Amazon SageMaker Canvas allows you to use machine learning (ML) to generate predictions without having to write any code. It does so by covering the end-to-end ML workflow: whether you’re looking for powerful data preparation and AutoML, managed endpoint deployment, simplified MLOps capabilities, or the ability to configure foundation models for generativni AI, SageMaker Canvas can help you achieve your goals.
To enable agility for your users while ensuring secure environments, you can adopt single sign-on (SSO) using AWS IAM Identity Center, which is the recommended AWS service for managing user access to AWS resources. With IAM Identity Center, you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications.
Del 1 of this series describes the necessary steps to configure SSO for SageMaker Canvas using IAM Identity Center for Amazon SageMaker Studio Classic.
In this post, we walk you through the necessary steps to configure SSO for SageMaker Canvas using IAM Identity Center for the updated Amazon SageMaker Studio. Your users can seamlessly access SageMaker Canvas with their credentials from IAM Identity Center without having to first go through the Konzola za upravljanje AWS. We also demonstrate how you can streamline user management with IAM Identity Center.
Pregled rešitev
To configure SSO from IAM Identity Center, you need to complete the following steps:
- Enable IAM Identity Center using AWS organizacije
- Create a SageMaker Studio domain that uses IAM Identity Center for user authentication
- Create users or groups in IAM Identity Center
- Add users or groups to the SageMaker Studio domain
We will also show how to rename the SageMaker Studio application to clearly identify it as SageMaker Canvas, and how to access it using IAM Identity Center.
Omogoči središče identitete IAM
Follow these steps to connect SageMaker Canvas to IAM Identity Center:
- Na konzoli središča identitete IAM izberite Omogoči.
- Izberite Enable with AWS Organizations.
- Izberite Uredi to add an instance name.
- Enter a name for your instance (for this post, canvas-app).
- Izberite Shrani spremembe.
Create the SageMaker Studio domain
In this section, we create SageMaker Studio domain and configure the authentication method as IAM Identity Center. Complete the following steps:
- Na konzoli SageMaker izberite Domene.
- Izberite Ustvari domeno.
- Izberite Nastavite za organizacije.
- Izberite Nastavitev.
- Enter a domain name of your choice (for this post,
canvas-domain
). - Izberite Naslednji.
- Izberite AWS Identity Center.
- Izberite Ustvari novo vlogo.
- Select the SageMaker Canvas permissions that you want to grant.
For more details about permissions, see Uporabniki in dejavnosti ML.
- Specify one or more Preprosta storitev shranjevanja Amazon (Amazon S3) vedro.
- Izberite Naslednji.
- Izberite SageMaker Studio – New.
- Izberite Naslednji.
Next, you can provide VPC details for your network configuration.
- Za to objavo izberemo Public internet access.
- Choose your VPC, subnets, and security groups.
- Izberite Naslednji.
- Keep default storage configuration and choose Naslednji.
- Izberite Prijave se.
Wait for SageMaker domain status to change to V službi.
Rename the SageMaker Studio application
Before we create a user, let’s rename the SageMaker Studio application name. This will allow users to quickly identify the SageMaker Canvas application when they log in through IAM Identity Center, where they may have access to multiple applications.
- Na konzoli središča identitete IAM izberite Aplikacije.
- Choose the SageMaker Studio application on the AWS managed tab.
- Izberite Uredite podrobnosti o Proces meni.
- za Prikazno ime, vnesite ime (za to objavo,
Canvas
). - za Opis, vnesite opis.
- Izberite Shrani spremembe.
Create a user in IAM Identity Center
Now you can create users, and optionally, groups, that will be given access to SageMaker Canvas. For this post, we create a single user to demonstrate the process to provide access. However, groups are typically preferred for better user management, and to provision access in organizations.
A user group is a collection of users. Groups let you specify permissions for multiple users, which can make it more straightforward to manage the permissions for those users. For example, you could have a user group called business analysts and give that user group permission to SageMaker Canvas; all users in that group will have SageMaker Canvas access. If a new user joins your organization and needs access to SageMaker Canvas, you can add the user to the business analyst group. If a person changes jobs in your organization, instead of editing that user’s permissions, you can remove them from the old user groups and add them to the appropriate new user groups.
Complete the following steps to create a user in IAM Identity Center to test the SageMaker Canvas application access:
- Na konzoli središča identitete IAM izberite uporabniki v podoknu za krmarjenje.
- Izberite Dodaj uporabnika.
- Provide required details such as the user name, email address, first name, and last name.
- Izberite Naslednji.
- Izberite Dodaj uporabnika.
You see a success message that the user has been added successfully.
Add users to the SageMaker Studio domain
You need to add this user to the SageMaker domain you created. If you’re using groups, then you add the group, not just a single user.
- Na konzoli SageMaker izberite Domene v podoknu za krmarjenje.
- Izberite domeno, ki ste jo ustvarili.
- Izberite Dodeljevanje uporabnikov in skupin.
- o uporabniki tab, select the user you created.
- Izberite Dodeljevanje uporabnikov in skupin.
Access the SageMaker Canvas application from IAM Identity Center
The user will receive an email with a link to set up a password and instructions to connect to the AWS access portal. The link will be valid for up to 7 days.
When the user receives the email, they must complete the following steps to gain access to SageMaker Canvas:
- Izberite Sprejmi povabilo iz e-pošte.
- Set a new password to access SageMaker Canvas in the specified account and domain.
After authentication has been performed, the user has three options to log in to SageMaker Canvas:
- možnost 1 – Access from SageMaker Studio through the IAM Identity Center portal
- možnost 2 – Access from SageMaker Canvas through the IAM Identity Center portal, bypassing SageMaker Studio
- možnost 3 – Use the IAM Identity Center portal link in IAM Identity Center to access SageMaker Canvas
We go through each of these options in this section.
možnost 1
In the first option, the user first accesses SageMaker Studio to access SageMaker Canvas. This option is appropriate for users that should be able to access all relevant applications from SageMaker Studio, including SageMaker Canvas.
- Navigate to the AWS access portal URL from your email.
- Log in with the credentials you set for the user.
You will see the application name you configured earlier.
- Choose the SageMaker Canvas application.
You’re redirected to SageMaker Studio.
- Izberite Run Canvas.
- Izberite Odprite Canvas.
You’re redirected to SageMaker Canvas.
možnost 2
In this option, the user still goes through the IAM Identity Center portal, but bypasses SageMaker Studio to go directly into SageMaker Canvas. This option should be used when access SageMaker Studio is not needed, since the user’s SageMaker login will always take them directly to SageMaker Canvas.
- Na konzoli SageMaker izberite Domene v podoknu za krmarjenje.
- Note down the SageMaker domain ID.
- Odprto AWS CloudShell or any other CLI and run the following command, providing your domain ID. This command updates the default landing application for the SageMaker domain from SageMaker Studio to SageMaker Canvas:
You will see the following response if the command runs successfully.
- Navigate to the AWS access portal URL from your email.
- Log in with the credentials you set for the user.
- Choose the SageMaker Canvas application.
This time you’re redirected to SageMaker Canvas, bypassing SageMaker Studio.
možnost 3
If the default landing application for the SageMaker domain has been updated from SageMaker Studio to SageMaker Canvas in Option 2, a user can also use the IAM Identity Center portal link to access SageMaker Canvas. To do so, choose the AWS access portal URL shown in the identity source on the IAM Identity Center console. You can use this URL as a browser bookmark, or integrated with your custom application for direct SageMaker Canvas access.
Čiščenje
Da bi se izognili prihodnjim stroški seje, se odjavite iz SageMaker Canvas.
zaključek
In this post, we discussed how users can securely access SageMaker Canvas using SSO. To do this, we configured IAM Identity Center and linked it to the SageMaker domain where SageMaker Canvas is used. Users are now one click away from using SageMaker Canvas and solving new challenges with no-code ML. This approach supports the secure environment requirements of cloud engineering and security teams, while allowing for the agility and independence of development teams.
To learn more about SageMaker Canvas, check out Predstavljamo Amazon SageMaker Canvas – vizualno zmožnost strojnega učenja brez kodiranja za poslovne analitike. SageMaker Canvas also enables collaboration with data science teams. To learn more, see Zgradite, delite, uvedite: kako poslovni analitiki in podatkovni znanstveniki dosežejo hitrejši čas do trga z uporabo ML brez kode in Amazon SageMaker Canvas. Skrbnikom IT priporočamo ogled Nastavitev in upravljanje Amazon SageMaker Canvas (za skrbnike IT).
O avtorjih
Dhiraj Thakur je arhitekt rešitev pri Amazon Web Services. Sodeluje s strankami in partnerji AWS, da bi zagotovil smernice o sprejemanju oblaka v podjetju, migraciji in strategiji. Navdušen je nad tehnologijo in uživa v gradnji in eksperimentiranju na področju analitike in AI/ML.
Dan Sinnreich is a Senior Product Manager at AWS, helping democratize ML with low-code/no-code innovations. Previous to AWS, Dan built and commercialized SaaS platforms and time series risk models used by institutional investors to manage risk and optimize investment portfolios. Outside of work, he can be found playing hockey, scuba diving, and reading science fiction.
- Distribucija vsebine in PR s pomočjo SEO. Okrepite se še danes.
- PlatoData.Network Vertical Generative Ai. Opolnomočite se. Dostopite tukaj.
- PlatoAiStream. Web3 Intelligence. Razširjeno znanje. Dostopite tukaj.
- PlatoESG. Ogljik, CleanTech, Energija, Okolje, sončna energija, Ravnanje z odpadki. Dostopite tukaj.
- PlatoHealth. Obveščanje o biotehnologiji in kliničnih preskušanjih. Dostopite tukaj.
- vir: https://aws.amazon.com/blogs/machine-learning/enable-single-sign-on-access-of-amazon-sagemaker-canvas-using-aws-iam-identity-center-part-2/
- :ima
- : je
- :ne
- :kje
- $GOR
- 1
- 10
- 100
- 14
- 1949
- 2006
- 7
- 9
- 900
- a
- sposobnost
- Sposobna
- O meni
- dostop
- Račun
- računi
- Doseči
- čez
- dodajte
- dodano
- Naslov
- administratorji
- sprejme
- Sprejetje
- AI / ML
- vsi
- omogočajo
- Dovoli
- omogoča
- Prav tako
- vedno
- Amazon
- Amazon SageMaker
- Amazon SageMaker Canvas
- Amazon Web Services
- an
- Analitik
- Analitiki
- analitika
- in
- kaj
- aplikacija
- uporaba
- aplikacije
- pristop
- primerno
- SE
- AS
- At
- Preverjanje pristnosti
- AutoML
- izogniti
- stran
- AWS
- BE
- bilo
- Boljše
- brskalnik
- Building
- zgrajena
- poslovni
- vendar
- by
- se imenuje
- CAN
- platno
- Zmogljivosti
- zmožnost
- center
- izzivi
- spremenite
- Spremembe
- preveriti
- preverjanje
- izbira
- Izberite
- jasno
- cli
- klik
- Cloud
- sprejem v oblak
- Koda
- sodelovanje
- zbirka
- dokončanje
- konfiguracija
- konfigurirano
- Connect
- Konzole
- bi
- kritje
- ustvarjajo
- ustvaril
- Mandatno
- po meri
- Stranke, ki so
- datum
- Priprava podatkov
- znanost o podatkih
- Dnevi
- privzeto
- demokratizirati
- izkazati
- razporedi
- uvajanje
- opisuje
- opis
- Podrobnosti
- Razvoj
- razvojne ekipe
- neposredna
- neposredno
- onemogočena
- razpravljali
- potapljanje
- do
- ne
- domena
- Ime domene
- navzdol
- vsak
- prej
- E-naslov
- omogočajo
- omogoča
- konec koncev
- Končna točka
- Inženiring
- zagotoviti
- Vnesite
- Podjetje
- okolje
- okolja
- Primer
- eksperimentiranje
- hitreje
- Fiction
- prva
- po
- za
- je pokazala,
- Fundacija
- iz
- Prihodnost
- Gain
- ustvarjajo
- Daj
- dana
- Go
- Cilji
- goes
- odobri
- skupina
- Skupine
- Navodila
- Imajo
- ob
- he
- pomoč
- pomoč
- Kako
- Kako
- Vendar
- HTML
- http
- HTTPS
- ID
- identificirati
- identiteta
- if
- in
- Vključno
- neodvisnost
- novosti
- primer
- Namesto
- Institucionalna
- institucionalni vlagatelji
- Navodila
- integrirana
- Internet
- v
- naložbe
- Vlagatelji
- IT
- Delovna mesta
- Pridružuje
- jpg
- samo
- pristanek
- Zadnja
- UČITE
- učenje
- Naj
- LINK
- povezane
- prijavi
- prijava
- si
- stroj
- strojno učenje
- Znamka
- upravljanje
- upravlja
- upravljanje
- upravitelj
- upravljanje
- Maj ..
- Meni
- Sporočilo
- Metoda
- migracije
- ML
- MLOps
- modeli
- več
- več
- morajo
- Ime
- ostalo
- potrebno
- Nimate
- potrebna
- potrebe
- mreža
- Novo
- št
- zdaj
- of
- Staro
- on
- ONE
- Optimizirajte
- Možnost
- možnosti
- or
- Organizacija
- organizacije
- Ostalo
- ven
- zunaj
- podokno
- del
- partnerji
- strastno
- Geslo
- opravljeno
- Dovoljenje
- Dovoljenja
- oseba
- Platforme
- platon
- Platonova podatkovna inteligenca
- PlatoData
- igranje
- Portal
- portfelji
- Prispevek
- močan
- Napovedi
- prednostno
- Priprava
- prejšnja
- Postopek
- Izdelek
- produktni vodja
- zagotavljajo
- zagotavljanje
- zagotavljanje
- hitro
- reading
- prejeti
- prejme
- priporočeno
- pomembno
- odstrani
- obvezna
- Zahteve
- viri
- Odgovor
- Tveganje
- modeli tveganja
- Run
- deluje
- SaaS
- sagemaker
- Znanost
- Znanstvena fantastika
- Znanstveniki
- brez težav
- Oddelek
- zavarovanje
- Varno
- varnost
- glej
- izberite
- višji
- Serija
- Storitev
- Storitve
- nastavite
- Delite s prijatelji, znanci, družino in partnerji :-)
- shouldnt
- Prikaži
- pokazale
- Enostavno
- poenostavljeno
- saj
- sam
- So
- rešitve
- Reševanje
- vir
- Vesolje
- določeno
- Status
- Koraki
- Še vedno
- shranjevanje
- naravnost
- Strategija
- racionalizirati
- studio
- podomrežja
- uspeh
- Uspešno
- taka
- predlagajte
- Podpira
- Bodite
- Skupine
- Tehnologija
- Test
- da
- O
- njihove
- Njih
- POTEM
- te
- jih
- ta
- tisti,
- 3
- skozi
- čas
- Časovne serije
- do
- tipično
- posodobljeno
- posodobitve
- URL
- uporaba
- Rabljeni
- uporabnik
- Uporabniki
- uporablja
- uporabo
- veljavno
- vizualna
- sprehod
- želeli
- we
- web
- spletne storitve
- kdaj
- ali
- ki
- medtem
- bo
- z
- brez
- delo
- potek dela
- Delovna sila
- deluje
- pisati
- Vi
- Vaša rutina za
- zefirnet