Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:PacktPublishing LLM Engineers Handbook Create Sagemaker Execution Role

From Leeroopedia


Knowledge Sources
Domains Infrastructure, AWS, IAM
Last Updated 2026-02-08 08:00 GMT

Overview

Concrete tool for creating an AWS IAM execution role for SageMaker with required trust policies and managed policy attachments.

Description

The create_sagemaker_execution_role function provisions an IAM role that SageMaker services can assume. It creates the role with a trust relationship allowing sagemaker.amazonaws.com to call sts:AssumeRole, then attaches four AWS managed policies: AmazonSageMakerFullAccess, AmazonS3FullAccess, CloudWatchLogsFullAccess, and AmazonEC2ContainerRegistryFullAccess. If the role already exists, it gracefully retrieves and returns the existing ARN. The script's __main__ block saves the resulting ARN to a JSON file for downstream consumption by deployment scripts.

Usage

Run this script before deploying any SageMaker endpoint or training job. It is a one-time setup step that provisions the IAM role SageMaker needs to access S3 buckets, ECR images, and CloudWatch logs. Must be executed by an AWS principal with IAM administrative permissions.

Code Reference

Source Location

Signature

def create_sagemaker_execution_role(role_name: str) -> str:
    """
    Creates an IAM execution role for SageMaker with required policies.
    Returns the role ARN. If the role already exists, returns existing ARN.

    Args:
        role_name: Name for the IAM role to create.

    Returns:
        str: The ARN of the created or existing IAM role.
    """

Import

from llm_engineering.infrastructure.aws.roles.create_execution_role import create_sagemaker_execution_role

I/O Contract

Inputs

Name Type Required Description
role_name str Yes Name for the IAM role (e.g., "SageMakerExecutionRoleLLM")

Implicit Requirements:

  • settings.AWS_REGION must be set
  • settings.AWS_ACCESS_KEY must be set
  • settings.AWS_SECRET_KEY must be set
  • boto3 must be installed (poetry install --with aws)

Outputs

Name Type Description
return value str The ARN of the created or existing IAM role
sagemaker_execution_role.json File (side effect) JSON file containing {"RoleArn": "..."} when run as __main__

Usage Examples

Direct Function Call

from llm_engineering.infrastructure.aws.roles.create_execution_role import create_sagemaker_execution_role

# Create the execution role
role_arn = create_sagemaker_execution_role("SageMakerExecutionRoleLLM")
print(f"Role ARN: {role_arn}")

Command-Line Execution

python -m llm_engineering.infrastructure.aws.roles.create_execution_role
# Output: Role ARN saved to 'sagemaker_execution_role.json'

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:PacktPublishing_LLM_Engineers_Handbook_Create_Sagemaker_Execution_Role&oldid=16905"