Skip to content
This repository was archived by the owner on Jun 15, 2023. It is now read-only.

Latest commit

 

History

History
175 lines (165 loc) · 46.7 KB

api-permissions-reference.md

File metadata and controls

175 lines (165 loc) · 46.7 KB

Amazon SageMaker API Permissions: Actions, Permissions, and Resources Reference

When you are setting up access control and writing a permissions policy that you can attach to an IAM identity (an identity-based policy), use the following table as a reference. The table lists each Amazon SageMaker API operation, the corresponding actions for which you can grant permissions to perform the action, and the AWS resource for which you can grant the permissions. You specify the actions in the policy's Action field, and you specify the resource value in the policy's Resource field.

Note
Except for the ListTags API, resource-level restrictions are not available on List- calls . Any user calling a List- API will see all resources of that type in the account.

To express conditions in your Amazon SageMaker policies, you can use AWS-wide condition keys. For a complete list of AWS-wide keys, see Available Keys in the IAM User Guide.

Use the scroll bars to see the rest of the table.

Amazon SageMaker API Operations and Required Permissions for Actions

Amazon SageMaker API Operations Required Permissions (API Actions) Resources
[ DeleteEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_DeleteEarthObservationJob.html) sagemaker-geospatial:DeleteEarthObservationJob arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
[ DeleteVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_DeleteVectorEnrichmentJob.html) sagemaker-geospatial:DeleteVectorEnrichmentJob arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
[ ExportEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ExportEarthObservationJob.html) sagemaker-geospatial:ExportEarthObservationJob arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
[ ExportVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ExportVectorEnrichmentJob.html) sagemaker-geospatial:ExportVectorEnrichmentJob arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
[ GetEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_GetEarthObservationJob.html) sagemaker-geospatial:GetEarthObservationJob arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
[ GetRasterDataCollection](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_DeleteEarthObservationJob.html) sagemaker-geospatial:GetRasterDataCollection arn:aws:sagemaker-geospatial:region:account-id:raster-data-collection/public/id
[ GetTile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_GetTile.html) sagemaker-geospatial:GetTile arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
[ GetVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_GetVectorEnrichmentJob.html) sagemaker-geospatial:GetVectorEnrichmentJob arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
[ ListEarthObservationJobs](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListEarthObservationJobs.html) sagemaker-geospatial:ListEarthObservationJobs *
[ ListRasterDataCollections](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListRasterDataCollections.html) sagemaker-geospatial:ListRasterDataCollections *
[ ListTagsForResource](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListTagsForResource.html) sagemaker-geospatial:ListTagsForResource arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
[ ListVectorEnrichmentJobs](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListVectorEnrichmentJobs.html) sagemaker-geospatial:ListVectorEnrichmentJobs *
[ SearchRasterDataCollection](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_SearchRasterDataCollection.html) sagemaker-geospatial:SearchRasterDataCollection arn:aws:sagemaker-geospatial:region:account-id:raster-data-collection/public/id
[ StartEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StartEarthObservationJob.html) sagemaker-geospatial:StartEarthObservationJob arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
[ StartVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StartVectorEnrichmentJob.html) sagemaker-geospatial:StartVectorEnrichmentJob arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
[ StopEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StopEarthObservationJob.html) sagemaker-geospatial:StopEarthObservationJob arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id
[ StopVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StopVectorEnrichmentJob.html) sagemaker-geospatial:StopVectorEnrichmentJob arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
[ TagResource](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_TagResource.html) sagemaker-geospatial:TagResource arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
[ UntagResource](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_UntagResource.html) sagemaker-geospatial:UntagResource arn:aws:sagemaker-geospatial:region:account-id:earth-observation-job/id arn:aws:sagemaker-geospatial:region:account-id:vector-enrichment-job/id
[ AddTags](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_AddTags.html) sagemaker:AddTags arn:aws:sagemaker:region:account-id:*
[ CreateApp](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateApp.html) sagemaker:CreateApp arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName
[ CreateAppImageConfig](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAppImageConfig.html) sagemaker:CreateAppImageConfig arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName
[ CreateAutoMLJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAutoMLJob.html) sagemaker:CreateAutoMLJob iam:PassRole The following permission is required only the associated ResourceConfig has a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action: kms:CreateGrant arn:aws:sagemaker:region:account-id:automl-job/autoMLJobName
[ CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html) sagemaker:CreateDomain iam:CreateServiceLinkedRole iam:PassRole Required if a KMS customer managed key is specified for KmsKeyId: elasticfilesystem:CreateFileSystem kms:CreateGrant kms:Decrypt kms:DescribeKey kms:GenerateDataKeyWithoutPlainText Required to create a domain that supports RStudio: sagemaker:CreateApp arn:aws:sagemaker:region:account-id:domain/domain-id
[ CreateEndpoint](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateEndpoint.html) sagemaker:CreateEndpoint kms:CreateGrant (required only if the associated EndPointConfig has a KmsKeyId specified) arn:aws:sagemaker:region:account-id:endpoint/endpointName arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateEndpointConfig.html sagemaker:CreateEndpointConfig arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateFlowDefinition.html sagemaker:CreateFlowDefinition iam:PassRole arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHumanTaskUi.html sagemaker:CreateHumanTaskUi arn:aws:sagemaker:region:account-id:human-task-ui/humanTaskUiName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateInferenceRecommendationsJob.html sagemaker:CreateInferenceRecommendationsJob iam:PassRole The following permissions are required only if you specify an encryption key: kms:CreateGrant kms:Decrypt kms:DescribeKey kms:GenerateDataKey arn:aws:sagemaker:region:account-id:inference-recommendations-job/inferenceRecommendationsJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateHyperParameterTuningJob.html sagemaker:CreateHyperParameterTuningJob iam:PassRole The following permission is required only if any of the associated ResourceConfig have a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action: kms:CreateGrant arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateImage.html sagemaker:CreateImage iam:PassRole arn:aws:sagemaker:region:account-id:image/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateImageVersion.html sagemaker:CreateImageVersion arn:aws:sagemaker:region:account-id:image-version/imageName/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateLabelingJob.html sagemaker:CreateLabelingJob iam:PassRole arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModel.html sagemaker:CreateModel iam:PassRole arn:aws:sagemaker:region:account-id:model/modelName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModelPackage.html sagemaker:CreateModelPackage arn:aws:sagemaker:region:account-id:model-package/modelPackageName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateModelPackageGroup.html sagemaker:CreateModelPackageGroup arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html sagemaker:CreateNotebookInstance iam:PassRole The following permissions are required only if you specify a VPC for your notebook instance: ec2:CreateNetworkInterface ec2:DescribeSecurityGroups ec2:DescribeSubnets ec2:DescribeVpcs The following permission is required only if you specify a VPC and an elastic inference accelerator for your notebook instance: ec2:DescribeVpcEndpoints The following permissions are required only if you specify an encryption key: kms:DescribeKey kms:CreateGrant The following permission is required only if you specify an AWS Secrets Manager secret to access a private Git repository: secretsmanager:GetSecretValue arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePipeline.html sagemaker:CreatePipeline iam:PassRole arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name arn:aws-partition:iam::account-id:role/role-name
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedDomainUrl.html sagemaker:CreatePresignedDomainUrl arn:aws:sagemaker:region:account-id:app/domain-id/userProfileName/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html sagemaker:CreatePresignedNotebookInstanceUrl arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateProcessingJob.html sagemaker:CreateProcessingJob iam:PassRole kms:CreateGrant (required only if the associated ProcessingResources has a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action) arn:aws:sagemaker:region:account-id:processing-job/processingJobName
[ CreateSpace](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateSpace.html) sagemaker:CreateSpace arn:aws:sagemaker:region:account-id:space/domain-id/spaceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateStudioLifecycleConfig.html sagemaker:CreateStudioLifecycleConfig arn:aws:sagemaker:region:account-id:studio-lifecycle-config/.*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html sagemaker:CreateTrainingJob iam:PassRole kms:CreateGrant (required only if the associated ResourceConfig has a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action) arn:aws:sagemaker:region:account-id:training-job/trainingJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTransformJob.html sagemaker:CreateTransformJob kms:CreateGrant (required only if the associated TransformResources has a specified VolumeKmsKeyId and the associated role does not have a policy that permits this action) arn:aws:sagemaker:region:account-id:transform-job/transformJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html sagemaker:CreateUserProfile iam:PassRole arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateWorkforce.html sagemaker:CreateWorkforce cognito-idp:DescribeUserPoolClient cognito-idp:UpdateUserPool cognito-idp:DescribeUserPool cognito-idp:UpdateUserPoolClient arn:aws:sagemaker:region:account-id:workforce/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateWorkteam.html sagemaker:CreateWorkteam cognito-idp:DescribeUserPoolClient cognito-idp:UpdateUserPool cognito-idp:DescribeUserPool cognito-idp:UpdateUserPoolClient arn:aws:sagemaker:region:account-id:workteam/private-crowd/work team name
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteApp.html sagemaker:DeleteApp arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteAppImageConfig.html sagemaker:DeleteAppImageConfig arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteDomain.html sagemaker:DeleteDomain arn:aws:sagemaker:region:account-id:domain/domainId
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteEndpoint.html sagemaker:DeleteEndpoint arn:aws:sagemaker:region:account-id:endpoint/endpointName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteEndpointConfig.html sagemaker:DeleteEndpointConfig arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteFlowDefinition.html sagemaker:DeleteFlowDefinition arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName
[DeleteHumanLoop](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_DeleteHumanLoop.html) sagemaker:DeleteHumanLoop arn:aws:sagemaker:region:account-id:human-loop/humanLoopName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteImage.html sagemaker:DeleteImage arn:aws:sagemaker:region:account-id:image/imageName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteImageVersion.html sagemaker:DeleteImageVersion arn:aws:sagemaker:region:account-id:image-version/imageName/versionNumber
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModel.html sagemaker:DeleteModel arn:aws:sagemaker:region:account-id:model/modelName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModelPackage.html sagemaker:DeleteModelPackage arn:aws:sagemaker:region:account-id:model-package/modelPackageName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModelPackageGroup.html sagemaker:DeleteModelPackageGroup arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteModelPackageGroupPolicy.html sagemaker:DeleteModelPackageGroupPolicy arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteNotebookInstance.html sagemaker:DeleteNotebookInstance The following permission is required only if you specified a VPC for your notebook instance: ec2:DeleteNetworkInterface The following permissions are required only if you specified an encryption key when you created the notebook instance: kms:DescribeKey arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeletePipeline.html sagemaker:DeletePipeline arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
[DeleteSpace](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteSpace.html) sagemaker:DeleteSpace arn:aws:sagemaker:region:account-id:space/domain-id/spaceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteTags.html sagemaker:DeleteTags arn:aws:sagemaker:region:account-id:*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteUserProfile.html sagemaker:DeleteUserProfile arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteWorkforce.html sagemaker:DeleteWorkforce arn:aws:sagemaker:region:account-id:workforce/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteWorkteam.html sagemaker:DeleteWorkteam arn:aws:sagemaker:region:account-id:workteam/private-crowd/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeApp.html sagemaker:DescribeApp arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/app-type/appName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeAppImageConfig.html sagemaker:DescribeAppImageConfig arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeDomain.html sagemaker:DescribeDomain arn:aws:sagemaker:region:account-id:domain/domainId
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeEndpoint.html sagemaker:DescribeEndpoint arn:aws:sagemaker:region:account-id:endpoint/endpointName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeEndpointConfig.html sagemaker:DescribeEndpointConfig arn:aws:sagemaker:region:account-id:endpoint-config/endpointConfigName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeFlowDefinition.html sagemaker:DescribeFlowDefinition arn:aws:sagemaker:region:account-id:flow-definition/flowDefinitionName
[DescribeHumanLoop](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_DescribeHumanLoop.html) sagemaker:DescribeHumanLoop arn:aws:sagemaker:region:account-id:human-loop/humanLoopName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeHumanTaskUi.html sagemaker:DescribeHumanTaskUi arn:aws:sagemaker:region:account-id:human-task-ui/humanTaskUiName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeHyperParameterTuningJob.html sagemaker:DescribeHyperParameterTuningJob arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeImage.html sagemaker:DescribeImage arn:aws:sagemaker:region:account-id:image/imageName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeImageVersion.html sagemaker:DescribeImageVersion arn:aws:sagemaker:region:account-id:image-version/imageName/versionNumber
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeLabelingJob.html sagemaker:DescribeLabelingJob arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeModel.html sagemaker:DescribeModel arn:aws:sagemaker:region:account-id:model/modelName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeModelPackage.html sagemaker:DescribeModelPackage arn:aws:sagemaker:region:account-id:model-package/modelPackageName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeModelPackageGroup.html sagemaker:DescribeModelPackageGroup arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeNotebookInstance.html sagemaker:DescribeNotebookInstance arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribePipeline.html sagemaker:DescribePipeline arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribePipelineDefinitionForExecution.html sagemaker:DescribePipelineDefinitionForExecution arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribePipelineExecution.html sagemaker:DescribePipelineExecution arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeProcessingJob.html sagemaker:DescribeProcessingJob arn:aws:sagemaker:region:account-id:processing-job/processingjobname
[DescribeSpace](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeSpace.html) sagemaker:DescribeSpace arn:aws:sagemaker:region:account-id:space/domain-id/spaceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeSubscribedWorkteam.html sagemaker:DescribeSubscribedWorkteam aws-marketplace:ViewSubscriptions arn:aws:sagemaker:region:account-id:workteam/vendor-crowd/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeTrainingJob.html sagemaker:DescribeTrainingJob arn:aws:sagemaker:region:account-id:training-job/trainingjobname
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeTransformJob.html sagemaker:DescribeTransformJob arn:aws:sagemaker:region:account-id:transform-job/transformjobname
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeUserProfile.html sagemaker:DescribeUserProfile arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeWorkforce.html sagemaker:DescribeWorkforce arn:aws:sagemaker:region:account-id:workforce/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeWorkteam.html sagemaker:DescribeWorkteam arn:aws:sagemaker:region:account-id:workteam/private-crowd/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_GetModelPackageGroupPolicy.html sagemaker:GetModelPackageGroupPolicy arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpoint.html sagemaker:InvokeEndpoint arn:aws:sagemaker:region:account-id:endpoint/endpointName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListAppImageConfigs.html sagemaker:ListAppImageConfigs arn:aws:sagemaker:region:account-id:app-image-config/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListApps.html sagemaker:ListApps arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListDomains.html sagemaker:ListDomains arn:aws:sagemaker:region:account-id:domain/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListEndpointConfigs.html sagemaker:ListEndpointConfigs *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListEndpoints.html sagemaker:ListEndpoints *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListFlowDefinitions.html sagemaker:ListFlowDefinitions *
[ListHumanLoops](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_ListHumanLoops.html) sagemaker:ListHumanLoops *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListHumanTaskUis.html sagemaker:ListHumanTaskUis *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListHyperParameterTuningJobs.html sagemaker:ListHyperParameterTuningJobs arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListImages.html sagemaker:ListImages *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListImageVersions.html sagemaker:ListImageVersions arn:aws:sagemaker:region:account-id:image/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListLabelingJobs.html sagemaker:ListLabelingJobs *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListLabelingJobsForWorkteam.html sagemaker:ListLabelingJobForWorkteam *
[ ListModelPackageGroups](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModelPackageGroups.html) sagemaker:ListModelPackageGroups arn:aws:sagemaker:region:account-id :model-package-group/ModelPackageGroupName
[ ListModelPackages](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModelPackages.html) sagemaker:ListModelPackages arn:aws:sagemaker:region:account-id :model-package/ModelPackageName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModels.html sagemaker:ListModels *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListNotebookInstances.html sagemaker:ListNotebookInstances *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelineExecutions.html sagemaker:ListPipelineExecutions arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelineExecutionSteps.html sagemaker:ListPipelineExecutionSteps arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelineParametersForExecution.html sagemaker:ListPipelineParametersForExecution arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListPipelines.html sagemaker:ListPipelines *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListProcessingJobs.html sagemaker:ListProcessingJobs *
[ListSpaces](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListSpaces.html) sagemaker:ListSpaces arn:aws:sagemaker:region:account-id:space/domain-id/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListSubscribedWorkteams.html sagemaker:ListSubscribedWorkteams aws-marketplace:ViewSubscriptions *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTags.html sagemaker:ListTags arn:aws:sagemaker:region:account-id:*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTrainingJobs.html sagemaker:ListTrainingJobs *
