予权限以更新实验 Write

experiment*

aws:ResourceTag/${TagKey}

UpdateFeatureGroup 授予更新功能组的权限 Write

feature-group*

aws:ResourceTag/${TagKey}

UpdateFeatureMetadata 授予更新功能元数据的权限 Write

feature-group*

aws:ResourceTag/${TagKey}

UpdateHub 授予权限以更新中心 Write

hub*

aws:ResourceTag/${TagKey}

UpdateImage 授予权限以更新 SageMaker 映像的属性 Write

image*

aws:ResourceTag/${TagKey}

iam:PassRole

UpdateImageVersion 授予权限以更新 SageMaker ImageVersion 的属性 Write

image-version*

UpdateInferenceExperiment 授予权限以更新推理实验 Write

inference-experiment*

aws:ResourceTag/${TagKey}

UpdateModelCard 授予权限以更新模型卡 Write

model-card*

aws:ResourceTag/${TagKey}

UpdateModelPackage 授予权限以更新 ModelPackage Write

model-package*

aws:ResourceTag/${TagKey}

sagemaker:ModelApprovalStatus

sagemaker:CustomerMetadataProperties/${MetadataKey}

sagemaker:CustomerMetadataPropertiesToRemove

UpdateMonitoringAlert 授予权限以更新监控警报 Write

monitoring-schedule*

aws:ResourceTag/${TagKey}

monitoring-schedule-alert*

UpdateMonitoringSchedule 授予权限以更新监控计划 Write

monitoring-schedule*

aws:ResourceTag/${TagKey}

iam:PassRole

aws:RequestTag/${TagKey}

aws:TagKeys

sagemaker:InstanceTypes

sagemaker:MaxRuntimeInSeconds

sagemaker:NetworkIsolation

sagemaker:OutputKmsKey

sagemaker:VolumeKmsKey

sagemaker:VpcSecurityGroupIds

sagemaker:VpcSubnets

sagemaker:InterContainerTrafficEncryption

UpdateNotebookInstance 授予权限以更新笔记本实例。笔记本实例更新包括升级或降级用于笔记本实例的 EC2 实例以纳入工作负载要求的变化 Write

notebook-instance*

aws:ResourceTag/${TagKey}

sagemaker:AcceleratorTypes

sagemaker:InstanceTypes

sagemaker:MinimumInstanceMetadataServiceVersion

sagemaker:RootAccess

UpdateNotebookInstanceLifecycleConfig 授予权限以更新使用 CreateNotebookInstanceLifecycleConfig API 创建的笔记本实例生命周期配置 Write

notebook-instance-lifecycle-config*

UpdatePipeline 授予权限以更新管道 Write

pipeline*

aws:ResourceTag/${TagKey}

iam:PassRole

UpdatePipelineExecution 授予权限以更新管道执行 Write

pipeline-execution*

UpdateProject 授予权限以更新项目 Write

project*

aws:ResourceTag/${TagKey}

aws:RequestTag/${TagKey}

aws:TagKeys

UpdateSharedModel [仅权限] 授予权限以更新共享模型 Write

shared-model*

UpdateSpace 授予权限以更新 Space Write

space*

aws:ResourceTag/${TagKey}

sagemaker:InstanceTypes

sagemaker:ImageArns

sagemaker:ImageVersionArns

UpdateTrainingJob 授予权限以更新训练作业 Write

training-job*

aws:ResourceTag/${TagKey}

sagemaker:InstanceTypes

sagemaker:KeepAlivePeriod

UpdateTrial 授予权限以更新试用 Write

experiment-trial*

aws:ResourceTag/${TagKey}

UpdateTrialComponent 授予权限以更新试用组件 Write

experiment-trial-component*

aws:ResourceTag/${TagKey}

UpdateUserProfile 授予权限以更新 UserProfile Write

user-profile*

aws:ResourceTag/${TagKey}

sagemaker:InstanceTypes

sagemaker:VpcSecurityGroupIds

sagemaker:InstanceTypes

sagemaker:DomainSharingOutputKmsKey

sagemaker:ImageArns

sagemaker:ImageVersionArns

UpdateWorkforce 授予权限以更新人力 Write

workforce*

aws:ResourceTag/${TagKey}

UpdateWorkteam 授予权限以更新工作组 Write

workteam*

aws:ResourceTag/${TagKey}

Amazon SageMaker 定义的资源类型

以下资源类型是由该服务定义的,可以在 IAM 权限策略语句的 Resource 元素中使用这些资源类型。操作表中的每个操作指定了可以使用该操作指定的资源类型。您也可以在策略中包含条件键,从而定义资源类型。这些键显示在表的最后一列。有关下表中各列的详细信息,请参阅资源类型表

