Unable to use SageMaker JumpStart with S3 authorization error
I'm using SageMaker Studio in an account, in VPC mode. Studio has the default SageMaker full access policy, but I'm seeing this error -
Something went wrong. please ensure that your account is authorized to read from S3.
Screenshot below -
I added full access to S3 to my role as well. Are there specific S3 permissions required for JumpStart? The domain has access to S3 through a VPC endpoint.
Solution
Adding the permissions I've set up to close this thread -
For your Studio user's execution role, set up this IAM policy as an inline policy (replace us-west-2 with your region) -
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetObject*"
],
"Resource": [
"arn:aws:s3:::jumpstart-cache-prod-us-west-2",
"arn:aws:s3:::jumpstart-cache-prod-us-west-2/*"
],
"Effect": "Allow"
}
]
}
For my case, my Studio domain was set up in VPC only mode, and the S3 VPC endpoint had a restrictive policy as well. If you do have an S3 VPC endpoint policy, add the below policy statement to your VPCe policy -
{
"Action": [
"s3:ListBucket",
"s3:GetObject*"
],
"Resource": [
"arn:aws:s3:::jumpstart-cache-prod-us-west-2",
"arn:aws:s3:::jumpstart-cache-prod-us-west-2/*"
],
"Effect": "Allow",
"Principal": "*"
}
- AWS SDK file upload to S3 via Node/Express using stream PassThrough - file is always corrupt
- How to specify a prefix when uploading to S3 using activestorage's direct upload?
- How to perform AWS S3 Multipart Copy with golang
- Amazon Web Services : Setting S3 policy to allow putObject and getObject but deny listBucket
- Amazon S3 error- A conflicting conditional operation is currently in progress against this resource.
- Can I switch to Amazon S3 later in Rails 7 after using local storage?
- How to upgrade AWS CLI to the latest version?
- getting "The bucket does not allow ACLs" Error
- Dynamically build a zip archive on AWS S3 using the Java SDK?
- OPA eval command
- What is the difference between AWS Glue ETL Job and AWS EMR?
- PostgreSQL `aws_s3` Extension: SSL Certificate Verification Failed with Self-Signed Certificate
- How can I use boto to stream a file out of Amazon S3 to Rackspace Cloudfiles?
- Downloading App update OTA from Amazon Aws s3 iOS
- Issue uploading files to S3 from Django in Docker
- pyspark overwrite silently failed to remove stale parquet files
- How to apply BucketPolicy (LifecycleConfiguration) to an existing bucket using CloudFormation template?
- Amazon S3 console: download multiple files at once
- Image from S3 bucket does not display on server
- Missing required field Principal - Amazon S3 - Bucket Policy
- Laravel + AWS S3: cURL error 60
- How to read remote video on Amazon S3 using ffmpeg
- Terragrunt string interpolation on generate block
- What to do when getting 'software.amazon.awssdk.services.s3 does not exist' error in Maven project?
- Large Multipart.File uploads directly to AWS S3
- How to allow AWS Athena access to cloudfront standard logs in s3 bucket?
- AWS Prefix Hierarchy vs Request Rate Limit: Does request to A/B/C count against A/B and A/?
- "head" command for aws s3 to view file contents
- How to implement and test retry option with S3CrtRetryConfiguration
- AWS Lifecycle transition logging