# Machine learning environments offered by Amazon SageMaker AI
**Important**
Amazon SageMaker Studio and Amazon SageMaker Studio Classic are two of the machine learning environments that you can use to interact with SageMaker AI.
If your domain was created after November 30, 2023, Studio is your default experience.
If your domain was created before November 30, 2023, Amazon SageMaker Studio Classic is your default experience. To use Studio if Amazon SageMaker Studio Classic is your default experience, see [Migration from Amazon SageMaker Studio Classic](studio-updated-migrate.md).
When you migrate from Amazon SageMaker Studio Classic to Amazon SageMaker Studio, there is no loss in feature availability. Studio Classic also exists as an IDE within Amazon SageMaker Studio to help you run your legacy machine learning workflows.
SageMaker AI supports the following machine learning environments:
+ *Amazon SageMaker Studio* (Recommended): The latest web-based experience for running ML workflows with a suite of IDEs. Studio supports the following applications:
+ Amazon SageMaker Studio Classic
+ Code Editor, based on Code-OSS, Visual Studio Code - Open Source
+ JupyterLab
+ Amazon SageMaker Canvas
+ RStudio
+ *Amazon SageMaker Studio Classic*: Lets you build, train, debug, deploy, and monitor your machine learning models.
+ *Amazon SageMaker Notebook Instances*: Lets you prepare and process data, and train and deploy machine learning models from a compute instance running the Jupyter Notebook application.
+ *Amazon SageMaker Studio Lab*: Studio Lab is a free service that gives you access to AWS compute resources, in an environment based on open-source JupyterLab, without requiring an AWS account.
+ *Amazon SageMaker Canvas*: Gives you the ability to use machine learning to generate predictions without needing to code.
+ *Amazon SageMaker geospatial*: Gives you the ability to build, train, and deploy geospatial models.
+ *RStudio on Amazon SageMaker AI*: RStudio is an IDE for [R](https://aws.amazon.com/blogs/opensource/getting-started-with-r-on-amazon-web-services/), with a console, syntax-highlighting editor that supports direct code execution, and tools for plotting, history, debugging and workspace management.
+ *SageMaker HyperPod*: SageMaker HyperPod lets you provision resilient clusters for running machine learning (ML) workloads and developing state-of-the-art models such as large language models (LLMs), diffusion models, and foundation models (FMs).
To use these machine learning environments, you or your organization's administrator must create an Amazon SageMaker AI domain. The exceptions are Studio Lab, SageMaker Notebook Instances, and SageMaker HyperPod.
Instead of manually provisioning resources and managing permissions for yourself and your users, you can create a Amazon DataZone domain. The process of creating a Amazon DataZone domain creates a corresponding Amazon SageMaker AI domain with AWS Glue or Amazon Redshift databases for your ETL workflows. Setting up a domain through Amazon DataZone reduces the amount of time it takes to set up SageMaker AI environments for your users. For more information about setting up a Amazon SageMaker AI domain within Amazon DataZone, see [Set up SageMaker Assets (administrator guide)](sm-assets-set-up.md).
Users within the Amazon DataZone domain have permissions to all Amazon SageMaker AI actions, but their permissions are scoped down to resources within the Amazon DataZone domain.
Creating a Amazon DataZone domain streamlines creating a domain that allows your users to share data and models with each other. For information about how they can share data and models, see [Controlled access to assets with Amazon SageMaker Assets](sm-assets.md).
**Topics**
+ [
# Amazon SageMaker Studio
](studio-updated.md)
+ [
# SageMaker JupyterLab
](studio-updated-jl.md)
+ [
# Amazon SageMaker notebook instances
](nbi.md)
+ [
# Amazon SageMaker Studio Lab
](studio-lab.md)
+ [
# Amazon SageMaker Canvas
](canvas.md)
+ [
# Amazon SageMaker geospatial capabilities
](geospatial.md)
+ [
# RStudio on Amazon SageMaker AI
](rstudio.md)
+ [
# Code Editor in Amazon SageMaker Studio
](code-editor.md)
+ [
# Amazon SageMaker HyperPod
](sagemaker-hyperpod.md)
+ [
# Generative AI in SageMaker notebook environments
](jupyterai.md)
+ [
# Amazon Q Developer
](studio-updated-amazon-q.md)
+ [
# Amazon SageMaker Partner AI Apps overview
](partner-apps.md)
# Amazon SageMaker Studio
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
Amazon SageMaker Studio is the latest web-based experience for running ML workflows. Studio offers a suite of integrated development environments (IDEs). These include Code Editor, based on Code-OSS, Visual Studio Code - Open Source, a new JupyterLab application, RStudio, and Amazon SageMaker Studio Classic. For more information, see [Applications supported in Amazon SageMaker Studio](studio-updated-apps.md).
The new web-based UI in Studio is faster and provides access to all SageMaker AI resources, including jobs and endpoints, in one interface. ML practitioners can also choose their preferred IDE to accelerate ML development. A data scientist can use JupyterLab to explore data and tune models. In addition, a machine learning operations (MLOps) engineer can use Code Editor with the pipelines tool in Studio to deploy and monitor models in production.
The previous Studio experience is still being supported as Amazon SageMaker Studio Classic. Studio Classic is the default experience for existing customers, and is available as an application in Studio. For more information about Studio Classic, see [Amazon SageMaker Studio Classic](studio.md). For information about how to migrate from Studio Classic to Studio, see [Migration from Amazon SageMaker Studio Classic](studio-updated-migrate.md).
Studio offers the following benefits:
+ A new JupyterLab application that has a faster start-up time and is more reliable than the existing Studio Classic application. For more information, see [SageMaker JupyterLab](studio-updated-jl.md).
+ A suite of IDEs that open in a separate tab, including the new Code Editor, based on Code-OSS, Visual Studio Code - Open Source application. Users can interact with supported IDEs in a full screen experience. For more information, see [Applications supported in Amazon SageMaker Studio](studio-updated-apps.md).
+ Access to all of your SageMaker AI resources in one place. Studio displays running instances across all of your applications.
+ Access to all training jobs in a single view, regardless of whether they were scheduled from notebooks or initiated from Amazon SageMaker JumpStart.
+ Simplified model deployment workflows and endpoint management and monitoring directly from Studio. You don't need to access the SageMaker AI console.
+ Automatic creation of all configured applications when you onboard to a domain. For information about onboarding to a domain, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
+ An improved JumpStart experience where you can discover, import, register, fine tune, and deploy a foundation model. For more information, see [SageMaker JumpStart pretrained models](studio-jumpstart.md).
**Topics**
+ [
# Launch Amazon SageMaker Studio
](studio-updated-launch.md)
+ [
# Amazon SageMaker Studio UI overview
](studio-updated-ui.md)
+ [
# Amazon EFS auto-mounting in Studio
](studio-updated-automount.md)
+ [
# Idle shutdown
](studio-updated-idle-shutdown.md)
+ [
# Applications supported in Amazon SageMaker Studio
](studio-updated-apps.md)
+ [
# Connect your Remote IDE to SageMaker spaces with remote access
](remote-access.md)
+ [
# Bring your own image (BYOI)
](studio-updated-byoi.md)
+ [
# Lifecycle configurations within Amazon SageMaker Studio
](studio-lifecycle-configurations.md)
+ [
# Amazon SageMaker Studio spaces
](studio-updated-spaces.md)
+ [
# Trusted identity propagation with Studio
](trustedidentitypropagation.md)
+ [
# Perform common UI tasks
](studio-updated-common.md)
+ [
# NVMe stores with Amazon SageMaker Studio
](studio-updated-nvme.md)
+ [
# Local mode support in Amazon SageMaker Studio
](studio-updated-local.md)
+ [
# View your Studio running instances, applications, and spaces
](studio-updated-running.md)
+ [
# Stop and delete your Studio running applications and spaces
](studio-updated-running-stop.md)
+ [
# SageMaker Studio image support policy
](sagemaker-distribution.md)
+ [
# Amazon SageMaker Studio pricing
](studio-updated-cost.md)
+ [
# Troubleshooting
](studio-updated-troubleshooting.md)
+ [
# Migration from Amazon SageMaker Studio Classic
](studio-updated-migrate.md)
+ [
# Amazon SageMaker Studio Classic
](studio.md)
# Launch Amazon SageMaker Studio
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
This page's topics demonstrate how to launch Amazon SageMaker Studio from the Amazon SageMaker AI console and the AWS Command Line Interface (AWS CLI).
**Topics**
+ [
## Prerequisites
](#studio-updated-launch-prereq)
+ [
## Launch from the Amazon SageMaker AI console
](#studio-updated-launch-console)
+ [
## Launch using the AWS CLI
](#studio-updated-launch-cli)
## Prerequisites
Before you begin, complete the following prerequisites:
+ Onboard to a SageMaker AI domain with Studio access. If you don't have permissions to set Studio as the default experience for your domain, contact your administrator. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
+ Update the AWS CLI by following the steps in [Installing the current AWS CLI Version](https://docs.aws.amazon.com//cli/latest/userguide/install-cliv1.html#install-tool-bundled).
+ From your local machine, run `aws configure` and provide your AWS credentials. For information about AWS credentials, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com//general/latest/gr/aws-sec-cred-types.html).
## Launch from the Amazon SageMaker AI console
Complete the following procedure to launch Studio from the Amazon SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, choose Studio.
1. From the Studio landing page, select the domain and user profile for launching Studio.
1. Choose **Open Studio**.
1. To launch Studio, choose **Launch personal Studio**.
## Launch using the AWS CLI
This section demonstrates how to launch Studio using the AWS CLI. The procedure to access Studio using the AWS CLI depends if the domain uses AWS Identity and Access Management (IAM) authentication or AWS IAM Identity Center authentication. You can use the AWS CLI to launch Studio by creating a presigned domain URL when your domain uses IAM authentication. For information about launching Studio with IAM Identity Center authentication, see [Use custom setup for Amazon SageMaker AI](onboard-custom.md).
### Launch if Studio is the default experience
The following code snippet demonstrates how to launch Studio from the AWS CLI using a presigned domain URL if Studio is the default experience. For more information, see [create-presigned-domain-url](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-presigned-domain-url.html).
```
aws sagemaker create-presigned-domain-url \
--region region \
--domain-id domain-id \
--user-profile-name user-profile-name \
--session-expiration-duration-in-seconds 43200
```
### Launch if Amazon SageMaker Studio Classic is your default experience
The following code snippet demonstrates how to launch Studio from the AWS CLI using a presigned domain URL if Studio Classic is the default experience. For more information, see [create-presigned-domain-url](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-presigned-domain-url.html).
```
aws sagemaker create-presigned-domain-url \
--region region \
--domain-id domain-id \
--user-profile-name user-profile-name \
--session-expiration-duration-in-seconds 43200 \
--landing-uri studio::
```
# Amazon SageMaker Studio UI overview
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
The Amazon SageMaker Studio user interface is split into three distinct parts. This page gives information about the distinct parts and their components.
+ **Navigation bar**– This section of the UI includes the URL, breadcrumbs, notifications, and user options.
+ **Navigation pane**– This section of the UI includes a list of the applications that are supported in Studio and options for the main workflows in Studio.
+ **Content pane**– The main working area that displays the current page of the Studio UI that you have open.
![\[Amazon SageMaker Studio home page with navigation pane and content pane (main working area).\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/monarch/studio-updated-ui.png)
**Topics**
+ [
## Amazon SageMaker Studio navigation bar
](#studio-updated-ui-top)
+ [
## Amazon SageMaker Studio navigation pane
](#studio-updated-ui-left)
+ [
## Studio content pane
](#studio-updated-ui-working)
## Amazon SageMaker Studio navigation bar
The navigation bar of the Studio UI includes the URL, breadcrumbs, notifications, and user options.
**URL Structure**
The URL of Studio changes as you navigate the UI. When you navigate to a different page in the UI, the URL changes to reflect that page. With the updated URL, you open any page in the Studio UI directly without navigating to the landing page first.
**Breadcrumbs**
As you navigate through the Studio UI, the breadcrumbs keep track of the parent pages of the current page. By choosing one of these breadcrumbs, you can navigate to parent pages in the UI.
**Notifications**
The notifications section of the UI gives information about important changes to Studio, updates to applications, and issues to resolve.
**User options**
Choose the user options icon (![\[User icon with a circular avatar placeholder and a downward-pointing arrow.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/monarch/user-settings.png)) to get information about the user profile that is currently using Studio, and gives the option to sign out of Studio.
## Amazon SageMaker Studio navigation pane
**Navigation pane**
The navigation pane of the UI includes a list of the applications that are supported in Studio. It also provides options for the main workflows in Studio.
This section of the UI can be used in an expanded or collapsed state. To change whether the section is expanded or collapsed, select the **Collapse** icon (![\[Square icon with "ID" text representing an identity or identification concept.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/monarch/collapse-ui.png)).
**Applications**
The applications section lists the applications that are available in Studio. If you choose one of the application types, you are directed to the landing page for that application.
**Workflows**
The list of workflows includes all of the available actions that you can take in Studio. Choose one of the options to navigate to the landing page for that workflow. If there are multiple workflows available for that option, choosing the option opens a dropdown menu where you can select the desired landing page.
The following list describes the options and provides a link for more information.
+ **Home**– The main landing page with an overview, getting started, and what’s new.
+ **Running instances**– All of the instances that are currently running in Studio. For more information, see [View your Studio running instances, applications, and spaces](studio-updated-running.md).
+ **Data**– Data preparation options where you can collaborate to store, explore, prepare, transform, and share your data.
+ For more information about Amazon SageMaker Data Wrangler, see [Data preparation](canvas-data-prep.md).
+ For more information about Amazon SageMaker Feature Store, see [Create, store, and share features with Feature Store](feature-store.md).
+ For more information about Amazon EMR clusters, see [Data preparation using Amazon EMR](studio-notebooks-emr-cluster.md).
+ **Auto ML**– Automatically build, train, tune, and deploy machine learning (ML) models. For more information, see [Amazon SageMaker Canvas](canvas.md).
+ **Experiments**– Create, manage, analyze, and compare your machine learning experiments using Amazon SageMaker Experiments. For more information, see [Amazon SageMaker Experiments in Studio Classic](experiments.md).
+ **Jobs**– View jobs created in Studio.
+ For more information about training, see [Model training](train-model.md).
+ For more information about model evaluation, see [Understand options for evaluating large language models with SageMaker Clarify](clarify-foundation-model-evaluate.md).
+ **Pipelines**– Automate your ML workflow with Amazon SageMaker Pipelines, which provides resources to help you build, track, and manage your pipeline resources. For more information, see [Pipelines](pipelines.md).
+ **Models**– Organize your models into groups and collections in the model registry, where you can manage model versions, view metadata, and deploy models to production. For more information, see [Model Registration Deployment with Model Registry](model-registry.md).
+ **JumpStart**– Amazon SageMaker JumpStart provides pretrained, open-source models for a wide range of problem types to help you get started with machine learning. For more information, see [SageMaker JumpStart pretrained models](studio-jumpstart.md).
+ **Deployments**– Deploy your machine learning (ML) models for inference.
+ For more information about Amazon SageMaker Inference Recommender, see [Amazon SageMaker Inference Recommender](inference-recommender.md).
+ For more information about endpoints, see [Deploy models for inference](deploy-model.md).
## Studio content pane
The main working area is also called the content pane. It displays the current page of the Studio UI that you have open.
**Studio home page**
The Studio home page is the primary landing page in the main working area. The home page includes two distinct tabs. There is an **Overview** tab and a **Getting started** tab.
**Overview**
The **Overview** tab includes options to start spaces for popular application types, get started with pre-built and automated solutions for ML workflows, and links to common tasks in the Studio UI.
**Getting started**
The **Getting started** tab includes information, guidance, and resources on how to begin with Studio. This includes a guided tour of the Studio UI, a link to documentation about Studio, and a selection of quick tips.
# Amazon EFS auto-mounting in Studio
Amazon SageMaker AI supports automatically mounting a folder in an Amazon EFS volume for each user in a domain. Using this folder, users can share data between their own private spaces. However, users cannot share data with other users in the domain. Users only have access to their own folder.
The user’s folder can be accessed through a folder named `user-default-efs` . This folder is present in the `$HOME` directory of the Studio application.
For information about opting out of Amazon EFS auto-mounting, see [Opt out of Amazon EFS auto-mounting](studio-updated-automount-optout.md).
Amazon EFS auto-mounting also facilitates the migration of data from Studio Classic to Studio. For more information, see [(Optional) Migrate data from Studio Classic to Studio](studio-updated-migrate-data.md).
**Access point information**
When auto-mounting is activated, SageMaker AI uses an Amazon EFS access point to facilitate access to the data in the Amazon EFS volume. For more information about access points, see [Working with Amazon EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html) SageMaker AI creates a unique access point for each user profile in the domain during user profile creation or during application creation for an existing user profile. The POSIX user value of the access point matches the `HomeEfsFileSystemUid` value of the user profile that SageMaker AI creates the access point for. To get the value of the user, see [DescribeUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeUserProfile.html#sagemaker-DescribeUserProfile-response-HomeEfsFileSystemUid). The root directory path is also set to the same value as the POSIX user value.
SageMaker AI sets the permissions of the new directory to the following values:
+ Owner user ID: `POSIX user value`
+ Owner group ID: `0`
+ Permissions `700`
The access point is required to access the Amazon EFS volume. As a result, you cannot delete or update the access point without losing access to the Amazon EFS volume.
**Error resolution**
If SageMaker AI encounters an issue when auto-mounting the Amazon EFS user folder during application creation, the application is still created. However, in this case, SageMaker AI creates a file named `error.txt` instead of mounting the Amazon EFS folder. This file describes the error encountered, as well as steps to resolve it. SageMaker AI creates the `error.txt` file in the `user-default-efs` folder located in the `$HOME` directory of the application.
# Opt out of Amazon EFS auto-mounting
You can opt-out of Amazon SageMaker AI auto-mounting Amazon EFS user folders during domain and user profile creation or for an existing domain or user profile.
## Opt out during domain creation
You can opt out of Amazon EFS auto-mounting when creating a domain using either the console or the AWS Command Line Interface.
### Console
Complete the following steps to opt out of Amazon EFS auto-mounting when creating a domain from the console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. Complete the steps in [Use custom setup for Amazon SageMaker AI](onboard-custom.md) with the following modification to set up a domain.
+ On the **Configure storage** step, turn off **Automatically mount EFS storage and data**.
### AWS CLI
Use the following command to opt out of Amazon EFS auto-mounting during domain creation using the AWS CLI. For more information about creating a domain using the AWS CLI, see [Use custom setup for Amazon SageMaker AI](onboard-custom.md).
```
aws --region region sagemaker create-domain \
--domain-name "my-domain-$(date +%s)" \
--vpc-id default-vpc-id \
--subnet-ids subnet-ids \
--auth-mode IAM \
--default-user-settings "ExecutionRole=execution-role-arn,AutoMountHomeEFS=Disabled" \
--default-space-settings "ExecutionRole=execution-role-arn"
```
## Opt out for an existing domain
You can opt out of Amazon EFS auto-mounting for an existing domain using either the console or the AWS CLI.
### Console
Complete the following steps to opt out of Amazon EFS auto-mounting when updating a domain from the console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation under **Admin configurations**, choose **Domains**.
1. On the **Domains** page, select the domain that you want to opt out of Amazon EFS auto-mounting for.
1. On the **Domain details** page, select the **Domain settings** tab.
1. Navigate to the **Storage configurations** section.
1. Select **Edit**.
1. From the **Edit storage settings** page, turn off **Automatically mount EFS storage and data**.
1. Select **Submit**.
### AWS CLI
Use the following command to opt out of Amazon EFS auto-mounting while updating an existing domain using the AWS CLI.
```
aws --region region sagemaker update-domain \
--domain-id domain-id \
--default-user-settings "AutoMountHomeEFS=Disabled"
```
## Opt out during user profile creation
You can opt out of Amazon EFS auto-mounting when creating a user profile using either the console or the AWS CLI.
### Console
Complete the following steps to opt out of Amazon EFS auto-mounting when creating a user profile from the console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. Complete the steps in [Add user profiles](domain-user-profile-add.md) with the following modification to create a user profile.
+ On the **Data and Storage** step, turn off **Inherit settings from domain**. This allows the user to have a different value than the defaults that are set for the domain.
+ Turn off **Automatically mount EFS storage and data**.
### AWS CLI
Use the following command to opt out of Amazon EFS auto-mounting during user profile creation using the AWS CLI. For more information about creating a user profile using the AWS CLI, see [Add user profiles](domain-user-profile-add.md).
```
aws --region region sagemaker create-user-profile \
--domain-id domain-id \
--user-profile-name "user-profile-$(date +%s)" \
--user-settings "ExecutionRole=arn:aws:iam::account-id:role/execution-role-name,AutoMountHomeEFS=Enabled/Disabled/DefaultAsDomain"
```
## Opt out for an existing user profile
You can opt out of Amazon EFS auto-mounting for an existing user profile using either the console or the AWS CLI.
### Console
Complete the following steps to opt out of Amazon EFS auto-mounting when updating a user profile from the console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation under **Admin configurations**, choose **Domains**.
