software.amazon.awscdk.services.sagemaker

Class CfnDomain

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.sagemaker.CfnDomain

All Implemented Interfaces:

IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:41.867Z")
 @Stability(value=Stable)
public class CfnDomain
extends CfnResource
implements IInspectable

A CloudFormation `AWS::SageMaker::Domain`.

Creates a Domain used by Amazon SageMaker Studio. A domain consists of an associated Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. An AWS account is limited to one domain per region. Users within a domain can share notebook files and other artifacts with each other.

EFS storage

When a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.

SageMaker uses the AWS Key Management Service ( AWS KMS) to encrypt the EFS volume attached to the domain with an AWS managed key by default. For more control, you can specify a customer managed key. For more information, see Protect Data at Rest Using Encryption .

VPC configuration

All SageMaker Studio traffic between the domain and the EFS volume is through the specified VPC and subnets. For other Studio traffic, you can specify the AppNetworkAccessType parameter. AppNetworkAccessType corresponds to the network access type that you choose when you onboard to Studio. The following options are available:

• PublicInternetOnly - Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value.
• VpcOnly - All Studio traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway.

When internet access is disabled, you won't be able to run a Studio notebook or to train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime or a NAT gateway and your security groups allow outbound connections.

NFS traffic over TCP on port 2049 needs to be allowed in both inbound and outbound rules in order to launch a SageMaker Studio app successfully.

For more information, see Connect SageMaker Studio Notebooks to Resources in a VPC .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.sagemaker.*;
 CfnDomain cfnDomain = CfnDomain.Builder.create(this, "MyCfnDomain")
         .authMode("authMode")
         .defaultUserSettings(UserSettingsProperty.builder()
                 .executionRole("executionRole")
                 .jupyterServerAppSettings(JupyterServerAppSettingsProperty.builder()
                         .defaultResourceSpec(ResourceSpecProperty.builder()
                                 .instanceType("instanceType")
                                 .sageMakerImageArn("sageMakerImageArn")
                                 .sageMakerImageVersionArn("sageMakerImageVersionArn")
                                 .build())
                         .build())
                 .kernelGatewayAppSettings(KernelGatewayAppSettingsProperty.builder()
                         .customImages(List.of(CustomImageProperty.builder()
                                 .appImageConfigName("appImageConfigName")
                                 .imageName("imageName")
                                 // the properties below are optional
                                 .imageVersionNumber(123)
                                 .build()))
                         .defaultResourceSpec(ResourceSpecProperty.builder()
                                 .instanceType("instanceType")
                                 .sageMakerImageArn("sageMakerImageArn")
                                 .sageMakerImageVersionArn("sageMakerImageVersionArn")
                                 .build())
                         .build())
                 .rStudioServerProAppSettings(RStudioServerProAppSettingsProperty.builder()
                         .accessStatus("accessStatus")
                         .userGroup("userGroup")
                         .build())
                 .securityGroups(List.of("securityGroups"))
                 .sharingSettings(SharingSettingsProperty.builder()
                         .notebookOutputOption("notebookOutputOption")
                         .s3KmsKeyId("s3KmsKeyId")
                         .s3OutputPath("s3OutputPath")
                         .build())
                 .build())
         .domainName("domainName")
         .subnetIds(List.of("subnetIds"))
         .vpcId("vpcId")
         // the properties below are optional
         .appNetworkAccessType("appNetworkAccessType")
         .appSecurityGroupManagement("appSecurityGroupManagement")
         .domainSettings(DomainSettingsProperty.builder()
                 .rStudioServerProDomainSettings(RStudioServerProDomainSettingsProperty.builder()
                         .domainExecutionRoleArn("domainExecutionRoleArn")
                         // the properties below are optional
                         .defaultResourceSpec(ResourceSpecProperty.builder()
                                 .instanceType("instanceType")
                                 .sageMakerImageArn("sageMakerImageArn")
                                 .sageMakerImageVersionArn("sageMakerImageVersionArn")
                                 .build())
                         .rStudioConnectUrl("rStudioConnectUrl")
                         .rStudioPackageManagerUrl("rStudioPackageManagerUrl")
                         .build())
                 .securityGroupIds(List.of("securityGroupIds"))
                 .build())
         .kmsKeyId("kmsKeyId")
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnDomain.Builder A fluent builder for CfnDomain.
static interface	CfnDomain.CustomImageProperty A custom SageMaker image.
static interface	CfnDomain.DomainSettingsProperty A collection of settings that apply to the `SageMaker Domain` .
static interface	CfnDomain.JupyterServerAppSettingsProperty The JupyterServer app settings.
static interface	CfnDomain.KernelGatewayAppSettingsProperty The KernelGateway app settings.
static interface	CfnDomain.ResourceSpecProperty Specifies the ARN's of a SageMaker image and SageMaker image version, and the instance type that the version runs on.
static interface	CfnDomain.RStudioServerProAppSettingsProperty A collection of settings that configure user interaction with the `RStudioServerPro` app.
static interface	CfnDomain.RStudioServerProDomainSettingsProperty A collection of settings that configure the `RStudioServerPro` Domain-level app.
static interface	CfnDomain.SharingSettingsProperty Specifies options when sharing an Amazon SageMaker Studio notebook.
static interface	CfnDomain.UserSettingsProperty A collection of settings that apply to users of Amazon SageMaker Studio.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnDomain(software.constructs.Construct scope, String id, CfnDomainProps props) Create a new `AWS::SageMaker::Domain`.
protected	CfnDomain(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnDomain(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
String	getAppNetworkAccessType() Specifies the VPC used for non-EFS traffic.
String	getAppSecurityGroupManagement() The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode.
String	getAttrDomainArn() The Amazon Resource Name (ARN) of the Domain, such as `arn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name` .
String	getAttrDomainId() The Domain ID.
String	getAttrHomeEfsFileSystemId() The ID of the Amazon Elastic File System (EFS) managed by this Domain.
String	getAttrSecurityGroupIdForDomainBoundary() The ID of the security group that authorizes traffic between the `RSessionGateway` apps and the `RStudioServerPro` app.
String	getAttrSingleSignOnManagedApplicationInstanceId() The AWS SSO managed application instance ID.
String	getAttrUrl() The URL for the Domain.
String	getAuthMode() The mode of authentication that members use to access the Domain.
protected Map<String,Object>	getCfnProperties()
Object	getDefaultUserSettings() The default user settings.
String	getDomainName() The domain name.
Object	getDomainSettings() A collection of settings that apply to the `SageMaker Domain` .
String	getKmsKeyId() SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.
List<String>	getSubnetIds() The VPC subnets that Studio uses for communication.
TagManager	getTags() Tags to associated with the Domain.
String	getVpcId() The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setAppNetworkAccessType(String value) Specifies the VPC used for non-EFS traffic.
void	setAppSecurityGroupManagement(String value) The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode.
void	setAuthMode(String value) The mode of authentication that members use to access the Domain.
void	setDefaultUserSettings(CfnDomain.UserSettingsProperty value) The default user settings.
void	setDefaultUserSettings(IResolvable value) The default user settings.
void	setDomainName(String value) The domain name.
void	setDomainSettings(CfnDomain.DomainSettingsProperty value) A collection of settings that apply to the `SageMaker Domain` .
void	setDomainSettings(IResolvable value) A collection of settings that apply to the `SageMaker Domain` .
void	setKmsKeyId(String value) SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.
void	setSubnetIds(List<String> value) The VPC subnets that Studio uses for communication.
void	setVpcId(String value) The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Detail

CFN_RESOURCE_TYPE_NAME

@Stability(value=Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnDomain

protected CfnDomain(software.amazon.jsii.JsiiObjectRef objRef)

CfnDomain

protected CfnDomain(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnDomain

@Stability(value=Stable)
public CfnDomain(@NotNull
                                          software.constructs.Construct scope,
                                          @NotNull
                                          String id,
                                          @NotNull
                                          CfnDomainProps props)

Create a new `AWS::SageMaker::Domain`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

@Stability(value=Stable)
public void inspect(@NotNull
                                             TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> renderProperties(@NotNull
                                                                                 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrDomainArn

@Stability(value=Stable)
 @NotNull
public String getAttrDomainArn()

The Amazon Resource Name (ARN) of the Domain, such as `arn:aws:sagemaker:us-west-2:account-id:domain/my-domain-name` .

getAttrDomainId

@Stability(value=Stable)
 @NotNull
public String getAttrDomainId()

The Domain ID.

getAttrHomeEfsFileSystemId

@Stability(value=Stable)
 @NotNull
public String getAttrHomeEfsFileSystemId()

The ID of the Amazon Elastic File System (EFS) managed by this Domain.

getAttrSecurityGroupIdForDomainBoundary

@Stability(value=Stable)
 @NotNull
public String getAttrSecurityGroupIdForDomainBoundary()

The ID of the security group that authorizes traffic between the `RSessionGateway` apps and the `RStudioServerPro` app.

getAttrSingleSignOnManagedApplicationInstanceId

@Stability(value=Stable)
 @NotNull
public String getAttrSingleSignOnManagedApplicationInstanceId()

The AWS SSO managed application instance ID.

getAttrUrl

@Stability(value=Stable)
 @NotNull
public String getAttrUrl()

The URL for the Domain.

getCfnProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

@Stability(value=Stable)
 @NotNull
public TagManager getTags()

Tags to associated with the Domain.

Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.

Tags that you specify for the Domain are also added to all apps that are launched in the Domain.

