SageMaker GroundTruth で UpdateWorkforce で許可する workforce に対するIPアドレスレンジを指定したい場合は、IAMポリシーで sagemaker:UpdateWorkforce を付与すればよい。逆に権限を与えたくない場合は sagemaker:UpdateWorkforce を付与しなければよい。
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "sagemaker:UpdateWorkforce" ], "Resource": "*" } ] }
- あるとき
$ aws sagemaker update-workforce --workforce-name default { "Workforce": { "WorkforceName": "default", "SourceIpConfig": { "Cidrs": [] }, "WorkforceArn": "arn:aws:sagemaker:ap-northeast-1:123456789012:workforce/default" } }
- ないとき
$ aws sagemaker update-workforce --workforce-name default An error occurred (AccessDeniedException) when calling the UpdateWorkforce operation: User: arn:aws:sts::123456789012:assumed-role/EC2Role/i-0fb4f8428c110ddbc is not authorized to perform: sagemaker:UpdateWorkforce on resource: arn:aws:sagemaker:ap-northeast-1:123456789012:workforce/default