- 最新
- 最多得票
- 最多評論
Hi,
Thank you for using AWS Sagemaker.
According to the 'TensorFlowProcessor' doc[1], this 'TensorFlowProcessor' is inherited from the 'FrameworkProcessor'[2]. When user doesn't define the optional 'sagemaker_session'[3], it will create one using the default AWS configuration chain. I can see in your post you were passing the default 'PipelineSession' to the 'TensorFlowProcessor' and it failed with the 'AccessDenied' error. However, if you don't include the 'PipelineSession' you defined above and leave the value to none, the system will create a default 'sagemaker_session' for you and it won't assume role and results into the error.
Based on the above, could you please try defining a default 'sagemaker_session' and pass the 'sagemaker_session' as the value of a new 'PipelineSession' and try launching the pipeline with this one. Sample code below:
sagemaker_sess = sagemaker.Session() pipeline_sess = PipelineSession(boto_session=sagemaker_sess)
Please note the 'PipelineSession' is inherited from the SageMaker session class and is only recommended over regular SageMaker Session when your pipeline involves SageMaker Model-Building[4]. For your use case, as you are only doing pre and post processing tasks, you can use the regular SageMaker Session.
In case you have any further queries ,I'd recommend you to reachout to AWS Support by creating a support case[5] so that an engineer can investigate further and assist you in this regard.
Reference: —————— [1] https://sagemaker.readthedocs.io/en/stable/frameworks/tensorflow/sagemaker.tensorflow.html#tensorflow-processor [2] https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.FrameworkProcessor [3] https://sagemaker.readthedocs.io/en/stable/api/utility/session.html#sagemaker.session.Session [4] https://sagemaker.readthedocs.io/en/stable/workflows/pipelines/sagemaker.workflow.pipelines.html#sagemaker.workflow.pipeline_context.PipelineSession [5]Open a support case with AWS using the link: https://console.aws.amazon.com/support/home?#/case/create [6]https://aws.amazon.com/premiumsupport/faqs/
I tried sagemaker_sess = sagemaker.Session() pipeline_sess = PipelineSession(boto_session=sagemaker_sess)
I got an error that says "AttributeError: 'Session' object has no attribute 'region_name'
In your IAM policy for role/CTE-AmazonSageMakerStudio-ExecutionRole
, does it have permission to call KMS API? (Not the KMS key policy)
相關內容
- 已提問 10 個月前
- AWS 官方已更新 7 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
Your S3 bucket is likely secured by SSE-KMS. Check the key policy for KMS key that's associated with the bucket.
@kumo-hiyori. Thank you for your comment. I updated the question to include information about SSE-KMS for the source bucket. I believe the SSE-KMS cross-account access permissions are setup correctly but feel free to take a look. Let me know if you need more information.