-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[stepfunctions-tasks] SageMakerUpdateEndpoint creates wrong permissions #11594
Comments
From what I can tell from the SageMaker docs, they indicate the proper policies for At the moment, you are correct and aws-cdk/packages/@aws-cdk/aws-stepfunctions-tasks/lib/sagemaker/update-endpoint.ts Lines 62 to 79 in 054610f
I can confirm this bug, and it should only be a 1 line fix! 😸 😷 |
Any plan for fixing it or requiring someone contributing PR? |
@zxkane happy to review it if you want to submit one! it's not currently on my radar but I can pick it up if nobody's interested 😅 |
|
❓ General Issue
The Question
There appear to be some incorrect permissions generated when using the
aws_stepfunctions_tasks.SageMakerUpdateEndpoint
construct in a state machinecreated through CDK.
Specifically, the state machine role is granted a permission for
updateEndpoint
againstresource
"arn:aws:sagemaker:<REGION>:<ACCOUNT_ID>:endpoint/*"
. However, fromthe error messages in my StepFn invocation, it appears the resource target should actually
be
endpoint-config/*
:Environment
We're currently pinned at CDK core and CDK module versions 1.72, using the python bindings.
However, I checked the release notes and did not see any mention of fixes since then to this stepfn task.
The text was updated successfully, but these errors were encountered: