The steps in this post assume that Amazon Redshift is launched in a private subnet in the Amazon Redshift producer account. The following diagram illustrates our solution architecture. Query Amazon Redshift in SageMaker Studio in the consumer account.Set up a peering connection between VPCs in the Amazon Redshift producer account and SageMaker Studio consumer account.Update the SageMaker IAM execution role in the SageMaker Studio consumer account that SageMaker Studio will use to assume the role in the producer Amazon Redshift account.Create an AWS Identity and Access Management (IAM) role in the Amazon Redshift producer account that the SageMaker Studio IAM role will assume to access Amazon Redshift.Update your SageMaker Studio domain to turn on SourceIdentity to propagate the user profile name.All SageMaker Studio traffic is through the specified VPC and subnets. This prevents SageMaker from providing internet access to your studio notebooks. Set up SageMaker Studio with VPCOnly mode in the consumer account.The following is a high-level overview of the workflow: We start with two AWS accounts: a producer account with the Amazon Redshift data warehouse, and a consumer account for Amazon SageMaker ML use cases that has SageMaker Studio set up. In this post, we walk through step-by-step instructions to establish a cross-account connection to any Amazon Redshift node type (RA3, DC2, DS2) by connecting the Amazon Redshift cluster located in one AWS account to SageMaker Studio in another AWS account in the same Region using VPC peering. If you’re using any other Amazon Redshift node types, such as DS2 or DC2, you can use VPC peering to establish a cross-account connection between Amazon Redshift and SageMaker Studio. Also, Amazon Redshift and SageMaker Studio are typically configured in VPCs with private subnets to improve security and reduce the risk of unauthorized access as a best practice.Īmazon Redshift natively supports cross-account data sharing when RA3 node types are used. Organizations with a multi-account architecture typically have Amazon Redshift and SageMaker Studio in two separate AWS accounts. This can be particularly useful for certain security requirements, as well as to simplify cost controls and monitoring between projects and teams. Organizations often want to use SageMaker Studio to get predictions from data stored in a data warehouse such as Amazon Redshift.Īs described in the AWS Well-Architected Framework, separating workloads across accounts enables your organization to set common guardrails while isolating environments. You can perform all ML development steps and have complete access, control, and visibility into each step required to build, train, and deploy models.Īmazon Redshift is a fully managed, fast, secure, and scalable cloud data warehouse. With cloud computing, as compute power and data became more available, machine learning (ML) is now making an impact across every industry and is a core part of every business and industry.Īmazon SageMaker Studio is the first fully integrated ML development environment (IDE) with a web-based visual interface.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |