ReadonlydataAdmin roles granted access to team resources including KMS keys, S3 buckets, and SageMaker resources.
Use cases: Team administration, resource management, infrastructure governance
AWS: IAM roles for team resource administration
Validation: Required; MdaaRoleRef[]
Optional ReadonlyinventoriesS3 inventory configurations for team data lake bucket content analysis and governance.
Use cases: Data governance, cost analysis, content reporting, bucket management
AWS: S3 inventory configurations
Validation: Optional; Map of string keys to InventoryDefinition
Optional ReadonlyjupyterJupyterLab space configuration for the team. When enabled, auto-creates a private JupyterLab space for each user profile in the team's Studio domain.
Use cases: Per-user JupyterLab development environment, team-wide IDE provisioning
AWS: SageMaker Space (JupyterLab app type)
Validation: Optional; JupyterLabConfig. No breaking change if omitted.
Optional ReadonlymlflowMLflow tracking server configuration. When enabled, creates a SageMaker-managed MLflow tracking server for experiment tracking using the team's S3 bucket for artifact storage and KMS key for encryption.
Use cases: ML experiment tracking, model versioning, metric logging, artifact management
AWS: SageMaker MLflow Tracking Server
Validation: Optional; MlflowConfig. No breaking change if omitted.
Optional ReadonlystudioSageMaker Studio domain configuration for the team's collaborative ML development environment. Supports IAM and SSO auth modes, VPC config, lifecycle configs, custom images, and notebook sharing.
Use cases: Collaborative ML development, team Studio environment, shared ML resources
AWS: SageMaker Studio Domain
Validation: Optional; DomainProps
ReadonlyteamExecution role for SageMaker workloads including training jobs, endpoints, and notebooks. Must have sagemaker.amazonaws.com service trust.
Use cases: SageMaker job execution, model training, notebook execution
AWS: IAM role with SageMaker service trust
Validation: Required; MdaaRoleRef; must trust sagemaker.amazonaws.com
Optional ReadonlyteamTeam member roles for accessing shared resources like data lake, SageMaker Studio, and collaborative tools.
Use cases: Team member access, ML development, collaborative workflows
AWS: IAM roles for team member permissions
Validation: Optional; MdaaRoleRef[]
Optional ReadonlyverbatimCustom policy name prefix for portable naming across accounts with SSO integration. When set, uses this prefix instead of the naming module for policy names.
Use cases: SSO integration, cross-account portability, permission set integration
AWS: IAM policy naming prefix
Validation: Optional; String
Data science team configuration for ML infrastructure deployment. Defines SageMaker Studio domain, S3 mini data lake, Athena workgroup, execution roles, user profiles, and team access controls.
Use cases: Team ML environment setup, shared data lake access, collaborative notebook development, SageMaker Studio provisioning
AWS: SageMaker Studio Domain, S3, Athena, IAM
Validation: Requires dataAdminRoles and teamExecutionRole; studioDomainConfig optional