[ ListTrainingJobsForHyperParameterTuningJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTrainingJobsForHyperParameterTuningJob.html) sagemaker:ListTrainingJobsForHyperParameterTuningJob arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTransformJobs.html sagemaker:ListTransformJobs *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListUserProfiles.html sagemaker:ListUserProfiles arn:aws:sagemaker:region:account-id:user-profile/domain-id/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListWorkforces.html sagemaker:ListWorkforces *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListWorkteams.html sagemaker:ListWorkteams *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_PutModelPackageGroupPolicy.html sagemaker:PutModelPackageGroupPolicy arn:aws:sagemaker:region:account-id:model-package-group/modelPackageGroupName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_RetryPipelineExecution.html sagemaker:RetryPipelineExecution arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_SendPipelineExecutionStepFailure.html sagemaker:SendPipelineExecutionStepFailure *
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_SendPipelineExecutionStepSuccess.html sagemaker:SendPipelineExecutionStepSuccess *
[StartHumanLoop](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_StartHumanLoop.html) sagemaker:StartHumanLoop arn:aws:sagemaker:region:account-id:human-loop/humanLoopName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StartNotebookInstance.html sagemaker:StartNotebookInstance iam:PassRole The following permissions are required only if you specified a VPC when you created your notebook instance: ec2:CreateNetworkInterface ec2:DescribeNetworkInterfaces ec2:DescribeSecurityGroups ec2:DescribeSubnets ec2:DescribeVpcs The following permission is required only if you specify a VPC and an elastic inference accelerator for your notebook instance: ec2:DescribeVpcEndpoints The following permissions are required only if you specified an encryption key when you created the notebook instance: kms:DescribeKey kms:CreateGrant The following permission is required only if you specified an AWS Secrets Manager secret to access a private Git repository when you created the notebook instance: secretsmanager:GetSecretValue arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StartPipelineExecution.html sagemaker:StartPipelineExecution arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name
[StopHumanLoop](https://docs.aws.amazon.com/augmented-ai/2019-11-07/APIReference/API_StopHumanLoop.html) sagemaker:StopHumanLoop arn:aws:sagemaker:region:account-id:human-loop/humanLoopName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopHyperParameterTuningJob.html sagemaker:StopHyperParameterTuningJob arn:aws:sagemaker:region:account-id:hyper-parameter-tuning-job/hyperParameterTuningJob
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopLabelingJob.html sagemaker:StopLabelingJob arn:aws:sagemaker:region:account-id:labeling-job/labelingJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopNotebookInstance.html sagemaker:StopNotebookInstance arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopPipelineExecution.html sagemaker:StopPipelineExecution arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopProcessingJob.html sagemaker:StopProcessingJob arn:aws:sagemaker:region:account-id:processing-job/processingJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopTrainingJob.html sagemaker:StopTrainingJob arn:aws:sagemaker:region:account-id:training-job/trainingJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopTransformJob.html sagemaker:StopTransformJob arn:aws:sagemaker:region:account-id:transform-job/transformJobName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateAppImageConfig.html sagemaker:UpdateAppImageConfig arn:aws:sagemaker:region:account-id:app-image-config/appImageConfigName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateDomain.html sagemaker:UpdateDomain arn:aws:sagemaker:region:account-id:domain/domainId
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateEndpoint.html sagemaker:UpdateEndpoint arn:aws:sagemaker:region:account-id:endpoint/endpointName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateEndpointWeightsAndCapacities.html sagemaker:UpdateEndpointWeightsAndCapacities arn:aws:sagemaker:region:account-id:endpoint/endpointName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateImage.html sagemaker:UpdateImage iam:PassRole arn:aws:sagemaker:region:account-id:image/imageName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateModelPackage.html sagemaker:UpdateModelPackage arn:aws:sagemaker:region:account-id:model-package/modelPackageName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html sagemaker:UpdateNotebookInstance iam:PassRole arn:aws:sagemaker:region:account-id:notebook-instance/notebookInstanceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdatePipeline.html sagemaker:UpdatePipeline iam:PassRole arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name arn:aws-partition:iam::account-id:role/role-name
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdatePipelineExecution.html sagemaker:UpdatePipelineExecution arn:aws-partition:sagemaker:region:account-id:pipeline/pipeline-name/execution/execution-id
[UpdateSpace](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateSpace.html) sagemaker:UpdateSpace arn:aws:sagemaker:region:account-id:space/domain-id/spaceName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateUserProfile.html sagemaker:UpdateUserProfile arn:aws:sagemaker:region:account-id:user-profile/domain-id/userProfileName
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateWorkforce.html sagemaker:UpdateWorkforce arn:aws:sagemaker:region:account-id:workforce/*
https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateWorkteam.html sagemaker:UpdateWorkteam arn:aws:sagemaker:region:account-id:workteam/private-crowd/*