SageMaker Studio Notebook private access via vpc endpoint


Hi all,

We are building a Data Lake architecture. We are planning to use SageMaker Studio Notebook and access it via private endpoint instead of giving it public network access. How can i do it?

2 Answers

SageMaker PrivateLink endpoints are available, see this link:

profile pictureAWS
answered 2 months ago

Follow these steps and links

  1. To switch to a VPC-only mode, where internet access is disabled, specify the VPC only network access type when you onboard to Studio or through the CreateDomain API
  2. Only private subnets can be used in VPC only mode.
  3. Configure security groups with specific inbound and outbound rules that allow NFS traffic over TCP
  4. If internet access is required, use a NAT gateway.
  5. For corporate network integration, you can set up a CloudFormation stack for accessing Studio over a corporate network, configure a Route 53 inbound resolver, and establish a private hosted zone for the Studio domain​
  6. Utilize an AWS CloudFormation template to deploy resources such as a new VPC with a private subnet and security group, an encrypted S3 bucket, and VPC endpoints with access control policies
  7. After setting up your environment, create a SageMaker Studio domain and assign it to a VPC.
profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions