hyperpod-eks-cluster-creation.sh

[gmgtamz]

https://github.com/aws-samples/awsome-distributed-training/blob/main/1.architectures/7.sagemaker-hyperpod-eks/automate-smhp-eks/hyperpod-eks-cluster-creation.sh

From CloudFormation/Q

This Custom::SageMakerStudioCodeEditor resource is in a CREATE_FAILED state. Received response status [FAILED] from custom resource. Message returned: An error occurred (AccessDeniedException) when calling the CreateApp operation: User: arn:aws:sts::432522970596:assumed-role/sagemaker-hyperpod-eks-CodeEditorFn-Role-us-west-2/sagemaker-hyperpod-eks-CodeEditorFunction is not authorized to perform: sagemaker:AddTags on resource: arn:aws:sagemaker:us-west-2:432522970596:app/d-hdlassjgbslh/default/CodeEditor/default because no identity-based policy allows the sagemaker:AddTags action (RequestId: aae1932e-a4b3-43a7-a86e-4406c42fcb88)

Less
Analysis
The error message indicates that the AWS Identity and Access Management (IAM) role associated with the Custom::SageMakerStudioCodeEditor resource does not have the necessary permissions to perform the sagemaker:AddTags action on the SageMaker app resource. This is likely due to a missing or incorrect IAM policy attached to the role.
Resolution

Try the following steps to resolve your error:

If you don't have permissions to do the following changes, contact your AWS Administrator.

Open the AWS IAM console.

Navigate to the IAM role named 'sagemaker-hyperpod-eks-CodeEditorFn-Role-us-west-2'.

In the 'Permissions' tab, click on 'Add permissions' and then 'Create inline policy'.

Choose the JSON tab and add the following policy:

(my admin is full perm btw)
but looks it's realted to sagemaker-hyperpod-eks-CodeEditorFn-Role-us-west-2
with not enough perm)

[mhuguesaws]

@gmgtamz @bluecrayon52 any update?