Amazon SageMaker lærred allows you to use machine learning (ML) to generate predictions without having to write any code. It does so by covering the end-to-end ML workflow: whether you’re looking for powerful data preparation and AutoML, managed endpoint deployment, simplified MLOps capabilities, or the ability to configure foundation models for generativ AI, SageMaker Canvas can help you achieve your goals.
To enable agility for your users while ensuring secure environments, you can adopt single sign-on (SSO) using AWS IAM Identity Center, which is the recommended AWS service for managing user access to AWS resources. With IAM Identity Center, you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications.
del 1 of this series describes the necessary steps to configure SSO for SageMaker Canvas using IAM Identity Center for Amazon SageMaker Studio Classic.
In this post, we walk you through the necessary steps to configure SSO for SageMaker Canvas using IAM Identity Center for the updated Amazon SageMaker Studio. Your users can seamlessly access SageMaker Canvas with their credentials from IAM Identity Center without having to first go through the AWS Management Console. We also demonstrate how you can streamline user management with IAM Identity Center.
Løsningsoversigt
To configure SSO from IAM Identity Center, you need to complete the following steps:
- Enable IAM Identity Center using AWS-organisationer
- Create a SageMaker Studio domain that uses IAM Identity Center for user authentication
- Create users or groups in IAM Identity Center
- Add users or groups to the SageMaker Studio domain
We will also show how to rename the SageMaker Studio application to clearly identify it as SageMaker Canvas, and how to access it using IAM Identity Center.
Aktiver IAM Identity Center
Follow these steps to connect SageMaker Canvas to IAM Identity Center:
- På IAM Identity Center-konsollen skal du vælge Aktiver.
- Vælg Enable with AWS Organizations.
- Vælg Redigere to add an instance name.
- Enter a name for your instance (for this post, canvas-app).
- Vælg Gem ændringer.
Create the SageMaker Studio domain
In this section, we create SageMaker Studio domain and configure the authentication method as IAM Identity Center. Complete the following steps:
- Vælg på SageMaker-konsollen domæner.
- Vælg Opret domæne.
- Vælg Opsat til organisationer.
- Vælg Opsætning.
- Enter a domain name of your choice (for this post,
canvas-domain
). - Vælg Næste.
- Type AWS Identitetscenter.
- Vælg Lav en ny rolle.
- Select the SageMaker Canvas permissions that you want to grant.
For more details about permissions, see Brugere og ML-aktiviteter.
- Specify one or more Amazon Simple Storage Service (Amazon S3) spand.
- Vælg Næste.
- Type SageMaker Studio – New.
- Vælg Næste.
Next, you can provide VPC details for your network configuration.
- Til dette indlæg vælger vi Public internet access.
- Choose your VPC, subnets, and security groups.
- Vælg Næste.
- Keep default storage configuration and choose Næste.
- Vælg Indsend.
Wait for SageMaker domain status to change to I brug.
Rename the SageMaker Studio application
Before we create a user, let’s rename the SageMaker Studio application name. This will allow users to quickly identify the SageMaker Canvas application when they log in through IAM Identity Center, where they may have access to multiple applications.
- På IAM Identity Center-konsollen skal du vælge Applikationer.
- Choose the SageMaker Studio application on the AWS managed fane.
- Vælg Rediger detaljer på den handlinger menu.
- Til Visningsnavn, indtast et navn (for dette indlæg,
Canvas
). - Til Beskrivelse, indtast en beskrivelse.
- Vælg Gem ændringer.
Create a user in IAM Identity Center
Now you can create users, and optionally, groups, that will be given access to SageMaker Canvas. For this post, we create a single user to demonstrate the process to provide access. However, groups are typically preferred for better user management, and to provision access in organizations.
A user group is a collection of users. Groups let you specify permissions for multiple users, which can make it more straightforward to manage the permissions for those users. For example, you could have a user group called business analysts and give that user group permission to SageMaker Canvas; all users in that group will have SageMaker Canvas access. If a new user joins your organization and needs access to SageMaker Canvas, you can add the user to the business analyst group. If a person changes jobs in your organization, instead of editing that user’s permissions, you can remove them from the old user groups and add them to the appropriate new user groups.
Complete the following steps to create a user in IAM Identity Center to test the SageMaker Canvas application access:
- På IAM Identity Center-konsollen skal du vælge Brugere i navigationsruden.
- Vælg Tilføj bruger.
- Provide required details such as the user name, email address, first name, and last name.
- Vælg Næste.
- Vælg Tilføj bruger.
You see a success message that the user has been added successfully.
Add users to the SageMaker Studio domain
You need to add this user to the SageMaker domain you created. If you’re using groups, then you add the group, not just a single user.
- Vælg på SageMaker-konsollen domæner i navigationsruden.
- Vælg det domæne, du har oprettet.
- Vælg Tildel brugere og grupper.
- På Brugere tab, select the user you created.
- Vælg Tildel brugere og grupper.
Access the SageMaker Canvas application from IAM Identity Center
The user will receive an email with a link to set up a password and instructions to connect to the AWS access portal. The link will be valid for up to 7 days.
When the user receives the email, they must complete the following steps to gain access to SageMaker Canvas:
- Vælg Accepter invitationen fra e-mailen.
- Set a new password to access SageMaker Canvas in the specified account and domain.
After authentication has been performed, the user has three options to log in to SageMaker Canvas:
- Mulighed 1 – Access from SageMaker Studio through the IAM Identity Center portal
- Mulighed 2 – Access from SageMaker Canvas through the IAM Identity Center portal, bypassing SageMaker Studio
- Mulighed 3 – Use the IAM Identity Center portal link in IAM Identity Center to access SageMaker Canvas
We go through each of these options in this section.
Mulighed 1
In the first option, the user first accesses SageMaker Studio to access SageMaker Canvas. This option is appropriate for users that should be able to access all relevant applications from SageMaker Studio, including SageMaker Canvas.
- Navigate to the AWS access portal URL from your email.
- Log in with the credentials you set for the user.
You will see the application name you configured earlier.
- Choose the SageMaker Canvas application.
You’re redirected to SageMaker Studio.
- Vælg Run Canvas.
- Vælg Åbn lærred.
You’re redirected to SageMaker Canvas.
Mulighed 2
In this option, the user still goes through the IAM Identity Center portal, but bypasses SageMaker Studio to go directly into SageMaker Canvas. This option should be used when access SageMaker Studio is not needed, since the user’s SageMaker login will always take them directly to SageMaker Canvas.
- Vælg på SageMaker-konsollen domæner i navigationsruden.
- Note down the SageMaker domain ID.
- Åbne AWS CloudShell or any other CLI and run the following command, providing your domain ID. This command updates the default landing application for the SageMaker domain from SageMaker Studio to SageMaker Canvas:
You will see the following response if the command runs successfully.
- Navigate to the AWS access portal URL from your email.
- Log in with the credentials you set for the user.
- Choose the SageMaker Canvas application.
This time you’re redirected to SageMaker Canvas, bypassing SageMaker Studio.
Mulighed 3
If the default landing application for the SageMaker domain has been updated from SageMaker Studio to SageMaker Canvas in Option 2, a user can also use the IAM Identity Center portal link to access SageMaker Canvas. To do so, choose the AWS access portal URL shown in the identity source on the IAM Identity Center console. You can use this URL as a browser bookmark, or integrated with your custom application for direct SageMaker Canvas access.
Ryd op
For at undgå at pådrage sig fremtid sessionsafgifter, log ud af SageMaker Canvas.
Konklusion
In this post, we discussed how users can securely access SageMaker Canvas using SSO. To do this, we configured IAM Identity Center and linked it to the SageMaker domain where SageMaker Canvas is used. Users are now one click away from using SageMaker Canvas and solving new challenges with no-code ML. This approach supports the secure environment requirements of cloud engineering and security teams, while allowing for the agility and independence of development teams.
To learn more about SageMaker Canvas, check out Annoncering af Amazon SageMaker Canvas – en visuel, ingen kode maskinindlæringskapacitet for forretningsanalytikere. SageMaker Canvas also enables collaboration with data science teams. To learn more, see Byg, del, implementer: hvordan forretningsanalytikere og dataforskere opnår hurtigere time-to-market ved hjælp af no-code ML og Amazon SageMaker Canvas. For IT-administratorer foreslår vi at tjekke ud Opsætning og administration af Amazon SageMaker Canvas (til it-administratorer).
Om forfatterne
Dhiraj Thakur er en løsningsarkitekt med Amazon Web Services. Han arbejder sammen med AWS-kunder og -partnere for at give vejledning om cloud-adoption, migrering og strategi. Han brænder for teknologi og nyder at bygge og eksperimentere i analytics og AI/ML-rummet.
Dan Sinnreich is a Senior Product Manager at AWS, helping democratize ML with low-code/no-code innovations. Previous to AWS, Dan built and commercialized SaaS platforms and time series risk models used by institutional investors to manage risk and optimize investment portfolios. Outside of work, he can be found playing hockey, scuba diving, and reading science fiction.
- SEO Powered Content & PR Distribution. Bliv forstærket i dag.
- PlatoData.Network Vertical Generative Ai. Styrk dig selv. Adgang her.
- PlatoAiStream. Web3 intelligens. Viden forstærket. Adgang her.
- PlatoESG. Kulstof, CleanTech, Energi, Miljø, Solenergi, Affaldshåndtering. Adgang her.
- PlatoHealth. Bioteknologiske og kliniske forsøgs intelligens. Adgang her.