1. On the **Domains** page, select the domain containing the user profile that you want to opt out of Amazon EFS auto-mounting for.
1. On the **Domains details** page, select the **User profiles** tab.
1. Select the user profile to update.
1. From the **User Details** tab, navigate to the **AutoMountHomeEFS** section.
1. Select **Edit**.
1. From the **Edit storage settings** page, turn off **Inherit settings from domain**. This allows the user to have a different value than the defaults that are set for the domain.
1. Turn off **Automatically mount EFS storage and data**.
1. Select **Submit**.
### AWS CLI
Use the following command to opt out of Amazon EFS auto-mounting while updating an existing user profile using the AWS CLI.
```
aws --region region sagemaker update-user-profile \
--domain-id domain-id \
--user-profile-name user-profile-name \
--user-settings "AutoMountHomeEFS=DefaultAsDomain"
```
# Idle shutdown
Amazon SageMaker AI supports shutting down idle resources to manage costs and prevent cost overruns due to cost accrued by idle, billable resources. It accomplishes this by detecting an app’s idle state and performing an app shutdown when idle criteria are met.
SageMaker AI supports idle shutdown for the following applications. Idle shutdown must be set for each application type independently.
+ JupyterLab
+ Code Editor, based on Code-OSS, Visual Studio Code - Open Source
Idle shutdown can be set at either the domain or user profile level. When idle shutdown is set at the domain level, the idle shutdown settings apply to all applications created in the domain. When set at the user profile level, the idle shutdown settings apply only to the specific users that they are set for. User profile settings override domain settings.
**Note**
Idle shutdown requires the usage of the `SageMaker-distribution` (SMD) image with v2.0 or newer. Domains using an older SMD version can’t use the feature. These users must use an LCC to manage auto-shutdown instead.
## Definition of idle
Idle shutdown settings only apply when the application becomes idle with no jobs running. SageMaker AI doesn’t start the idle shutdown timing until the instance becomes idle. The definition on idle differs based on whether the application type is JupyterLab or Code Editor.
For JupyterLab applications, the instance is considered idle when the following conditions are met:
+ No active Jupyter kernel sessions
+ No active Jupyter terminal sessions
For Code Editor applications, the instance is considered idle when the following conditions are met:
+ No text file or notebook changes
+ No files being viewed
+ No interaction with the terminal
# Set up idle shutdown
The following sections show how to set up idle shutdown from either the console or using the AWS CLI. Idle shutdown can be set at either the domain or user profile level.
## Prerequisites
To use idle shutdown with your application, you must complete the following prerequisites.
+ Ensure that your application is using the SageMaker Distribution (SMD) version 2.0. You can select this version during application creation or update the image version of the application after creation. For more information, see [Update the SageMaker Distribution Image](studio-updated-jl-update-distribution-image.md) .
+ For applications built with custom images, idle shutdown is supported if your custom image is created with SageMaker Distribution (SMD) version 2.0 or later as the base image. If the custom image is created with a different base image, then you must install the [jupyter-activity-monitor-extension >= 0.3.1](https://anaconda.org/conda-forge/jupyter-activity-monitor-extension) extension on the image and attach the image to your Amazon SageMaker AI domain for JupyterLab applications. For more information about custom images, see [Bring your own image (BYOI)](studio-updated-byoi.md).
## From the Console
The following sections show how to enable idle shutdown from the console.
### Add when creating a new domain
1. Create a domain by following the steps in [Use custom setup for Amazon SageMaker AI](onboard-custom.md)
1. When configuring the application settings in the domain, navigate to either the Code Editor or JupyterLab section.
1. Select **Enable idle shutdown**.
1. Enter a default idle shutdown time in minutes. This values defaults to `10,080` if no value is entered.
1. (Optional) Select **Allow users to set custom idle shutdown time** to allow users to modify the idle shutdown time.
+ Enter a maximum value that users can set the default idle shutdown time to. You must enter a maximum value. The minimum value is set by Amazon SageMaker AI and must be `60`.
### Add to an existing domain
**Note**
If idle shutdown is set when applications are running, they must be restarted for idle shutdown settings to take effect.
1. Navigate to the domain.
1. Choose the **App Configurations** tab.
1. From the **App Configurations** tab, navigate to either the Code Editor or JupyterLab section.
1. Select **Edit**.
1. Select **Enable idle shutdown**.
1. Enter a default idle shutdown time in minutes. This values defaults to `10,080` if no value is entered.
1. (Optional) Select **Allow users to set custom idle shutdown time** to allow users to modify the idle shutdown time.
+ Enter a maximum value that users can set the default idle shutdown time to. You must enter a maximum value. The minimum value is set by Amazon SageMaker AI and must be `60`.
1. Select **Submit**.
### Add when creating a new user profile
1. Add a user profile by following the steps at [Add user profiles](domain-user-profile-add.md)
1. When configuring the application settings for the user profile, navigate to either the Code Editor or JupyterLab section.
1. Select **Enable idle shutdown**.
1. Enter a default idle shutdown time in minutes. This values defaults to `10,080` if no value is entered.
1. (Optional) Select **Allow users to set custom idle shutdown time** to allow users to modify the idle shutdown time.
+ Enter a maximum value that users can set the default idle shutdown time to. You must enter a maximum value. The minimum value is set by Amazon SageMaker AI and must be `60`.
1. Select “Save Changes”.
### Add to an existing user profile
Note: If idle shutdown is set when applications are running, they must be restarted for idle shutdown settings to take effect.
1. Navigate to the user profile.
1. Choose the **App Configurations** tab.
1. From the ****App Configurations**** tab, navigate to either the Code Editor or JupyterLab section.
1. Select **Edit**.
1. Idle shutdown settings will show domain settings by default if configured for the domain.
1. Select **Enable idle shutdown**.
1. Enter a default idle shutdown time in minutes. This values defaults to `10,080` if no value is entered.
1. (Optional) Select **Allow users to set custom idle shutdown time** to allow users to modify the idle shutdown time.
+ Enter a maximum value that users can set the default idle shutdown time to. You must enter a maximum value. The minimum value is set by Amazon SageMaker AI and must be `60`.
1. Select **Save Changes**.
## From the AWS CLI
The following sections show how to enable idle shutdown using the AWS CLI.
**Note**
To enforce a specific timeout value from the AWS CLI, you must set `IdleTimeoutInMinutes`, `MaxIdleTimeoutInMinutes`, and `MinIdleTimeoutInMinutes` to the same value.
### Domain
The following command shows how to enable idle shutdown when updating an existing domain. To add idle shutdown for a new domain, use the `create-domain` command instead.
**Note**
If idle shutdown is set when applications are running, they must be restarted for idle shutdown settings to take effect.
```
aws sagemaker update-domain --region region --domain-id domain-id \
--default-user-settings file://default-user-settings.json
## default-user-settings.json example for enforcing the default timeout
{
"JupyterLabAppSettings": {
"AppLifecycleManagement": {
"IdleSettings": {
"LifecycleManagement": "ENABLED",
"IdleTimeoutInMinutes": 120,
"MaxIdleTimeoutInMinutes": 120,
"MinIdleTimeoutInMinutes": 120
}
}
}
## default-user-settings.json example for letting users customize the default timeout, between 2-5 hours
{
"JupyterLabAppSettings": {
"AppLifecycleManagement": {
"IdleSettings": {
"LifecycleManagement": "ENABLED",
"IdleTimeoutInMinutes": 120,
"MinIdleTimeoutInMinutes": 120,
"MaxIdleTimeoutInMinutes": 300
}
}
}
```
### User profile
The following command shows how to enable idle shutdown when updating an existing user profile. To add idle shutdown for a new user profile, use the `create-user-profile` command instead.
**Note**
If idle shutdown is set when applications are running, they must be restarted for idle shutdown settings to take effect.
```
aws sagemaker update-user-profile --region region --domain-id domain-id \
--user-profile-name user-profile-name --user-settings file://user-settings.json
## user-settings.json example for enforcing the default timeout
{
"JupyterLabAppSettings": {
"AppLifecycleManagement": {
"IdleSettings": {
"LifecycleManagement": "ENABLED",
"IdleTimeoutInMinutes": 120,
"MaxIdleTimeoutInMinutes": 120,
"MinIdleTimeoutInMinutes": 120
}
}
}
## user-settings.json example for letting users customize the default timeout, between 2-5 hours
{
"JupyterLabAppSettings": {
"AppLifecycleManagement": {
"IdleSettings": {
"LifecycleManagement": "ENABLED",
"IdleTimeoutInMinutes": 120,
"MinIdleTimeoutInMinutes": 120,
"MaxIdleTimeoutInMinutes": 300
}
}
}
```
# Update default idle shutdown settings
You can update the default idle shutdown settings at either the domain or user profile level.
**Note**
If idle shutdown is set when applications are running, they must be restarted for idle shutdown settings to take effect.
## Update domain settings
1. Navigate to the domain.
1. Choose the **App Configurations** tab.
1. From the **App Configurations** tab, navigate to either the Code Editor or JupyterLab section.
1. In the section for the application that you want to modify the idle shutdown time limit for, select **Edit**.
1. Update the idle shutdown settings for the domain.
1. Select **Save Changes**.
## Update user profile settings
1. Navigate to the domain.
1. Choose the **User profiles** tab.
1. From the **User profiles** tab, select the user profile to edit.
1. From the **User profile** page, choose the **Applications** tab.
1. On the **Applications** tab, navigate to either the Code Editor or JupyterLab section.
1. In the section for the application that you want to modify the idle shutdown time limit for, select **Edit**.
1. Update the idle shutdown settings for the user profile.
1. Select **Save Changes**.
# Modify your idle shutdown time limit
Users may be able to modify the idle shutdown time limit if the admin gives access when adding support for idle shutdown. If support for idle shutdown is added, there may be a limit applied to the maximum time for idle shutdown. A user can set the value anywhere between the lower limit and upper limit.
1. Launch Amazon SageMaker Studio by following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. From the **Applications** section, select the application type to update the idle shutdown time for.
1. Select the space to update.
1. Update **Idle shutdown (mins)** with your desired value.
**Note**
If idle shutdown is set when applications are running, they must be restarted for idle shutdown settings to take effect.
# Applications supported in Amazon SageMaker Studio
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
Amazon SageMaker Studio supports the following applications:
+ **Code Editor, based on Code-OSS, Visual Studio Code - Open Source**– Code Editor offers a lightweight and powerful integrated development environment (IDE) with familiar shortcuts, terminal, and advanced debugging capabilities and refactoring tools. It is a fully managed, browser-based application in Studio. For more information, see [Code Editor in Amazon SageMaker Studio](code-editor.md).
+ **Amazon SageMaker Studio Classic**– Amazon SageMaker Studio Classic is a web-based IDE for machine learning. With Studio Classic, you can build, train, debug, deploy, and monitor your machine learning models. For more information, see [Amazon SageMaker Studio Classic](studio.md).
+ **JupyterLab**–JupyterLab offers a set of capabilities that augment the fully managed notebook offering. It includes kernels that start in seconds, a pre-configured runtime with popular data science, machine learning frameworks, and high performance block storage. For more information, see [SageMaker JupyterLab](studio-updated-jl.md).
+ **Amazon SageMaker Canvas**– With SageMaker Canvas, you can use machine learning to generate predictions without writing code. With Canvas, you can chat with popular large language models (LLMs), access ready-to-use models, or build a custom model that's trained on your data. For more information, see [Amazon SageMaker Canvas](canvas.md).
+ **RStudio**– RStudio is an integrated development environment for R. It includes a console and syntax-highlighting editor that supports running code directly. It also includes tools for plotting, history, debugging, and workspace management. For more information, see [RStudio on Amazon SageMaker AI](rstudio.md).
# Connect your Remote IDE to SageMaker spaces with remote access
You can remotely connect from your Remote IDE to Amazon SageMaker Studio spaces. You can use your customized local IDE setup, including AI-assisted development tools and custom extensions, with the scalable compute resources in Amazon SageMaker AI. This guide provides concepts and setup instructions for administrators and users.
A Remote IDE connection establishes a secure connection between your local IDE and SageMaker spaces. This connection lets you:
+ **Access SageMaker AI compute resources** — Run code on scalable SageMaker AI infrastructure from your local environment
+ **Maintain security boundaries** — Work within the same security framework as SageMaker AI
+ **Keep your familiar IDE experience** — Use compatible local extensions, themes, and configurations that support remote development
**Note**
Not all IDE extensions are compatible with remote development. Extensions that require local GUI components, have architecture dependencies, or need specific client-server interactions may not work properly in the remote environment. Verify that your required extensions support remote development before use.
**Topics**
+ [
## Key concepts
](#remote-access-key-concepts)
+ [
## Connection methods
](#remote-access-connection-methods)
+ [
## Supported IDEs
](#remote-access-supported-ides)
+ [
## IDE version requirements
](#remote-access-ide-version-requirements)
+ [
## Operating system requirements
](#remote-access-os-requirements)
+ [
## Local machine prerequisites
](#remote-access-local-prerequisites)
+ [
## Image requirements
](#remote-access-image-requirements)
+ [
## Instance requirements
](#remote-access-instance-requirements)
+ [
# Set up remote access
](remote-access-remote-setup.md)
+ [
# Set up Remote IDE
](remote-access-local-ide-setup.md)
+ [
# Supported AWS Regions
](remote-access-supported-regions.md)
## Key concepts
+ **Remote connection** — A secure tunnel between your Remote IDE and a SageMaker space. This connection enables interactive development and code execution using SageMaker AI compute resources.
+ [https://docs.aws.amazon.com/sagemaker/latest/dg/studio-updated-spaces.html](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-updated-spaces.html) — A dedicated environment within Amazon SageMaker Studio where you can manage your storage and resources for your Studio applications.
+ **Deep link** — A button (direct URL) from the SageMaker UI that initiates a remote connection to your local IDE.
## Connection methods
There are three main ways to connect your Remote IDE to SageMaker spaces:
+ **Deep link access** — You can connect directly to a specific space by using the **Open space with** button available in SageMaker AI. This uses URL patterns to establish a remote connection and open your SageMaker space in your Remote IDE.
