Amazon SageMaker Service

2020/10/05 - Amazon SageMaker Service - 2 updated api methods

Changes  Update sagemaker client to latest version

CreateDomain (updated) Link ¶
Changes (request) 
{'AppNetworkAccessType': 'PublicInternetOnly | VpcOnly'}

Creates a Domain used by Amazon SageMaker Studio. A domain consists of an associated Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. An AWS account is limited to one domain per region. Users within a domain can share notebook files and other artifacts with each other.

When a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.

VPC configuration

All SageMaker Studio traffic between the domain and the EFS volume is through the specified VPC and subnets. For other Studio traffic, you specify the AppNetworkAccessType parameter. AppNetworkAccessType corresponds to the VPC mode that's chosen when you onboard to Studio. The following options are available:

  • PublicInternetOnly - Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value.

  • VpcOnly - All Studio traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway. When internet access is disabled, you won't be able to train or host models unless your VPC has an interface endpoint (PrivateLink) or a NAT gateway and your security groups allow outbound connections.

    VpcOnly mode

When you specify VpcOnly , you must specify the following:

  • Security group inbound and outbound rules to allow NFS traffic over TCP on port 2049 between the domain and the EFS volume

  • Security group inbound and outbound rules to allow traffic between the JupyterServer app and the KernelGateway apps

  • Interface endpoints to access the SageMaker API and SageMaker runtime

For more information, see:

See also: AWS API Documentation

Request Syntax

client.create_domain(
    DomainName='string',
    AuthMode='SSO'|'IAM',
    DefaultUserSettings={
        'ExecutionRole': 'string',
        'SecurityGroups': [
            'string',
        ],
        'SharingSettings': {
            'NotebookOutputOption': 'Allowed'|'Disabled',
            'S3OutputPath': 'string',
            'S3KmsKeyId': 'string'
        },
        'JupyterServerAppSettings': {
            'DefaultResourceSpec': {
                'SageMakerImageArn': 'string',
                'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
            }
        },
        'KernelGatewayAppSettings': {
            'DefaultResourceSpec': {
                'SageMakerImageArn': 'string',
                'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
            }
        },
        'TensorBoardAppSettings': {
            'DefaultResourceSpec': {
                'SageMakerImageArn': 'string',
                'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
            }
        }
    },
    SubnetIds=[
        'string',
    ],
    VpcId='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    HomeEfsFileSystemKmsKeyId='string',
    AppNetworkAccessType='PublicInternetOnly'|'VpcOnly'
)
type DomainName

string

param DomainName

[REQUIRED]

A name for the domain.

type AuthMode

string

param AuthMode

[REQUIRED]

The mode of authentication that members use to access the domain.

type DefaultUserSettings

dict

param DefaultUserSettings

[REQUIRED]

The default user settings.

  • ExecutionRole (string) --

    The execution role for the user.

  • SecurityGroups (list) --

    The security groups.

    • (string) --

  • SharingSettings (dict) --

    The sharing settings.

    • NotebookOutputOption (string) --

      Whether to include the notebook cell output when sharing the notebook. The default is Disabled .

    • S3OutputPath (string) --

      When NotebookOutputOption is Allowed , the Amazon S3 bucket used to save the notebook cell output.

    • S3KmsKeyId (string) --

      When NotebookOutputOption is Allowed , the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.

  • JupyterServerAppSettings (dict) --

    The Jupyter server's app settings.

    • DefaultResourceSpec (dict) --

      The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.

      • SageMakerImageArn (string) --

        The Amazon Resource Name (ARN) of the SageMaker image created on the instance.

      • InstanceType (string) --

        The instance type.

  • KernelGatewayAppSettings (dict) --

    The kernel gateway app settings.

    • DefaultResourceSpec (dict) --

      The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.

      • SageMakerImageArn (string) --

        The Amazon Resource Name (ARN) of the SageMaker image created on the instance.

      • InstanceType (string) --

        The instance type.

  • TensorBoardAppSettings (dict) --

    The TensorBoard app settings.

    • DefaultResourceSpec (dict) --

      The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.

      • SageMakerImageArn (string) --

        The Amazon Resource Name (ARN) of the SageMaker image created on the instance.

      • InstanceType (string) --

        The instance type.

type SubnetIds

list

param SubnetIds

[REQUIRED]

The VPC subnets that Studio uses for communication.

  • (string) --

type VpcId

string

param VpcId

[REQUIRED]

The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.

type Tags

list

param Tags

Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.

  • (dict) --

    Describes a tag.

    • Key (string) -- [REQUIRED]

      The tag key.

    • Value (string) -- [REQUIRED]

      The tag value.

type HomeEfsFileSystemKmsKeyId

string

param HomeEfsFileSystemKmsKeyId

The AWS Key Management Service (KMS) encryption key ID. Encryption with a customer master key (CMK) is not supported.

type AppNetworkAccessType

string

param AppNetworkAccessType

Specifies the VPC used for non-EFS traffic. The default value is PublicInternetOnly .

  • PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker, which allows direct internet access

  • VpcOnly - All Studio traffic is through the specified VPC and subnets

rtype

dict

returns

Response Syntax

{
    'DomainArn': 'string',
    'Url': 'string'
}

Response Structure

  • (dict) --

    • DomainArn (string) --

      The Amazon Resource Name (ARN) of the created domain.

    • Url (string) --

      The URL to the created domain.

DescribeDomain (updated) Link ¶
Changes (response) 
{'AppNetworkAccessType': 'PublicInternetOnly | VpcOnly'}

The description of the domain.

See also: AWS API Documentation

Request Syntax

client.describe_domain(
    DomainId='string'
)
type DomainId

string

param DomainId

[REQUIRED]

The domain ID.

rtype

dict

returns

Response Syntax

{
    'DomainArn': 'string',
    'DomainId': 'string',
    'DomainName': 'string',
    'HomeEfsFileSystemId': 'string',
    'SingleSignOnManagedApplicationInstanceId': 'string',
    'Status': 'Deleting'|'Failed'|'InService'|'Pending',
    'CreationTime': datetime(2015, 1, 1),
    'LastModifiedTime': datetime(2015, 1, 1),
    'FailureReason': 'string',
    'AuthMode': 'SSO'|'IAM',
    'DefaultUserSettings': {
        'ExecutionRole': 'string',
        'SecurityGroups': [
            'string',
        ],
        'SharingSettings': {
            'NotebookOutputOption': 'Allowed'|'Disabled',
            'S3OutputPath': 'string',
            'S3KmsKeyId': 'string'
        },
        'JupyterServerAppSettings': {
            'DefaultResourceSpec': {
                'SageMakerImageArn': 'string',
                'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
            }
        },
        'KernelGatewayAppSettings': {
            'DefaultResourceSpec': {
                'SageMakerImageArn': 'string',
                'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
            }
        },
        'TensorBoardAppSettings': {
            'DefaultResourceSpec': {
                'SageMakerImageArn': 'string',
                'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
            }
        }
    },
    'HomeEfsFileSystemKmsKeyId': 'string',
    'SubnetIds': [
        'string',
    ],
    'Url': 'string',
    'VpcId': 'string',
    'AppNetworkAccessType': 'PublicInternetOnly'|'VpcOnly'
}

Response Structure

  • (dict) --

    • DomainArn (string) --

      The domain's Amazon Resource Name (ARN).

    • DomainId (string) --

      The domain ID.

    • DomainName (string) --

      The domain name.

    • HomeEfsFileSystemId (string) --

      The ID of the Amazon Elastic File System (EFS) managed by this Domain.

    • SingleSignOnManagedApplicationInstanceId (string) --

      The SSO managed application instance ID.

    • Status (string) --

      The status.

    • CreationTime (datetime) --

      The creation time.

    • LastModifiedTime (datetime) --

      The last modified time.

    • FailureReason (string) --

      The failure reason.

    • AuthMode (string) --

      The domain's authentication mode.

    • DefaultUserSettings (dict) --

      Settings which are applied to all UserProfile in this domain, if settings are not explicitly specified in a given UserProfile.

      • ExecutionRole (string) --

        The execution role for the user.

      • SecurityGroups (list) --

        The security groups.

        • (string) --

      • SharingSettings (dict) --

        The sharing settings.

        • NotebookOutputOption (string) --

          Whether to include the notebook cell output when sharing the notebook. The default is Disabled .

        • S3OutputPath (string) --

          When NotebookOutputOption is Allowed , the Amazon S3 bucket used to save the notebook cell output.

        • S3KmsKeyId (string) --

          When NotebookOutputOption is Allowed , the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.

      • JupyterServerAppSettings (dict) --

        The Jupyter server's app settings.

        • DefaultResourceSpec (dict) --

          The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.

          • SageMakerImageArn (string) --

            The Amazon Resource Name (ARN) of the SageMaker image created on the instance.

          • InstanceType (string) --

            The instance type.

      • KernelGatewayAppSettings (dict) --

        The kernel gateway app settings.

        • DefaultResourceSpec (dict) --

          The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.

          • SageMakerImageArn (string) --

            The Amazon Resource Name (ARN) of the SageMaker image created on the instance.

          • InstanceType (string) --

            The instance type.

      • TensorBoardAppSettings (dict) --

        The TensorBoard app settings.

        • DefaultResourceSpec (dict) --

          The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.

          • SageMakerImageArn (string) --

            The Amazon Resource Name (ARN) of the SageMaker image created on the instance.

          • InstanceType (string) --

            The instance type.

    • HomeEfsFileSystemKmsKeyId (string) --

      The AWS Key Management Service encryption key ID.

    • SubnetIds (list) --

      The VPC subnets that Studio uses for communication.

      • (string) --

    • Url (string) --

      The domain's URL.

    • VpcId (string) --

      The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.

    • AppNetworkAccessType (string) --

      Specifies the VPC used for non-EFS traffic. The default value is PublicInternetOnly .

      • PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker, which allows direct internet access

      • VpcOnly - All Studio traffic is through the specified VPC and subnets