gpt4 book ai didi

amazon-web-services - 如何将 sagemaker createApp 添加到用户配置文件执行角色?

转载 作者:行者123 更新时间:2023-12-05 04:28:46 25 4
gpt4 key购买 nike

我使用 terraform 创建了一个 aws sagemaker 用户配置文件。我尝试从用户配置文件启动 sagemaker studio 但遇到了这个错误:SageMaker is unable to use your associated ExecutionRole [arn:aws:iam::xxxxxxxxxxxx:role/sagemaker-workshop-data-ml] to create app. Verify that your associated ExecutionRole has permission for 'sagemaker:CreateApp' .该角色附加了 sagemaker 完全访问策略,但该策略没有 createApp 权限,这很奇怪。是否有任何策略可以附加到具有 sagemaker createApp 权限的角色,或者我是否需要通过 Terraform 将策略附加到角色?

最佳答案

确保您的执行角色没有任何权限边界。默认情况下,SageMakerFullAccess 策略允许创建应用程序权限 - 请参阅此声明 -

       {
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:DescribeDomain",
"sagemaker:ListDomains",
"sagemaker:DescribeUserProfile",
"sagemaker:ListUserProfiles",
"sagemaker:*App",
"sagemaker:ListApps"
],
"Resource": "*"
},

您可以添加如下内联策略以确保您的角色有权创建应用程序 -

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowCreateApp",
"Effect": "Allow",
"Action": "sagemaker:CreateApp",
"Resource": "*"
}
]
}

关于amazon-web-services - 如何将 sagemaker createApp 添加到用户配置文件执行角色?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72534515/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com