By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

using sourceIdentity in new Sagemaker studio instead of Sagemaker classic

0

Hi,

I am a developer who needs sourceIdentity to be propagated for use in sagemaker studio.

Originally, in sagemaker classic, I managed to follow the instructions here: https://docs.aws.amazon.com/sagemaker/latest/dg/monitor-user-access.html And I managed to extract and use source identity properly in IAM policies and trust relationships.

However, following the same instructions, when i use say Jupyterlab or Code Editor in Sagemaker studio, instead of studio classic, I can no longer access source Identity. Cloudtrail logs show that the field has disappeared. How do I enabled sourceIdenitty for Sagemaker studio new?

Topics
Machine Learning & AIAWS Well-Architected FrameworkSecurity, Identity, & Compliance
Tags
Amazon SageMakerSecurityIAM PoliciesAmazon SageMaker Studio
Language
English
lk
asked 21 days ago429 views
1 Answer
0

For SourceIdentity Propagation you can try these troubleshoots as per Sagemaker documentation:

  • Enable it at the domain level during creation or update.
  • For domain creation, use the --domain-settings ExecutionRoleIdentityConfig=USER_PROFILE_NAME parameter with AWS CLI or create-domain API.
  • For updating an existing domain, include the --domain-settings-for-update ExecutionRoleIdentityConfig=USER_PROFILE_NAME parameter. Stop all apps in the domain before updating.
  • Single-user setups via quick setup automatically enable source identity.
  • Source identity allows administrators to view user profile names in CloudTrail logs for auditing and access control.
profile picture
EXPERT
Giovanni Lauria
answered 21 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content