Creates a Domain
used by Amazon SageMaker Studio. A domain consists of an associated Amazon Elastic File System (EFS) volume, a list of authorized users, and a variety of security, application, policy, and Amazon Virtual Private Cloud (VPC) configurations. An AWS account is limited to one domain per region. Users within a domain can share notebook files and other artifacts with each other.
EFS storage
When a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.
SageMaker uses the AWS Key Management Service (AWS KMS) to encrypt the EFS volume attached to the domain with an AWS managed customer master key (CMK) by default. For more control, you can specify a customer managed CMK. For more information, see Protect Data at Rest Using Encryption .
VPC configuration
All SageMaker Studio traffic between the domain and the EFS volume is through the specified VPC and subnets. For other Studio traffic, you can specify the AppNetworkAccessType
parameter. AppNetworkAccessType
corresponds to the network access type that you choose when you onboard to Studio. The following options are available:
PublicInternetOnly
- Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value.
VpcOnly
- All Studio traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway. When internet access is disabled, you won’t be able to run a Studio notebook or to train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime or a NAT gateway and your security groups allow outbound connections.
For more information, see Connect SageMaker Studio Notebooks to Resources in a VPC .
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
create-domain
--domain-name <value>
--auth-mode <value>
--default-user-settings <value>
--subnet-ids <value>
--vpc-id <value>
[--tags <value>]
[--app-network-access-type <value>]
[--home-efs-file-system-kms-key-id <value>]
[--kms-key-id <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--domain-name
(string)
A name for the domain.
--auth-mode
(string)
The mode of authentication that members use to access the domain.
Possible values:
SSO
IAM
--default-user-settings
(structure)
The default user settings.
ExecutionRole -> (string)
The execution role for the user.
SecurityGroups -> (list)
The security groups for the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.
Optional when the
CreateDomain.AppNetworkAccessType
parameter is set toPublicInternetOnly
.Required when the
CreateDomain.AppNetworkAccessType
parameter is set toVpcOnly
.Amazon SageMaker adds a security group to allow NFS traffic from SageMaker Studio. Therefore, the number of security groups that you can specify is one less than the maximum number shown.
(string)
SharingSettings -> (structure)
The sharing settings.
NotebookOutputOption -> (string)
Whether to include the notebook cell output when sharing the notebook. The default is
Disabled
.S3OutputPath -> (string)
When
NotebookOutputOption
isAllowed
, the Amazon S3 bucket used to store the shared notebook snapshots.S3KmsKeyId -> (string)
When
NotebookOutputOption
isAllowed
, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.JupyterServerAppSettings -> (structure)
The Jupyter server’s app settings.
DefaultResourceSpec -> (structure)
The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the JupyterServer app.
SageMakerImageArn -> (string)
The ARN of the SageMaker image that the image version belongs to.
SageMakerImageVersionArn -> (string)
The ARN of the image version created on the instance.
InstanceType -> (string)
The instance type that the image version runs on.
KernelGatewayAppSettings -> (structure)
The kernel gateway app settings.
DefaultResourceSpec -> (structure)
The default instance type and the Amazon Resource Name (ARN) of the default SageMaker image used by the KernelGateway app.
SageMakerImageArn -> (string)
The ARN of the SageMaker image that the image version belongs to.
SageMakerImageVersionArn -> (string)
The ARN of the image version created on the instance.
InstanceType -> (string)
The instance type that the image version runs on.
CustomImages -> (list)
A list of custom SageMaker images that are configured to run as a KernelGateway app.
(structure)
A custom SageMaker image. For more information, see Bring your own SageMaker image .
ImageName -> (string)
The name of the CustomImage. Must be unique to your account.
ImageVersionNumber -> (integer)
The version number of the CustomImage.
AppImageConfigName -> (string)
The name of the AppImageConfig.
TensorBoardAppSettings -> (structure)
The TensorBoard app settings.
DefaultResourceSpec -> (structure)
The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.
SageMakerImageArn -> (string)
The ARN of the SageMaker image that the image version belongs to.
SageMakerImageVersionArn -> (string)
The ARN of the image version created on the instance.
InstanceType -> (string)
The instance type that the image version runs on.
