software.amazon.awscdk.services.sagemaker

Class CfnDomain

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.sagemaker.CfnDomain

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.58.0 (build f8ba112)",
           date="2022-05-27T16:27:57.242Z")
public class CfnDomain
extends CfnResource
implements IInspectable

A CloudFormation `AWS::SageMaker::Domain`.

Creates a Domain used by Amazon SageMaker Studio. A domain consists of an associated Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. An AWS account is limited to one domain per region. Users within a domain can share notebook files and other artifacts with each other.

EFS storage

When a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.

SageMaker uses the AWS Key Management Service ( AWS KMS) to encrypt the EFS volume attached to the domain with an AWS managed key by default. For more control, you can specify a customer managed key. For more information, see Protect Data at Rest Using Encryption .

VPC configuration

All SageMaker Studio traffic between the domain and the EFS volume is through the specified VPC and subnets. For other Studio traffic, you can specify the AppNetworkAccessType parameter. AppNetworkAccessType corresponds to the network access type that you choose when you onboard to Studio. The following options are available:

• PublicInternetOnly - Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value.
• VpcOnly - All Studio traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway.

When internet access is disabled, you won't be able to run a Studio notebook or to train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime or a NAT gateway and your security groups allow outbound connections.

NFS traffic over TCP on port 2049 needs to be allowed in both inbound and outbound rules in order to launch a SageMaker Studio app successfully.

