A company is building a predictive maintenance model based on machine learning (ML). The…

Question

A company is building a predictive maintenance model based on machine learning (ML). The data is stored in a fully private Amazon S3 bucket that is encrypted at rest with AWS Key Management Service (AWS KMS) CMKs. An ML specialist must run data preprocessing by using an Amazon SageMaker Processing job that is triggered from code in an Amazon SageMaker notebook. The job should read data from Amazon S3, process it, and upload it back to the same S3 bucket.
The preprocessing code is stored in a container image in Amazon Elastic Container Registry (Amazon ECR). The ML specialist needs to grant permissions to ensure a smooth data preprocessing workflow.
Which set of actions should the ML specialist take to meet these requirements?

Accepted Answer

Correct answer: B. B. Create an IAM role that has permissions to create Amazon SageMaker Processing jobs. Attach the role to the SageMaker notebook instance. Create an Amazon SageMaker Processing job with an IAM role that has read and write permissions to the relevant S3 bucket, and appropriate KMS and ECR permissions. — The correct choice, B, ensures that the SageMaker notebook instance has the necessary permissions to create Processing jobs while also allowing those jobs to have the required access to the S3 bucket. Option A fails to separate the roles for the notebook and the Processing job, which is essential for proper permissions management. Options C and D introduce unnecessary complexity with endpoint setups or incorrect use of IAM user credentials, which are not best practices for managing permissions in this scenario.

AWS Certified Machine Learning – Specialty — Question 155

Answer options

Correct answer: B

Explanation