Skip to main content


Showing posts from 2019

AWS Sagemaker Security Patterns- Part 1

We are going to look into some best security architecture of AWS Sagemaker. By default AWS Sagemker is a managed sevice and everything is managed my the AWS, and not the customer. Image courtesy- AWS Secure Deployment patterns: 1. Default architecture: The managed sagemaker VPC is directly connected to the Internet, which is not an ideal architecture from security point of view. 2. The customer can disable the direct Internet connection route it back through their own VPC. Here all the traffic is not being routed through a VPC that's controlled by the customer. The notebook cannot be accessed via open Internet now:  3. Restrict the access to the notebook IAM policy based on IP/ VPC, so that no one can directly access the Notebook via Internet such as through their personal laptop. The resultant architecture of above restriction. The user is forced to access the Notebook via corporate IP ranges: 4. Sagemaker default training architecture. This also run in the m