S3UploadFailedError does Not get Classified as botocore.exceptions.ClientError when Client has Bad Permissions #2582
Description
Describe the bug
When calling sagemaker.model.FrameworkModel.deploy method, I have found that when a client does not have IAM permissions to perform CreateMultipartUpload on the model artifact bucket (i.e. sagemaker-{REGION}-{ACCOUNT_ID}), the resulting error does not get classified as botocore.exceptions.ClientError. Instead, this gets reported as a S3UploadFailedError. This is the error message, with the error type being S3UploadFailedError:
Failed to upload /tmp/tmp7kz5p8ja/temp-model.tar.gz to sagemaker-us-east-1-******/******/model.tar.gz: An error occurred (AccessDenied) when calling the CreateMultipartUpload operation: Access Denied"
To reproduce
Invoke the sagemaker.model.FrameworkModel.deploy method and make sure that the IAM execution role does not have CreateMultipartUpload permission on buckets in their account.
Expected behavior
This kind of error should result in a botocore.exceptions.ClientError
Screenshots or logs
Failed to upload /tmp/tmp7kz5p8ja/temp-model.tar.gz to sagemaker-us-east-1-******/******/model.tar.gz: An error occurred (AccessDenied) when calling the CreateMultipartUpload operation: Access Denied"
System information
A description of your system. Please provide:
- SageMaker Python SDK version:
sagemaker==2.39.1
botocore==1.19.49
boto3==1.16.49 - Framework name (eg. PyTorch) or algorithm (eg. KMeans): Tensorflow
- Framework version:
- Python version:
- CPU or GPU:
- Custom Docker image (Y/N):
Additional context
This error is coming from an internal AWS service.