+ [https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/welcome.html](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/welcome.html) — You can authenticate with AWS Toolkit for Visual Studio Code. This allows you to connect to spaces and open a remotely connected window from your Remote IDE.
+ **SSH terminal connection** — You can connect via command line using SSH configuration.
## Supported IDEs
Remote connection to Studio spaces supports:
+ [Visual Studio Code](https://code.visualstudio.com/)
+ [Kiro](https://kiro.dev/)
+ [Cursor](https://cursor.com/home)
## IDE version requirements
The following table lists the minimum version requirements for each supported Remote IDE.
| IDE | Minimum version |
| --- | --- |
| Visual Studio Code | [v1.90](https://code.visualstudio.com/updates/v1_90) or greater. We recommend using the [latest stable version](https://code.visualstudio.com/updates). |
| Kiro | v0.10.78 or greater |
| Cursor | v2.6.18 or greater |
The AWS Toolkit extension is required to connect your Remote IDE to Studio spaces. For Kiro and Cursor, AWS Toolkit extension version v3.100 or greater is required.
## Operating system requirements
You need one of the following operating systems to remotely connect to Studio spaces:
+ macOS 13\$1
+ Windows 10
+ [Windows 10 support ends on October 14, 2025](https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281)
+ Windows 11
+ Linux
+ For VS Code, install the official [Microsoft VS Code for Linux](https://code.visualstudio.com/docs/setup/linux), not an open-source version
## Local machine prerequisites
Before connecting your Remote IDE to Studio spaces, ensure your local machine has the required dependencies and network access.
**Important**
Environments with software installation restrictions may prevent users from installing required dependencies. The AWS Toolkit for Visual Studio Code automatically searches for these dependencies when initiating remote connections and will prompt for installation if any are missing. Coordinate with your IT department to ensure these components are available.
**Required local dependencies**
Your local machine must have the following components installed:
+ **[Remote-SSH Extension](https://code.visualstudio.com/docs/remote/ssh)** — Remote development extension for your IDE (available in the extension marketplace for VS Code, Kiro, and Cursor)
+ **[Session Manager plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html)** — Required for secure session management
+ **SSH Client** — Standard component on most machines ([OpenSSH recommended for Windows](https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse))
+ **IDE CLI Command** — Typically included with IDE installation (for example, `code` for VS Code, `kiro` for Kiro, `cursor` for Cursor)
**Platform-specific requirements**
+ **Windows users** — PowerShell 5.1 or later is required for SSH terminal connections
**Network connectivity requirements**
Your local machine must have network access to [Session Manager endpoints](https://docs.aws.amazon.com/general/latest/gr/ssm.html). For example, in US East (N. Virginia) (us-east-1) these can be:
+ ssm.us-east-1.amazonaws.com
+ ssm.us-east-1.api.aws
+ ssmmessages.us-east-1.amazonaws.com
+ ec2messages.us-east-1.amazonaws.com
## Image requirements
**SageMaker Distribution images**
When using SageMaker Distribution with remote access, use [SageMaker Distribution](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-distribution.html) version 2.7 or later.
**Custom images**
When you [Bring your own image (BYOI)](studio-updated-byoi.md) with remote access, ensure that you follow the [custom image specifications](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-updated-byoi-specs.html) and ensure the following dependencies are installed:
+ `curl` or `wget` — Required for downloading AWS CLI components
+ `unzip` — Required for extracting AWS CLI installation files
+ `tar` — Required for archive extraction
+ `gzip` — Required for compressed file handling
## Instance requirements
+ **Memory** — 8GB or more
+ **Instance types** — Use instances with at least 8GB of memory. The following instance types are *not* supported due to insufficient memory (less than 8GB): `ml.t3.medium`, `ml.c7i.large`, `ml.c6i.large`, `ml.c6id.large`, and `ml.c5.large`. For a more complete list of instance types, see the [Amazon EC2 On-Demand Pricing page](https://aws.amazon.com/ec2/pricing/on-demand/).
**Topics**
+ [
## Key concepts
](#remote-access-key-concepts)
+ [
## Connection methods
](#remote-access-connection-methods)
+ [
## Supported IDEs
](#remote-access-supported-ides)
+ [
## IDE version requirements
](#remote-access-ide-version-requirements)
+ [
## Operating system requirements
](#remote-access-os-requirements)
+ [
## Local machine prerequisites
](#remote-access-local-prerequisites)
+ [
## Image requirements
](#remote-access-image-requirements)
+ [
## Instance requirements
](#remote-access-instance-requirements)
+ [
# Set up remote access
](remote-access-remote-setup.md)
+ [
# Set up Remote IDE
](remote-access-local-ide-setup.md)
+ [
# Supported AWS Regions
](remote-access-supported-regions.md)
# Set up remote access
Before users can connect their Remote IDE to Studio spaces, the administrator must configure permissions. This section provides instructions for administrators on how to set up their Amazon SageMaker AI domain with remote access.
Different connection methods require different IAM permissions. Configure the appropriate permissions based on how your users will connect. Use the following workflow along with the permissions aligned with the connection method.
**Important**
Currently remote IDE connections are authenticated using IAM credentials, not IAM Identity Center. This applies for domains that use the IAM Identity Center [authentication method](https://docs.aws.amazon.com/sagemaker/latest/dg/onboard-custom.html#onboard-custom-authentication-details) for your users to access the domain. If you prefer not to use IAM authentication for remote connections, you can opt-out by disabling this feature using the `RemoteAccess` conditional key in your IAM policies. For more information, see [Remote access enforcement](remote-access-remote-setup-abac.md#remote-access-remote-setup-abac-remote-access-enforcement). When using IAM credentials, Remote IDE connections may maintain active sessions even after you log out of your IAM Identity Center session. Sometimes, these Remote IDE connections can persist for up to 12 hours. To ensure the security of your environment, administrators must review session duration settings where possible and be cautious when using shared workstations or public networks.
1. Choose one of the following connection method permissions that align with your users’ [Connection methods](remote-access.md#remote-access-connection-methods).
1. [Create a custom IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) based on the connection method permission.
**Topics**
+ [
## Step 1: Configure security and permissions
](#remote-access-remote-setup-permissions)
+ [
## Step 2: Enable remote access for your space
](#remote-access-remote-setup-enable)
+ [
# Advanced access control
](remote-access-remote-setup-abac.md)
+ [
# Set up Studio to run with subnets without internet access within a VPC
](remote-access-remote-setup-vpc-subnets-without-internet-access.md)
+ [
# Set up automated Studio space filtering when using the AWS Toolkit
](remote-access-remote-setup-filter.md)
## Step 1: Configure security and permissions
**Topics**
+ [
### Method 1: Deep link permissions
](#remote-access-remote-setup-method-1-deep-link-permissions)
+ [
### Method 2: AWS Toolkit permissions
](#remote-access-remote-setup-method-2-aws-toolkit-permissions)
+ [
### Method 3: SSH terminal permissions
](#remote-access-remote-setup-method-3-ssh-terminal-permissions)
**Important**
Using broad permissions for `sagemaker:StartSession`, especially with a wildcard resource `*` creates the risk that any user with this permission can initiate a session against any SageMaker Space app in the account. This can lead to the impact of data scientists unintentionally accessing other users’ SageMaker Spaces. For production environments, you should scope down these permissions to specific space ARNs to enforce the principle of least privilege. See [Advanced access control](remote-access-remote-setup-abac.md) for examples of more granular permission policies using resource ARNs, tags, and network-based constraints.
