Merge pull request #126 from JahedZ/main

dlpzx · web-flow · commit 7cfac4fb7869 · 2022-09-06T08:54:47.000+02:00
Add missing permissions to the Pivot role, that block Dataset and MLStudio features under specific conditions.
diff --git a/deploy/pivot_role/pivotRole.yaml b/deploy/pivot_role/pivotRole.yaml
@@ -331,6 +331,7 @@ Resources:
              - 'sagemaker:ListNotebookInstances'
              - 'sagemaker:ListDomains'
              - 'sagemaker:ListApps'
+             - 'sagemaker:DeleteApp'
             Resource: '*'
           - Effect: Allow
             Action:
@@ -513,6 +514,7 @@ Resources:
               - 'lakeformation:GetTableObjects'
               - 'lakeformation:UpdateTableObjects'
               - 'lakeformation:DeleteObjectsOnCancel'
+              - 'lakeformation:DescribeResource'
             Resource: '*'
           - Sid: Compute
             Effect: Allow
@@ -659,4 +661,4 @@ Outputs:
     Description: Platform Pivot Role
     Value: PivotRole
     Export:
-      Name: !Sub '${AWS::StackName}-PivotRole'
+      Name: !Sub '${AWS::StackName}-PivotRole'
