Class CfnDomain
- All Implemented Interfaces:
IInspectable
,ITaggable
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
Domain
.
A domain consists of an associated Amazon Elastic File System volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. Users within a domain can share notebook files and other artifacts with each other.
EFS storage
When a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.
SageMaker uses the AWS Key Management Service ( AWS KMS) to encrypt the EFS volume attached to the domain with an AWS managed key by default. For more control, you can specify a customer managed key. For more information, see Protect Data at Rest Using Encryption .
VPC configuration
All traffic between the domain and the Amazon EFS volume is through the specified VPC and subnets. For other traffic, you can specify the AppNetworkAccessType
parameter. AppNetworkAccessType
corresponds to the network access type that you choose when you onboard to the domain. The following options are available:
PublicInternetOnly
- Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value.VpcOnly
- All traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway.
When internet access is disabled, you won't be able to run a Amazon SageMaker Studio notebook or to train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime or a NAT gateway and your security groups allow outbound connections.
NFS traffic over TCP on port 2049 needs to be allowed in both inbound and outbound rules in order to launch a Amazon SageMaker Studio app successfully.
For more information, see Connect Amazon SageMaker Studio Notebooks to Resources in a VPC .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.sagemaker.*; CfnDomain cfnDomain = CfnDomain.Builder.create(this, "MyCfnDomain") .authMode("authMode") .defaultUserSettings(UserSettingsProperty.builder() .executionRole("executionRole") // the properties below are optional .codeEditorAppSettings(CodeEditorAppSettingsProperty.builder() .appLifecycleManagement(AppLifecycleManagementProperty.builder() .idleSettings(IdleSettingsProperty.builder() .idleTimeoutInMinutes(123) .lifecycleManagement("lifecycleManagement") .maxIdleTimeoutInMinutes(123) .minIdleTimeoutInMinutes(123) .build()) .build()) .customImages(List.of(CustomImageProperty.builder() .appImageConfigName("appImageConfigName") .imageName("imageName") // the properties below are optional .imageVersionNumber(123) .build())) .defaultResourceSpec(ResourceSpecProperty.builder() .instanceType("instanceType") .lifecycleConfigArn("lifecycleConfigArn") .sageMakerImageArn("sageMakerImageArn") .sageMakerImageVersionArn("sageMakerImageVersionArn") .build()) .lifecycleConfigArns(List.of("lifecycleConfigArns")) .build()) .customFileSystemConfigs(List.of(CustomFileSystemConfigProperty.builder() .efsFileSystemConfig(EFSFileSystemConfigProperty.builder() .fileSystemId("fileSystemId") // the properties below are optional .fileSystemPath("fileSystemPath") .build()) .build())) .customPosixUserConfig(CustomPosixUserConfigProperty.builder() .gid(123) .uid(123) .build()) .defaultLandingUri("defaultLandingUri") .jupyterLabAppSettings(JupyterLabAppSettingsProperty.builder() .appLifecycleManagement(AppLifecycleManagementProperty.builder() .idleSettings(IdleSettingsProperty.builder() .idleTimeoutInMinutes(123) .lifecycleManagement("lifecycleManagement") .maxIdleTimeoutInMinutes(123) .minIdleTimeoutInMinutes(123) .build()) .build()) .codeRepositories(List.of(CodeRepositoryProperty.builder() .repositoryUrl("repositoryUrl") .build())) .customImages(List.of(CustomImageProperty.builder() .appImageConfigName("appImageConfigName") .imageName("imageName") // the properties below are optional .imageVersionNumber(123) .build())) .defaultResourceSpec(ResourceSpecProperty.builder() .instanceType("instanceType") .lifecycleConfigArn("lifecycleConfigArn") .sageMakerImageArn("sageMakerImageArn") .sageMakerImageVersionArn("sageMakerImageVersionArn") .build()) .lifecycleConfigArns(List.of("lifecycleConfigArns")) .build()) .jupyterServerAppSettings(JupyterServerAppSettingsProperty.builder() .defaultResourceSpec(ResourceSpecProperty.builder() .instanceType("instanceType") .lifecycleConfigArn("lifecycleConfigArn") .sageMakerImageArn("sageMakerImageArn") .sageMakerImageVersionArn("sageMakerImageVersionArn") .build()) .lifecycleConfigArns(List.of("lifecycleConfigArns")) .build()) .kernelGatewayAppSettings(KernelGatewayAppSettingsProperty.builder() .customImages(List.of(CustomImageProperty.builder() .appImageConfigName("appImageConfigName") .imageName("imageName") // the properties below are optional .imageVersionNumber(123) .build())) .defaultResourceSpec(ResourceSpecProperty.builder() .instanceType("instanceType") .lifecycleConfigArn("lifecycleConfigArn") .sageMakerImageArn("sageMakerImageArn") .sageMakerImageVersionArn("sageMakerImageVersionArn") .build()) .lifecycleConfigArns(List.of("lifecycleConfigArns")) .build()) .rSessionAppSettings(RSessionAppSettingsProperty.builder() .customImages(List.of(CustomImageProperty.builder() .appImageConfigName("appImageConfigName") .imageName("imageName") // the properties below are optional .imageVersionNumber(123) .build())) .defaultResourceSpec(ResourceSpecProperty.builder() .instanceType("instanceType") .lifecycleConfigArn("lifecycleConfigArn") .sageMakerImageArn("sageMakerImageArn") .sageMakerImageVersionArn("sageMakerImageVersionArn") .build()) .build()) .rStudioServerProAppSettings(RStudioServerProAppSettingsProperty.builder() .accessStatus("accessStatus") .userGroup("userGroup") .build()) .securityGroups(List.of("securityGroups")) .sharingSettings(SharingSettingsProperty.builder() .notebookOutputOption("notebookOutputOption") .s3KmsKeyId("s3KmsKeyId") .s3OutputPath("s3OutputPath") .build()) .spaceStorageSettings(DefaultSpaceStorageSettingsProperty.builder() .defaultEbsStorageSettings(DefaultEbsStorageSettingsProperty.builder() .defaultEbsVolumeSizeInGb(123) .maximumEbsVolumeSizeInGb(123) .build()) .build()) .studioWebPortal("studioWebPortal") .studioWebPortalSettings(StudioWebPortalSettingsProperty.builder() .hiddenAppTypes(List.of("hiddenAppTypes")) .hiddenMlTools(List.of("hiddenMlTools")) .build()) .build()) .domainName("domainName") .subnetIds(List.of("subnetIds")) .vpcId("vpcId") // the properties below are optional .appNetworkAccessType("appNetworkAccessType") .appSecurityGroupManagement("appSecurityGroupManagement") .defaultSpaceSettings(DefaultSpaceSettingsProperty.builder() .executionRole("executionRole") // the properties below are optional .customFileSystemConfigs(List.of(CustomFileSystemConfigProperty.builder() .efsFileSystemConfig(EFSFileSystemConfigProperty.builder() .fileSystemId("fileSystemId") // the properties below are optional .fileSystemPath("fileSystemPath") .build()) .build())) .customPosixUserConfig(CustomPosixUserConfigProperty.builder() .gid(123) .uid(123) .build()) .jupyterLabAppSettings(JupyterLabAppSettingsProperty.builder() .appLifecycleManagement(AppLifecycleManagementProperty.builder() .idleSettings(IdleSettingsProperty.builder() .idleTimeoutInMinutes(123) .lifecycleManagement("lifecycleManagement") .maxIdleTimeoutInMinutes(123) .minIdleTimeoutInMinutes(123) .build()) .build()) .codeRepositories(List.of(CodeRepositoryProperty.builder() .repositoryUrl("repositoryUrl") .build())) .customImages(List.of(CustomImageProperty.builder() .appImageConfigName("appImageConfigName") .imageName("imageName") // the properties below are optional .imageVersionNumber(123) .build())) .defaultResourceSpec(ResourceSpecProperty.builder() .instanceType("instanceType") .lifecycleConfigArn("lifecycleConfigArn") .sageMakerImageArn("sageMakerImageArn") .sageMakerImageVersionArn("sageMakerImageVersionArn") .build()) .lifecycleConfigArns(List.of("lifecycleConfigArns")) .build()) .jupyterServerAppSettings(JupyterServerAppSettingsProperty.builder() .defaultResourceSpec(ResourceSpecProperty.builder() .instanceType("instanceType") .lifecycleConfigArn("lifecycleConfigArn") .sageMakerImageArn("sageMakerImageArn") .sageMakerImageVersionArn("sageMakerImageVersionArn") .build()) .lifecycleConfigArns(List.of("lifecycleConfigArns")) .build()) .kernelGatewayAppSettings(KernelGatewayAppSettingsProperty.builder() .customImages(List.of(CustomImageProperty.builder() .appImageConfigName("appImageConfigName") .imageName("imageName") // the properties below are optional .imageVersionNumber(123) .build())) .defaultResourceSpec(ResourceSpecProperty.builder() .instanceType("instanceType") .lifecycleConfigArn("lifecycleConfigArn") .sageMakerImageArn("sageMakerImageArn") .sageMakerImageVersionArn("sageMakerImageVersionArn") .build()) .lifecycleConfigArns(List.of("lifecycleConfigArns")) .build()) .securityGroups(List.of("securityGroups")) .spaceStorageSettings(DefaultSpaceStorageSettingsProperty.builder() .defaultEbsStorageSettings(DefaultEbsStorageSettingsProperty.builder() .defaultEbsVolumeSizeInGb(123) .maximumEbsVolumeSizeInGb(123) .build()) .build()) .build()) .domainSettings(DomainSettingsProperty.builder() .dockerSettings(DockerSettingsProperty.builder() .enableDockerAccess("enableDockerAccess") .vpcOnlyTrustedAccounts(List.of("vpcOnlyTrustedAccounts")) .build()) .rStudioServerProDomainSettings(RStudioServerProDomainSettingsProperty.builder() .domainExecutionRoleArn("domainExecutionRoleArn") // the properties below are optional .defaultResourceSpec(ResourceSpecProperty.builder() .instanceType("instanceType") .lifecycleConfigArn("lifecycleConfigArn") .sageMakerImageArn("sageMakerImageArn") .sageMakerImageVersionArn("sageMakerImageVersionArn") .build()) .rStudioConnectUrl("rStudioConnectUrl") .rStudioPackageManagerUrl("rStudioPackageManagerUrl") .build()) .securityGroupIds(List.of("securityGroupIds")) .build()) .kmsKeyId("kmsKeyId") .tags(List.of(CfnTag.builder() .key("key") .value("value") .build())) .build();
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
Settings that are used to configure and manage the lifecycle of Amazon SageMaker Studio applications.static final class
A fluent builder forCfnDomain
.static interface
The Code Editor application settings.static interface
A Git repository that SageMaker automatically displays to users for cloning in the JupyterServer application.static interface
The settings for assigning a custom file system to a user profile or space for an Amazon SageMaker Domain.static interface
A custom SageMaker image.static interface
Details about the POSIX identity that is used for file system operations.static interface
A collection of default EBS storage settings that apply to spaces created within a domain or user profile.static interface
A collection of settings that apply to spaces created in the domain.static interface
The default storage settings for a space.static interface
A collection of settings that configure the domain's Docker interaction.static interface
A collection of settings that apply to theSageMaker Domain
.static interface
The settings for assigning a custom Amazon EFS file system to a user profile or space for an Amazon SageMaker Domain.static interface
Settings related to idle shutdown of Studio applications.static interface
The settings for the JupyterLab application.static interface
The JupyterServer app settings.static interface
The KernelGateway app settings.static interface
Specifies the ARN's of a SageMaker image and SageMaker image version, and the instance type that the version runs on.static interface
A collection of settings that apply to anRSessionGateway
app.static interface
A collection of settings that configure user interaction with theRStudioServerPro
app.static interface
A collection of settings that configure theRStudioServerPro
Domain-level app.static interface
Specifies options when sharing an Amazon SageMaker Studio notebook.static interface
Studio settings.static interface
A collection of settings that apply to users of Amazon SageMaker Studio.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
Nested classes/interfaces inherited from interface software.amazon.awscdk.ITaggable
ITaggable.Jsii$Default, ITaggable.Jsii$Proxy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ModifierConstructorDescriptionprotected
CfnDomain
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnDomain
(software.amazon.jsii.JsiiObjectRef objRef) CfnDomain
(software.constructs.Construct scope, String id, CfnDomainProps props) -
Method Summary
Modifier and TypeMethodDescriptionSpecifies the VPC used for non-EFS traffic.The entity that creates and manages the required security groups for inter-app communication inVpcOnly
mode.The Amazon Resource Name (ARN) of the Domain, such asarn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name
.The Domain ID.The ID of the Amazon Elastic File System (EFS) managed by this Domain.The ID of the security group that authorizes traffic between theRSessionGateway
apps and theRStudioServerPro
app.The ARN of the application managed by SageMaker in IAM Identity Center.The IAM Identity Center managed application instance ID.The URL for the Domain.The mode of authentication that members use to access the Domain.A collection of settings that apply to spaces created in the domain.The default user settings.The domain name.A collection of settings that apply to theSageMaker Domain
.SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.The VPC subnets that Studio uses for communication.getTags()
Tag Manager which manages the tags for this resource.Tags to associated with the Domain.getVpcId()
The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setAppNetworkAccessType
(String value) Specifies the VPC used for non-EFS traffic.void
The entity that creates and manages the required security groups for inter-app communication inVpcOnly
mode.void
setAuthMode
(String value) The mode of authentication that members use to access the Domain.void
A collection of settings that apply to spaces created in the domain.void
A collection of settings that apply to spaces created in the domain.void
The default user settings.void
The default user settings.void
setDomainName
(String value) The domain name.void
setDomainSettings
(IResolvable value) A collection of settings that apply to theSageMaker Domain
.void
A collection of settings that apply to theSageMaker Domain
.void
setKmsKeyId
(String value) SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.void
setSubnetIds
(List<String> value) The VPC subnets that Studio uses for communication.void
setTagsRaw
(List<CfnTag> value) Tags to associated with the Domain.void
The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.constructs.Construct
getNode, isConstruct
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnDomain
protected CfnDomain(software.amazon.jsii.JsiiObjectRef objRef) -
CfnDomain
protected CfnDomain(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnDomain
@Stability(Stable) public CfnDomain(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnDomainProps props) - Parameters:
scope
- Scope in which this resource is defined. This parameter is required.id
- Construct identifier for this resource (unique in its scope). This parameter is required.props
- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrDomainArn
The Amazon Resource Name (ARN) of the Domain, such asarn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name
. -
getAttrDomainId
The Domain ID. -
getAttrHomeEfsFileSystemId
The ID of the Amazon Elastic File System (EFS) managed by this Domain. -
getAttrSecurityGroupIdForDomainBoundary
The ID of the security group that authorizes traffic between theRSessionGateway
apps and theRStudioServerPro
app. -
getAttrSingleSignOnApplicationArn
The ARN of the application managed by SageMaker in IAM Identity Center.This value is only returned for domains created after October 1, 2023.
-
getAttrSingleSignOnManagedApplicationInstanceId
The IAM Identity Center managed application instance ID. -
getAttrUrl
The URL for the Domain. -
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getTags
Tag Manager which manages the tags for this resource. -
getAuthMode
The mode of authentication that members use to access the Domain. -
setAuthMode
The mode of authentication that members use to access the Domain. -
getDefaultUserSettings
The default user settings. -
setDefaultUserSettings
The default user settings. -
setDefaultUserSettings
@Stability(Stable) public void setDefaultUserSettings(@NotNull CfnDomain.UserSettingsProperty value) The default user settings. -
getDomainName
The domain name. -
setDomainName
The domain name. -
getSubnetIds
The VPC subnets that Studio uses for communication. -
setSubnetIds
The VPC subnets that Studio uses for communication. -
getVpcId
The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication. -
setVpcId
The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication. -
getAppNetworkAccessType
Specifies the VPC used for non-EFS traffic.The default value is
PublicInternetOnly
. -
setAppNetworkAccessType
Specifies the VPC used for non-EFS traffic.The default value is
PublicInternetOnly
. -
getAppSecurityGroupManagement
The entity that creates and manages the required security groups for inter-app communication inVpcOnly
mode. -
setAppSecurityGroupManagement
The entity that creates and manages the required security groups for inter-app communication inVpcOnly
mode. -
getDefaultSpaceSettings
A collection of settings that apply to spaces created in the domain. -
setDefaultSpaceSettings
A collection of settings that apply to spaces created in the domain. -
setDefaultSpaceSettings
@Stability(Stable) public void setDefaultSpaceSettings(@Nullable CfnDomain.DefaultSpaceSettingsProperty value) A collection of settings that apply to spaces created in the domain. -
getDomainSettings
A collection of settings that apply to theSageMaker Domain
. -
setDomainSettings
A collection of settings that apply to theSageMaker Domain
. -
setDomainSettings
A collection of settings that apply to theSageMaker Domain
. -
getKmsKeyId
SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default. -
setKmsKeyId
SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default. -
getTagsRaw
Tags to associated with the Domain. -
setTagsRaw
Tags to associated with the Domain.
-