拥有能够交付的环境 亚马逊SageMaker notebook 实例可以让数据科学家和业务分析师快速有效地响应组织需求。 数据是组织的命脉,有效地分析数据可为企业提供有用的见解。 组织遇到的一个常见问题是创建一种自动化模式,使开发团队能够启动 AWS 服务。 组织希望让他们的开发人员能够在需要时以集中和安全的方式启动资源。
这篇文章演示了如何使用 AWS 服务集中管理 SageMaker 实例笔记本,包括 AWS CloudFormation, AWS无服务器应用程序模型 (AWS 山姆), AWS服务目录, 亚马逊EventBridge, AWS Systems Manager参数存储, Amazon API网关及 AWS Lambda. 我们将介绍如何使用这些 AWS 服务来自动化将 SageMaker 笔记本出售给最终用户的过程。
解决方案概述
在我们的解决方案中,笔记本用户使用 AWS Service Catalog 请求笔记本实例。 该请求由提供笔记本实例的 AWS CloudFormation 处理。 EventBridge 监控 AWS Service Catalog API 以完成笔记本实例资源预置。 EventBridge 中基于事件的规则调用 Lambda 事件处理器,该处理器运行一个返回预签名 URL 的 Lambda 函数。
以下架构图说明了 CloudFormation 模板中定义的基础架构状态。
该过程包括以下步骤:
- 用户通过 AWS Service Catalog 控制台请求新笔记本。
- AWS Service Catalog 启动 CloudFormation 堆栈。
- AWS CloudFormation 启动 SageMaker 笔记本。
- SageMaker 笔记本现在正在运行。
- 启动新的 AWS Service Catalog 产品时会触发 EventBridge 函数。
- 亚马逊CloudWatch 事件调用 Lambda 函数,该函数生成预签名 URL 和用户特定的 SSM 参数。
- 用户请求新的预签名 URL。
- Lambda 函数会生成一个新的预签名 URL,并使用新 URL 更新用户的 SSM 参数。
先决条件
要实施此解决方案,您必须具有以下先决条件:
使用 AWS CloudFormation 部署资源
要使用 AWS CloudFormation 创建您的资源,请完成以下步骤:
- 部署
s3-iam-config
CloudFormation 模板:
aws cloudformation create-stack --stack-name s3-iam-config --template-body file://templates/s3-iam-config.yml --parameters file://parameters/s3-iam-params.json --capabilities CAPABILITY_NAMED_IAM
输出应类似于以下代码:
{ "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/s3-iam-config/9be9f990-0909-11eb-811c-0a78092beb51"
}
该模板创建一个 亚马逊简单存储服务 (Amazon S3)存储桶。
- 运行以下命令获取上一步生成的 S3 存储桶名称:
aws cloudformation describe-stacks --stack-name s3-iam-config --query "Stacks[0].Outputs[?OutputKey=='S3BucketName'].OutputValue" --output text
输出应如下所示:
s3-iam-config-s3bucket-1p85zr5051d86
- 使用上一步的输出运行以下命令(更新存储桶名称):
aws s3 cp templates/sm-notebook.yml s3://<bucket_name>/sm-notebook.yml
输出应如下所示:
upload: templates/sm-notebook.yml to s3://s3-iam-config-s3bucket-1p85zr5051d86/sm-notebook.yml
- 打开
parameters/service-catalog-params.json
文件并更新 S3BucketName
参数到上一步中的存储桶名称。 更新 UserIAMPrincipal
使用您用于此演示的 IAM 角色的 ARN。
[ { "ParameterKey" : "NotebookInstanceType", "ParameterValue" : "ml.t2.medium" }, { "ParameterKey" : "S3IAMConfigStackName", "ParameterValue" : "s3-iam-config" }, { "ParameterKey" : "ServiceCatalogTemplateName", "ParameterValue" : "sm-notebook.yml" }, { "ParameterKey" : "S3BucketName", "ParameterValue" : "<input_your_bucket_name>" }, { "ParameterKey" : "UserIAMPrincipal", "ParameterValue" : "<input_your_iam_principal_arn>" }
]
- 部署
service-catalog
CloudFormation 模板:
aws cloudformation create-stack --stack-name service-catalog-config --template-body file://templates/service-catalog.yml --parameters file://parameters/service-catalog-params.json --capabilities CAPABILITY_NAMED_IAM
输出应如下所示:
{ "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/service-catalog-config/fb29c5e0-28a0-11ec-8337-123f746ae8a3"
}
使用 AWS SAM 部署资源
要使用 AWS SAM 部署资源,请完成以下步骤:
- 将您的目录更改为
lambda
目录:
- 构建应用程序:
输出应如下所示:
Built Artifacts : .aws-sam/build
Built Template : .aws-sam/build/template.yaml Commands you can use next
=========================
[*] Invoke Function: sam local invoke
[*] Test Function in the Cloud: sam sync --stack-name {stack-name} --watch
[*] Deploy: sam deploy --guided
- 部署应用程序:
- 响应 CLI 中的问题,如以下代码所示:
Configuring SAM deploy
====================== Looking for config file [samconfig.toml] : Found Reading default arguments : Success Setting default arguments for 'sam deploy' ========================================= Stack Name [sam-app]: sam-app AWS Region [us-east-1]: us-east-1 Parameter EventBridgeFunctionName [EventBridgeFunction]: EventBridgeFunction Parameter EventRuleName [SvcCatalogEventRule]: SvcCatalogEventRule Parameter RefreshFunctionName [RefreshURLFunction]: RefreshURLFunction #Shows you resources changes to be deployed and require a 'Y' to initiate deploy Confirm changes before deploy [y/N]: N #SAM needs permission to be able to create roles to connect to the resources in your template Allow SAM CLI IAM role creation [Y/n]: Y #Preserves the state of previously provisioned resources when an operation fails Disable rollback [y/N]: N EventBridgeFunction may not have authorization defined, Is this okay? [y/N]: Y RefreshURLFunction may not have authorization defined, Is this okay? [y/N]: Y Save arguments to configuration file [Y/n]: Y SAM configuration file [samconfig.toml]: samconfig.toml SAM configuration environment [default]: dev
输出应如下所示:
Looking for resources needed for deployment: Creating the required resources... Successfully created! Managed S3 bucket: aws-sam-cli-managed-default-samclisourcebucket-1f4i68wsmouhw A different default S3 bucket can be set in samconfig.toml Saved arguments to config file Running 'sam deploy' for future deployments will use the parameters saved above. The above parameters can be changed by modifying samconfig.toml Learn more about samconfig.toml syntax at https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-config.html Uploading to sam-app/6f3e2f13cfdca08133238f77fc2c667b 9425988 / 9425988 (100.00%)
Uploading to sam-app/b153fd4be66b581361f7d46efae25f18 9425968 / 9425968 (100.00%) Deploying with following values =============================== Stack name : sam-app Region : us-east-1 Confirm changeset : False Disable rollback : False Deployment s3 bucket : aws-sam-cli-managed-default-samclisourcebucket-1f4i68wsmouhw Capabilities : ["CAPABILITY_IAM"] Parameter overrides : {"EventBridgeFunctionName": "EventBridgeFunction", "EventRuleName": "SvcCatalogEventRule", "RefreshFunctionName": "RefreshURLFunction"} Signing Profiles : {} Initiating deployment
=====================
Uploading to sam-app/c82cdea2bfbc2abc6520a97fce4c8a8b.template 6754 / 6754 (100.00%) Waiting for changeset to be created.. CloudFormation stack changeset
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Operation LogicalResourceId ResourceType Replacement -----------------------------------------------------------------------------------------------------------------------------------------------------------------
+ Add EventBridgeFunctionHelloWorldPermissio AWS::Lambda::Permission N/A nProd + Add EventBridgeFunctionRole AWS::IAM::Role N/A + Add EventBridgeFunction AWS::Lambda::Function N/A + Add PermissionForEventsToInvokeLambda AWS::Lambda::Permission N/A + Add RefreshURLFunctionHelloWorldPermission AWS::Lambda::Permission N/A Prod + Add RefreshURLFunctionRole AWS::IAM::Role N/A + Add RefreshURLFunction AWS::Lambda::Function N/A + Add ServerlessRestApiDeploymentb762875163 AWS::ApiGateway::Deployment N/A + Add ServerlessRestApiProdStage AWS::ApiGateway::Stage N/A + Add ServerlessRestApi AWS::ApiGateway::RestApi N/A + Add SvcCatalogEventRule AWS::Events::Rule N/A ----------------------------------------------------------------------------------------------------------------------------------------------------------------- Changeset created successfully. arn:aws:cloudformation:us-east-1:123456789012:changeSet/samcli-deploy1641934511/763fe89c-9c6a-4cef-a1a6-90986d7decfd 2022-01-11 15:55:22 - Waiting for stack create/update to complete CloudFormation events from stack operations
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
ResourceStatus ResourceType LogicalResourceId ResourceStatusReason -----------------------------------------------------------------------------------------------------------------------------------------------------------------
CREATE_IN_PROGRESS AWS::IAM::Role RefreshURLFunctionRole - CREATE_IN_PROGRESS AWS::IAM::Role EventBridgeFunctionRole - CREATE_IN_PROGRESS AWS::IAM::Role EventBridgeFunctionRole Resource creation Initiated CREATE_IN_PROGRESS AWS::IAM::Role RefreshURLFunctionRole Resource creation Initiated CREATE_COMPLETE AWS::IAM::Role EventBridgeFunctionRole - CREATE_IN_PROGRESS AWS::Lambda::Function EventBridgeFunction - CREATE_IN_PROGRESS AWS::Lambda::Function EventBridgeFunction Resource creation Initiated CREATE_COMPLETE AWS::IAM::Role RefreshURLFunctionRole - CREATE_COMPLETE AWS::Lambda::Function EventBridgeFunction - CREATE_IN_PROGRESS AWS::Lambda::Function RefreshURLFunction - CREATE_IN_PROGRESS AWS::Lambda::Function RefreshURLFunction Resource creation Initiated CREATE_IN_PROGRESS AWS::Events::Rule SvcCatalogEventRule - CREATE_IN_PROGRESS AWS::Events::Rule SvcCatalogEventRule Resource creation Initiated CREATE_COMPLETE AWS::Lambda::Function RefreshURLFunction - CREATE_IN_PROGRESS AWS::ApiGateway::RestApi ServerlessRestApi - CREATE_COMPLETE AWS::ApiGateway::RestApi ServerlessRestApi - CREATE_IN_PROGRESS AWS::ApiGateway::RestApi ServerlessRestApi Resource creation Initiated CREATE_IN_PROGRESS AWS::ApiGateway::Deployment ServerlessRestApiDeploymentb762875163 - CREATE_IN_PROGRESS AWS::Lambda::Permission EventBridgeFunctionHelloWorldPermissio - nProd CREATE_IN_PROGRESS AWS::Lambda::Permission RefreshURLFunctionHelloWorldPermission Resource creation Initiated Prod CREATE_IN_PROGRESS AWS::Lambda::Permission EventBridgeFunctionHelloWorldPermissio Resource creation Initiated nProd CREATE_IN_PROGRESS AWS::Lambda::Permission RefreshURLFunctionHelloWorldPermission - Prod CREATE_IN_PROGRESS AWS::ApiGateway::Deployment ServerlessRestApiDeploymentb762875163 Resource creation Initiated CREATE_COMPLETE AWS::ApiGateway::Deployment ServerlessRestApiDeploymentb762875163 - CREATE_IN_PROGRESS AWS::ApiGateway::Stage ServerlessRestApiProdStage - CREATE_IN_PROGRESS AWS::ApiGateway::Stage ServerlessRestApiProdStage Resource creation Initiated CREATE_COMPLETE AWS::Lambda::Permission RefreshURLFunctionHelloWorldPermission - Prod CREATE_COMPLETE AWS::Lambda::Permission EventBridgeFunctionHelloWorldPermissio - nProd CREATE_COMPLETE AWS::ApiGateway::Stage ServerlessRestApiProdStage - CREATE_COMPLETE AWS::Events::Rule SvcCatalogEventRule - CREATE_IN_PROGRESS AWS::Lambda::Permission PermissionForEventsToInvokeLambda - CREATE_IN_PROGRESS AWS::Lambda::Permission PermissionForEventsToInvokeLambda Resource creation Initiated CREATE_COMPLETE AWS::Lambda::Permission PermissionForEventsToInvokeLambda - CREATE_COMPLETE AWS::CloudFormation::Stack sam-app - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- CloudFormation outputs from deployed stack
------------------------------------------------------------------------------------------------------------------------------------------------------------------
Outputs ------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key RefreshURLFunctionIamRole Description Implicit IAM Role created for Hello World function Value arn:aws:lambda:us-east-1:123456789012:function:RefreshURLFunction Key RefreshURLFunctionAPI Description API Gateway endpoint URL for Prod stage for Hello World function Value https://m94bjaurjb.execute-api.us-east-1.amazonaws.com/Prod/refreshurl/ Key RefreshURLFunction Description Hello World Lambda Function ARN Value arn:aws:lambda:us-east-1:123456789012:function:RefreshURLFunction ------------------------------------------------------------------------------------------------------------------------------------------------------------------ Successfully created/updated stack - sam-app in us-east-1
测试解决方案
现在您已经部署了解决方案,让我们测试工作流。
- 在AWS Service Catalog控制台上的 行政和支持部门 在导航窗格中,选择 投资组合.
- 选择您的 SageMaker 笔记本。
- 推出产品.
- 在页面底部,选择 推出产品.
您应该看到类似于以下屏幕截图的页面。
- 稍等片刻,状态显示为
Available
.
- 打开终端并运行以下命令以从 Parameter Store 获取预签名 URL:
aws ssm get-parameter --name "/SageMaker/Notebooks/Demo-User-Notebook" --query Parameter.Value
输出应如下所示:
"https://demo-user-notebook.notebook.us-east-1.sagemaker.aws?authToken=eyJhbGciOiJIUzI1NiJ9.eyJmYXNDcmVkZW50aWFscyI6IkFZQURlSlVvLzJjeEcwQ0xtNHBjTTZFOGM1SUFYd0FCQUJWaGQzTXRZM0o1Y0hSdkxYQjFZbXhwWXkxclpYa0FSRUV3U0ZSdU1rNXJZMUpyWnpWWVlsZFBRbUowTmtadVpGcHZlRlJXUW05SVlWaHdiazFJY25WRWVrTmtlVWRUVUZsak56UnhObWQzVTJGS1dYUm5hVk40VVQwOUFBRUFCMkYzY3kxcmJYTUFTMkZ5YmpwaGQzTTZhMjF6T25WekxXVmhjM1F0TVRvM05qUTNNRGM1TWpRME1UVTZhMlY1TDJJM01ETTNNRE5oTFdVMU5HTXROR1JtWWkxaE1HRTFMVGMyTnpNek1XWXlORGsxT1FDNEFRSUJBSGhlY3J4TGdEdDJaWmRKYk5nd3R4RHJpWmtZQnZUR1cwZWZCWVhaVW1VTTFBRXNiUlBXblloT3hjUWhPUE9jR0FaZUFBQUFmakI4QmdrcWhraUc5dzBCQndhZ2J6QnRBZ0VBTUdnR0NTcUdTSWIzRFFFSEFUQWVCZ2xnaGtnQlpRTUVBUzR3RVFRTUFnMjM1NzZRT1l6azgyc29BZ0VRZ0RzejlwVHd4Q2ZZUHd6SGJvZERIaElRa1BRWjdUUXRxZ2dEaVpkTDBtMnIxaW1jVHp5czJHc0t6T3d2Z2g1cGNSSytVS2ZxTXlnTmVhaHVVd0lBQUFBQURBQUFFQUFBQUFBQUFBQUFBQUFBQUFET3ZoZFMvb01sTE4xZ3hQSFkybklQLy8vLy93QUFBQUVBQUFBQUFBQUFBQUFBQUFFQUFBTmZFc2JYV1RDWXorV0o0S3BwSXhEMkpkMVFzUnZFbW9lS21hZDhvSmNSN0tRMi9CQWd3TTA3YUFOOEN1WE8yc2lLUnpZdjI1YmlLOFYzUDM2d1Fjc3RoS085Ui91TFFzNWk4RytHc3BZSnlNamRsbWdWYTFEd2FZQmd0TUMwcmJMRjZSWXJhcFJtMFArbDVIQWg3bWNyeU9lejZWRVlYTmdJY2FXR0tjZDFwRjQ5bXBLTzNyQW5BSGlCdEVaNCtlSVFYVkJwMmQyV2c4TEFqR0RRYVNyclVBOUhJa3pvaloybm5iVHluY3pLWXlNVjA3Ui8wZmVTZU9jTTBubC9IRHdjWUdyc1RCcDgzM1RVWCtkOGRNRXI4amtpQVAwUTFQRkNrU2h5WS9CU05IalZtWThxd094N05jV3g1ZVpSenl3cm0vWXNZOW5paEt5cWRMaGNIQUhDbXZhWW8yb2lMZ3BGak51WG5udlh1U1UxcmFlRVZMNUlKR1loMVAzRWZnR3huNmlsUTJmVGllQytQdWNmT3dsZWwrSnR5SWNmbVRTeFB0bnE1YW1mVjEycml0Skx5a09WMklEc0YzSEl6RW11SmhYZTBqKzM1dWlITW5BVkFZVm5RbithdWh1K3lVcUNKeWVWU1o2ZWVsYmIwd2tYUGNpOXBkazFMbTFLNUpZcFJuMFoyS1hvSnBxNm52b3pPWkdvNG9jbmVRQWhKODRiYjR6RkdGZ1NOaTdQWEFuMnpDTkZ1S2w0eU9KVldiRDRXMGZGSFc1OE5iUTE5amc5Zlp0czlkVmxKclowSmVrYTJhZi9TaUpoeWdvcDBwQ0pBS0pZZkErVEhTQmdCUTFNUWpyUXV5U25jbnQ4NU5XUW1uVG9PUGJ4bVlyN0JRMllpQlJsekdxSDNuQ0pXN2x4YmNzYUV1c1dFMXB3K0RJc2lLMEV1YVV6anBFWFV0NEt4Zm82T3B3b28vdVcyV0dlSmNQVHk4TkNRYWZlUU1VbXgwaDQ3aDF0UHNIY0hBUjltKzU2c3BzMnJETjl4ZTFUMVdHVDg4a3FFMW5YYzRQeUZNdTVuYXB0UEdUU1B0akpZWDRKKzRsSzlJZzZCNG9qRTNmVEEzUVllSTd0dU9UZG9Vd2R6SkJ4L1NvSjNxU0ZUMWRDZXFDeUcyWUN5cjN0TmFzZlpYNFBBWmU4b1M1QVZTeExkVlVqUkpYcW1DM1ZkNUJPRlFySHpReTZjTkFLNFVOY2tBanh3bUgwbFlNdlFtc3lTODRzcCtLUGdpbXl3eWNDdk5tYWQ1bVltRHRZYVpMU3JCVUZIVzlDS2tTS2pqWWtBWnZ3MXRnS3h5OE9wNjZDRHY3aEZObzNDUWQ3MGpnV0wyamdnU1RIckJ6blJwK2wxQ1VscnNsblNzaGluTDcwbnp4eU02b1NBbm1FdFVscG9yeG1iWGRUbUxld244R1lQS1ZvT0syd1pobXk0TVQzc2xxRlU1enVTU2tBQnp5eURZb3djR3JxemlBTXNDcEZONVhRVk9HNHkzNnlZS3pTU0FVTEppRCtOZFRLeWxJbUFHY3daUUl3TXpoZ25hWitia1h5VmErTWUrYmwxUHBrUXcwMWxMUDZNcExnTGRPbkVKb0RRM0xLc2pLZHlidWx4cmlNK011SEFqRUF3V00zdXpjemZyY1ZWOGNwUzdlUDlBRXluNks5NkNQNFBiVCtYK1VVZERqYXZkR1hrenY3TklkWG4xem9pU0dpIiwiY2lwaGVyVGV4dCI6IkFRSUJBSGhlY3J4TGdEdDJaWmRKYk5nd3R4RHJpWmtZQnZUR1cwZWZCWVhaVW1VTTFBRVRlWjBib1lRWDZSazJ1dzdNREJZY0FBQUFvakNCbndZSktvWklodmNOQVFjR29JR1JNSUdPQWdFQU1JR0lCZ2txaGtpRzl3MEJCd0V3SGdZSllJWklBV1VEQkFFdU1CRUVERjVkR1VSbkt5ZlA4S2dKTVFJQkVJQmJyTkJkSkZEOWhySytrajEvTDRieXMxMlFmR2dxM1pSTVlGa2lwNjJXZGZ2aUhvdkswQ3pKY0VtSUE4akY5cktPRm5ZblFoeHpHdmhxZy84VjU4RjUxbWFKUkJIY0RlUzdjSGRpSkdhOW1MbmZuVzFwQVhoaUp1WlRCdz09Iiwid29ya3NwYWNlTmFtZSI6ImRlbW8tdXNlci1ub3RlYm9vayIsIndvcmtzcGFjZURvbWFpbk5hbWUiOiJkZW1vLXVzZXItbm90ZWJvb2siLCJzdWIiOiIxOTU4ODk2NzE2OTAiLCJleHAiOjE2MzgxNDAyMTQsImlhdCI6MTYzODEzODQxNH0.duv90DKJDan6ZOI_uwgP3sQEtManyMCD61tnhZtI-mY"
EventBridge规则
EventBridge 配置了一个事件规则来处理 AWS Service Catalog API 的 API 响应。 此规则配置为传递笔记本实例状态,以便您可以使用 Lambda 将预签名 URL 响应作为触发操作返回。 事件规则配置如下:
{ "detail-type": ["AWS API Call via CloudTrail"], "detail": { "eventSource": ["servicecatalog.amazonaws.com"], "eventName": ["ProvisionProduct"] }
}
EventBridge 控制台的以下屏幕截图显示了您的事件规则。
AWS 云跟踪 正在使用事件源监视 API servicecatalog.amazonaws.com
. 被监控的事件名称是 ProvisionProduct
. 监控此事件可让您采取有效措施来响应 AWS Service Catalog 报告笔记本实例的成功交付状态。 当一个 ProvisionProduct
事件发生时,调用了一个 Lambda 函数 DemoEventBridgeFunction
被调用,它将一个预签名的 URL 返回给最终用户。
用于返回预签名笔记本实例 URL 的 Lambda 函数
为确保通过 AWS Service Catalog 安全访问用户请求的笔记本,会创建一个预签名 URL 并将其返回给用户。 这提供了一种访问笔记本实例和执行业务关键功能的安全方法。 为此,我们使用 事件桥服务目录函数 函数,它使用一个 服务员 使笔记本实例状态变为可用。 服务员提供了一种轮询服务并暂停执行任务直到满足特定条件的方法。 准备就绪后,该函数会生成一个预签名 URL。 最后,该函数使用生成的预签名 URL 创建一个 SSM 参数。 SSM 参数使用以下模式: /SageMaker/Notebooks/%s-Notebook"%user_name/
. 这使我们能够为所有 SageMaker 笔记本 SSM 参数创建一个公共命名空间,同时保持它们的唯一性 user_name
.
预签名 URL 具有定义的到期时间。 Lambda 函数部署会话到期时间为 12 小时的笔记本。 因此,开发人员需要在现有预签名 URL 过期时生成新的预签名 URL。 这 刷新URL函数 通过允许用户通过调用 API 网关来调用函数来实现这一点。 开发人员可以调用此函数并传递他们的笔记本名称,它会返回一个预签名的 URL。 当。。。的时候 RefreshURLFunction
完成后,用户可以调用 Parameter Store,获取新的预签名 URL,然后访问他们的笔记本。
- 获取
RefreshURLFunction
带有以下代码的 API 网关 URL:
aws cloudformation describe-stacks --stack-name sam-app --query "Stacks[0].Outputs[?OutputKey=='RefreshURLFunctionAPI'].OutputValue" --output text --region us-east-1
输出应如下所示:
https://8mnr3ksi0d.execute-api.us-east-1.amazonaws.com/Prod/refreshurl/
- 调用函数
RefreshURLFunction
通过调用 API 网关。 更新 input_url
使用上一步中的 URL:
curl -X POST <input_url> -d '{"notebook_user_name": "Demo-User"}'
输出应如下所示:
{"PreSignedURL": "https://demo-user-notebook-dctz.notebook.us-east-1.sagemaker.aws?authToken=eyJhbGciOiJIUzI1NiJ9.eyJmYXNDcmVkZW50aWFscyI6IkFZQURlRGw3R2E2OWZ3SmhjSlZKcDB1VjR2b0FYd0FCQUJWaGQzTXRZM0o1Y0hSdkxYQjFZbXhwWXkxclpYa0FSRUZzYVcxNVNsZGtXRXhCZGpVNGRIRkVTalo0V25SSk5WWTVUVEZHZFZaTVZtVldWRzQ0Tms1UGRWaEpSVFI2UTBwdGVFZDFWbFUxUzNoc