我正在尝试使用快速启动方法设置 sagemaker studio。我有 IAM 角色,并添加了
AmazonSageMakerFullAccess
。选择 VPC/子网后,我收到以下错误,
AccessDeniedException
User: arn:aws:iam::1234567:user/blahblah is not authorized to perform:
sagemaker:CreateDomain
on resource: arn:aws:sagemaker:us-east-1:2345678:domain/d-hj4oh0jk7g6v
如何解决此访问问题?
确实很麻烦。假设您的用户有权访问 IAM,请转到那里,创建新策略并附加以下权限:
1. Service: IAM. Action: CreateServiceLinkedRole
2. Service: IAM. Action: PassRole
3. Service: SageMaker. Action: CreateDomain
4. Service: SageMaker. Action: AddTags
5. Service: SageMaker. Action: CreateUserProfile
6. Service: Service Catalog. Action: ListAcceptedPortfolioShares
然后将此新策略附加到您的用户。他们应该能够在 SageMaker 上创建域。
将这些策略附加到角色
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:CreateGrant",
"kms:DescribeKey"
],
"Resource": "arn:aws:kms:region:account-id:key/kms-key-id"
},
]
尝试这个链接 https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html#sagemaker-roles-createdomain-perms,
CreateNotebookInstance API:执行角色权限
这会对你有帮助...