Configure AWS SageMaker
With the AWS SageMaker integration, you can manage, monitor, and explain your SageMaker deployments in Deeploy.
Configure SageMaker
The SageMaker integration is controlled on team level. Admins can set up the integration on the Integrations page, which is part of the Admin panel. Click Configure on the SageMaker card and Add credentials to set up the integration.
The following information is required:
- AWS access key ID & AWS secret access key Deeploy needs your AWS credentials to access the necessary resources on your AWS account. To get your AWS credentials, follow the AWS instructions. Create a policy with the following minimal permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
This policy is automatically created when you do a quick setup of Sagemaker (called AmazonSageMaker-ExecutionPolicy-<timestamp>).
You can also specify access to specific buckets (e.g. with "arn:aws:s3:::my-bucket/*").
Attach this policy alongside with the AmazonSageMakerFullAccess policy to the user that you use for your Sagemaker integration.
Default AWS region Deeploy needs a default region to serve as the authentication region and default region for your SageMaker Deployments. However, you also have the flexibility to specify a different region when creating a Deployment.
SageMaker Amazon Resource Name (ARN) Specify the execution role you want to use for SageMaker Deployments, using the ARN format. You can find the execution role in the settings of your Sagemaker domain. The role will be formatted in this way:
arn:aws:iam::<account_id>:role/service-role/AmazonSageMaker-ExecutionRole-<timestamp>.Workspace permissions Define which Workspaces should have access to your SageMaker credentials. You can assign your SageMaker credentials to multiple Workspaces, but each Workspace can only have one SageMaker credentials assigned to it.
Update SageMaker credentials
To update your SageMaker credentials, click on the Actions button in your SageMaker credentials table, then click Update. Updating your credentials always requires you to fill in your secret access key.
Changing Workspace permissions
To change the Workspaces to which the SageMaker credentials are assigned to, click on the Actions button in your SageMaker credentials table, then click Manage permissions. Now select or deselect the Workspaces you want to change, and click Save.
Delete Sagemaker credentials
To delete your SageMaker credentials, click on the Actions button in your SageMaker credentials table, then click Delete. Click Delete in the dialog to confirm the deletion of your credentials.
Get started with SageMaker for Deployments
You can get started with SageMaker Deployments by either making SageMaker your default deployment service, or creating single SageMaker Deployments. Both options are detailed in this section.
A guide to creating Deployments with SageMaker as a deployment service is available in Creating SageMaker Deployments.
SageMaker as your default deployment service
The default deployment service is controlled on a Workspace level. Workspace owners can change the default deployment service to SageMaker in the Workspace settings. All Deployments use the default deployment service, unless specified otherwise when creating a Deployment.
Create a single SageMaker Deployment
It's possible to create a Deployment using SageMaker, when the default deployment service is set to KServe or Azure Machine Learning (and vice versa). To change the deployment service for a single Deployment, untoggle the Use default deployment service settings toggle in the Deployment step when creating your Deployment, and choose SageMaker as your deployment service.