1pYSXJia05YWnowOUFBRUFCMkYzY3kxcmJYTUFTMkZ5YmpwaGQzTTZhMjF6T25WekxXVmhjM1F0TVRvM05qUTNNRGM1TWpRME1UVTZhMlY1TDJJM01ETTNNRE5oTFdVMU5HTXROR1JtWWkxaE1HRTFMVGMyTnpNek1XWXlORGsxT1FDNEFRSUJBSGhlY3J4TGdEdDJaWmRKYk5nd3R4RHJpWmtZQnZUR1cwZWZCWVhaVW1VTTFBRjY1ZFVPdW5vQlY2MVdrTnM2OUVsdUFBQUFmakI4QmdrcWhraUc5dzBCQndhZ2J6QnRBZ0VBTUdnR0NTcUdTSWIzRFFFSEFUQWVCZ2xnaGtnQlpRTUVBUzR3RVFRTVhsY1gyeW5WMVQxNkdBRHlBZ0VRZ0RzUEVSVllMRVMzN1FVZklvVTZjd3RZdGI4NkIrT212aVF3cm5BOFVDSnZtMjRxYXJORllaOGgzRGlnSy8wVVBSR3hTeFpoaFhWSTA0Q1RlUUlBQUFBQURBQUFFQUFBQUFBQUFBQUFBQUFBQUFBcUEvUnVZOTk2alBLV09zaFNqZS9GLy8vLy93QUFBQUVBQUFBQUFBQUFBQUFBQUFFQUFBTlhGZFYwR1FHMXZpN2drQkhtOGtmWlBUL0dxcnhOamFSWkU0Tis3ZTJocEI0YXUxS0ozQ2ZnRUMrcHR3dk9JdjQwVGYrdnNWNUt5MjYyNGYvOVhrYmVZQklqdnlLV1JJR0ZyS2dxditVTXdJcE8ydDFIbWcvSmFhdEpGdFhudlJodVcwMG9ldVBLS3ZFeGRKQ3ppYkRkT3J3SG5IMFJqWEhTc2tydGxsTDM2Mll0a3k0Z1cwV2xGOUt3Zm1xb2FjVzZZRTZhV0RUZU9oQWprZXFkQ1FoVi9KRWYwaTA1Q1VxU0k1REZzSC8yS2grZHJxS0tBSVMyTjFRYnNSZ3VGNzFFcnBCM3BoV25PSTFnd3BGL3VNMCs5MHRsTGVCeG5ncElqT1NEY1pkbHlwQmpNZkVadUNYWGU4ZTJGRGQ0bGVENFdOZDdzc0F4OHFQWmV5eWI3WWo2L0FxaUtESmdLOStScS9BVGF6NkRFNFNyL3BaWmpRRFFab1oyV1ZCa2VVWHR2U1piVUd4aXJXRG0rVUUxVk5sbG85TmhwSEhhR1dIZEJPU0w5SUFUWWZDVjV6enVURHNDS2l1dVBQTmFVZGhvSUVuL2c1UXhtOFJvZUlVVUJRcUVvbms3T3d1QzJZOEM2QUowclVxL055T3R5NmF4TWY2VEdYcTFsTHB4WG9wMjlXT3lzR3daQSs4Mmo3em5SZEo2RTZTU005TnJYRi95OWxRS3dBTFBaK3FBNmszSEFvdDg5UlZYSGVMTFQ3TklwazVYVnZlRXY5S3N2MUp1Uk1FVVJEZjI1bnZtOXRmVnp0MUN0R0Y1RVBQNEpid2d5RnZ4RDlnRkVPTUM5dk1rdWloT3JnM3JaaDNwRjd1RDRsVVptVUtTRXV6ZVVmRFd0eEhjVHZoeUxFVmZuczhpcjl6SnFacGxpNVdYdjF3bTQ5WWxJNGlSM1FiamtZM0JybUFsOFBzZkRjYmZJUmVBNmkvQjVNeHFOb3RvU0Y0MHA1OFpJTGZPNmNNWURlVHpzT2dMbENmYXIwT3JMK1lRVk55MU5ETUF3cGRWaXlNeWI1RHl2SzlOV3ZOOUt2c2lMTklrV1IvU2s5ekx1RjBPd3F0aE5GWjhkbWkvMzRzc2pRMUFVR1BMR2ZXbUl1ZmlqRnhrRytnL1lKMjNSa1pIVmRvb1J4TUt3Zmk5OXQvUS96QmI2OUgyQlljbFZwUVl0RGV4Z3ZGWTg2TGpUMm5sSjkya09ad1duWW9OMWpMenIrVTVWQkJKakpDT09ENVA0MXBWckdHN1R4Nlh4UlFscGRqQ3E5ZFhXQlJiRDh6d0JDZ2VMY254SFlZTjUzR2hON2U3S3QyUmZyak5aREtSanUvTWNZSXRSTTVLU2ZaNWFNZ2NJUXY0a0tLNUppVll6OEdaY2VUSE5TT21Zb1FNeG1xMnNOSGJDZzZpUFM4KytvUkErdFhGY1JWMFkxSG9qZlVWS2NzREJjZmFQRVo0TENSZENvZnYrWFVWaHFSNzlCZGpyYW92Wmo1TitqZjFxdHdWZU9mVWJBQm5NR1VDTUN6UU4xMThWMTFZcXcwSWFhbmY0NUtIcjhnUC9MaVZHLzVRTy9yemREbzdZbkZEMmtzM3ZKbFQxVWE5N3kxY25nSXhBS2FxNEJsQ3R4UUc3b2Yxc1BaWld3K2NCalgzcGdIMWhXMHpYOU1zVzJOYXFCSklpUkp1VTJVaUU0cVdDVnh4eVE9PSIsImNpcGhlclRleHQiOiJBUUlCQUhoZWNyeExnRHQyWlpkSmJOZ3d0eERyaVprWUJ2VEdXMGVmQllYWlVtVU0xQUhyWlZxanJHYWVlMUY5c016d2pmM1pBQUFBb2pDQm53WUpLb1pJaHZjTkFRY0dvSUdSTUlHT0FnRUFNSUdJQmdrcWhraUc5dzBCQndFd0hnWUpZSVpJQVdVREJBRXVNQkVFRFBGVFJFbXQ2SmQ2VWoxMExnSUJFSUJibHBFOWtORGxpd21Yb2ltaEFiTC8xNmpYTVRhcDYvNnpSRlFLbjNHWE9mRlVRcUx6VEVBSUQvY095bDlMYU1NdzBRaHBjSWhERmpEL1U1R29sQmUrSHJ4QnJuRk1SMjNrWVR1K2tXUFZVYUcwRExPanl1YVhYR3VDOHc9PSIsIndvcmtzcGFjZU5hbWUiOiJkZW1vLXVzZXItam9lLW5vdGVib29rIiwid29ya3NwYWNlRG9tYWluTmFtZSI6ImRlbW8tdXNlci1qb2Utbm90ZWJvb2steXVvYyIsInN1YiI6IjE5NTg4OTY3MTY5MCIsImV4cCI6MTY0MDc0NDM1OCwiaWF0IjoxNjQwNzQwNzU4fQ.WGFEzQhC3lvA9IguA2tbCS6Us9mhRIV_6LiuRTAytSo"}%
- 打开浏览器并导航到
PreSignedURL
从上一步开始。
该网页应类似于以下屏幕截图。
结论
在这篇博文中,我们演示了如何使用 AWS CloudFormation 为 SageMaker 笔记本实例环境部署基础设施组件。 然后,我们说明了如何使用 EventBridge 从 AWS Service Catalog API 返回笔记本实例状态。 最后,我们展示了如何使用 Lambda 函数返回预签名的笔记本实例 URL 以访问交付的资源。 有关详细信息,请参阅 Amazon SageMaker 开发人员指南. 感谢您的阅读!
作者简介
乔·基廷 是 Amazon Web Services 专业服务部门的高级客户交付架构师。 他与 AWS 客户合作,在 AWS 云中设计和实施各种解决方案。 乔喜欢用一两杯葡萄酒做饭,喜欢在高尔夫球场上表现平庸。
马特·赫奇斯 是 Amazon Web Services 的云应用程序架构师。 他与客户密切合作,使技术需求与业务驱动因素保持一致,以便在 AWS 上交付他们的应用程序。 Matt 专注于迁移和现代化,与世界各地的企业客户合作,开拓变革,释放云的全部潜力。 Matt 喜欢与家人共度时光、演奏乐器、烹饪、玩电子游戏、修理旧车和学习新事物。
弗吉尼亚朱 是 Amazon Web Services 专业服务部门的高级 DevSecOps 架构师。 她与全球的企业级客户合作,在 AWS 云中设计和实施各种解决方案。