Skip to content

Resource: awsSagemakerModel

Provides a SageMaker model resource.

Example Usage

Basic usage:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentAssumeRole =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
    this,
    "assume_role",
    {
      statement: [
        {
          actions: ["sts:AssumeRole"],
          principals: [
            {
              identifiers: ["sagemaker.amazonaws.com"],
              type: "Service",
            },
          ],
        },
      ],
    }
  );
const dataAwsSagemakerPrebuiltEcrImageTest =
  new aws.dataAwsSagemakerPrebuiltEcrImage.DataAwsSagemakerPrebuiltEcrImage(
    this,
    "test",
    {
      repositoryName: "kmeans",
    }
  );
const awsIamRoleExample = new aws.iamRole.IamRole(this, "example", {
  assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
});
const awsSagemakerModelExample = new aws.sagemakerModel.SagemakerModel(
  this,
  "example_3",
  {
    executionRoleArn: awsIamRoleExample.arn,
    name: "my-model",
    primaryContainer: {
      image: dataAwsSagemakerPrebuiltEcrImageTest.registryPath,
    },
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsSagemakerModelExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • name - (Optional) The name of the model (must be unique). If omitted, Terraform will assign a random, unique name.
  • primaryContainer - (Optional) The primary docker image containing inference code that is used when the model is deployed for predictions. If not specified, the container argument is required. Fields are documented below.
  • executionRoleArn - (Required) A role that SageMaker can assume to access model artifacts and docker images for deployment.
  • inferenceExecutionConfig - (Optional) Specifies details of how containers in a multi-container endpoint are called. see Inference Execution Config.
  • container (Optional) - Specifies containers in the inference pipeline. If not specified, the primaryContainer argument is required. Fields are documented below.
  • enableNetworkIsolation (Optional) - Isolates the model container. No inbound or outbound network calls can be made to or from the model container.
  • vpcConfig (Optional) - Specifies the VPC that you want your model to connect to. VpcConfig is used in hosting services and in batch transform.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

The primaryContainer and container block both support:

  • image - (Required) The registry path where the inference code image is stored in Amazon ECR.
  • mode - (Optional) The container hosts value singleModel/multiModel. The default value is singleModel.
  • modelDataUrl - (Optional) The URL for the S3 location where model artifacts are stored.
  • containerHostname - (Optional) The DNS host name for the container.
  • environment - (Optional) Environment variables for the Docker container. A list of key value pairs.
  • imageConfig - (Optional) Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For more information see Using a Private Docker Registry for Real-Time Inference Containers. see Image Config.

Image Config

  • repositoryAccessMode - (Required) Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). Allowed values are: platform and vpc.
  • repositoryAuthConfig - (Optional) Specifies an authentication configuration for the private docker registry where your model image is hosted. Specify a value for this property only if you specified Vpc as the value for the RepositoryAccessMode field, and the private Docker registry where the model image is hosted requires authentication. see Repository Auth Config.

Repository Auth Config

  • repositoryCredentialsProviderArn - (Required) The Amazon Resource Name (ARN) of an AWS Lambda function that provides credentials to authenticate to the private Docker registry where your model image is hosted. For information about how to create an AWS Lambda function, see Create a Lambda function with the console in the AWS Lambda Developer Guide.

Inference Execution Config

  • mode - (Required) How containers in a multi-container are run. The following values are valid serial and direct.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • name - The name of the model.
  • arn - The Amazon Resource Name (ARN) assigned by AWS to this model.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

Models can be imported using the name, e.g.,

$ terraform import aws_sagemaker_model.test_model model-foo