forked from aws/aws-cdk
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(stepfunctions): Downscope SageMaker permissions (aws#2991)
Previous implementation was using the `SageMakerFullAccess` managed policy, which grants extensive permissions to the SageMaker job. Instead, this commit makes it set permissions very specifically to what the requirement entities are, and only resorts to the `*` resource when the entities are provided by an input to the StepFunction.
- Loading branch information
1 parent
47bf435
commit 69c82c8
Showing
10 changed files
with
762 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.