Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

5.3.1. IAM Roles, Policies, and Least Privilege Access

💡 First Principle: In AWS, nothing has permission to do anything by default. Every action—starting a training job, reading from S3, deploying an endpoint—requires explicit permission through IAM. The principle of least privilege means granting only the exact permissions needed for a specific task, nothing more. Over-permission is the single most common security vulnerability in ML systems.

SageMaker interacts with IAM through execution roles—IAM roles that SageMaker assumes when performing tasks on your behalf. When you launch a training job, SageMaker assumes the execution role to read training data from S3, write model artifacts back to S3, and push logs to CloudWatch. That role must have permissions for exactly those actions and no others.

SageMaker Role Manager simplifies this by providing pre-built role templates for common ML personas (data scientist, ML engineer, ML admin). Each template follows least privilege patterns tailored to the persona's typical workflow. The exam may present a scenario where a data scientist needs to train models but shouldn't be able to deploy them—Role Manager's persona-based roles handle this separation.

Key IAM concepts the exam tests:

Identity-based policies attach to IAM users, groups, or roles and define what actions the identity can perform. Example: "This role can call sagemaker:CreateTrainingJob and s3:GetObject on the training-data bucket."

Resource-based policies attach to resources themselves and define who can access them. Example: an S3 bucket policy that allows only a specific SageMaker execution role to read training data.

Service control policies (SCPs) in AWS Organizations restrict what any account in the organization can do, regardless of individual IAM permissions. Useful for enforcing guardrails like "no SageMaker resources outside us-east-1."

⚠️ Exam Trap: When a question asks about restricting access to training data, the answer often involves both an IAM role policy (who can access) and an S3 bucket policy (from where). Providing only one is incomplete. The exam tests defense-in-depth—multiple overlapping controls.

Reflection Question: A company wants to ensure that data scientists can train models but cannot access production endpoints, while ML engineers can deploy models but cannot modify training data. How would you structure IAM roles and policies to enforce this separation?

Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications