SageMakerStudioProjectProvisioningRolePolicy - Policy Version v23

MAMIP Bot · MAMIP Bot · commit 2695e7270754 · 2025-11-12T01:02:03.000Z
diff --git a/policies/SageMakerStudioProjectProvisioningRolePolicy b/policies/SageMakerStudioProjectProvisioningRolePolicy
@@ -1,7 +1,7 @@
 {
     "PolicyVersion": {
-        "CreateDate": "2025-10-30T22:19:07Z", 
-        "VersionId": "v22", 
+        "CreateDate": "2025-11-11T23:04:09Z", 
+        "VersionId": "v23", 
         "Document": {
             "Version": "2012-10-17", 
             "Statement": [
@@ -291,7 +291,6 @@
                             "iam:PolicyARN": [
                                 "arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePolicy", 
                                 "arn:aws:iam::aws:policy/SageMakerStudioProjectRoleMachineLearningPolicy", 
-                                "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRContainersQueryEngineRolePolicy", 
                                 "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRContainersSystemNamespaceRolePolicy", 
                                 "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRServiceRolePolicy", 
                                 "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRInstanceRolePolicy", 
@@ -476,7 +475,8 @@
                     ], 
                     "Resource": [
                         "arn:aws:iam::*:role/datazone_emr_service_role_*", 
-                        "arn:aws:iam::*:role/datazone_emr_ec2_instance_role_*"
+                        "arn:aws:iam::*:role/datazone_emr_ec2_instance_role_*", 
+                        "arn:aws:iam::*:role/datazone_emr_containers_system_namespace_role_*"
                     ], 
                     "Effect": "Allow", 
                     "Condition": {
@@ -1767,7 +1767,8 @@
                         "arn:aws:iam::*:role/aws-service-role/sagemaker.amazonaws.com/AWSServiceRoleForAmazonSageMakerNotebooks", 
                         "arn:aws:iam::*:role/aws-service-role/ops.emr-serverless.amazonaws.com/AWSServiceRoleForAmazonEMRServerless", 
                         "arn:aws:iam::*:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA", 
-                        "arn:aws:iam::*:role/aws-service-role/elasticmapreduce.amazonaws.com/AWSServiceRoleForEMRCleanup"
+                        "arn:aws:iam::*:role/aws-service-role/elasticmapreduce.amazonaws.com/AWSServiceRoleForEMRCleanup", 
+                        "arn:aws:iam::*:role/aws-service-role/emr-containers.amazonaws.com/AWSServiceRoleForAmazonEMRContainers"
                     ], 
                     "Effect": "Allow", 
                     "Sid": "CreateSLR"
@@ -1931,7 +1932,6 @@
                 }, 
                 {
                     "Action": [
-                        "sagemaker:CreateDomain", 
                         "sagemaker:AddTags"
                     ], 
                     "Resource": [
@@ -3027,6 +3027,8 @@
                         "emr-containers:DeleteSecurityConfiguration", 
                         "emr-containers:DeleteVirtualCluster", 
                         "emr-containers:DescribeSecurityConfiguration", 
+                        "emr-containers:DescribeVirtualCluster", 
+                        "emr-containers:DescribeManagedEndpoint", 
                         "emr-containers:TagResource"
                     ], 
                     "Resource": "*", 