资源类型 ARN 条件键
device arn:${Partition}:sagemaker:${Region}:${Account}:device-fleet/${DeviceFleetName}/device/${DeviceName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

device-fleet arn:${Partition}:sagemaker:${Region}:${Account}:device-fleet/${DeviceFleetName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

edge-packaging-job arn:${Partition}:sagemaker:${Region}:${Account}:edge-packaging-job/${EdgePackagingJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

edge-deployment-plan arn:${Partition}:sagemaker:${Region}:${Account}:edge-deployment/${EdgeDeploymentPlanName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

human-loop arn:${Partition}:sagemaker:${Region}:${Account}:human-loop/${HumanLoopName}
flow-definition arn:${Partition}:sagemaker:${Region}:${Account}:flow-definition/${FlowDefinitionName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

human-task-ui arn:${Partition}:sagemaker:${Region}:${Account}:human-task-ui/${HumanTaskUiName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

hub arn:${Partition}:sagemaker:${Region}:${Account}:hub/${HubName}
hub-content arn:${Partition}:sagemaker:${Region}:${Account}:hub-content/${HubName}/${HubContentType}/${HubContentName}
inference-recommendations-job arn:${Partition}:sagemaker:${Region}:${Account}:inference-recommendations-job/${InferenceRecommendationsJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

inference-experiment arn:${Partition}:sagemaker:${Region}:${Account}:inference-experiment/${InferenceExperimentName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

labeling-job arn:${Partition}:sagemaker:${Region}:${Account}:labeling-job/${LabelingJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

workteam arn:${Partition}:sagemaker:${Region}:${Account}:workteam/${WorkteamName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

workforce arn:${Partition}:sagemaker:${Region}:${Account}:workforce/${WorkforceName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

domain arn:${Partition}:sagemaker:${Region}:${Account}:domain/${DomainId}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

user-profile arn:${Partition}:sagemaker:${Region}:${Account}:user-profile/${DomainId}/${UserProfileName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

space arn:${Partition}:sagemaker:${Region}:${Account}:space/${DomainId}/${SpaceName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

app arn:${Partition}:sagemaker:${Region}:${Account}:app/${DomainId}/${UserProfileName}/${AppType}/${AppName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

app-image-config arn:${Partition}:sagemaker:${Region}:${Account}:app-image-config/${AppImageConfigName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

studio-lifecycle-config arn:${Partition}:sagemaker:${Region}:${Account}:studio-lifecycle-config/${StudioLifecycleConfigName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

notebook-instance arn:${Partition}:sagemaker:${Region}:${Account}:notebook-instance/${NotebookInstanceName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

notebook-instance-lifecycle-config arn:${Partition}:sagemaker:${Region}:${Account}:notebook-instance-lifecycle-config/${NotebookInstanceLifecycleConfigName}
code-repository arn:${Partition}:sagemaker:${Region}:${Account}:code-repository/${CodeRepositoryName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

image arn:${Partition}:sagemaker:${Region}:${Account}:image/${ImageName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

image-version arn:${Partition}:sagemaker:${Region}:${Account}:image-version/${ImageName}/${Version}
algorithm arn:${Partition}:sagemaker:${Region}:${Account}:algorithm/${AlgorithmName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

training-job arn:${Partition}:sagemaker:${Region}:${Account}:training-job/${TrainingJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

processing-job arn:${Partition}:sagemaker:${Region}:${Account}:processing-job/${ProcessingJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

hyper-parameter-tuning-job arn:${Partition}:sagemaker:${Region}:${Account}:hyper-parameter-tuning-job/${HyperParameterTuningJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

project arn:${Partition}:sagemaker:${Region}:${Account}:project/${ProjectName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

model-package arn:${Partition}:sagemaker:${Region}:${Account}:model-package/${ModelPackageName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

model-package-group arn:${Partition}:sagemaker:${Region}:${Account}:model-package-group/${ModelPackageGroupName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

model arn:${Partition}:sagemaker:${Region}:${Account}:model/${ModelName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

endpoint-config arn:${Partition}:sagemaker:${Region}:${Account}:endpoint-config/${EndpointConfigName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

endpoint arn:${Partition}:sagemaker:${Region}:${Account}:endpoint/${EndpointName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

