By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

no identity-based policy allows the sagemaker:InvokeEndpoint action

0

I created a Stable Diffusion XL 1.0 service from Amazon SageMaker JumpStart through CloudFormation

and with

import boto3
import json

client = boto3.client('sagemaker-runtime', 
                      region_name='ap-northeast-1',
         aws_access_key_id='...',
         aws_secret_access_key= '...')

custom_attributes = "c000b4f9-df62-4c85-a0bf-7c525f9104a4"  # An example of a trace ID.
endpoint_name = "Endpoint-Stable-Diffusion-XL-1-0-1"                                       # Your endpoint name.
content_type = 'application/json'                                    # The MIME type of the input data in the request body.
accept = 'application/json'                                                      # The desired MIME type of the inference in the response.
payload = {
  "cfg_scale": 7,
  "height": 1024,
  "width": 1024,
  "steps": 50,
  "seed": 42,
  "sampler": "K_DPMPP_2M",
  "text_prompts": [
  {
    "text": "A photograph of fresh pizza with basil and tomatoes, from a traditional oven",
    "weight": 1
  }]
}                                           # Payload for inference.
response = client.invoke_endpoint(
    EndpointName=endpoint_name, 
    CustomAttributes=custom_attributes, 
    ContentType=content_type,
    Accept=accept,
    Body=json.dumps(payload)
    )

print(response['CustomAttributes'])                         # If model receives and updates the custom_attributes header

I got ClientError: An error occurred (AccessDeniedException) when calling the InvokeEndpoint operation: User: arn:aws:iam::068811070733:user/fanbook_bot is not authorized to perform: sagemaker:InvokeEndpoint on resource: arn:aws:sagemaker:ap-northeast-1:068811070733:endpoint/endpoint-stable-diffusion-xl-1-0-1 because no identity-based policy allows the sagemaker:InvokeEndpoint action

Topics
Machine Learning & AI
Tags
Amazon SageMakerAmazon SageMaker JumpStart
Language
English
Simon
asked 8 months ago1020 views
1 Answer
0

Hi there, I understand that you’re getting an AccessDeniedException while invoking your endpoint.

It suggests that the IAM user/role, which you’re utilising to get predictions from your endpoint lacks the “sagemaker:InvokeEndpoint” permission. Please add the “sagemaker:InvokeEndpoint” to the desired IAM user/role and retry the operation.

For changing permissions for an IAM user, please refer - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html

For a list of SageMaker API Operations along with their required permissions, please refer - https://docs.aws.amazon.com/sagemaker/latest/dg/api-permissions-reference.html

If you’re still stuck, then please create a support case with the Sagemaker team.

AWS
SUPPORT ENGINEER
AWS-User-0719204
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content