Which combination of actions will give the data scientist’s IAM user the ability to invoke the SageMaker endpoint?
(Choose three.)
Attach the AmazonAthenaFullAccess AWS managed policy to the user identity.
Include a policy statement for the data scientist’s IAM user that allows the IAM user to perform the sagemaker:InvokeEndpoint action.
Include an inline policy for the data scientist’s IAM user that allows SageMaker to read S3 objects.
Include a policy statement for the data scientist’s IAM user that allows the IAM user to perform the sagemaker:GetRecord action.
Include the SQL statement “USING EXTERNAL FUNCTION ml_function_name” in the Athena SQL query.
Perform a user remapping in SageMaker to map the IAM user to another IAM user that is on the hosted endpoint.
Explanations:
The IAM user needs permission to invoke the SageMaker endpoint, specifically thesagemaker:InvokeEndpointaction. This action allows the user to send requests to the endpoint for inferences.
The IAM user needs permission for SageMaker to access data stored in S3. This is required for the model to retrieve the dataset if it’s stored in Amazon S3.
To invoke the SageMaker endpoint through Amazon Athena, the user must use an external function in Athena, specificallyUSING EXTERNAL FUNCTIONwith the appropriate ML model function name.
TheAmazonAthenaFullAccesspolicy grants access to Athena, but does not provide necessary permissions for invoking the SageMaker endpoint or accessing the data model.
Thesagemaker:GetRecordaction is not required to invoke a SageMaker endpoint. This action is related to data retrieval and streaming, not invoking an endpoint.
User remapping is not necessary to invoke the SageMaker endpoint. The IAM user permissions directly control access, not the mapping to another IAM user.