SageMaker Studio domain creation fails due to KMS permissions

0
votes

Question

Please help understand the cause and solution for the problem.

Problem

SageMaker Studio domain creation fails due to KMS permissions. The IAM Role specified to the SageMaker arn:aws:iam::316725000538:role/SageMaker has the permissions for KMS required as specified in https://docs.aws.amazon.com/sagemaker/latest/dg/api-permissions-reference.html.

Domain creation failed
Unable to create Amazon EFS for domain 'd-1dq5c9rpkswy' because you don't have permissions to use the KMS key 'arn:aws:kms:us-east-2:316725000538:key/1e2dbf9d-daa0-408d-a290-1633b615c54f'. See https://docs.aws.amazon.com/sagemaker/latest/dg/api-permissions-reference.html for required permissions for CreateDomain action.

enter image description here tells the IAM permissions

IAM Permission for CreateDomain action

enter image description here

The IAM permission required for the CreateDomain action have been attached to the IAM role.

enter image description here

amazon-web-servicesamazon-sagemakeramazon-kms