A collection of configuration templates for Amazon SageMaker resources as well as security controls for monitoring and protecting Amazon SageMaker configuration such as Config Rules, CloudWatch Alarms, EventBridge Rules, IAM policies, and more.

SageMaker
Amazon SageMaker Data Quality Job Definition

This template creates an Amazon SageMaker endpoint with data capture enabled. It also includes the necessary resources such as an endpoint configuration, model, IAM roles, and a data quality job definition.

CloudFormationTerraform
Amazon SageMaker Endpoint

This template creates an Amazon SageMaker endpoint configuration, which specifies the ML model and resources to use for inference. It also creates an IAM role for the SageMaker service to assume, allowing it to access necessary resources.

CloudFormationTerraform
Amazon SageMaker Endpoint Config

This template creates a SageMaker endpoint configuration with a production variant that specifies the initial instance count, variant weight, instance type, model name, and variant name. It also creates a SageMaker endpoint using the endpoint configuration.

CloudFormationTerraform
Amazon SageMaker Model Endpoint Example

This template creates an Amazon SageMaker endpoint with an endpoint configuration, model, and execution role. The endpoint is used for deploying machine learning models.

CloudFormationTerraform
Amazon SageMaker Model Bias Job Definition

This template creates an AWS SageMaker model bias job that analyzes the bias in a machine learning model. The job uses a specified endpoint and ground truth data to generate monitoring outputs and provide insights into potential bias in the model's predictions.

CloudFormationTerraform
Amazon SageMaker Model Explainability Job Definition

This template creates the necessary resources to run a model explainability job in Amazon SageMaker. It sets up an endpoint, endpoint configuration, model, IAM roles, and a model explainability job definition.

CloudFormationTerraform
Amazon SageMaker Model Quality Job Definition

This template creates the necessary resources to define and execute a model quality job in Amazon SageMaker. It includes an endpoint, endpoint configuration, model, execution role, job definition, and other required configurations.

CloudFormationTerraform
Amazon SageMaker Monitoring Schedule

This template creates a SageMaker endpoint with monitoring capabilities. It sets up an endpoint, endpoint configuration, model, and monitoring schedule to analyze the endpoint's data and generate insights.

CloudFormationTerraform
Amazon SageMaker Notebook Instance

This template creates a SageMaker notebook instance with the specified instance type and role.

CloudFormationTerraform
Amazon SageMaker Notebook Instance with Lifecycle Configuration

This template creates a basic SageMaker notebook instance with an execution role and lifecycle configuration. The notebook instance is launched with a t2.medium instance type and runs a simple 'hello' command on start.

CloudFormationTerraform
Amazon SageMaker Pipeline with Pipeline Definition Body

This template creates a SageMaker Pipeline with an associated lifecycle configuration. The Pipeline Definition is provided as a JSON string.

CloudFormationTerraform
Amazon SageMaker Pipeline with Pipeline Definition S3 Location

This template creates a SageMaker Pipeline with an associated lifecycle configuration. The Pipeline Definition is provided as an S3 location.

CloudFormationTerraform
Amazon SageMaker Project

This template creates an AWS SageMaker Project.

CloudFormationTerraform
Config Rule
SageMaker Notebook No Direct Internet Access Check

A config rule that checks whether direct internet access is disabled for an Amazon SageMaker notebook instance. The rule is NON_COMPLIANT if Amazon SageMaker notebook instances are internet-enabled.

CloudFormationTerraformAWS CLI
SageMaker Notebook Encryption (KMS) Enabled

A config rule that checks whether an AWS Key Management Service (KMS) key is configured for Amazon SageMaker notebook instance. The rule is not NON_COMPLIANT if kmsKeyId is not specified for the Amazon SageMaker notebook instance.

CloudFormationTerraformAWS CLI
SageMaker Endpoint KMS Encryption Enabled Check

A config rule that checks whether AWS Key Management Service (KMS) key is configured for an Amazon SageMaker endpoint configuration. The rule is NON_COMPLIANT if KmsKeyId is not specified for the Amazon SageMaker endpoint configuration.

CloudFormationTerraformAWS CLI
Check if SageMaker notebook instance is launched within a VPC or approved subnets

Checks if an Amazon SageMaker notebook instance is launched within a VPC or within a list of approved subnets. The rule is NON_COMPLIANT if a notebook instance is not launched within a VPC or if its subnet ID is not included in the parameter list.

CloudFormationTerraform
Check SageMaker Notebook Instance Root Access

Checks if the Amazon SageMaker RootAccess setting is enabled for Amazon SageMaker notebook instances. The rule is NON_COMPLIANT if the RootAccess setting is set to ‘Enabled’ for an Amazon SageMaker notebook instance.

CloudFormationTerraform