Miscellaneous Flashcards
1
Q
Securing SageMaker notebooks
A
- IAM Policy: sagemaker: CreatePredsignedNotebookInstanceURL
- Notebooks themselves are just webpages
- We access them through signing into the console, where notebooks are “presigned” when we open them
- We can create an IAM policy that grants or denies access to certain notebooks - When we create the notebook, we have the option to grant root access which enables software installation
- SageMaker instance profiles - creating roles within IAM and assigning them to SageMaker services (e.g. S3)
2
Q
SageMaker and VPC
A
- SM hosts models in a public VPC by default (although users need to be authenticated through IAM to gain access). The resources that we’re using have access to the internet. If we require further security, we need to create a private VPC which has various subnets without internet access
- Models and data in S3 (public internet). Create an S3 endpoint / use a custom endpoint policy for S3 / encrypt the data within S3
- SageMakerFullAccessPolity IAM policy has all of the permissions required to perform automatic scaling actions