Array members : Minimum number of 0 items. Maximum number of 50 items.

getAuthMode

@Stability(value=Stable)
 @NotNull
public String getAuthMode()

The mode of authentication that members use to access the Domain.

Valid Values : SSO | IAM

setAuthMode

@Stability(value=Stable)
public void setAuthMode(@NotNull
                                                 String value)

The mode of authentication that members use to access the Domain.

Valid Values : SSO | IAM

getDefaultUserSettings

@Stability(value=Stable)
 @NotNull
public Object getDefaultUserSettings()

The default user settings.

setDefaultUserSettings

@Stability(value=Stable)
public void setDefaultUserSettings(@NotNull
                                                            CfnDomain.UserSettingsProperty value)

The default user settings.

setDefaultUserSettings

@Stability(value=Stable)
public void setDefaultUserSettings(@NotNull
                                                            IResolvable value)

The default user settings.

getDomainName

@Stability(value=Stable)
 @NotNull
public String getDomainName()

The domain name.

setDomainName

@Stability(value=Stable)
public void setDomainName(@NotNull
                                                   String value)

The domain name.

getSubnetIds

@Stability(value=Stable)
 @NotNull
public List<String> getSubnetIds()

The VPC subnets that Studio uses for communication.

Length Constraints : Maximum length of 32.

Array members : Minimum number of 1 item. Maximum number of 16 items.

Pattern : [-0-9a-zA-Z]+

setSubnetIds

@Stability(value=Stable)
public void setSubnetIds(@NotNull
                                                  List<String> value)

The VPC subnets that Studio uses for communication.

Length Constraints : Maximum length of 32.

Array members : Minimum number of 1 item. Maximum number of 16 items.

Pattern : [-0-9a-zA-Z]+

getVpcId

@Stability(value=Stable)
 @NotNull
public String getVpcId()

The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.

Length Constraints : Maximum length of 32.

Pattern : [-0-9a-zA-Z]+

setVpcId

@Stability(value=Stable)
public void setVpcId(@NotNull
                                              String value)

The ID of the Amazon Virtual Private Cloud (Amazon VPC) that Studio uses for communication.

Length Constraints : Maximum length of 32.

Pattern : [-0-9a-zA-Z]+

getAppNetworkAccessType

@Stability(value=Stable)
 @Nullable
public String getAppNetworkAccessType()

Specifies the VPC used for non-EFS traffic. The default value is `PublicInternetOnly` .

• PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker , which allows direct internet access
• VpcOnly - All Studio traffic is through the specified VPC and subnets

Valid Values : PublicInternetOnly | VpcOnly

setAppNetworkAccessType

@Stability(value=Stable)
public void setAppNetworkAccessType(@Nullable
                                                             String value)

Specifies the VPC used for non-EFS traffic. The default value is `PublicInternetOnly` .

• PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker , which allows direct internet access
• VpcOnly - All Studio traffic is through the specified VPC and subnets

Valid Values : PublicInternetOnly | VpcOnly

getAppSecurityGroupManagement

@Stability(value=Stable)
 @Nullable
public String getAppSecurityGroupManagement()

The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode.

Required when CreateDomain.AppNetworkAccessType is VpcOnly and DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn is provided.

setAppSecurityGroupManagement

@Stability(value=Stable)
public void setAppSecurityGroupManagement(@Nullable
                                                                   String value)

The entity that creates and manages the required security groups for inter-app communication in `VpcOnly` mode.

Required when CreateDomain.AppNetworkAccessType is VpcOnly and DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn is provided.

getDomainSettings

@Stability(value=Stable)
 @Nullable
public Object getDomainSettings()

A collection of settings that apply to the `SageMaker Domain` .

These settings are specified through the CreateDomain API call.

setDomainSettings

@Stability(value=Stable)
public void setDomainSettings(@Nullable
                                                       CfnDomain.DomainSettingsProperty value)

A collection of settings that apply to the `SageMaker Domain` .

These settings are specified through the CreateDomain API call.

setDomainSettings

@Stability(value=Stable)
public void setDomainSettings(@Nullable
                                                       IResolvable value)

A collection of settings that apply to the `SageMaker Domain` .

These settings are specified through the CreateDomain API call.

getKmsKeyId

@Stability(value=Stable)
 @Nullable
public String getKmsKeyId()

SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.

For more control, specify a customer managed CMK.

Length Constraints : Maximum length of 2048.

Pattern : .*

setKmsKeyId

@Stability(value=Stable)
public void setKmsKeyId(@Nullable
                                                 String value)

SageMaker uses AWS KMS to encrypt the EFS volume attached to the Domain with an AWS managed customer master key (CMK) by default.

For more control, specify a customer managed CMK.

Length Constraints : Maximum length of 2048.

Pattern : .*