Skip to content

Commit 8e24da9

Browse files
author
MAMIP Bot
committed
SageMakerStudioEMRContainersSystemNamespaceRolePolicy - Policy Version v1
1 parent 3f728bd commit 8e24da9

File tree

1 file changed

+50
-0
lines changed

1 file changed

+50
-0
lines changed

policies/SageMakerStudioEMRContainersSystemNamespaceRolePolicy

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
{
2+
"PolicyVersion": {
3+
"CreateDate": "2025-10-23T18:34:06Z",
4+
"VersionId": "v1",
5+
"Document": {
6+
"Version": "2012-10-17",
7+
"Statement": [
8+
{
9+
"Action": [
10+
"sts:AssumeRole",
11+
"sts:TagSession"
12+
],
13+
"Resource": [
14+
"arn:aws:iam::*:role/datazone_emr_containers_query_engine_role_*",
15+
"arn:aws:iam::*:role/datazone_usr_role_*"
16+
],
17+
"Effect": "Allow",
18+
"Condition": {
19+
"StringEqualsIfExists": {
20+
"aws:RequestTag/AmazonDataZoneProject": "${aws:PrincipalTag/AmazonDataZoneProject}"
21+
},
22+
"StringEquals": {
23+
"aws:ResourceTag/AmazonDataZoneProject": "${aws:PrincipalTag/AmazonDataZoneProject}",
24+
"aws:CalledViaLast": "emr-containers.amazonaws.com"
25+
}
26+
},
27+
"Sid": "AssumeProjectRoles"
28+
},
29+
{
30+
"Action": [
31+
"sts:SetContext"
32+
],
33+
"Resource": [
34+
"arn:aws:iam::*:role/datazone_emr_containers_query_engine_role_*",
35+
"arn:aws:iam::*:role/datazone_usr_role_*"
36+
],
37+
"Effect": "Allow",
38+
"Condition": {
39+
"StringEquals": {
40+
"aws:ResourceTag/AmazonDataZoneProject": "${aws:PrincipalTag/AmazonDataZoneProject}",
41+
"aws:CalledViaLast": "emr-containers.amazonaws.com"
42+
}
43+
},
44+
"Sid": "SetContextProjectRoles"
45+
}
46+
]
47+
},
48+
"IsDefaultVersion": true
49+
}
50+
}

0 commit comments

Comments
 (0)