How do I resolve the error "Connect timeout on endpoint URL" on Amazon SageMaker?

Short description

To connect to AWS services, the notebook instance's subnet must have a virtual private cloud (VPC) endpoint for the service that you're connecting to. Or, the subnet must be able to reach the internet.

Resolution

Use one of the following options to resolve "Connect timeout on endpoint URL" errors.

Add a VPC endpoint for the service to the notebook instance's subnet

When you choose this option, you don't have to create a new notebook instance. Many AWS services offer either an interface endpoint or a gateway endpoint. For more information, see VPC endpoints. If the AWS service that you're connecting to doesn't offer an interface or gateway endpoint, create a new notebook instance.

Create a new notebook instance

Choose one of the following configurations for a new notebook instance based on your security requirements:

• Create a new notebook instance with direct internet access enabled. This is the default option, regardless of whether or not you create the notebook instance in a VPC. For both VPC and non-VPC notebook instances, direct internet access is the easiest way to assure that a notebook instance can reach the public endpoint for the service that you're connecting to. When direct internet access is enabled, SageMaker provides a network interface that allows the notebook to communicate with the internet through a SageMaker-managed VPC. For more information, see Understanding Amazon SageMaker notebook instance networking configurations and advanced routing options.
• Create the notebook instance in a private subnet with direct internet access disabled. Then, add a NAT gateway to the subnet. The NAT gateway allows traffic to reach the public endpoint for the service that you're connecting to.

Related information

Connect a notebook instance in a VPC to external resources