Specific Model Access Configuration for Amazon Bedrock with Amazon SageMaker Unified Studio

Companies integrating advanced artificial intelligence (AI) solutions into their operations emphasize the urgency of implementing robust security measures and precise access controls to protect sensitive data and ensure user trust. With the growing use of AI across various departments, there is a need to grant more detailed permissions, focusing on who has access to crucial models and valuable information. This demand is met by Amazon SageMaker Unified Studio, an environment that facilitates the creation of fine-grained access policies so that only authorized users can interact with sophisticated models, driving collaborative innovation safely.

Launched in 2025, SageMaker Unified Studio provides a comprehensive platform for data and AI development, allowing users to access their organization’s information and act on it through advanced tools. This service integrates capabilities from various AWS analysis and machine learning tools, such as Amazon EMR, AWS Glue, Amazon Athena, Amazon Redshift, Amazon Bedrock, and Amazon SageMaker AI.

In the context of SageMaker Unified Studio, Amazon Bedrock offers multiple options for exploring and experimenting with models and applications. Users can, for example, use a sandbox to test prompts with Anthropic’s Claude model without requiring coding skills or develop generative applications that incorporate features from Amazon Bedrock.

The platform also empowers administrators to manage access to specific models in a collaborative and secure environment, allowing the creation of granular permissions that regulate who can access each model. With code examples for different corporate governance scenarios, SageMaker Unified Studio enables users to tailor access to generative AI capabilities according to the specific needs of each organization, addressing one of the barriers to adopting AI in the business sector.

Within this platform, a “domain” acts as the main organizational structure, facilitating oversight of multiple AWS regions, as well as accounts and workloads from a single interface. Each domain has a unique URL that ensures centralized control over configurations, user accounts, and network settings, while “projects” promote collaboration among different teams.

To access Amazon Bedrock models in SageMaker Unified Studio, users can choose between the platform’s sandbox or associated projects. In the sandbox, consumer roles provide secure access to Bedrock models, incorporating preconfigured permissions for invoking them.

By customizing policies linked to these roles, companies can establish rigorous controls over the actions permitted in interacting with the models, ensuring not only regulatory compliance but also empowering analysts and data scientists to maximize the use of AI in a safe and regulated environment.