Last active
July 22, 2018 18:41
-
-
Save mvsusp/599311cb9f4ee1091065f8206c026962 to your computer and use it in GitHub Desktop.
How to create a SageMaker Execution role
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # This script creates a role named SageMakerRole | |
| # that can be used by SageMaker and has Full access to S3. | |
| ROLE_NAME=SageMakerRole | |
| # WARNING: this policy gives full S3 access to container that | |
| # is running in SageMaker. You can change this policy to a more | |
| # restrictive one, or create your own policy. | |
| POLICY=arn:aws:iam::aws:policy/AmazonS3FullAccess | |
| # Creates a AWS policy that allows the role to interact | |
| # with ANY S3 bucket | |
| cat <<EOF > /tmp/assume-role-policy-document.json | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [{ | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "sagemaker.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| }] | |
| } | |
| EOF | |
| # Creates the role | |
| aws iam create-role --role-name ${ROLE_NAME} --assume-role-policy-document file:///tmp/assume-role-policy-document.json | |
| # attaches the S3 full access policy to the role | |
| aws iam attach-role-policy --policy-arn ${POLICY} --role-name ${ROLE_NAME} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment