2020/10/05 - Amazon SageMaker Service - 2 updated api methods
Changes This release adds support for launching Amazon SageMaker Studio in your VPC. Use AppNetworkAccessType in CreateDomain API to disable access to public internet and restrict the network traffic to VPC.
{'AppNetworkAccessType': 'PublicInternetOnly | VpcOnly'}
Creates a Domain used by Amazon SageMaker Studio. A domain consists of an associated Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. An AWS account is limited to one domain per region. Users within a domain can share notebook files and other artifacts with each other.
When a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.
VPC configuration
All SageMaker Studio traffic between the domain and the EFS volume is through the specified VPC and subnets. For other Studio traffic, you specify the AppNetworkAccessType parameter. AppNetworkAccessType corresponds to the VPC mode that's chosen when you onboard to Studio. The following options are available:
PublicInternetOnly - Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value.
VpcOnly - All Studio traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway. When internet access is disabled, you won't be able to train or host models unless your VPC has an interface endpoint (PrivateLink) or a NAT gateway and your security groups allow outbound connections.
** VpcOnly mode**
When you specify VpcOnly , you must specify the following:
Security group inbound and outbound rules to allow NFS traffic over TCP on port 2049 between the domain and the EFS volume
Security group inbound and outbound rules to allow traffic between the JupyterServer app and the KernelGateway apps
Interface endpoints to access the SageMaker API and SageMaker runtime
For more information, see:
See also: AWS API Documentation
Request Syntax
client.create_domain( DomainName='string', AuthMode='SSO'|'IAM', DefaultUserSettings={ 'ExecutionRole': 'string', 'SecurityGroups': [ 'string', ], 'SharingSettings': { 'NotebookOutputOption': 'Allowed'|'Disabled', 'S3OutputPath': 'string', 'S3KmsKeyId': 'string' }, 'JupyterServerAppSettings': { 'DefaultResourceSpec': { 'SageMakerImageArn': 'string', 'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge' } }, 'KernelGatewayAppSettings': { 'DefaultResourceSpec': { 'SageMakerImageArn': 'string', 'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge' } }, 'TensorBoardAppSettings': { 'DefaultResourceSpec': { 'SageMakerImageArn': 'string', 'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge' } } }, SubnetIds=[ 'string', ], VpcId='string', Tags=[ { 'Key': 'string', 'Value': 'string' }, ], HomeEfsFileSystemKmsKeyId='string', AppNetworkAccessType='PublicInternetOnly'|'VpcOnly' )
string
[REQUIRED]
A name for the domain.
string
[REQUIRED]
The mode of authentication that members use to access the domain.
dict
[REQUIRED]
The default user settings.
ExecutionRole (string) --
The execution role for the user.
SecurityGroups (list) --
The security groups.
(string) --
SharingSettings (dict) --
The sharing settings.
NotebookOutputOption (string) --
Whether to include the notebook cell output when sharing the notebook. The default is Disabled .
S3OutputPath (string) --
When NotebookOutputOption is Allowed , the Amazon S3 bucket used to save the notebook cell output.
S3KmsKeyId (string) --
When NotebookOutputOption is Allowed , the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.
JupyterServerAppSettings (dict) --
The Jupyter server's app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn (string) --
The Amazon Resource Name (ARN) of the SageMaker image created on the instance.
InstanceType (string) --
The instance type.
KernelGatewayAppSettings (dict) --
The kernel gateway app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn (string) --
The Amazon Resource Name (ARN) of the SageMaker image created on the instance.
InstanceType (string) --
The instance type.
TensorBoardAppSettings (dict) --
The TensorBoard app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn (string) --
The Amazon Resource Name (ARN) of the SageMaker image created on the instance.
InstanceType (string) --
The instance type.
list
[REQUIRED]
The VPC subnets that Studio uses for communication.
(string) --
string
[REQUIRED]
The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.
list
Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.
(dict) --
Describes a tag.
Key (string) -- [REQUIRED]
The tag key.
Value (string) -- [REQUIRED]
The tag value.
string
The AWS Key Management Service (KMS) encryption key ID. Encryption with a customer master key (CMK) is not supported.
string
Specifies the VPC used for non-EFS traffic. The default value is PublicInternetOnly .
PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker, which allows direct internet access
VpcOnly - All Studio traffic is through the specified VPC and subnets
dict
Response Syntax
{ 'DomainArn': 'string', 'Url': 'string' }
Response Structure
(dict) --
DomainArn (string) --
The Amazon Resource Name (ARN) of the created domain.
Url (string) --
The URL to the created domain.
{'AppNetworkAccessType': 'PublicInternetOnly | VpcOnly'}
The description of the domain.
See also: AWS API Documentation
Request Syntax
client.describe_domain( DomainId='string' )
string
[REQUIRED]
The domain ID.
dict
Response Syntax
{ 'DomainArn': 'string', 'DomainId': 'string', 'DomainName': 'string', 'HomeEfsFileSystemId': 'string', 'SingleSignOnManagedApplicationInstanceId': 'string', 'Status': 'Deleting'|'Failed'|'InService'|'Pending', 'CreationTime': datetime(2015, 1, 1), 'LastModifiedTime': datetime(2015, 1, 1), 'FailureReason': 'string', 'AuthMode': 'SSO'|'IAM', 'DefaultUserSettings': { 'ExecutionRole': 'string', 'SecurityGroups': [ 'string', ], 'SharingSettings': { 'NotebookOutputOption': 'Allowed'|'Disabled', 'S3OutputPath': 'string', 'S3KmsKeyId': 'string' }, 'JupyterServerAppSettings': { 'DefaultResourceSpec': { 'SageMakerImageArn': 'string', 'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge' } }, 'KernelGatewayAppSettings': { 'DefaultResourceSpec': { 'SageMakerImageArn': 'string', 'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge' } }, 'TensorBoardAppSettings': { 'DefaultResourceSpec': { 'SageMakerImageArn': 'string', 'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge' } } }, 'HomeEfsFileSystemKmsKeyId': 'string', 'SubnetIds': [ 'string', ], 'Url': 'string', 'VpcId': 'string', 'AppNetworkAccessType': 'PublicInternetOnly'|'VpcOnly' }
Response Structure
(dict) --
DomainArn (string) --
The domain's Amazon Resource Name (ARN).
DomainId (string) --
The domain ID.
DomainName (string) --
The domain name.
HomeEfsFileSystemId (string) --
The ID of the Amazon Elastic File System (EFS) managed by this Domain.
SingleSignOnManagedApplicationInstanceId (string) --
The SSO managed application instance ID.
Status (string) --
The status.
CreationTime (datetime) --
The creation time.
LastModifiedTime (datetime) --
The last modified time.
FailureReason (string) --
The failure reason.
AuthMode (string) --
The domain's authentication mode.
DefaultUserSettings (dict) --
Settings which are applied to all UserProfile in this domain, if settings are not explicitly specified in a given UserProfile.
ExecutionRole (string) --
The execution role for the user.
SecurityGroups (list) --
The security groups.
(string) --
SharingSettings (dict) --
The sharing settings.
NotebookOutputOption (string) --
Whether to include the notebook cell output when sharing the notebook. The default is Disabled .
S3OutputPath (string) --
When NotebookOutputOption is Allowed , the Amazon S3 bucket used to save the notebook cell output.
S3KmsKeyId (string) --
When NotebookOutputOption is Allowed , the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.
JupyterServerAppSettings (dict) --
The Jupyter server's app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn (string) --
The Amazon Resource Name (ARN) of the SageMaker image created on the instance.
InstanceType (string) --
The instance type.
KernelGatewayAppSettings (dict) --
The kernel gateway app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn (string) --
The Amazon Resource Name (ARN) of the SageMaker image created on the instance.
InstanceType (string) --
The instance type.
TensorBoardAppSettings (dict) --
The TensorBoard app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn (string) --
The Amazon Resource Name (ARN) of the SageMaker image created on the instance.
InstanceType (string) --
The instance type.
HomeEfsFileSystemKmsKeyId (string) --
The AWS Key Management Service encryption key ID.
SubnetIds (list) --
The VPC subnets that Studio uses for communication.
(string) --
Url (string) --
The domain's URL.
VpcId (string) --
The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.
AppNetworkAccessType (string) --
Specifies the VPC used for non-EFS traffic. The default value is PublicInternetOnly .
PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker, which allows direct internet access
VpcOnly - All Studio traffic is through the specified VPC and subnets