For more information, see Connect SageMaker Studio Notebooks to Resources in a VPC .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.sagemaker.*;
 CfnDomain cfnDomain = CfnDomain.Builder.create(this, "MyCfnDomain")
         .authMode("authMode")
         .defaultUserSettings(UserSettingsProperty.builder()
                 .executionRole("executionRole")
                 .jupyterServerAppSettings(JupyterServerAppSettingsProperty.builder()
                         .defaultResourceSpec(ResourceSpecProperty.builder()
                                 .instanceType("instanceType")
                                 .sageMakerImageArn("sageMakerImageArn")
                                 .sageMakerImageVersionArn("sageMakerImageVersionArn")
                                 .build())
                         .build())
                 .kernelGatewayAppSettings(KernelGatewayAppSettingsProperty.builder()
                         .customImages(List.of(CustomImageProperty.builder()
                                 .appImageConfigName("appImageConfigName")
                                 .imageName("imageName")
                                 // the properties below are optional
                                 .imageVersionNumber(123)
                                 .build()))
                         .defaultResourceSpec(ResourceSpecProperty.builder()
                                 .instanceType("instanceType")
                                 .sageMakerImageArn("sageMakerImageArn")
                                 .sageMakerImageVersionArn("sageMakerImageVersionArn")
                                 .build())
                         .build())
                 .rStudioServerProAppSettings(RStudioServerProAppSettingsProperty.builder()
                         .accessStatus("accessStatus")
                         .userGroup("userGroup")
                         .build())
                 .securityGroups(List.of("securityGroups"))
                 .sharingSettings(SharingSettingsProperty.builder()
                         .notebookOutputOption("notebookOutputOption")
                         .s3KmsKeyId("s3KmsKeyId")
                         .s3OutputPath("s3OutputPath")
                         .build())
                 .build())
         .domainName("domainName")
         .subnetIds(List.of("subnetIds"))
         .vpcId("vpcId")
         // the properties below are optional
         .appNetworkAccessType("appNetworkAccessType")
         .appSecurityGroupManagement("appSecurityGroupManagement")
         .domainSettings(DomainSettingsProperty.builder()
                 .rStudioServerProDomainSettings(RStudioServerProDomainSettingsProperty.builder()
                         .domainExecutionRoleArn("domainExecutionRoleArn")
                         // the properties below are optional
                         .defaultResourceSpec(ResourceSpecProperty.builder()
                                 .instanceType("instanceType")
                                 .sageMakerImageArn("sageMakerImageArn")
                                 .sageMakerImageVersionArn("sageMakerImageVersionArn")
                                 .build())
                         .rStudioConnectUrl("rStudioConnectUrl")
                         .rStudioPackageManagerUrl("rStudioPackageManagerUrl")
                         .build())
                 .securityGroupIds(List.of("securityGroupIds"))
                 .build())
         .kmsKeyId("kmsKeyId")
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnDomain.Builder A fluent builder for CfnDomain.
static interface	CfnDomain.CustomImageProperty A custom SageMaker image.
static interface	CfnDomain.DomainSettingsProperty A collection of settings that apply to the `SageMaker Domain` .
static interface	CfnDomain.JupyterServerAppSettingsProperty The JupyterServer app settings.
static interface	CfnDomain.KernelGatewayAppSettingsProperty The KernelGateway app settings.
static interface	CfnDomain.ResourceSpecProperty Specifies the ARN's of a SageMaker image and SageMaker image version, and the instance type that the version runs on.
static interface	CfnDomain.RStudioServerProAppSettingsProperty A collection of settings that configure user interaction with the `RStudioServerPro` app.
static interface	CfnDomain.RStudioServerProDomainSettingsProperty A collection of settings that configure the `RStudioServerPro` Domain-level app.
static interface	CfnDomain.SharingSettingsProperty Specifies options when sharing an Amazon SageMaker Studio notebook.
static interface	CfnDomain.UserSettingsProperty A collection of settings that apply to users of Amazon SageMaker Studio.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnDomain(Construct scope, java.lang.String id, CfnDomainProps props) Create a new `AWS::SageMaker::Domain`.
protected	CfnDomain(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnDomain(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
java.lang.String	getAppNetworkAccessType() Specifies the VPC used for non-EFS traffic.
java.lang.String	getAppSecurityGroupManagement() The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode.
java.lang.String	getAttrDomainArn() The Amazon Resource Name (ARN) of the Domain, such as `arn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name` .
java.lang.String	getAttrDomainId() The Domain ID.
java.lang.String	getAttrHomeEfsFileSystemId() The ID of the Amazon Elastic File System (EFS) managed by this Domain.
java.lang.String	getAttrSecurityGroupIdForDomainBoundary() The ID of the security group that authorizes traffic between the `RSessionGateway` apps and the `RStudioServerPro` app.
java.lang.String	getAttrSingleSignOnManagedApplicationInstanceId() The AWS SSO managed application instance ID.
java.lang.String	getAttrUrl() The URL for the Domain.
java.lang.String	getAuthMode() The mode of authentication that members use to access the Domain.
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.Object	getDefaultUserSettings() The default user settings.
java.lang.String	getDomainName() The domain name.
java.lang.Object	getDomainSettings() A collection of settings that apply to the `SageMaker Domain` .
java.lang.String	getKmsKeyId() SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.
java.util.List<java.lang.String>	getSubnetIds() The VPC subnets that Studio uses for communication.
TagManager	getTags() Tags to associated with the Domain.
java.lang.String	getVpcId() The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setAppNetworkAccessType(java.lang.String value) Specifies the VPC used for non-EFS traffic.
void	setAppSecurityGroupManagement(java.lang.String value) The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode.
void	setAuthMode(java.lang.String value) The mode of authentication that members use to access the Domain.
void	setDefaultUserSettings(CfnDomain.UserSettingsProperty value) The default user settings.
void	setDefaultUserSettings(IResolvable value) The default user settings.
void	setDomainName(java.lang.String value) The domain name.
void	setDomainSettings(CfnDomain.DomainSettingsProperty value) A collection of settings that apply to the `SageMaker Domain` .
void	setDomainSettings(IResolvable value) A collection of settings that apply to the `SageMaker Domain` .
void	setKmsKeyId(java.lang.String value) SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.
void	setSubnetIds(java.util.List<java.lang.String> value) The VPC subnets that Studio uses for communication.
void	setVpcId(java.lang.String value) The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnDomain

protected CfnDomain(software.amazon.jsii.JsiiObjectRef objRef)

CfnDomain

protected CfnDomain(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnDomain

public CfnDomain(Construct scope,
                 java.lang.String id,
                 CfnDomainProps props)

Create a new `AWS::SageMaker::Domain`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrDomainArn

public java.lang.String getAttrDomainArn()

The Amazon Resource Name (ARN) of the Domain, such as `arn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name` .

getAttrDomainId

public java.lang.String getAttrDomainId()

The Domain ID.

getAttrHomeEfsFileSystemId

public java.lang.String getAttrHomeEfsFileSystemId()

The ID of the Amazon Elastic File System (EFS) managed by this Domain.

getAttrSecurityGroupIdForDomainBoundary

public java.lang.String getAttrSecurityGroupIdForDomainBoundary()

The ID of the security group that authorizes traffic between the `RSessionGateway` apps and the `RStudioServerPro` app.

getAttrSingleSignOnManagedApplicationInstanceId

public java.lang.String getAttrSingleSignOnManagedApplicationInstanceId()

The AWS SSO managed application instance ID.

getAttrUrl

public java.lang.String getAttrUrl()

The URL for the Domain.

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

public TagManager getTags()

Tags to associated with the Domain.

Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.

Tags that you specify for the Domain are also added to all apps that are launched in the Domain.

Array members : Minimum number of 0 items. Maximum number of 50 items.

getAuthMode

public java.lang.String getAuthMode()

The mode of authentication that members use to access the Domain.

Valid Values : SSO | IAM

setAuthMode

public void setAuthMode(java.lang.String value)

The mode of authentication that members use to access the Domain.

Valid Values : SSO | IAM

getDefaultUserSettings

public java.lang.Object getDefaultUserSettings()

The default user settings.

setDefaultUserSettings

public void setDefaultUserSettings(IResolvable value)

The default user settings.

setDefaultUserSettings

public void setDefaultUserSettings(CfnDomain.UserSettingsProperty value)

The default user settings.

getDomainName

public java.lang.String getDomainName()

The domain name.

setDomainName

public void setDomainName(java.lang.String value)

The domain name.

getSubnetIds

public java.util.List<java.lang.String> getSubnetIds()

The VPC subnets that Studio uses for communication.

Length Constraints : Maximum length of 32.

Array members : Minimum number of 1 item. Maximum number of 16 items.

Pattern : [-0-9a-zA-Z]+

setSubnetIds

public void setSubnetIds(java.util.List<java.lang.String> value)

The VPC subnets that Studio uses for communication.

Length Constraints : Maximum length of 32.

Array members : Minimum number of 1 item. Maximum number of 16 items.

Pattern : [-0-9a-zA-Z]+

getVpcId

public java.lang.String getVpcId()

The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.

Length Constraints : Maximum length of 32.

Pattern : [-0-9a-zA-Z]+

setVpcId

public void setVpcId(java.lang.String value)

The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.

Length Constraints : Maximum length of 32.

Pattern : [-0-9a-zA-Z]+

getAppNetworkAccessType

public java.lang.String getAppNetworkAccessType()

Specifies the VPC used for non-EFS traffic. The default value is `PublicInternetOnly` .

• PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker , which allows direct internet access
• VpcOnly - All Studio traffic is through the specified VPC and subnets

Valid Values : PublicInternetOnly | VpcOnly

setAppNetworkAccessType

public void setAppNetworkAccessType(java.lang.String value)

Specifies the VPC used for non-EFS traffic. The default value is `PublicInternetOnly` .

• PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker , which allows direct internet access
• VpcOnly - All Studio traffic is through the specified VPC and subnets

Valid Values : PublicInternetOnly | VpcOnly

getAppSecurityGroupManagement

public java.lang.String getAppSecurityGroupManagement()

The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode.

Required when CreateDomain.AppNetworkAccessType is VpcOnly and DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn is provided.

setAppSecurityGroupManagement

public void setAppSecurityGroupManagement(java.lang.String value)

The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode.

Required when CreateDomain.AppNetworkAccessType is VpcOnly and DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn is provided.

getDomainSettings

public java.lang.Object getDomainSettings()

A collection of settings that apply to the `SageMaker Domain` .

These settings are specified through the CreateDomain API call.

setDomainSettings

public void setDomainSettings(IResolvable value)

A collection of settings that apply to the `SageMaker Domain` .

These settings are specified through the CreateDomain API call.

setDomainSettings

public void setDomainSettings(CfnDomain.DomainSettingsProperty value)

A collection of settings that apply to the `SageMaker Domain` .

These settings are specified through the CreateDomain API call.

getKmsKeyId

public java.lang.String getKmsKeyId()

SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.

For more control, specify a customer managed CMK.

Length Constraints : Maximum length of 2048.

Pattern : .*

setKmsKeyId

public void setKmsKeyId(java.lang.String value)

SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.

For more control, specify a customer managed CMK.

Length Constraints : Maximum length of 2048.

Pattern : .*