Configure a VPC for multi-turn RL jobs
When you provide a VpcConfig in your multi-turn RL job configuration,
Amazon SageMaker AI places a proxy elastic network interface (ENI) in your VPC. All customer
data traffic — including access to your S3 buckets, agent invocations, and
logging — flows through this ENI. This keeps data within your VPC network
boundary.
Required VPC setup
Subnets
Provide two or more private subnets in different Availability Zones for redundancy. The subnets do not need a NAT gateway or internet access because all traffic exits through VPC endpoints.
Security group
Create a security group with the following outbound rules. No inbound rules are required.
-
Outbound TCP 443 to
0.0.0.0/0 -
Outbound UDP 53 to
0.0.0.0/0
Note
For tighter security, you can restrict egress to the S3 managed prefix
list and the private IP addresses of your interface endpoint ENIs instead
of allowing 0.0.0.0/0.
VPC endpoints
Create the following VPC endpoints so that traffic from the proxy ENI can reach AWS services without internet access.
| Endpoint | Traffic routed | Service name | Type |
|---|---|---|---|
| S3 (required) | Prompt data, job output, MLflow artifacts
(GetObject, PutObject,
ListBucket) |
com.amazonaws. |
Gateway |
| CloudWatch Logs (required) | Training container logs
(PutLogEvents, CreateLogGroup,
CreateLogStream) |
com.amazonaws. |
Interface |
| Bedrock AgentCore (required if using Bedrock agent) | Agent invocations
(InvokeAgentRuntime) |
com.amazonaws. |
Interface |
| Lambda (required if using Lambda agent) | Agent invocations via Lambda forwarder
(Invoke) |
com.amazonaws. |
Interface |
| MLflow (required if using MLflow tracking) | Training metrics and traces
(LogBatch, StartTrace,
EndTrace) |
aws.sagemaker. |
Interface |
Note
Enable Private DNS on all interface endpoints.
Interface endpoint security group
All interface endpoints must share a security group with inbound TCP 443 from your VPC CIDR.
IAM permissions
The execution role must include EC2 permissions for ENI management. Add the following policy statement to the role.
[ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateNetworkInterface" } } } ]
API configuration
Include the VpcConfig parameter in your multi-turn RL job
request.
"VpcConfig": { "Subnets": ["subnet-0abc123", "subnet-0def456"], "SecurityGroupIds": ["sg-0abc123def"] }
Restrict access to your VPC
You can apply additional restrictions to further secure your VPC configuration.
S3 bucket policy
To restrict S3 access to your VPC only, add a deny policy with the
aws:SourceVpc condition.
{ "Sid": "DenyAccessFromOutsideVpc", "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::my-mtrl-bucket", "arn:aws:s3:::my-mtrl-bucket/*" ], "Condition": { "StringNotEquals": { "aws:SourceVpc": "vpc-0abc123def" } } }
Note
The aws:SourceVpc condition key is only populated when the
request traverses an S3 Gateway Endpoint.
VPC endpoint policies
You can restrict interface endpoints to allow only the actions that multi-turn
RL jobs need. The following example restricts a CloudWatch Logs endpoint to log
groups with the /aws/sagemaker/Job/ prefix.
{ "Statement": [ { "Effect": "Allow", "Principal": "*", "Action": [ "logs:PutLogEvents", "logs:CreateLogGroup", "logs:CreateLogStream" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/Job/*" } ] }
