All Amazon SageMaker API operations are now fully supported via AWS PrivateLink, which increases the security of data shared with cloud-based applications by reducing data exposure to the internet. In this blog, I show you how to set up a VPC endpoint to secure your Amazon SageMaker API calls using AWS PrivateLink.
AWS PrivateLink traffic doesn’t traverse the internet, which reduces the exposure to threats such as brute force and distributed denial of service attacks. Because all communication between your application and Amazon SageMaker API operations is inside your VPC, you don’t need an internet gateway, a NAT device, a VPN connection, or AWS Direct Connect to communicate with Amazon SageMaker. Instead, AWS PrivateLink enables you to privately access all Amazon SageMaker API operations from your VPC in a scalable manner by using interface VPC endpoints. A VPC endpoint is an elastic network interface in your subnet with private IP addresses that serves as an entry point for all Amazon SageMaker API calls.
Although AWS PrivateLink supports all Amazon SageMaker API operations, the AuthorizedUrl
returned by CreatePresignedNotebookInstanceUrl
is inaccessible via AWS PrivateLink because SageMaker notebook instances are currently accessible only over the internet. However, you can restrict notebook instance access to a list of specific IP addresses by attaching an IAM policy with an IP address conditional operator. This condition denies access to CreatePresignedNotebookInstanceUrl
and AuthorizedUrl
unless the call originates from an IP address in the policy associated with the IAM user, group, or role accessing the notebook instance. This approach is useful when the IP addresses for your company are within well-defined ranges. For more information, see Accessing Notebook Instances.
Creating a VPC endpoint
To use AWS PrivateLink, you need to create an interface VPC endpoint and connect to the Amazon SageMaker API service. This blog uses the AWS Management Console to create a VPC endpoint, but you can do the same operations using AWS Command Line Interface (AWS CLI) commands.
To create a VPC endpoint from the console, open the Amazon VPC console, open the Endpoints page, and create a new endpoint, as shown in the following image.
Three attributes are required:
The Amazon SageMaker API service name. For Service category, select AWS services and for Service Name, select amazonaws.eu-west-1.sagemaker.api.
The VPC and Availability Zonesthat you want to use.
The security group to be associated with the interface VPC endpoint. If you don’t specify a security group, the default security group for your VPC is associated.
You can begin using the VPC endpoint when its status is available. The following image shows two VPC endpoints. The first is for the Amazon SageMaker Runtime service to secure prediction calls to models hosted in Amazon SageMaker. The second is for the Amazon SageMaker API service to secure all API calls.
After you have created a VPC endpoint to the API service, use the following example AWS CLI command to list notebook instances from inside your VPC using the configured VPC endpoint.
Optionally, if you enable private DNS hostnames for your VPC endpoint, as shown in the following image, you don’t need to specify the endpoint URL.
A private hosted zone enables you to access the resources in your VPC using custom DNS domain names, such as example.com, instead of using private IPv4 addresses or private DNS hostnames provided by AWS. The Amazon SageMaker DNS hostname that the AWS CLI and Amazon SageMaker SDKs use by default (https://api.sagemaker.Region.amazonaws.com) resolves to your VPC endpoint.
If you enabled a private hosted zone or if you’re using an SDK released before August 13, 2018, you have to specify the endpoint when using the SDK or AWS CLI. For example:
For the VPC endpoint in the preceding example, this would be:
If you enabled a private hosted zone and you’re using the SDK released on August 13, 2018, this would be:
Conclusion
All Amazon SageMaker API calls and prediction calls are now supported via AWS PrivateLink. This feature is available in all Amazon SageMaker Regions. To learn more about using security features in Amazon SageMaker such as encryption, IAM roles, KMS keys, and AWS CloudTrail integration, see the Amazon SageMaker Developer Guide.
About the Author
Urvashi Chowdhary is a Senior Product Manager for Amazon SageMaker. She is passionate about working with customers and making machine learning more accessible. In her spare time, she loves sailing, paddle boarding, and kayaking.