Set Up Amazon SageMaker Prerequisites - Amazon SageMaker

Set Up Amazon SageMaker Prerequisites

To get set up with Amazon SageMaker:

  • You will need to create an Amazon Web Services (AWS) account to get access to all of the AWS services and resources for the account.

  • To adhere to the Security best practices in IAM, create an administrative user to provision AWS resources, like creating and updating a Amazon SageMaker domain for users.

  • Set up your AWS Command Line Interface (AWS CLI) to manage your AWS services and resources for the account.

Create an AWS Account

If you already have an AWS account, skip this step.

When you sign up for AWS, your AWS account is automatically signed up for all AWS services, including SageMaker. You are charged only for the services that you use. For details on pricing, see AWS pricing and Amazon SageMaker pricing.

To create an AWS account
  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to an administrative user, and use only the root user to perform tasks that require root user access.

Write down your AWS account ID because you need it for the next task.

Create an Administrative User and Group

When you create an AWS account, you get a single sign-in identity that has complete access to all of the AWS services and resources in the account. This identity is called the AWS account root user. Signing in to the AWS console using the email address and password that you used to create the account gives you complete access to all of the AWS resources in your account.

We strongly recommend that you do not use the root user account for everyday tasks, even the administrative ones. Instead, adhere to the Security best practices in IAM, and create an administrative user to provision AWS resources, like creating and updating a Amazon SageMaker domain for users within the domain. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.

To create an administrative user
  1. Create an administrative user in your AWS account. For instructions, see Create an administrative user in the IAM User Guide.

    Note

    We assume that you use administrator user credentials for the exercises and procedures in this guide. If you choose to create and use another user, grant that user minimum permissions. For more information, see Authenticating with Identities.

  2. Ensure that your administrator user has the AmazonSageMakerFullAccess policy, as well as a policy with the following content needed to create a SageMaker domain. For more information about creating IAM policies, see Creating IAM policies.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:*" ], "Resource": [ "arn:aws:sagemaker:*:*:domain/*", "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:app/*", "arn:aws:sagemaker:*:*:flow-definition/*" ] }, { "Effect": "Allow", "Action": [ "iam:GetRole", "servicecatalog:*" ], "Resource": [ "*" ] } ] }

AWS CLI Prerequisites

The following prerequisites are required to manage your domain and other AWS services and resources using the AWS CLI.