1 Answer
- Newest
- Most votes
- Most comments
-1
As described here - https://docs.aws.amazon.com/redshift/latest/mgmt/managing-clusters-vpc.html your publicly-accessible Redshift cluster can also be accessible via private IP in your VPC. Sagemaker connects with your VPC so should use that private IP, so you can just open your inbound Security Group permissions to your VPC's IP range.
Relevant content
- asked 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Please see the doc link I mentioned in the original post, for Studio notebook: https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-and-internet-access.html "To prevent SageMaker from providing internet access to your Studio notebooks, you can disable internet access by specifying the VPC only network access type when you onboard to Studio"
This will further cause S3 and other connections to go through VPC, which we do not want. Is there a way to identify the source of studio notebook public traffic that connects to a RS cluster via Internet?
Yes I'm familiar with that doc link. Possibly I didn't explain clearly enough - I wasn't suggesting you disable internet access. Both your Redshift Cluster and Sagemaker are connected to your VPC even though both are also connected to the internet, so should be able to communicate via the VPC if configured correctly. In that case your Security Group just needs to be inbound from VPC.