2025/11/13 - Amazon SageMaker Service - 3 updated api methods
Changes Added support for minor version upgrades and AWS Identity Center integration for SageMaker Hadron Partner Apps, enabling automated version management and IdC group-based access control.
{'ApplicationConfig': {'AssignedGroupPatterns': ['string'],
'RoleGroupAssignments': [{'GroupPatterns': ['string'],
'RoleName': 'string'}]},
'EnableAutoMinorVersionUpgrade': 'boolean'}
Creates an Amazon SageMaker Partner AI App.
See also: AWS API Documentation
Request Syntax
client.create_partner_app(
Name='string',
Type='lakera-guard'|'comet'|'deepchecks-llm-evaluation'|'fiddler',
ExecutionRoleArn='string',
KmsKeyId='string',
MaintenanceConfig={
'MaintenanceWindowStart': 'string'
},
Tier='string',
ApplicationConfig={
'AdminUsers': [
'string',
],
'Arguments': {
'string': 'string'
},
'AssignedGroupPatterns': [
'string',
],
'RoleGroupAssignments': [
{
'RoleName': 'string',
'GroupPatterns': [
'string',
]
},
]
},
AuthType='IAM',
EnableIamSessionBasedIdentity=True|False,
EnableAutoMinorVersionUpgrade=True|False,
ClientToken='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
The name to give the SageMaker Partner AI App.
string
[REQUIRED]
The type of SageMaker Partner AI App to create. Must be one of the following: lakera-guard, comet, deepchecks-llm-evaluation, or fiddler.
string
[REQUIRED]
The ARN of the IAM role that the partner application uses.
string
SageMaker Partner AI Apps uses Amazon Web Services KMS to encrypt data at rest using an Amazon Web Services managed key by default. For more control, specify a customer managed key.
dict
Maintenance configuration settings for the SageMaker Partner AI App.
MaintenanceWindowStart (string) --
The day and time of the week in Coordinated Universal Time (UTC) 24-hour standard time that weekly maintenance updates are scheduled. This value must take the following format: 3-letter-day:24-h-hour:minute. For example: TUE:03:30.
string
[REQUIRED]
Indicates the instance type and size of the cluster attached to the SageMaker Partner AI App.
dict
Configuration settings for the SageMaker Partner AI App.
AdminUsers (list) --
The list of users that are given admin access to the SageMaker Partner AI App.
(string) --
Arguments (dict) --
This is a map of required inputs for a SageMaker Partner AI App. Based on the application type, the map is populated with a key and value pair that is specific to the user and application.
(string) --
(string) --
AssignedGroupPatterns (list) --
A list of Amazon Web Services IAM Identity Center group patterns that can access the SageMaker Partner AI App. Group names support wildcard matching using *. An empty list indicates the app will not use Identity Center group features. All groups specified in RoleGroupAssignments must match patterns in this list.
(string) --
RoleGroupAssignments (list) --
A map of in-app roles to Amazon Web Services IAM Identity Center group patterns. Groups assigned to specific roles receive those permissions, while groups in AssignedGroupPatterns but not in this map receive default in-app role depending on app type. Group patterns support wildcard matching using *. Currently supported by Fiddler version 1.3 and later with roles: ORG_MEMBER (default) and ORG_ADMIN.
(dict) --
Defines the mapping between an in-app role and the AWS IAM Identity Center group patterns that should be assigned to that role within the SageMaker Partner AI App.
RoleName (string) -- [REQUIRED]
The name of the in-app role within the SageMaker Partner AI App. The specific roles available depend on the app type and version.
GroupPatterns (list) -- [REQUIRED]
A list of AWS IAM Identity Center group patterns that should be assigned to the specified role. Group patterns support wildcard matching using *.
(string) --
string
[REQUIRED]
The authorization type that users use to access the SageMaker Partner AI App.
boolean
When set to TRUE, the SageMaker Partner AI App sets the Amazon Web Services IAM session name or the authenticated IAM user as the identity of the SageMaker Partner AI App user.
boolean
When set to TRUE, the SageMaker Partner AI App is automatically upgraded to the latest minor version during the next scheduled maintenance window, if one is available. Default is FALSE.
string
A unique token that guarantees that the call to this API is idempotent.
This field is autopopulated if not provided.
list
Each tag consists of a key and an optional value. Tag keys must be unique per resource.
(dict) --
A tag object that consists of a key and an optional value, used to manage metadata for SageMaker Amazon Web Services resources.
You can add tags to notebook instances, training jobs, hyperparameter tuning jobs, batch transform jobs, models, labeling jobs, work teams, endpoint configurations, and endpoints. For more information on adding tags to SageMaker resources, see AddTags.
For more information on adding metadata to your Amazon Web Services resources with tagging, see Tagging Amazon Web Services resources. For advice on best practices for managing Amazon Web Services resources with tagging, see Tagging Best Practices: Implement an Effective Amazon Web Services Resource Tagging Strategy.
Key (string) -- [REQUIRED]
The tag key. Tag keys must be unique per resource.
Value (string) -- [REQUIRED]
The tag value.
dict
Response Syntax
{
'Arn': 'string'
}
Response Structure
(dict) --
Arn (string) --
The ARN of the SageMaker Partner AI App.
{'IncludeAvailableUpgrade': 'boolean'}
Response {'ApplicationConfig': {'AssignedGroupPatterns': ['string'],
'RoleGroupAssignments': [{'GroupPatterns': ['string'],
'RoleName': 'string'}]},
'AvailableUpgrade': {'ReleaseNotes': ['string'], 'Version': 'string'},
'CurrentVersionEolDate': 'timestamp',
'EnableAutoMinorVersionUpgrade': 'boolean'}
Gets information about a SageMaker Partner AI App.
See also: AWS API Documentation
Request Syntax
client.describe_partner_app(
Arn='string',
IncludeAvailableUpgrade=True|False
)
string
[REQUIRED]
The ARN of the SageMaker Partner AI App to describe.
boolean
When set to TRUE, the response includes available upgrade information for the SageMaker Partner AI App. Default is FALSE.
dict
Response Syntax
{
'Arn': 'string',
'Name': 'string',
'Type': 'lakera-guard'|'comet'|'deepchecks-llm-evaluation'|'fiddler',
'Status': 'Creating'|'Updating'|'Deleting'|'Available'|'Failed'|'UpdateFailed'|'Deleted',
'CreationTime': datetime(2015, 1, 1),
'LastModifiedTime': datetime(2015, 1, 1),
'ExecutionRoleArn': 'string',
'KmsKeyId': 'string',
'BaseUrl': 'string',
'MaintenanceConfig': {
'MaintenanceWindowStart': 'string'
},
'Tier': 'string',
'Version': 'string',
'ApplicationConfig': {
'AdminUsers': [
'string',
],
'Arguments': {
'string': 'string'
},
'AssignedGroupPatterns': [
'string',
],
'RoleGroupAssignments': [
{
'RoleName': 'string',
'GroupPatterns': [
'string',
]
},
]
},
'AuthType': 'IAM',
'EnableIamSessionBasedIdentity': True|False,
'Error': {
'Code': 'string',
'Reason': 'string'
},
'EnableAutoMinorVersionUpgrade': True|False,
'CurrentVersionEolDate': datetime(2015, 1, 1),
'AvailableUpgrade': {
'Version': 'string',
'ReleaseNotes': [
'string',
]
}
}
Response Structure
(dict) --
Arn (string) --
The ARN of the SageMaker Partner AI App that was described.
Name (string) --
The name of the SageMaker Partner AI App.
Type (string) --
The type of SageMaker Partner AI App. Must be one of the following: lakera-guard, comet, deepchecks-llm-evaluation, or fiddler.
Status (string) --
The status of the SageMaker Partner AI App.
Creating: SageMaker AI is creating the partner AI app. The partner AI app is not available during creation.
Updating: SageMaker AI is updating the partner AI app. The partner AI app is not available when updating.
Deleting: SageMaker AI is deleting the partner AI app. The partner AI app is not available during deletion.
Available: The partner AI app is provisioned and accessible.
Failed: The partner AI app is in a failed state and isn't available. SageMaker AI is investigating the issue. For further guidance, contact Amazon Web Services Support.
UpdateFailed: The partner AI app couldn't be updated but is available.
Deleted: The partner AI app is permanently deleted and not available.
CreationTime (datetime) --
The time that the SageMaker Partner AI App was created.
LastModifiedTime (datetime) --
The time that the SageMaker Partner AI App was last modified.
ExecutionRoleArn (string) --
The ARN of the IAM role associated with the SageMaker Partner AI App.
KmsKeyId (string) --
The Amazon Web Services KMS customer managed key used to encrypt the data at rest associated with SageMaker Partner AI Apps.
BaseUrl (string) --
The URL of the SageMaker Partner AI App that the Application SDK uses to support in-app calls for the user.
MaintenanceConfig (dict) --
Maintenance configuration settings for the SageMaker Partner AI App.
MaintenanceWindowStart (string) --
The day and time of the week in Coordinated Universal Time (UTC) 24-hour standard time that weekly maintenance updates are scheduled. This value must take the following format: 3-letter-day:24-h-hour:minute. For example: TUE:03:30.
Tier (string) --
The instance type and size of the cluster attached to the SageMaker Partner AI App.
Version (string) --
The version of the SageMaker Partner AI App.
ApplicationConfig (dict) --
Configuration settings for the SageMaker Partner AI App.
AdminUsers (list) --
The list of users that are given admin access to the SageMaker Partner AI App.
(string) --
Arguments (dict) --
This is a map of required inputs for a SageMaker Partner AI App. Based on the application type, the map is populated with a key and value pair that is specific to the user and application.
(string) --
(string) --
AssignedGroupPatterns (list) --
A list of Amazon Web Services IAM Identity Center group patterns that can access the SageMaker Partner AI App. Group names support wildcard matching using *. An empty list indicates the app will not use Identity Center group features. All groups specified in RoleGroupAssignments must match patterns in this list.
(string) --
RoleGroupAssignments (list) --
A map of in-app roles to Amazon Web Services IAM Identity Center group patterns. Groups assigned to specific roles receive those permissions, while groups in AssignedGroupPatterns but not in this map receive default in-app role depending on app type. Group patterns support wildcard matching using *. Currently supported by Fiddler version 1.3 and later with roles: ORG_MEMBER (default) and ORG_ADMIN.
(dict) --
Defines the mapping between an in-app role and the AWS IAM Identity Center group patterns that should be assigned to that role within the SageMaker Partner AI App.
RoleName (string) --
The name of the in-app role within the SageMaker Partner AI App. The specific roles available depend on the app type and version.
GroupPatterns (list) --
A list of AWS IAM Identity Center group patterns that should be assigned to the specified role. Group patterns support wildcard matching using *.
(string) --
AuthType (string) --
The authorization type that users use to access the SageMaker Partner AI App.
EnableIamSessionBasedIdentity (boolean) --
When set to TRUE, the SageMaker Partner AI App sets the Amazon Web Services IAM session name or the authenticated IAM user as the identity of the SageMaker Partner AI App user.
Error (dict) --
This is an error field object that contains the error code and the reason for an operation failure.
Code (string) --
The error code for an invalid or failed operation.
Reason (string) --
The failure reason for the operation.
EnableAutoMinorVersionUpgrade (boolean) --
Indicates whether the SageMaker Partner AI App is configured for automatic minor version upgrades during scheduled maintenance windows.
CurrentVersionEolDate (datetime) --
The end-of-life date for the current version of the SageMaker Partner AI App.
AvailableUpgrade (dict) --
A map of available minor version upgrades for the SageMaker Partner AI App. The key is the semantic version number, and the value is a list of release notes for that version. A null value indicates no upgrades are available.
Version (string) --
The semantic version number of the available upgrade for the SageMaker Partner AI App.
ReleaseNotes (list) --
A list of release notes describing the changes and improvements included in the available upgrade version.
(string) --
{'AppVersion': 'string',
'ApplicationConfig': {'AssignedGroupPatterns': ['string'],
'RoleGroupAssignments': [{'GroupPatterns': ['string'],
'RoleName': 'string'}]},
'EnableAutoMinorVersionUpgrade': 'boolean'}
Updates all of the SageMaker Partner AI Apps in an account.
See also: AWS API Documentation
Request Syntax
client.update_partner_app(
Arn='string',
MaintenanceConfig={
'MaintenanceWindowStart': 'string'
},
Tier='string',
ApplicationConfig={
'AdminUsers': [
'string',
],
'Arguments': {
'string': 'string'
},
'AssignedGroupPatterns': [
'string',
],
'RoleGroupAssignments': [
{
'RoleName': 'string',
'GroupPatterns': [
'string',
]
},
]
},
EnableIamSessionBasedIdentity=True|False,
EnableAutoMinorVersionUpgrade=True|False,
AppVersion='string',
ClientToken='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
The ARN of the SageMaker Partner AI App to update.
dict
Maintenance configuration settings for the SageMaker Partner AI App.
MaintenanceWindowStart (string) --
The day and time of the week in Coordinated Universal Time (UTC) 24-hour standard time that weekly maintenance updates are scheduled. This value must take the following format: 3-letter-day:24-h-hour:minute. For example: TUE:03:30.
string
Indicates the instance type and size of the cluster attached to the SageMaker Partner AI App.
dict
Configuration settings for the SageMaker Partner AI App.
AdminUsers (list) --
The list of users that are given admin access to the SageMaker Partner AI App.
(string) --
Arguments (dict) --
This is a map of required inputs for a SageMaker Partner AI App. Based on the application type, the map is populated with a key and value pair that is specific to the user and application.
(string) --
(string) --
AssignedGroupPatterns (list) --
A list of Amazon Web Services IAM Identity Center group patterns that can access the SageMaker Partner AI App. Group names support wildcard matching using *. An empty list indicates the app will not use Identity Center group features. All groups specified in RoleGroupAssignments must match patterns in this list.
(string) --
RoleGroupAssignments (list) --
A map of in-app roles to Amazon Web Services IAM Identity Center group patterns. Groups assigned to specific roles receive those permissions, while groups in AssignedGroupPatterns but not in this map receive default in-app role depending on app type. Group patterns support wildcard matching using *. Currently supported by Fiddler version 1.3 and later with roles: ORG_MEMBER (default) and ORG_ADMIN.
(dict) --
Defines the mapping between an in-app role and the AWS IAM Identity Center group patterns that should be assigned to that role within the SageMaker Partner AI App.
RoleName (string) -- [REQUIRED]
The name of the in-app role within the SageMaker Partner AI App. The specific roles available depend on the app type and version.
GroupPatterns (list) -- [REQUIRED]
A list of AWS IAM Identity Center group patterns that should be assigned to the specified role. Group patterns support wildcard matching using *.
(string) --
boolean
When set to TRUE, the SageMaker Partner AI App sets the Amazon Web Services IAM session name or the authenticated IAM user as the identity of the SageMaker Partner AI App user.
boolean
When set to TRUE, the SageMaker Partner AI App is automatically upgraded to the latest minor version during the next scheduled maintenance window, if one is available.
string
The semantic version to upgrade the SageMaker Partner AI App to. Must be the same semantic version returned in the AvailableUpgrade field from DescribePartnerApp. Version skipping and downgrades are not supported.
string
A unique token that guarantees that the call to this API is idempotent.
This field is autopopulated if not provided.
list
Each tag consists of a key and an optional value. Tag keys must be unique per resource.
(dict) --
A tag object that consists of a key and an optional value, used to manage metadata for SageMaker Amazon Web Services resources.
You can add tags to notebook instances, training jobs, hyperparameter tuning jobs, batch transform jobs, models, labeling jobs, work teams, endpoint configurations, and endpoints. For more information on adding tags to SageMaker resources, see AddTags.
For more information on adding metadata to your Amazon Web Services resources with tagging, see Tagging Amazon Web Services resources. For advice on best practices for managing Amazon Web Services resources with tagging, see Tagging Best Practices: Implement an Effective Amazon Web Services Resource Tagging Strategy.
Key (string) -- [REQUIRED]
The tag key. Tag keys must be unique per resource.
Value (string) -- [REQUIRED]
The tag value.
dict
Response Syntax
{
'Arn': 'string'
}
Response Structure
(dict) --
Arn (string) --
The ARN of the SageMaker Partner AI App that was updated.