transform-job arn:${Partition}:sagemaker:${Region}:${Account}:transform-job/${TransformJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

compilation-job arn:${Partition}:sagemaker:${Region}:${Account}:compilation-job/${CompilationJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

automl-job arn:${Partition}:sagemaker:${Region}:${Account}:automl-job/${AutoMLJobJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

monitoring-schedule arn:${Partition}:sagemaker:${Region}:${Account}:monitoring-schedule/${MonitoringScheduleName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

monitoring-schedule-alert arn:${Partition}:sagemaker:${Region}:${Account}:monitoring-schedule/${MonitoringScheduleName}/alert/${MonitoringScheduleAlertName}
data-quality-job-definition arn:${Partition}:sagemaker:${Region}:${Account}:data-quality-job-definition/${DataQualityJobDefinitionName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

model-quality-job-definition arn:${Partition}:sagemaker:${Region}:${Account}:model-quality-job-definition/${ModelQualityJobDefinitionName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

model-bias-job-definition arn:${Partition}:sagemaker:${Region}:${Account}:model-bias-job-definition/${ModelBiasJobDefinitionName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

model-explainability-job-definition arn:${Partition}:sagemaker:${Region}:${Account}:model-explainability-job-definition/${ModelExplainabilityJobDefinitionName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

experiment arn:${Partition}:sagemaker:${Region}:${Account}:experiment/${ExperimentName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

experiment-trial arn:${Partition}:sagemaker:${Region}:${Account}:experiment-trial/${TrialName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

experiment-trial-component arn:${Partition}:sagemaker:${Region}:${Account}:experiment-trial-component/${TrialComponentName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

feature-group arn:${Partition}:sagemaker:${Region}:${Account}:feature-group/${FeatureGroupName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

pipeline arn:${Partition}:sagemaker:${Region}:${Account}:pipeline/${PipelineName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

pipeline-execution arn:${Partition}:sagemaker:${Region}:${Account}:pipeline/${PipelineName}/execution/${RandomString}
artifact arn:${Partition}:sagemaker:${Region}:${Account}:artifact/${HashOfArtifactSource}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

context arn:${Partition}:sagemaker:${Region}:${Account}:context/${ContextName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

action arn:${Partition}:sagemaker:${Region}:${Account}:action/${ActionName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

lineage-group arn:${Partition}:sagemaker:${Region}:${Account}:lineage-group/${LineageGroupName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

model-card arn:${Partition}:sagemaker:${Region}:${Account}:model-card/${ModelCardName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

model-card-export-job arn:${Partition}:sagemaker:${Region}:${Account}:model-card/${ModelCardName}/export-job/${ExportJobName}

aws:ResourceTag/${TagKey}

sagemaker:ResourceTag/${TagKey}

shared-model arn:${Partition}:sagemaker:${Region}:${Account}:shared-model/${SharedModelId}
shared-model-event arn:${Partition}:sagemaker:${Region}:${Account}:shared-model-event/${EventId}
sagemaker-catalog arn:${Partition}:sagemaker:${Region}:${Account}:sagemaker-catalog/${ResourceCatalogName}

Amazon SageMaker 的条件键

Amazon SageMaker 定义以下可以在 IAM policy 的 Condition 元素中使用的条件键。您可以使用这些键进一步细化应用策略语句的条件。有关下表中各列的详细信息,请参阅条件键表

要查看适用于所有服务的全局条件键,请参阅可用的全局条件键

条件键 描述 Type
aws:RequestTag/${TagKey} 按用户向 SageMaker 服务发出的请求中包含的键筛选访问 字符串
aws:ResourceTag/${TagKey} 按标签键值对筛选访问 字符串
aws:TagKeys 按与请求中的资源关联的所有标签键名称的列表筛选访问 字符串数组
sagemaker:AcceleratorTypes 按所有与请求中的资源关联的加速器类型的列表筛选访问 字符串数组
sagemaker:AppNetworkAccessType 按与请求中的资源关联的应用程序网络访问权限类型筛选访问 字符串
sagemaker:CustomerMetadataProperties/${MetadataKey} 按元数据键和值对筛选访问 字符串
sagemaker:CustomerMetadataPropertiesToRemove 按与请求中的 model-package 资源关联的元数据属性列表筛选访问 字符串数组
sagemaker:DirectInternetAccess 按与请求中的资源关联的直接 Internet 访问筛选访问 字符串
sagemaker:DomainSharingOutputKmsKey 按与请求中的资源关联的域共享输出 KMS 密钥筛选访问 ARN
sagemaker:FeatureGroupDisableGlueTableCreation 按与请求中的功能组资源关联的 DisableGlueTableCreation 标记筛选访问 Bool
sagemaker:FeatureGroupEnableOnlineStore 按与请求中的功能组关联的 EnableOnlineStore 标记筛选访问 Bool
sagemaker:FeatureGroupOfflineStoreConfig 按请求中的功能组资源中是否存在 OfflineStoreConfig 筛选访问 此访问筛选条件仅支持空条件运算符 Bool
sagemaker:FeatureGroupOfflineStoreKmsKey 按与请求中的功能组资源关联的离线存储 KMS 密钥筛选访问 ARN
sagemaker:FeatureGroupOfflineStoreS3Uri 按与请求中的功能组资源关联的离线存储 S3 URI 筛选访问 字符串
sagemaker:FeatureGroupOnlineStoreKmsKey 按与请求中的功能组资源关联的在线存储 KMS 密钥筛选访问 ARN
sagemaker:FileSystemAccessMode 按与请求中的资源关联的文件系统访问模式筛选访问 字符串
sagemaker:FileSystemDirectoryPath 按与请求中的资源关联的文件系统目录路径筛选访问 字符串
sagemaker:FileSystemId 按与请求中的资源关联的文件系统 ID 筛选访问 字符串
sagemaker:FileSystemType 按与请求中的资源关联的文件系统类型筛选访问 字符串
sagemaker:HomeEfsFileSystemKmsKey 按用户向 SageMaker 服务发出的请求中包含的键筛选访问权限 此密钥已弃用。其已被 sagemaker:VolumeKmsKey 取代 ARN
sagemaker:ImageArns 按与请求中的资源关联的所有映像 ARN 列表筛选访问 字符串数组
sagemaker:ImageVersionArns 按与请求中的资源关联的所有映像版本 ARN 列表筛选访问 字符串数组
sagemaker:InstanceTypes 按所有与请求中的资源关联的实例类型的列表筛选访问 字符串数组
sagemaker:InterContainerTrafficEncryption 按与请求中的资源关联的容器间流量加密筛选访问 Bool
sagemaker:KeepAlivePeriod 按与请求中的资源关联的保持活动期间筛选访问 数值
sagemaker:MaxRuntimeInSeconds 按与请求中的资源关联的最大运行时间(以秒为单位)筛选访问 数值
sagemaker:MinimumInstanceMetadataServiceVersion 按请求中的资源使用的最低实例元数据服务版本筛选访问 字符串
sagemaker:ModelApprovalStatus 按请求中的 model-package 的模型批准状态筛选访问权限 字符串
sagemaker:ModelArn 按与请求中的资源关联的模型 ARN 筛选访问 ARN
sagemaker:NetworkIsolation 按与请求中的资源关联的网络隔离筛选访问 Bool
sagemaker:OutputKmsKey 按与请求中的资源关联的输出 KMS 密钥筛选访问 ARN
sagemaker:ResourceTag/ 按附加到资源的标签键值对的前言字符串筛选访问 字符串
sagemaker:ResourceTag/${TagKey} 按标签键值对筛选访问 字符串
sagemaker:RootAccess 按与请求中的资源关联的根访问筛选访问 字符串
sagemaker:ServerlessMaxConcurrency 通过限制请求中用于无服务器推理的最大并发数量来筛选访问 数值
sagemaker:ServerlessMemorySize 通过限制请求中用于无服务器推理的内存大小来筛选访问 数值
sagemaker:TaggingAction 按用户可以应用标签的 API 操作筛选访问权限。使用创建可标记资源的 API 操作的名称来筛选访问权限 字符串
sagemaker:TargetModel 按与请求中的多模型终端节点关联的目标模型筛选访问 字符串
sagemaker:VolumeKmsKey 按与请求中的资源关联的卷 KMS 密钥筛选访问 ARN
sagemaker:VpcSecurityGroupIds 按与请求中的资源关联的所有 VPC 安全组 ID 的列表筛选访问 字符串数组
sagemaker:VpcSubnets 按与请求中的资源关联的所有 VPC 子网的列表筛选访问 字符串数组
sagemaker:WorkteamArn 按与请求关联的工作组 ARN 筛选访问 ARN
sagemaker:WorkteamType 按与请求关联的工作组类型筛选访问 这可以是 public-crowd、private-crowd 或 vendor-crowd 字符串