SageMakerStudioProjectUserRolePolicy - Policy Version v21

MAMIP Bot · MAMIP Bot · commit ddba34bd00e9 · 2025-11-20T17:02:46.000Z
diff --git a/policies/SageMakerStudioProjectUserRolePolicy b/policies/SageMakerStudioProjectUserRolePolicy
@@ -1,7 +1,7 @@
 {
     "PolicyVersion": {
-        "CreateDate": "2025-11-14T23:04:07Z", 
-        "VersionId": "v20", 
+        "CreateDate": "2025-11-20T14:49:11Z", 
+        "VersionId": "v21", 
         "Document": {
             "Version": "2012-10-17", 
             "Statement": [
@@ -1702,7 +1702,20 @@
                             ]
                         }
                     }, 
-                    "Sid": "KmsWithEncryptPermissions"
+                    "Sid": "KmsWithEncrypt"
+                }, 
+                {
+                    "Action": [
+                        "kms:Decrypt"
+                    ], 
+                    "Resource": "arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", 
+                    "Effect": "Allow", 
+                    "Condition": {
+                        "Null": {
+                            "kms:EncryptionContext:aws:scheduler:schedule:arn": "false"
+                        }
+                    }, 
+                    "Sid": "EBDecrypt"
                 }, 
                 {
                     "Action": [
@@ -1755,7 +1768,7 @@
                             ]
                         }
                     }, 
-                    "Sid": "KmsManagementPermissions"
+                    "Sid": "KmsManagement"
                 }, 
                 {
                     "Action": [
@@ -1805,7 +1818,7 @@
                             "aws:ResourceAccount": "${aws:PrincipalAccount}"
                         }
                     }, 
-                    "Sid": "AwsOwnedKmsManagementPermissions"
+                    "Sid": "AwsOwnedKmsManagement"
                 }, 
                 {
                     "Action": [
@@ -1818,7 +1831,7 @@
                             "aws:ResourceAccount": "${aws:PrincipalAccount}"
                         }
                     }, 
-                    "Sid": "ListKMSPermissions"
+                    "Sid": "ListKMS"
                 }, 
                 {
                     "Action": [
@@ -1847,7 +1860,7 @@
                             "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions": "true"
                         }
                     }, 
-                    "Sid": "InvokeBedrockModelPermissions"
+                    "Sid": "InvokeBedrockModel"
                 }, 
                 {
                     "Action": [

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"PolicyVersion": {`
`3`		`- "CreateDate": "2025-11-14T23:04:07Z",`
`4`		`- "VersionId": "v20",`
	`3`	`+ "CreateDate": "2025-11-20T14:49:11Z",`
	`4`	`+ "VersionId": "v21",`
`5`	`5`	`"Document": {`
`6`	`6`	`"Version": "2012-10-17",`
`7`	`7`	`"Statement": [`
`@@ -1702,7 +1702,20 @@`
`1702`	`1702`	`]`
`1703`	`1703`	`}`
`1704`	`1704`	`},`
`1705`		`- "Sid": "KmsWithEncryptPermissions"`
	`1705`	`+ "Sid": "KmsWithEncrypt"`
	`1706`	`+ },`
	`1707`	`+ {`
	`1708`	`+ "Action": [`
	`1709`	`+ "kms:Decrypt"`
	`1710`	`+ ],`
	`1711`	`+ "Resource": "arn:aws:kms:::key/${aws:PrincipalTag/KmsKeyId}",`
	`1712`	`+ "Effect": "Allow",`
	`1713`	`+ "Condition": {`
	`1714`	`+ "Null": {`
	`1715`	`+ "kms:EncryptionContext:aws:scheduler:schedule:arn": "false"`
	`1716`	`+ }`
	`1717`	`+ },`
	`1718`	`+ "Sid": "EBDecrypt"`
`1706`	`1719`	`},`
`1707`	`1720`	`{`
`1708`	`1721`	`"Action": [`
`@@ -1755,7 +1768,7 @@`
`1755`	`1768`	`]`
`1756`	`1769`	`}`
`1757`	`1770`	`},`
`1758`		`- "Sid": "KmsManagementPermissions"`
	`1771`	`+ "Sid": "KmsManagement"`
`1759`	`1772`	`},`
`1760`	`1773`	`{`
`1761`	`1774`	`"Action": [`
`@@ -1805,7 +1818,7 @@`
`1805`	`1818`	`"aws:ResourceAccount": "${aws:PrincipalAccount}"`
`1806`	`1819`	`}`
`1807`	`1820`	`},`
`1808`		`- "Sid": "AwsOwnedKmsManagementPermissions"`
	`1821`	`+ "Sid": "AwsOwnedKmsManagement"`
`1809`	`1822`	`},`
`1810`	`1823`	`{`
`1811`	`1824`	`"Action": [`
`@@ -1818,7 +1831,7 @@`
`1818`	`1831`	`"aws:ResourceAccount": "${aws:PrincipalAccount}"`
`1819`	`1832`	`}`
`1820`	`1833`	`},`
`1821`		`- "Sid": "ListKMSPermissions"`
	`1834`	`+ "Sid": "ListKMS"`
`1822`	`1835`	`},`
`1823`	`1836`	`{`
`1824`	`1837`	`"Action": [`
`@@ -1847,7 +1860,7 @@`
`1847`	`1860`	`"aws:PrincipalTag/EnableAmazonBedrockIDEPermissions": "true"`
`1848`	`1861`	`}`
`1849`	`1862`	`},`
`1850`		`- "Sid": "InvokeBedrockModelPermissions"`
	`1863`	`+ "Sid": "InvokeBedrockModel"`
`1851`	`1864`	`},`
`1852`	`1865`	`{`
`1853`	`1866`	`"Action": [`