JSON Syntax:
{
"ExecutionRole": "string",
"SecurityGroups": ["string", ...],
"SharingSettings": {
"NotebookOutputOption": "Allowed"|"Disabled",
"S3OutputPath": "string",
"S3KmsKeyId": "string"
},
"JupyterServerAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "string",
"SageMakerImageVersionArn": "string",
"InstanceType": "system"|"ml.t3.micro"|"ml.t3.small"|"ml.t3.medium"|"ml.t3.large"|"ml.t3.xlarge"|"ml.t3.2xlarge"|"ml.m5.large"|"ml.m5.xlarge"|"ml.m5.2xlarge"|"ml.m5.4xlarge"|"ml.m5.8xlarge"|"ml.m5.12xlarge"|"ml.m5.16xlarge"|"ml.m5.24xlarge"|"ml.c5.large"|"ml.c5.xlarge"|"ml.c5.2xlarge"|"ml.c5.4xlarge"|"ml.c5.9xlarge"|"ml.c5.12xlarge"|"ml.c5.18xlarge"|"ml.c5.24xlarge"|"ml.p3.2xlarge"|"ml.p3.8xlarge"|"ml.p3.16xlarge"|"ml.g4dn.xlarge"|"ml.g4dn.2xlarge"|"ml.g4dn.4xlarge"|"ml.g4dn.8xlarge"|"ml.g4dn.12xlarge"|"ml.g4dn.16xlarge"
}
},
"KernelGatewayAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "string",
"SageMakerImageVersionArn": "string",
"InstanceType": "system"|"ml.t3.micro"|"ml.t3.small"|"ml.t3.medium"|"ml.t3.large"|"ml.t3.xlarge"|"ml.t3.2xlarge"|"ml.m5.large"|"ml.m5.xlarge"|"ml.m5.2xlarge"|"ml.m5.4xlarge"|"ml.m5.8xlarge"|"ml.m5.12xlarge"|"ml.m5.16xlarge"|"ml.m5.24xlarge"|"ml.c5.large"|"ml.c5.xlarge"|"ml.c5.2xlarge"|"ml.c5.4xlarge"|"ml.c5.9xlarge"|"ml.c5.12xlarge"|"ml.c5.18xlarge"|"ml.c5.24xlarge"|"ml.p3.2xlarge"|"ml.p3.8xlarge"|"ml.p3.16xlarge"|"ml.g4dn.xlarge"|"ml.g4dn.2xlarge"|"ml.g4dn.4xlarge"|"ml.g4dn.8xlarge"|"ml.g4dn.12xlarge"|"ml.g4dn.16xlarge"
},
"CustomImages": [
{
"ImageName": "string",
"ImageVersionNumber": integer,
"AppImageConfigName": "string"
}
...
]
},
"TensorBoardAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "string",
"SageMakerImageVersionArn": "string",
"InstanceType": "system"|"ml.t3.micro"|"ml.t3.small"|"ml.t3.medium"|"ml.t3.large"|"ml.t3.xlarge"|"ml.t3.2xlarge"|"ml.m5.large"|"ml.m5.xlarge"|"ml.m5.2xlarge"|"ml.m5.4xlarge"|"ml.m5.8xlarge"|"ml.m5.12xlarge"|"ml.m5.16xlarge"|"ml.m5.24xlarge"|"ml.c5.large"|"ml.c5.xlarge"|"ml.c5.2xlarge"|"ml.c5.4xlarge"|"ml.c5.9xlarge"|"ml.c5.12xlarge"|"ml.c5.18xlarge"|"ml.c5.24xlarge"|"ml.p3.2xlarge"|"ml.p3.8xlarge"|"ml.p3.16xlarge"|"ml.g4dn.xlarge"|"ml.g4dn.2xlarge"|"ml.g4dn.4xlarge"|"ml.g4dn.8xlarge"|"ml.g4dn.12xlarge"|"ml.g4dn.16xlarge"
}
}
}
--subnet-ids
(list)
The VPC subnets that Studio uses for communication.
(string)
Syntax:
"string" "string" ...
--vpc-id
(string)
The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.
--tags
(list)
Tags to associated with the Domain. Each tag consists of a key and an optional value. Tag keys must be unique per resource. Tags are searchable using the Search API.
(structure)
Describes a tag.
Key -> (string)
The tag key.
Value -> (string)
The tag value.
Shorthand Syntax:
Key=string,Value=string ...
JSON Syntax:
[
{
"Key": "string",
"Value": "string"
}
...
]
--app-network-access-type
(string)
Specifies the VPC used for non-EFS traffic. The default value is
PublicInternetOnly
.
PublicInternetOnly
- Non-EFS traffic is through a VPC managed by Amazon SageMaker, which allows direct internet access
VpcOnly
- All Studio traffic is through the specified VPC and subnetsPossible values:
PublicInternetOnly
VpcOnly
--home-efs-file-system-kms-key-id
(string)
This member is deprecated and replaced with
KmsKeyId
.
--kms-key-id
(string)
SageMaker uses AWS KMS to encrypt the EFS volume attached to the domain with an AWS managed customer master key (CMK) by default. For more control, specify a customer managed CMK.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
DomainArn -> (string)
The Amazon Resource Name (ARN) of the created domain.
Url -> (string)
The URL to the created domain.