AWS SageMaker无权执行:ecr:资源上的CreateRepository:*

时间:2018-06-03 19:06:17

标签: amazon-web-services docker scikit-learn dockerfile amazon-sagemaker

我正在创建自己的Docker镜像,以便在AWS SageMaker中使用自己的模型。我使用自定义Dockerfile在SageMaker ml.t2.medium实例中使用Jupyter Notebook内的命令行成功创建了一个Docker镜像:

REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
sklearn               latest              01234212345        6 minutes ago       1.23GB

但是当我在Jupyter跑步时:

! aws ecr create-repository --repository-name sklearn

我收到以下错误:

An error occurred (AccessDeniedException) when calling the CreateRepository operation: User: arn:aws:sts::1234567:assumed-role/AmazonSageMaker-ExecutionRole-12345/SageMaker is not authorized to perform: ecr:CreateRepository on resource: *

我已经为EC2Container设置了SageMaker,EC2,EC2ContainerService权限和以下策略,但我仍然遇到同样的错误。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "sagemaker:*",
        "ec2:*"
      ],
      "Resource": "*"
    }
  ]
}

关于如何解决这个问题的任何想法?

提前致谢。

1 个答案:

答案 0 :(得分:1)

我解决了这个问题。我们必须在SageMaker执行角色中设置如下权限:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "ecr:*"            ],
        "Resource": "*"
    }
]}