By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Sagemaker endpoint fails to create: Repository does not grant ecr:GetDownloadUrlForLayer, ecr:BatchGetImage, ecr:BatchCheckLayerAvailability permission to sagemaker.amazonaws.com service principal.

0

I am getting the error in the title every time I attempt to create an an endpoint using an image in ECR. The ECR repository has the following IAM permissions applied:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Sagemaker", "Effect": "Allow", "Principal": { "Service": "sagemaker.amazonaws.com" }, "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer" ] } ] }

I have tried recreating everything multiple times, both via CLI and from the Admin UI. New repo, new endpoint config, new model, etc. I always get the same error, even though I am explicitly granting exactly those permissions to the sagemaker.amazonaws.com principle.

Topics
Machine Learning & AIContainers
Tags
Amazon SageMakerAmazon Elastic Container Registry (ECR)
Language
English
Chris
asked 5 months ago93 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content