By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Impossible to restrict access to S3 folder in Sagemaker Canvas

0

I'm creating an app where you can create an organization, invite people to join it and end up using Sagemaker Studio, and therefore Canvas. Everything works perfectly until I want users to only be able to access their organization's folder to import data and create datasets. Each organization's folder looks like this: "bucket-name/ULID" (ULID being the organization's id). As a first step, I recreate the SagemakerFullAccess policy, removing the "ListBucket" action, which lists all bucket's folders, in order to customize it. I then create a policy for my sagemaker execution role so that users only have access to their folders. I also create a policy for my users so that they can only add, get and delete objects in their folders. Here are the two policies:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Restrict access to org folder",
			"Effect": "Allow",
			"Action": "s3:ListBucket",
			"Resource": "arn:aws:s3:::my-bucket-name",
			"Condition": {
				"StringLike": {
					"s3:prefix":"${aws:PrincipalTag/org_id}/*"          // "01HPHA50JHJVJZTVMEEF2HLPQZV/*"
				}
			}
		}
	]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Restrict access to org folder",
            "Action": [
                "s3:PutObject",
                "s3:ListMultipartUploadParts",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:AbortMultipartUpload"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::my-bucket-name/${aws:PrincipalTag/org_id}/*"
        }
    ]
}

From what I've seen across lots of forums, this is the right way to restrict a user to a folder, however when I use it here, I don't have access to the folder. The error

I've tried a lot of things:

  • Change the resource to "arn:aws:s3:::my-bucket-name/ULID".
  • Change the s3 prefix to:
    • directly the ULID
    • by another folder
    • "ULID"
    • "ULID/"
    • "ULID"
    • "/ULID"
    • .... The only time there was no error was when I used "*", everything is displayed but it's not what I want. I suspect Sagemaker Canvas is not very permissive, either display everything or nothing, it's already the same with buckets listing: either everything or nothing.

If anyone could help me with this problem, I'd be grateful.

Topics
Security, Identity, & ComplianceMachine Learning & AIStorage
Tags
IAM PoliciesAmazon SageMaker Data WranglerAmazon SageMaker CanvasAmazon S3 Access Grants
Language
English
Helder
asked 2 months ago121 views
1 Answer
1

The issue you're encountering with your AWS IAM policies, specifically in the context of SageMaker Studio and Canvas, seems to be related to how AWS IAM interprets and enforces policies based on tags, such as aws:PrincipalTag. Your intention is to limit access to S3 resources based on an organization ID (org_id), which is a commendable approach for multi-tenant architectures. However, the crux of the problem lies in the application of aws:PrincipalTag within the context of SageMaker's execution model.

Understanding aws:PrincipalTag

The aws:PrincipalTag condition key in IAM policies is designed to allow or deny permissions based on tags associated with the IAM principal (an IAM user or role) making the request. This is useful for implementing fine-grained access controls based on attributes like organization ID, project ID, etc.

The Issue with SageMaker and IAM Roles

SageMaker Studio, when executing actions on AWS resources such as S3, operates under an IAM role assumed by the SageMaker service. This role is used to perform operations on behalf of the user. The critical detail here is that this role is shared across different users of the SageMaker Studio instance; it is not unique to each user.

When you define an IAM policy that uses aws:PrincipalTag to restrict access to resources based on the org_id tag, it assumes that the principal (in this case, the IAM role assumed by SageMaker) has the org_id tag that matches the intended restriction. However, since SageMaker Studio users share the same execution role, this role cannot have a unique org_id tag for each user. Consequently, the policy does not work as intended because it's evaluating the tag of the shared role, not the individual user.

profile picture
EXPERT
Osvaldo Marte
answered 2 months ago
  • Helder
    2 months ago

    Thanks for replying and I understand the error I made, however I had tried to replace the org_id tag directly with the folder name, and it still doesn't work. I know it's a very specific question, but would you know where this problem comes from ?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content