From 3b587a6c681f1e99e62ef42da0e45cfd6c0e2365 Mon Sep 17 00:00:00 2001
From: David Sibley <david.sibley@digital.justice.gov.uk>
Date: Fri, 17 Jan 2025 13:59:43 +0000
Subject: [PATCH 1/2] update developer policy to allow describe and list
 actions for sagemaker in the console

---
 terraform/environments/bootstrap/single-sign-on/policies.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/terraform/environments/bootstrap/single-sign-on/policies.tf b/terraform/environments/bootstrap/single-sign-on/policies.tf
index f055c40dc..58d1fdf7f 100644
--- a/terraform/environments/bootstrap/single-sign-on/policies.tf
+++ b/terraform/environments/bootstrap/single-sign-on/policies.tf
@@ -265,6 +265,8 @@ data "aws_iam_policy_document" "developer_additional" {
       "s3:PutObjectAcl",
       "s3:RestoreObject",
       "s3:*StorageLens*",
+      "sagemaker:Describe*",
+      "sagemaker:List*",
       "secretsmanager:Get*",
       "secretsmanager:DescribeSecret",
       "secretsmanager:ListSecretVersionIds",

From 8ea99743050bae35a28c952fcfec4a045d080d79 Mon Sep 17 00:00:00 2001
From: David Sibley <david.sibley@digital.justice.gov.uk>
Date: Fri, 17 Jan 2025 14:12:08 +0000
Subject: [PATCH 2/2] Added permission for QueryLineage

---
 terraform/environments/bootstrap/single-sign-on/policies.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/terraform/environments/bootstrap/single-sign-on/policies.tf b/terraform/environments/bootstrap/single-sign-on/policies.tf
index 58d1fdf7f..a71d8b42b 100644
--- a/terraform/environments/bootstrap/single-sign-on/policies.tf
+++ b/terraform/environments/bootstrap/single-sign-on/policies.tf
@@ -267,6 +267,7 @@ data "aws_iam_policy_document" "developer_additional" {
       "s3:*StorageLens*",
       "sagemaker:Describe*",
       "sagemaker:List*",
+      "sagemaker:Query*",
       "secretsmanager:Get*",
       "secretsmanager:DescribeSecret",
       "secretsmanager:ListSecretVersionIds",