Networking architecture
Enterprise ML platforms built on AWS normally have requirements to access on-premises
resources, such as on-premises code repositories or databases. Secure communications such as
AWS Direct Connect
Networking design
For enhanced network security, you can configure resources in different AWS accounts to
communicate via the Amazon Virtual Private Cloud
For data scientists to use
Amazon SageMaker
-
Amazon SageMaker
(to call SageMaker APIs) -
Amazon SageMaker Runtime (only use this in accounts which have permissions to invoke SageMaker endpoints)
-
Amazon CloudWatch
(for logging) -
AWS CloudTrail
(for auditing API calls made by the service)
The following figure shows the networking architecture for SageMaker with private endpoints for all the dependent services.
Networking architecture for Amazon SageMaker Studio inside a VPC (Not all VPC endpoints are shown for simplicity)