### Method 1: Deep link permissions
For users connecting via deep links from the SageMaker UI, use the following permission and attach it to your SageMaker AI [space execution role](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html#sagemaker-roles-get-execution-role-space) or [domain execution role](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html#sagemaker-roles-get-execution-role). If the space execution role is not configured, the domain execution role is used by default.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "RestrictStartSessionOnSpacesToUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:StartSession"
],
"Resource": "arn:*:sagemaker:*:*:space/${sagemaker:DomainId}/*",
"Condition": {
"ArnLike": {
"sagemaker:ResourceTag/sagemaker:user-profile-arn": "arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}"
}
}
}
]
}
```
------
### Method 2: AWS Toolkit permissions
For users connecting through the AWS Toolkit for Visual Studio Code extension, attach the following policy to one of the following:
+ For IAM authentication, attach this policy to the IAM user or role
+ For IdC authentication, attach this policy to the [Permission sets](https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetsconcept.html) managed by the IdC
To show only spaces relevant to the authenticated user, see [Filtering overview](remote-access-remote-setup-filter.md#remote-access-remote-setup-filter-overview).
**Important**
The following policy using `*` as the resource constraint is only recommended for quick testing purposes. For production environments, you should scope down these permissions to specific space ARNs to enforce the principle of least privilege. See [Advanced access control](remote-access-remote-setup-abac.md) for examples of more granular permission policies using resource ARNs, tags, and network-based constraints.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sagemaker:ListSpaces",
"sagemaker:DescribeSpace",
"sagemaker:ListApps",
"sagemaker:DescribeApp",
"sagemaker:DescribeDomain",
"sagemaker:UpdateSpace",
"sagemaker:CreateApp",
"sagemaker:DeleteApp",
"sagemaker:AddTags"
],
"Resource": "*"
},
{
"Sid": "AllowStartSessionOnSpaces",
"Effect": "Allow",
"Action": "sagemaker:StartSession",
"Resource": [
"arn:aws:sagemaker:us-east-1:111122223333:space/domain-id/space-name-1",
"arn:aws:sagemaker:us-east-1:111122223333:space/domain-id/space-name-2"
]
}
]
}
```
------
### Method 3: SSH terminal permissions
For SSH terminal connections, the `StartSession` API is called by the SSH proxy command script below, using the local AWS credentials. See [Configure the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) for information and instructions on setting up the user's local AWS credentials. To use these permissions:
1. Attach this policy to the IAM user or role associated with the local AWS credentials.
1. If using a named credential profile, modify the proxy command in your SSH config:
```
ProxyCommand '/home/user/sagemaker_connect.sh' '%h' YOUR_CREDENTIAL_PROFILE_NAME
```
**Note**
The policy needs to be attached to the IAM identity (user/role) used in your local AWS credentials configuration, not to the Amazon SageMaker AI domain execution role.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowStartSessionOnSpecificSpaces",
"Effect": "Allow",
"Action": "sagemaker:StartSession",
"Resource": [
"arn:aws:sagemaker:us-east-1:111122223333:space/domain-id/space-name-1",
"arn:aws:sagemaker:us-east-1:111122223333:space/domain-id/space-name-2"
]
}
]
}
```
------
After setup, users can run `ssh my_studio_space_abc` to start up the space. For more information, see [Method 3: Connect from the terminal via SSH CLI](remote-access-local-ide-setup.md#remote-access-local-ide-setup-local-vs-code-method-3-connect-from-the-terminal-via-ssh-cli).
## Step 2: Enable remote access for your space
After you set up the permissions, you must toggle on **Remote Access** and start your space in Studio before the user can connect using their Remote IDE. This setup only needs to be done once.
**Note**
If your users are connecting using [Method 2: AWS Toolkit permissions](#remote-access-remote-setup-method-2-aws-toolkit-permissions), you do not necessarily need this step. AWS Toolkit for Visual Studio users can enable remote access from the Toolkit.
**Activate remote access for your Studio space**
1. [Launch Amazon SageMaker Studio](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-updated-launch.html#studio-updated-launch-console).
1. Open the Studio UI.
1. Navigate to your space.
1. In the space details, toggle on **Remote Access**.
1. Choose **Run space**.
# Advanced access control
Amazon SageMaker AI supports [attribute-based access control (ABAC)](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html) to achieve fine-grained access control for Remote IDE connections using ABAC policies. The following are example ABAC policies for Remote IDE connections.
**Topics**
+ [
## Remote access enforcement
](#remote-access-remote-setup-abac-remote-access-enforcement)
+ [
## Tag-based access control
](#remote-access-remote-setup-abac-tag-based-access-control)
## Remote access enforcement
Control access to resources using the `sagemaker:RemoteAccess` condition key. This is supported by both `CreateSpace` and `UpdateSpace` APIs. The following example uses `CreateSpace`.
You can ensure that users cannot create spaces with remote access enabled. This helps maintain security by defaulting to more restricted access settings. The following policy ensures users can:
+ Create new Studio spaces where remote access is explicitly disabled
+ Create new Studio spaces without specifying any remote access settings
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "DenyCreateSpaceRemoteAccessEnabled",
"Effect": "Deny",
"Action": [
"sagemaker:CreateSpace",
"sagemaker:UpdateSpace"
],
"Resource": "arn:aws:sagemaker:*:*:space/*",
"Condition": {
"StringEquals": {
"sagemaker:RemoteAccess": [
"ENABLED"
]
}
}
},
{
"Sid": "AllowCreateSpace",
"Effect": "Allow",
"Action": [
"sagemaker:CreateSpace",
"sagemaker:UpdateSpace"
],
"Resource": "arn:aws:sagemaker:*:*:space/*"
}
]
}
```
------
## Tag-based access control
Implement [tag-based](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/what-are-tags.html) access control to restrict connections based on resource and principal tags.
You can ensure users can only access resources appropriate for their role and project assignments. You can use the following policy to:
+ Allow users to connect only to spaces that match their assigned team, environment, and cost center
+ Implement fine-grained access control based on organizational structure
In the following example, the space is tagged with the following:
```
{ "Team": "ML", "Environment": "Production", "CostCenter": "12345" }
```
You can have a role that contains the following policy to match resource and principal tags:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "RestrictStartSessionOnTaggedSpacesInDomain",
"Effect": "Allow",
"Action": [
"sagemaker:StartSession"
],
"Resource": [
"arn:aws:sagemaker:us-east-1:111122223333:space/domain-id/*"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/Team": "${aws:PrincipalTag/Team}",
"aws:ResourceTag/Environment": "${aws:PrincipalTag/Environment}",
"aws:ResourceTag/CostCenter": "${aws:PrincipalTag/CostCenter}",
"aws:ResourceTag/IDC_UserName": "${aws:PrincipalTag/IDC_UserName}"
}
}
}
]
}
```
------
When the role’s tags match, the user has permission to start the session and remotely connect to their space. See [Control access to AWS resources using tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html) for more information.
