Configure your Amazon S3 storage
When you set up your SageMaker Canvas application, the default storage location for model
artifacts, datasets, and other application data is an Amazon S3 bucket that Canvas creates.
This default Amazon S3 bucket follows the naming pattern
s3://sagemaker-
and exists in the same Region as your Canvas application. However, you can
customize the storage location and specify your own Amazon S3 bucket for
storing Canvas application data. You might want to use your own Amazon S3 bucket for storing
application data for any of the following reasons:{Region}
-{your-account-id}
-
Your organization has internal naming conventions for Amazon S3 buckets.
-
You want to enable cross-account access to model artifacts or other Canvas data.
-
You want to be compliant with internal security guidelines, such as restricting users to specific Amazon S3 buckets or model artifacts.
-
You want enhanced visibility and access to logs produced by Canvas, independent of the AWS console or SageMaker Studio Classic.
By specifying your own Amazon S3 bucket, you can have increased control over your own storage and be compliant with your organization.
To get started, you can either create a new SageMaker domain or user profile, or you can
update an existing domain or user profile. Note that the user profile settings override the
domain-level settings. For example, you can use the default bucket configuration at the
domain level, but you can specify a custom Amazon S3 bucket for an individual user. After
specifying your own Amazon S3 bucket for the domain or user profile, Canvas creates a
subfolder called Canvas/<UserProfileName>
under the input Amazon S3 URI and saves all artifacts generated in the Canvas application under
this subfolder.
Important
If you update an existing domain or user profile, you no longer have access to your Canvas artifacts from the previous location. Your files are still in the old Amazon S3 location, but you can no longer view them from Canvas. The new configuration takes effect the next time you log into the application.
For more information about granting cross-account access to your Amazon S3 bucket, see Granting cross-account object permissions in the Amazon S3 User Guide.
The following sections describe how to specify a custom Amazon S3 bucket for your Canvas storage configuration. If you’re setting up a new SageMaker domain (or a new user in a domain), then use the New domain setup method or the New user profile setup method. If you have an existing Canvas user profile and would like to update the profile's storage configuration, use the Existing user method.
Before you begin
If you’re specifying an Amazon S3 URI from a different AWS account, or if you’re using a bucket that is encrypted with AWS KMS, then you must configure permissions before proceeding. You must grant AWS IAM permissions to ensure that Canvas can download and upload objects to and from your bucket. For detailed information on how to grant the required permissions, see Grant permissions for cross-account Amazon S3 storage.
Additionally, the final Amazon S3 URI for the training folder in your Canvas storage
location must be 128 characters or less. The final Amazon S3 URI consists of your bucket path
s3://<your-bucket-name>/<folder-name>/
plus the path that Canvas adds to your bucket:
Canvas/<user-profile-name>/Training
.
For example, an acceptable path that is less than 128 characters is
s3://<amzn-s3-demo-bucket>/<machine-learning>/Canvas/<user-1>/Training
.
New domain setup method
If you’re setting up a new domain and Canvas application, use this section to configure the storage location at the domain level. This configuration applies to all new users you create in the domain, unless you specify a different storage location for individual user profiles.
When doing a Standard setup for your domain, on the Step 3: Configure Applications - Optional page, use the following procedure for the Canvas section:
-
For the Canvas storage configuration, do the following:
-
Select System managed if you want to set the location to the default SageMaker bucket that follows the pattern
s3://sagemaker-
.{Region}
-{your-account-id}
-
Select Custom S3 to specify your own Amazon S3 bucket as the storage location. Then, enter the Amazon S3 URI.
-
(Optional) For Encryption key, specify a KMS key for encrypting Canvas artifacts stored at the specified location.
-
-
Finish setting up the domain and choose Submit.
Your domain is now configured to use the Amazon S3 location you specified for SageMaker Canvas application storage.
New user profile setup method
If you’re setting up a new user profile in your domain, use this section to configure the storage location for the user. This configuration overrides the domain-level configuration.
When adding a user profile to your domain, for Step 2: Configure Applications, use the following procedure for the Canvas section:
-
For the Canvas storage configuration, do the following:
-
Select System managed if you want to set the location to the default SageMaker created bucket that follows the pattern
s3://sagemaker-
.{Region}
-{your-account-id}
-
Select Custom S3 to specify your own Amazon S3 bucket as the storage location. Then, enter the Amazon S3 URI.
-
(Optional) For Encryption key, specify a KMS key for encrypting Canvas artifacts stored at the specified location.
-
-
Finish setting up the user profile and choose Submit.
Your user profile is now configured to use the Amazon S3 location you specified for SageMaker Canvas application storage.
Existing user method
If you have an existing Canvas user profile and would like to update the Amazon S3 storage location, you can edit the SageMaker domain or user profile settings. The change takes effect the next time you log into the Canvas application.
Note
When you change the storage location for an existing Canvas application, you lose access to your Canvas artifacts from the previous storage location. The artifacts are still stored in the old Amazon S3 location, but you can no longer view them from Canvas.
Remember that the user profile settings override the general domain settings, so you can update the Amazon S3 storage location for specific user profiles without changing it for all of the users. You can update the storage configuration for an existing domain or user by using the following procedures.
The storage location for your Canvas user profile should now be updated. The next time you log into the Canvas application, you receive a notification that the storage location has been updated. You lose access to any previous artifacts that you created in Canvas. You can still access the files in Amazon S3, but you can no longer view them in Canvas.