- Kilde: https://aws.amazon.com/blogs/machine-learning/enable-single-sign-on-access-of-amazon-sagemaker-canvas-using-aws-iam-identity-center-part-2/
- :har
- :er
- :ikke
- :hvor
- $OP
- 1
- 10
- 100
- 14
- 1949
- 2006
- 7
- 9
- 900
- a
- evne
- I stand
- Om
- adgang
- Konto
- Konti
- opnå
- tværs
- tilføje
- tilføjet
- adresse
- administratorer
- vedtage
- Vedtagelse
- AI / ML
- Alle
- tillade
- tillade
- tillader
- også
- altid
- Amazon
- Amazon SageMaker
- Amazon SageMaker lærred
- Amazon Web Services
- an
- analytiker
- Analytikere
- analytics
- ,
- enhver
- app
- Anvendelse
- applikationer
- tilgang
- passende
- ER
- AS
- At
- Godkendelse
- AutoML
- undgå
- væk
- AWS
- BE
- været
- Bedre
- browser
- Bygning
- bygget
- virksomhed
- men
- by
- kaldet
- CAN
- canvas
- kapaciteter
- kapacitet
- center
- udfordringer
- lave om
- Ændringer
- kontrollere
- kontrol
- valg
- Vælg
- tydeligt
- cli
- klik
- Cloud
- cloud adoption
- kode
- samarbejde
- samling
- fuldføre
- Konfiguration
- konfigureret
- Tilslut
- Konsol
- kunne
- dækker
- skabe
- oprettet
- Legitimationsoplysninger
- skik
- Kunder
- data
- Dataforberedelse
- datalogi
- Dage
- Standard
- demokratisere
- demonstrere
- indsætte
- implementering
- beskriver
- beskrivelse
- detaljer
- Udvikling
- udviklingsteams
- direkte
- direkte
- deaktiveret
- drøftet
- dykning
- do
- gør
- domæne
- Domain Name
- ned
- hver
- tidligere
- muliggøre
- muliggør
- ende til ende
- Endpoint
- Engineering
- sikring
- Indtast
- Enterprise
- Miljø
- miljøer
- eksempel
- eksperimentere
- hurtigere
- Fiktion
- Fornavn
- efter
- Til
- fundet
- Foundation
- fra
- fremtiden
- Gevinst
- generere
- Giv
- given
- Go
- Mål
- Goes
- indrømme
- gruppe
- Gruppens
- vejledning
- Have
- have
- he
- hjælpe
- hjælpe
- Hvordan
- How To
- Men
- HTML
- http
- HTTPS
- ID
- identificere
- Identity
- if
- in
- Herunder
- uafhængighed
- innovationer
- instans
- i stedet
- Institutionel
- Institutionelle investorer
- anvisninger
- integreret
- Internet
- ind
- investering
- Investorer
- IT
- Karriere
- Sammenføjninger
- jpg
- lige
- landing
- Efternavn
- LÆR
- læring
- lad
- LINK
- forbundet
- log
- Logge på
- leder
- maskine
- machine learning
- lave
- administrere
- lykkedes
- ledelse
- leder
- styring
- Kan..
- Menu
- besked
- metode
- migration
- ML
- MLOps
- modeller
- mere
- flere
- skal
- navn
- Navigation
- nødvendig
- Behov
- behov
- behov
- netværk
- Ny
- ingen
- nu
- of
- Gammel
- on
- ONE
- Optimer
- Option
- Indstillinger
- or
- organisation
- organisationer
- Andet
- ud
- uden for
- brød
- del
- partnere
- lidenskabelige
- Adgangskode
- udføres
- tilladelse
- Tilladelser
- person,
- Platforme
- plato
- Platon Data Intelligence
- PlatoData
- spiller
- Portal
- porteføljer
- Indlæg
- vigtigste
- Forudsigelser
- foretrækkes
- forberedelse
- tidligere
- behandle
- Produkt
- produktchef
- give
- leverer
- bestemmelse
- hurtigt
- Læsning
- modtage
- modtager
- anbefales
- relevant
- Fjern
- påkrævet
- Krav
- Ressourcer
- svar
- Risiko
- risikomodeller
- Kør
- løber
- SaaS
- sagemaker
- Videnskab
- Science Fiction
- forskere
- problemfrit
- Sektion
- sikker
- sikkert
- sikkerhed
- se
- Vælg
- senior
- Series
- tjeneste
- Tjenester
- sæt
- Del
- bør
- Vis
- vist
- Simpelt
- forenklet
- siden
- enkelt
- So
- Løsninger
- Løsning
- Kilde
- Space
- specificeret
- Status
- Steps
- Stadig
- opbevaring
- ligetil
- Strategi
- strømline
- Studio
- undernet
- succes
- Succesfuld
- sådan
- tyder
- Understøtter
- Tag
- hold
- Teknologier
- prøve
- at
- deres
- Them
- derefter
- Disse
- de
- denne
- dem
- tre
- Gennem
- tid
- Tidsserier
- til
- typisk
- opdateret
- opdateringer
- URL
- brug
- anvendte
- Bruger
- brugere
- bruger
- ved brug af
- gyldig
- visuel
- gå
- ønsker
- we
- web
- webservices
- hvornår
- hvorvidt
- som
- mens
- vilje
- med
- uden
- Arbejde
- workflow
- Workforce
- virker
- skriver
- Du
- Din
- zephyrnet