2020/11/16 - Amazon SageMaker Service - 2 updated api methods
Changes This feature enables customers to encrypt their Amazon SageMaker Studio storage volumes with customer master keys (CMKs) managed by them in AWS Key Management Service (KMS).
{'KmsKeyId': 'string'}
Creates a Domain used by Amazon SageMaker Studio. A domain consists of an associated Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. An AWS account is limited to one domain per region. Users within a domain can share notebook files and other artifacts with each other.
When a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.
VPC configuration
All SageMaker Studio traffic between the domain and the EFS volume is through the specified VPC and subnets. For other Studio traffic, you can specify the AppNetworkAccessType parameter. AppNetworkAccessType corresponds to the network access type that you choose when you onboard to Studio. The following options are available:
PublicInternetOnly - Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value.
VpcOnly - All Studio traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway. When internet access is disabled, you won't be able to run a Studio notebook or to train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime or a NAT gateway and your security groups allow outbound connections.
For more information, see Connect SageMaker Studio Notebooks to Resources in a VPC.
See also: AWS API Documentation
Request Syntax
client.create_domain(
DomainName='string',
AuthMode='SSO'|'IAM',
DefaultUserSettings={
'ExecutionRole': 'string',
'SecurityGroups': [
'string',
],
'SharingSettings': {
'NotebookOutputOption': 'Allowed'|'Disabled',
'S3OutputPath': 'string',
'S3KmsKeyId': 'string'
},
'JupyterServerAppSettings': {
'DefaultResourceSpec': {
'SageMakerImageArn': 'string',
'SageMakerImageVersionArn': 'string',
'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
}
},
'KernelGatewayAppSettings': {
'DefaultResourceSpec': {
'SageMakerImageArn': 'string',
'SageMakerImageVersionArn': 'string',
'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
},
'CustomImages': [
{
'ImageName': 'string',
'ImageVersionNumber': 123,
'AppImageConfigName': 'string'
},
]
},
'TensorBoardAppSettings': {
'DefaultResourceSpec': {
'SageMakerImageArn': 'string',
'SageMakerImageVersionArn': 'string',
'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
}
}
},
SubnetIds=[
'string',
],
VpcId='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
AppNetworkAccessType='PublicInternetOnly'|'VpcOnly',
HomeEfsFileSystemKmsKeyId='string',
KmsKeyId='string'
)
string
[REQUIRED]
A name for the domain.
string
[REQUIRED]
The mode of authentication that members use to access the domain.
dict
[REQUIRED]
The default user settings.
ExecutionRole (string) --
The execution role for the user.
SecurityGroups (list) --
The security groups for the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.
Optional when the CreateDomain.AppNetworkAccessType parameter is set to PublicInternetOnly .
Required when the CreateDomain.AppNetworkAccessType parameter is set to VpcOnly .
(string) --
SharingSettings (dict) --
The sharing settings.
NotebookOutputOption (string) --
Whether to include the notebook cell output when sharing the notebook. The default is Disabled .
S3OutputPath (string) --
When NotebookOutputOption is Allowed , the Amazon S3 bucket used to save the notebook cell output.
S3KmsKeyId (string) --
When NotebookOutputOption is Allowed , the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.
JupyterServerAppSettings (dict) --
The Jupyter server's app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the JupyterServer app.
SageMakerImageArn (string) --
The ARN of the SageMaker image that the image version belongs to.
SageMakerImageVersionArn (string) --
The ARN of the image version created on the instance.
InstanceType (string) --
The instance type that the image version runs on.
KernelGatewayAppSettings (dict) --
The kernel gateway app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the KernelGateway app.
SageMakerImageArn (string) --
The ARN of the SageMaker image that the image version belongs to.
SageMakerImageVersionArn (string) --
The ARN of the image version created on the instance.
InstanceType (string) --
The instance type that the image version runs on.
CustomImages (list) --
A list of custom SageMaker images that are configured to run as a KernelGateway app.
(dict) --
A custom SageMaker image. For more information, see Bring your own SageMaker image.
ImageName (string) -- [REQUIRED]
The name of the CustomImage. Must be unique to your account.
ImageVersionNumber (integer) --
The version number of the CustomImage.
AppImageConfigName (string) -- [REQUIRED]
The name of the AppImageConfig.
TensorBoardAppSettings (dict) --
The TensorBoard app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn (string) --
The ARN of the SageMaker image that the image version belongs to.
SageMakerImageVersionArn (string) --
The ARN of the image version created on the instance.
InstanceType (string) --
The instance type that the image version runs on.
list
[REQUIRED]
The VPC subnets that Studio uses for communication.
(string) --
string
[REQUIRED]
The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.
list
Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.
(dict) --
Describes a tag.
Key (string) -- [REQUIRED]
The tag key.
Value (string) -- [REQUIRED]
The tag value.
string
Specifies the VPC used for non-EFS traffic. The default value is PublicInternetOnly .
PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker, which allows direct internet access
VpcOnly - All Studio traffic is through the specified VPC and subnets
string
This member is deprecated and replaced with KmsKeyId .
string
SageMaker uses AWS KMS to encrypt the EFS volume attached to the domain with an AWS managed customer master key (CMK) by default. For more control, specify a customer managed CMK.
dict
Response Syntax
{
'DomainArn': 'string',
'Url': 'string'
}
Response Structure
(dict) --
DomainArn (string) --
The Amazon Resource Name (ARN) of the created domain.
Url (string) --
The URL to the created domain.
{'KmsKeyId': 'string'}
The description of the domain.
See also: AWS API Documentation
Request Syntax
client.describe_domain(
DomainId='string'
)
string
[REQUIRED]
The domain ID.
dict
Response Syntax
{
'DomainArn': 'string',
'DomainId': 'string',
'DomainName': 'string',
'HomeEfsFileSystemId': 'string',
'SingleSignOnManagedApplicationInstanceId': 'string',
'Status': 'Deleting'|'Failed'|'InService'|'Pending'|'Updating'|'Update_Failed'|'Delete_Failed',
'CreationTime': datetime(2015, 1, 1),
'LastModifiedTime': datetime(2015, 1, 1),
'FailureReason': 'string',
'AuthMode': 'SSO'|'IAM',
'DefaultUserSettings': {
'ExecutionRole': 'string',
'SecurityGroups': [
'string',
],
'SharingSettings': {
'NotebookOutputOption': 'Allowed'|'Disabled',
'S3OutputPath': 'string',
'S3KmsKeyId': 'string'
},
'JupyterServerAppSettings': {
'DefaultResourceSpec': {
'SageMakerImageArn': 'string',
'SageMakerImageVersionArn': 'string',
'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
}
},
'KernelGatewayAppSettings': {
'DefaultResourceSpec': {
'SageMakerImageArn': 'string',
'SageMakerImageVersionArn': 'string',
'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
},
'CustomImages': [
{
'ImageName': 'string',
'ImageVersionNumber': 123,
'AppImageConfigName': 'string'
},
]
},
'TensorBoardAppSettings': {
'DefaultResourceSpec': {
'SageMakerImageArn': 'string',
'SageMakerImageVersionArn': 'string',
'InstanceType': 'system'|'ml.t3.micro'|'ml.t3.small'|'ml.t3.medium'|'ml.t3.large'|'ml.t3.xlarge'|'ml.t3.2xlarge'|'ml.m5.large'|'ml.m5.xlarge'|'ml.m5.2xlarge'|'ml.m5.4xlarge'|'ml.m5.8xlarge'|'ml.m5.12xlarge'|'ml.m5.16xlarge'|'ml.m5.24xlarge'|'ml.c5.large'|'ml.c5.xlarge'|'ml.c5.2xlarge'|'ml.c5.4xlarge'|'ml.c5.9xlarge'|'ml.c5.12xlarge'|'ml.c5.18xlarge'|'ml.c5.24xlarge'|'ml.p3.2xlarge'|'ml.p3.8xlarge'|'ml.p3.16xlarge'|'ml.g4dn.xlarge'|'ml.g4dn.2xlarge'|'ml.g4dn.4xlarge'|'ml.g4dn.8xlarge'|'ml.g4dn.12xlarge'|'ml.g4dn.16xlarge'
}
}
},
'AppNetworkAccessType': 'PublicInternetOnly'|'VpcOnly',
'HomeEfsFileSystemKmsKeyId': 'string',
'SubnetIds': [
'string',
],
'Url': 'string',
'VpcId': 'string',
'KmsKeyId': 'string'
}
Response Structure
(dict) --
DomainArn (string) --
The domain's Amazon Resource Name (ARN).
DomainId (string) --
The domain ID.
DomainName (string) --
The domain name.
HomeEfsFileSystemId (string) --
The ID of the Amazon Elastic File System (EFS) managed by this Domain.
SingleSignOnManagedApplicationInstanceId (string) --
The SSO managed application instance ID.
Status (string) --
The status.
CreationTime (datetime) --
The creation time.
LastModifiedTime (datetime) --
The last modified time.
FailureReason (string) --
The failure reason.
AuthMode (string) --
The domain's authentication mode.
DefaultUserSettings (dict) --
Settings which are applied to all UserProfiles in this domain, if settings are not explicitly specified in a given UserProfile.
ExecutionRole (string) --
The execution role for the user.
SecurityGroups (list) --
The security groups for the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.
Optional when the CreateDomain.AppNetworkAccessType parameter is set to PublicInternetOnly .
Required when the CreateDomain.AppNetworkAccessType parameter is set to VpcOnly .
(string) --
SharingSettings (dict) --
The sharing settings.
NotebookOutputOption (string) --
Whether to include the notebook cell output when sharing the notebook. The default is Disabled .
S3OutputPath (string) --
When NotebookOutputOption is Allowed , the Amazon S3 bucket used to save the notebook cell output.
S3KmsKeyId (string) --
When NotebookOutputOption is Allowed , the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.
JupyterServerAppSettings (dict) --
The Jupyter server's app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the JupyterServer app.
SageMakerImageArn (string) --
The ARN of the SageMaker image that the image version belongs to.
SageMakerImageVersionArn (string) --
The ARN of the image version created on the instance.
InstanceType (string) --
The instance type that the image version runs on.
KernelGatewayAppSettings (dict) --
The kernel gateway app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the KernelGateway app.
SageMakerImageArn (string) --
The ARN of the SageMaker image that the image version belongs to.
SageMakerImageVersionArn (string) --
The ARN of the image version created on the instance.
InstanceType (string) --
The instance type that the image version runs on.
CustomImages (list) --
A list of custom SageMaker images that are configured to run as a KernelGateway app.
(dict) --
A custom SageMaker image. For more information, see Bring your own SageMaker image.
ImageName (string) --
The name of the CustomImage. Must be unique to your account.
ImageVersionNumber (integer) --
The version number of the CustomImage.
AppImageConfigName (string) --
The name of the AppImageConfig.
TensorBoardAppSettings (dict) --
The TensorBoard app settings.
DefaultResourceSpec (dict) --
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn (string) --
The ARN of the SageMaker image that the image version belongs to.
SageMakerImageVersionArn (string) --
The ARN of the image version created on the instance.
InstanceType (string) --
The instance type that the image version runs on.
AppNetworkAccessType (string) --
Specifies the VPC used for non-EFS traffic. The default value is PublicInternetOnly .
PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker, which allows direct internet access
VpcOnly - All Studio traffic is through the specified VPC and subnets
HomeEfsFileSystemKmsKeyId (string) --
This member is deprecated and replaced with KmsKeyId .
SubnetIds (list) --
The VPC subnets that Studio uses for communication.
(string) --
Url (string) --
The domain's URL.
VpcId (string) --
The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.
KmsKeyId (string) --
The AWS KMS customer managed CMK used to encrypt the EFS volume attached to the domain.