Add a Git Repository to Your Amazon SageMaker Account

Important

Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors will occur when trying to create resources. For more information, see Provide Permissions for Tagging SageMaker Resources.

If you are using AWS Managed Policies for Amazon SageMaker to create SageMaker resources, you are not affected.

To manage your GitHub repositories, easily associate them with your notebook instances, and associate credentials for repositories that require authentication, add the repositories as resources in your Amazon SageMaker account. You can view a list of repositories that are stored in your account and details about each repository in the SageMaker console and by using the API.

You can add Git repositories to your SageMaker account in the SageMaker console or by using the AWS CLI.

Note

You can use the SageMaker API 
CreateCodeRepository to add Git repositories to your SageMaker account, but step-by-step instructions are not provided here.

Add a Git Repository to Your SageMaker Account (Console)

To add a Git repository as a resource in your SageMaker account

1. Open the SageMaker console at https://console.aws.amazon.com/sagemaker/.

2. Under Notebook, choose Git repositories, then choose Add repository.

3. To add an CodeCommit repository, choose AWS CodeCommit. To add a GitHub or other Git-based repository, choose GitHub/Other Git-based repo.

To add an existing CodeCommit repository

1. Choose Use existing repository.

2. For Repository, choose a repository from the list.

3. Enter a name to use for the repository in SageMaker. The name must be 1 to 63 characters. Valid characters are a-z, A-Z, 0-9, and - (hyphen).

4. Choose Add repository.

To create a new CodeCommit repository

1. Choose Create new repository.

2. Enter a name for the repository that you can use in both CodeCommit and SageMaker. The name must be 1 to 63 characters. Valid characters are a-z, A-Z, 0-9, and - (hyphen).

3. Choose Create repository.

To add a Git repository hosted somewhere other than CodeCommit

1. Choose GitHub/Other Git-based repo.

2. Enter a name of up to 63 characters. Valid characters include alpha-numeric characters, a hyphen (-), and 0-9.

3. Enter the URL for the repository. Do not provide a username in the URL. Add the sign-in credentials in AWS Secrets Manager as described in the next step.

4. For Git credentials, choose the credentials to use to authenticate to the repository. This is necessary only if the Git repository is private.

   Note

   If you have two-factor authentication enabled for your Git repository, enter a personal access token generated by your Git service provider in the password field.

   1. To use an existing AWS Secrets Manager secret, choose Use existing secret, and then choose a secret from the list. For information about creating and storing a secret, see Creating a Basic Secret in the AWS Secrets Manager User Guide. The name of the secret you use must contain the string sagemaker.

      Note

      The secret must have a staging label of AWSCURRENT and must be in the following format:

      {"username": UserName, "password": Password}

      For GitHub repositories, we recommend using a personal access token in the password field. For information, see https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/.

   2. To create a new AWS Secrets Manager secret, choose Create secret, enter a name for the secret, and then enter the sign-in credentials to use to authenticate to the repository. The name for the secret must contain the string sagemaker.

      Note

      The IAM role you use to create the secret must have the secretsmanager:GetSecretValue permission in its IAM policy.

      The secret must have a staging label of AWSCURRENT and must be in the following format:

      {"username": UserName, "password": Password}

      For GitHub repositories, we recommend using a personal access token.

   3. To not use any credentials, choose No secret.

5. Choose Create secret.