Resource: awsSagemakerDomain

Provides a SageMaker Domain resource.

Example Usage

Basic usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentExample =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example", {
    statement: [
      {
        actions: ["sts:AssumeRole"],
        principals: [
          {
            identifiers: ["sagemaker.amazonaws.com"],
            type: "Service",
          },
        ],
      },
    ],
  });
const awsIamRoleExample = new aws.iamRole.IamRole(this, "example_1", {
  assumeRolePolicy: dataAwsIamPolicyDocumentExample.json,
  name: "example",
  path: "/",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRoleExample.overrideLogicalId("example");
const awsSagemakerDomainExample = new aws.sagemakerDomain.SagemakerDomain(
  this,
  "example_2",
  {
    authMode: "IAM",
    defaultUserSettings: {
      executionRole: awsIamRoleExample.arn,
    },
    domainName: "example",
    subnetIds: ["${aws_subnet.example.id}"],
    vpcId: "${aws_vpc.example.id}",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSagemakerDomainExample.overrideLogicalId("example");

Using Custom Images

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSagemakerAppImageConfigExample =
  new aws.sagemakerAppImageConfig.SagemakerAppImageConfig(this, "example", {
    appImageConfigName: "example",
    kernelGatewayImageConfig: {
      kernelSpec: {
        name: "example",
      },
    },
  });
const awsSagemakerImageExample = new aws.sagemakerImage.SagemakerImage(
  this,
  "example_1",
  {
    imageName: "example",
    roleArn: "${aws_iam_role.example.arn}",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSagemakerImageExample.overrideLogicalId("example");
const awsSagemakerImageVersionExample =
  new aws.sagemakerImageVersion.SagemakerImageVersion(this, "example_2", {
    baseImage: "base-image",
    imageName: awsSagemakerImageExample.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSagemakerImageVersionExample.overrideLogicalId("example");
const awsSagemakerDomainExample = new aws.sagemakerDomain.SagemakerDomain(
  this,
  "example_3",
  {
    authMode: "IAM",
    defaultUserSettings: {
      executionRole: "${aws_iam_role.example.arn}",
      kernelGatewayAppSettings: {
        customImage: [
          {
            appImageConfigName:
              awsSagemakerAppImageConfigExample.appImageConfigName,
            imageName: awsSagemakerImageVersionExample.imageName,
          },
        ],
      },
    },
    domainName: "example",
    subnetIds: ["${aws_subnet.example.id}"],
    vpcId: "${aws_vpc.example.id}",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSagemakerDomainExample.overrideLogicalId("example");

Argument Reference

The following arguments are required:

authMode - (Required) The mode of authentication that members use to access the domain. Valid values are iam and sso.
defaultSpaceSettings - (Required) The default space settings. See Default Space Settings below.
defaultUserSettings - (Required) The default user settings. See Default User Settings below.* domainName - (Required) The domain name.
subnetIds - (Required) The VPC subnets that Studio uses for communication.
vpcId - (Required) The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.

The following arguments are optional:

appNetworkAccessType - (Optional) Specifies the VPC used for non-EFS traffic. The default value is publicInternetOnly. Valid values are publicInternetOnly and vpcOnly.
appSecurityGroupManagement - (Optional) The entity that creates and manages the required security groups for inter-app communication in vpcOnly mode. Valid values are service and customer.
domainSettings - (Optional) The domain settings. See Domain Settings below.
domainSettings - (Optional) The domain's settings.
kmsKeyId - (Optional) The AWS KMS customer managed CMK used to encrypt the EFS volume attached to the domain.
retentionPolicy - (Optional) The retention policy for this domain, which specifies whether resources will be retained after the Domain is deleted. By default, all resources are retained. See Retention Policy below.
tags - (Optional) A map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

defaultSpaceSettings

executionRole - (Required) The execution role for the space.
jupyterServerAppSettings - (Optional) The Jupyter server's app settings. See Jupyter Server App Settings below.
kernelGatewayAppSettings - (Optional) The kernel gateway app settings. See Kernel Gateway App Settings below.
securityGroups - (Optional) The security groups for the Amazon Virtual Private Cloud that the space uses for communication.

defaultUserSettings

executionRole - (Required) The execution role ARN for the user.
canvasAppSettings - (Optional) The Canvas app settings. See Canvas App Settings below.
jupyterServerAppSettings - (Optional) The Jupyter server's app settings. See Jupyter Server App Settings below.
kernelGatewayAppSettings - (Optional) The kernel gateway app settings. See Kernel Gateway App Settings below.
rSessionAppSettings - (Optional) The RSession app settings. See RSession App Settings below.
securityGroups - (Optional) A list of security group IDs that will be attached to the user.
sharingSettings - (Optional) The sharing settings. See Sharing Settings below.
tensorBoardAppSettings - (Optional) The TensorBoard app settings. See TensorBoard App Settings below.

canvasAppSettings

timeSeriesForecastingSettings - (Optional) Time series forecast settings for the Canvas app. see Time Series Forecasting Settings below.

timeSeriesForecastingSettings

amazonForecastRoleArn - (Optional) The IAM role that Canvas passes to Amazon Forecast for time series forecasting. By default, Canvas uses the execution role specified in the UserProfile that launches the Canvas app. If an execution role is not specified in the UserProfile, Canvas uses the execution role specified in the Domain that owns the UserProfile. To allow time series forecasting, this IAM role should have the AmazonSageMakerCanvasForecastAccess policy attached and forecast.amazonaws.com added in the trust relationship as a service principal.
status - (Optional) Describes whether time series forecasting is enabled or disabled in the Canvas app. Valid values are enabled and disabled.

sharingSettings

notebookOutputOption - (Optional) Whether to include the notebook cell output when sharing the notebook. The default is disabled. Valid values are allowed and disabled.
s3KmsKeyId - (Optional) When notebookOutputOption is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.
s3OutputPath - (Optional) When notebookOutputOption is Allowed, the Amazon S3 bucket used to save the notebook cell output.

tensorBoardAppSettings

defaultResourceSpec - (Optional) The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.

kernelGatewayAppSettings

customImage - (Optional) A list of custom SageMaker images that are configured to run as a KernelGateway app. see Custom Image below.
defaultResourceSpec - (Optional) The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.
lifecycleConfigArns - (Optional) The Amazon Resource Name (ARN) of the Lifecycle Configurations.

jupyterServerAppSettings

codeRepository - (Optional) A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterServer application. see Code Repository below.
defaultResourceSpec - (Optional) The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.
lifecycleConfigArns - (Optional) The Amazon Resource Name (ARN) of the Lifecycle Configurations.

codeRepository

repositoryUrl - (Optional) The URL of the Git repository.

defaultResourceSpec

instanceType - (Optional) The instance type that the image version runs on.. For valid values see SageMaker Instance Types.
lifecycleConfigArn - (Optional) The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource.
sagemakerImageArn - (Optional) The ARN of the SageMaker image that the image version belongs to.
sagemakerImageVersionArn - (Optional) The ARN of the image version created on the instance.

rSessionAppSettings

customImage - (Optional) A list of custom SageMaker images that are configured to run as a KernelGateway app. see Custom Image below.
defaultResourceSpec - (Optional) The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.

customImage

appImageConfigName - (Required) The name of the App Image Config.
imageName - (Required) The name of the Custom Image.
imageVersionNumber - (Optional) The version number of the Custom Image.

domainSettings

executionRoleIdentityConfig - (Optional) The configuration for attaching a SageMaker user profile name to the execution role as a sts:SourceIdentity key AWS Docs. Valid values are USER_PROFILE_NAME and disabled.
securityGroupIds - (Optional) The security groups for the Amazon Virtual Private Cloud that the Domain uses for communication between Domain-level apps and user apps.

retentionPolicy

homeEfsFileSystem - (Optional) The retention policy for data stored on an Amazon Elastic File System (EFS) volume. Valid values are retain or delete. Default value is retain.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

id - The ID of the Domain.
arn - The Amazon Resource Name (ARN) assigned by AWS to this Domain.
url - The domain's URL.
singleSignOnManagedApplicationInstanceId - The SSO managed application instance ID.
securityGroupIdForDomainBoundary - The ID of the security group that authorizes traffic between the RSessionGateway apps and the RStudioServerPro app.
homeEfsFileSystemId - The ID of the Amazon Elastic File System (EFS) managed by this Domain.
tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

SageMaker Domains can be imported using the id, e.g.,

$ terraform import aws_sagemaker_domain.test_domain d-8jgsjtilstu8