Creates a Domain
used by SageMaker Studio. A domain consists of an associated directory, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. An AWS account is limited to one domain per region. Users within a domain can share notebook files and other artifacts with each other.
When a domain is created, an Amazon Elastic File System (EFS) volume is also created for use by all of the users within the domain. Each user receives a private home directory within the EFS for notebooks, Git repositories, and data files.
All traffic between the domain and the EFS volume is communicated through the specified subnet IDs. All other traffic goes over the Internet through an Amazon SageMaker system VPC. The EFS traffic uses the NFS/TCP protocol over port 2049.
Warning
NFS traffic over TCP on port 2049 needs to be allowed in both inbound and outbound rules in order to launch a SageMaker Studio app successfully.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
create-domain
--domain-name <value>
--auth-mode <value>
--default-user-settings <value>
--subnet-ids <value>
--vpc-id <value>
[--tags <value>]
[--home-efs-file-system-kms-key-id <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]
--domain-name
(string)
A name for the domain.
--auth-mode
(string)
The mode of authentication that members use to access the domain.
Possible values:
SSO
IAM
--default-user-settings
(structure)
The default user settings.
ExecutionRole -> (string)
The execution role for the user.
SecurityGroups -> (list)
The security groups.
(string)
SharingSettings -> (structure)
The sharing settings.
NotebookOutputOption -> (string)
Whether to include the notebook cell output when sharing the notebook. The default is
Disabled
.S3OutputPath -> (string)
When
NotebookOutputOption
isAllowed
, the Amazon S3 bucket used to save the notebook cell output. IfS3OutputPath
isn’t specified, a default bucket is used.S3KmsKeyId -> (string)
When
NotebookOutputOption
isAllowed
, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.JupyterServerAppSettings -> (structure)
The Jupyter server’s app settings.
DefaultResourceSpec -> (structure)
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn -> (string)
The Amazon Resource Name (ARN) of the SageMaker image created on the instance.
InstanceType -> (string)
The instance type.
KernelGatewayAppSettings -> (structure)
The kernel gateway app settings.
DefaultResourceSpec -> (structure)
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn -> (string)
The Amazon Resource Name (ARN) of the SageMaker image created on the instance.
InstanceType -> (string)
The instance type.
TensorBoardAppSettings -> (structure)
The TensorBoard app settings.
DefaultResourceSpec -> (structure)
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn -> (string)
The Amazon Resource Name (ARN) of the SageMaker image created on the instance.
InstanceType -> (string)
The instance type.
Shorthand Syntax:
ExecutionRole=string,SecurityGroups=string,string,SharingSettings={NotebookOutputOption=string,S3OutputPath=string,S3KmsKeyId=string},JupyterServerAppSettings={DefaultResourceSpec={SageMakerImageArn=string,InstanceType=string}},KernelGatewayAppSettings={DefaultResourceSpec={SageMakerImageArn=string,InstanceType=string}},TensorBoardAppSettings={DefaultResourceSpec={SageMakerImageArn=string,InstanceType=string}}
JSON Syntax:
{
"ExecutionRole": "string",
"SecurityGroups": ["string", ...],
"SharingSettings": {
"NotebookOutputOption": "Allowed"|"Disabled",
"S3OutputPath": "string",
"S3KmsKeyId": "string"
},
"JupyterServerAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "string",
"InstanceType": "system"|"ml.t3.micro"|"ml.t3.small"|"ml.t3.medium"|"ml.t3.large"|"ml.t3.xlarge"|"ml.t3.2xlarge"|"ml.m5.large"|"ml.m5.xlarge"|"ml.m5.2xlarge"|"ml.m5.4xlarge"|"ml.m5.8xlarge"|"ml.m5.12xlarge"|"ml.m5.16xlarge"|"ml.m5.24xlarge"|"ml.c5.large"|"ml.c5.xlarge"|"ml.c5.2xlarge"|"ml.c5.4xlarge"|"ml.c5.9xlarge"|"ml.c5.12xlarge"|"ml.c5.18xlarge"|"ml.c5.24xlarge"|"ml.p3.2xlarge"|"ml.p3.8xlarge"|"ml.p3.16xlarge"|"ml.g4dn.xlarge"|"ml.g4dn.2xlarge"|"ml.g4dn.4xlarge"|"ml.g4dn.8xlarge"|"ml.g4dn.12xlarge"|"ml.g4dn.16xlarge"
}
},
"KernelGatewayAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "string",
"InstanceType": "system"|"ml.t3.micro"|"ml.t3.small"|"ml.t3.medium"|"ml.t3.large"|"ml.t3.xlarge"|"ml.t3.2xlarge"|"ml.m5.large"|"ml.m5.xlarge"|"ml.m5.2xlarge"|"ml.m5.4xlarge"|"ml.m5.8xlarge"|"ml.m5.12xlarge"|"ml.m5.16xlarge"|"ml.m5.24xlarge"|"ml.c5.large"|"ml.c5.xlarge"|"ml.c5.2xlarge"|"ml.c5.4xlarge"|"ml.c5.9xlarge"|"ml.c5.12xlarge"|"ml.c5.18xlarge"|"ml.c5.24xlarge"|"ml.p3.2xlarge"|"ml.p3.8xlarge"|"ml.p3.16xlarge"|"ml.g4dn.xlarge"|"ml.g4dn.2xlarge"|"ml.g4dn.4xlarge"|"ml.g4dn.8xlarge"|"ml.g4dn.12xlarge"|"ml.g4dn.16xlarge"
}
},
"TensorBoardAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "string",
"InstanceType": "system"|"ml.t3.micro"|"ml.t3.small"|"ml.t3.medium"|"ml.t3.large"|"ml.t3.xlarge"|"ml.t3.2xlarge"|"ml.m5.large"|"ml.m5.xlarge"|"ml.m5.2xlarge"|"ml.m5.4xlarge"|"ml.m5.8xlarge"|"ml.m5.12xlarge"|"ml.m5.16xlarge"|"ml.m5.24xlarge"|"ml.c5.large"|"ml.c5.xlarge"|"ml.c5.2xlarge"|"ml.c5.4xlarge"|"ml.c5.9xlarge"|"ml.c5.12xlarge"|"ml.c5.18xlarge"|"ml.c5.24xlarge"|"ml.p3.2xlarge"|"ml.p3.8xlarge"|"ml.p3.16xlarge"|"ml.g4dn.xlarge"|"ml.g4dn.2xlarge"|"ml.g4dn.4xlarge"|"ml.g4dn.8xlarge"|"ml.g4dn.12xlarge"|"ml.g4dn.16xlarge"
}
}
}
--subnet-ids
(list)
The VPC subnets to use for communication with the EFS volume.
(string)
Syntax:
"string" "string" ...
--vpc-id
(string)
The ID of the Amazon Virtual Private Cloud (VPC) to use for communication with the EFS volume.
--tags
(list)
Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.
(structure)
Describes a tag.
Key -> (string)
The tag key.
Value -> (string)
The tag value.
Shorthand Syntax:
Key=string,Value=string ...
JSON Syntax:
[
{
"Key": "string",
"Value": "string"
}
...
]
--home-efs-file-system-kms-key-id
(string)
The AWS Key Management Service (KMS) encryption key ID. Encryption with a customer master key (CMK) is not supported.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
--cli-auto-prompt
(boolean)
Automatically prompt for CLI input parameters.
See ‘aws help’ for descriptions of global parameters.
DomainArn -> (string)
The Amazon Resource Name (ARN) of the created domain.
Url -> (string)
The URL to the created domain.