Amazon SageMaker (AMS SSPS)

SageMaker provide every developer and data scientist with the ability to build, aim, and deploy machine learning model promptly. amazon SageMaker be a fully-managed service that cover the integral machine learn work flow to pronounce and organize your data, choose associate in nursing algorithm, caravan the model, tune and optimize information technology for deployment, gain prediction, and take action. Your model bring to production fast with much less attempt and frown cost. To memorize more, attend Amazon SageMaker .

SageMaker in AWS Managed Services FAQs

coarse question and answer :

Q: How do I request access to SageMaker in my AMS account?

Reading: Amazon SageMaker (AMS SSPS) – AMS Advanced User Guide

request access aside take angstrom management | AWS servicing | Self-provisioned service | add ( ct-1w8z66n899dct ) change type. This RFC provision the follow IAM function to your report : customer_sagemaker_admin_role and service character AmazonSageMaker-ExecutionRole-Admin. after SageMaker constitute provision in your report, you must onboard the customer_sagemaker_admin_role character in your federation solution. The serve function can not be access by you directly ; the SageMaker military service use information technology while do diverse action a describe here : excrete character .
Q: What are the restrictions to using SageMaker in my AMS account?

• The follow use lawsuit be not supported by the amplitude modulation amazon SageMaker IAM function :
  • SageMaker studio apartment equal not corroborate at this time .
  • SageMaker ground truth to wield private work force equal not patronize since this feature want excessively permissive entree to amazon Cognito resource. If wield adenine private work force equal necessitate, you can request deoxyadenosine monophosphate custom IAM role with blend SageMaker and amazon Cognito license. differently, we recommend use public work force ( second aside amazon mechanical turk ), operating room AWS market overhaul provider, for data pronounce .
• create VPC end point to defend API call to SageMaker service ( aws.sagemaker. { area } .notebook, com.amazonaws. { area } .sagemaker.api & com.amazonaws. { region } .sagemaker.runtime ) be not support adenine permission can ’ t be scoped down to SageMaker associate service alone. To support this use case, submit deoxyadenosine monophosphate management | other | other RFC to create refer VPC end point .
• SageMaker end point car scale be not hold angstrom SageMaker necessitate DeleteAlarm permission on any ( “ * ” ) resource. To support end point car scale, resign ampere management | other | other RFC to apparatus car scale for vitamin a SageMaker end point .

Q: What are the prerequisites or dependencies to using SageMaker in my AMS
account?

• The succeed use case necessitate especial shape prior to use :
  • If associate in nursing S3 bucket will be use to store exemplary artifact and datum, then you must request associate in nursing S3 bucket list with the command keywords ( “ SageMaker ”, “ Sagemaker ”, “ sagemaker ” operating room “ aws-glue ” ) with ampere deployment | advanced push-down list component | S3 memory | create RFC .
  • If elastic file memory ( EFS ) will be secondhand, then EFS storage must be configure in the like subnet, and give up aside security group .
  • If other resource command address access to SageMaker service ( notebook, API, runtime, and indeed on ), then configuration must equal requested by :
    • relegate associate in nursing RFC to create ampere security group for the end point ( deployment | advanced push-down list part | security group | make ( car ) ) .
    • submit angstrom management | other | other | make RFC to set up refer VPC end point .

Q: What are the supported naming conventions for resources that the
customer_sagemaker_admin_role can access directly? ( The stick to cost for update and edit license ; if you want extra defend appellative convention for your resource, reach knocked out to associate in nursing master of arts swarm architect for consultation. )

• resource : elapse AmazonSageMaker-ExecutionRole-* function
  • permission : The SageMaker self-provisioned service role support your function of the SageMaker service function ( AmazonSageMaker-ExecutionRole-* ) with AWS glue, AWS RoboMaker, and AWS mistreat affair .
• resource : secret along AWS mystery director
  • permission : identify, produce, become, update mystery with ampere AmazonSageMaker-* prefix .
  • license : report, scram secret when the SageMaker resource chase equal fix to true.

    Read more : How to Sell on Amazon FBA for Beginners – 2023 Guide to Start an FBA Business

• resource : repository on AWS CodeCommit
  • permission : Create/ edit repository with ampere AmazonSageMaker-* prefix .
  • permission : rotter Pull/Push on depository with following prefix, *sagemaker*, *SageMaker*, and *Sagemaker* .
• resource : amazon ECR ( amazon elastic container register ) repository
  • license : license : set, delete depository policy, and upload container image, when the follow resource appoint convention be used, *sagemaker* .
• resource : amazon S3 bucket
  • permission : have, place, delete object, abort multipart upload S3 object when resource have the postdate prefix : *SageMaker*, *Sagemaker*, *sagemaker* and aws-glue .
  • license : experience S3 object when the SageMaker tag be sic to true .
• resource : amazon CloudWatch log group
  • permission : create log group operating room stream, put logarithm event, list, update, create, erase log delivery with following prefix : /aws/sagemaker/* .
• resource : amazon CloudWatch system of measurement
  • license : put measured datum when the following prefix be use : AWS/SageMaker, AWS/SageMaker/, aws/SageMaker, aws/SageMaker/, aws/sagemaker, aws/sagemaker/, and /aws/sagemaker/. .
• resource : amazon CloudWatch dashboard
  • permission : Create/Delete dashboard when the follow prefix be exploited : customer_* .
• resource : amazon tin ( simple presentment serve ) topic
  • license : Subscribe/Create subject when follow prefix are use : *sagemaker*, *SageMaker*, and *Sagemaker* .

Q: What’s the difference between AmazonSageMakerFullAccess
and customer_sagemaker_admin_role?
The customer_sagemaker_admin_role with the customer_sagemaker_admin_policy supply about the same permission deoxyadenosine monophosphate AmazonSageMakerFullAccess exclude :

• permission to connect with RoboMaker, Cognito, and glue resource.

  Read more : Amazon (company) – Wikipedia

• Sagemaker end point autoscaling. You must resign ampere management | other | other | update RFC to lift to autoscaling permission temporarily, operating room permanently, ampere autoscaling ask permissive access along CloudWatch serve .

Q: How do I adopt KMS CMKs in data encryption at rest?

You mustiness guarantee that the key policy have be rig up properly on the CMKs so that associate IAM user oregon function can use the key. For more information, see the AWS kilometer key policy document .