# Set up Studio to run with subnets without internet access within a VPC
This guide shows you how to connect to Amazon SageMaker Studio spaces from your Remote IDE when your Amazon SageMaker AI domain runs in private subnets without internet access. You’ll learn about connectivity requirements and setup options to establish secure remote connections in isolated network environments.
You can configure Amazon SageMaker Studio to run in VPC only mode with subnets without internet access. This setup enhances security for your machine learning workloads by operating in an isolated network environment where all traffic flows through the VPC. To enable external communications while maintaining security, use VPC endpoints for AWS services and configure VPC PrivateLink for required AWS dependencies.
**IDE support for private subnet connections**
The following table shows the supported connection methods for each Remote IDE when connecting to Studio spaces in private subnets without internet access.
| Connection method | VS Code | Kiro | Cursor |
| --- | --- | --- | --- |
| HTTP Proxy support | Supported | Supported | Not supported |
| Pre-packaged remote server and extensions | Supported | Not supported | Not supported |
**Important**
Cursor is not supported for connecting to Studio spaces in private subnets without outbound internet access.
**Topics**
+ [
## Studio remote access network requirements
](#remote-access-remote-setup-vpc-subnets-without-internet-access-network-requirements)
+ [
## Setup Studio remote access network
](#remote-access-remote-setup-vpc-subnets-without-internet-access-setup)
## Studio remote access network requirements
**VPC mode limitations** Studio in VPC mode only supports private subnets. Studio cannot work with subnets directly attached with an Internet Gateway (IGW). Remote IDE connections share the same limitations as SageMaker AI. For more information, see [Connect Studio notebooks in a VPC to external resources](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-and-internet-access.html).
### VPC PrivateLink requirements
When SageMaker AI runs in private subnets, configure these SSM VPC endpoints in addition to standard VPC endpoints required for SageMaker. For more information, see [Connect Studio Through a VPC Endpoint](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-interface-endpoint.html).
+ `com.amazonaws.REGION.ssm`
+ `com.amazonaws.REGION.ssmmessages`
**VPC endpoint policy recommendations**
The following are the recommended VPC endpoint policies that allow the necessary actions for remote access while using the `aws:PrincipalIsAWSService` condition to ensure only AWS services like Amazon SageMaker AI can make the calls. For more information about the `aws:PrincipalIsAWSService` condition key, see [the documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-principalisawsservice).
**SSM endpoint policy**
Use the following policy for the `com.amazonaws.REGION.ssm` endpoint:
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"ssm:CreateActivation",
"ssm:RegisterManagedInstance",
"ssm:DeleteActivation",
"ssm:DeregisterManagedInstance",
"ssm:AddTagsToResource",
"ssm:UpdateInstanceInformation",
"ssm:UpdateInstanceAssociationStatus",
"ssm:DescribeInstanceInformation",
"ssm:ListInstanceAssociations",
"ssm:ListAssociations",
"ssm:GetDocument",
"ssm:PutInventory"
],
"Resource": "*",
"Condition": {
"BoolIfExists": {
"aws:PrincipalIsAWSService": "true"
}
}
}
]
}
```
**SSM Messages endpoint policy**
Use the following policy for the `com.amazonaws.REGION.ssmmessages` endpoint:
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*",
"Condition": {
"BoolIfExists": {
"aws:PrincipalIsAWSService": "true"
}
}
}
]
}
```
**VS Code specific network requirements**
Remote VS Code connection requires VS Code remote development, which needs specific network access to install the remote server and extensions. See the [remote development FAQ](https://code.visualstudio.com/docs/remote/faq) in the Visual Studio Code documentation for full network requirements. The following is a summary of the requirements:
+ Access to Microsoft’s VS Code server endpoints is needed to install and update the VS Code remote server.
+ Access to Visual Studio Marketplace and related CDN endpoints is required for installing VS Code extensions through the extension panel (alternatively, extensions can be installed manually using VSIX files without internet connection).
+ Some extensions may require access to additional endpoints for downloading their specific dependencies. See the extension’s documentation for their specific connectivity requirements.
**Kiro specific network requirements**
Remote Kiro connection requires Kiro remote development, which needs specific network access to install the remote server and extensions. For firewall and proxy server configuration, see [Kiro firewall configuration](https://kiro.dev/docs/privacy-and-security/firewalls/). The requirements are similar to VS Code:
+ Access to Kiro server endpoints is needed to install and update the Kiro remote server.
+ Access to extension marketplace and related CDN endpoints is required for installing Kiro extensions through the extension panel.
+ Some extensions may require access to additional endpoints for downloading their specific dependencies. See the extension’s documentation for their specific connectivity requirements.
## Setup Studio remote access network
You have the following options to connect your Remote IDE to Studio spaces in private subnets:
+ HTTP Proxy (supported for VS Code and Kiro)
+ Pre-packaged remote server and extensions (VS Code only)
### Set up HTTP Proxy with controlled allow-listing
When your Studio space is behind a firewall or proxy, allow access to your IDE server and extension-related CDNs and endpoints.
1. Set up a public subnet to run the HTTP proxy (such as Squid), where you can configure which websites to allow. Ensure that the HTTP proxy is accessible by SageMaker spaces.
1. The public subnet can be in the same VPC used by the Studio or in separate VPC peered with all the VPCs used by Amazon SageMaker AI domains.
### Set up Pre-packaged remote server and extensions (VS Code only)
**Note**
This option is only available for Visual Studio Code. Kiro and Cursor do not support pre-packaged remote server setup.
When your Studio spaces can’t access external endpoints to download VS Code remote server and extensions, you can pre-package them. With this approach, you export a tarball containing the `.VS Code-server` directory for a specific version of VS Code. Then, you use a SageMaker AI Lifecycle Configuration (LCC) script to copy and extract the tarball into the home directory (`/home/sagemaker-user`) of the Studio spaces. This LCC-based solution works with both AWS-provided and custom images. Even when you’re not using private subnets, this approach accelerates the setup of the VS Code remote server and pre-installed extensions.
**Instructions for pre-packaging your VS Code remote server and extensions**
1. Install VS Code on your local machine.
1. Launch a Linux-based (x64) Docker container with SSH enabled, either locally or via a Studio space with internet access. We recommend using a temporary Studio space with remote access and internet enabled for simplicity.
1. Connect your installed VS Code to the local Docker container via Remote SSH or connect to the Studio space via the Studio remote VS Code feature. VS Code installs the remote server into `.VS Code-server` in the home directory in the remote container during connection. See [Example Dockerfile usage for pre-packaging your VS Code remote server and extensions](remote-access-local-ide-setup-vpc-no-internet.md#remote-access-local-ide-setup-vpc-no-internet-pre-packaged-vs-code-remote-server-and-extensions-example-dockerfile) for more information.
1. After connecting remotely, ensure you use the VS Code Default profile.
1. Install the required VS Code extensions and validate their functionality. For example, create and run a notebook to install Jupyter notebook-related extensions in the VS Code remote server.
Ensure you [install the AWS Toolkit for Visual Studio Code extension](https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/setup.html) after connecting to the remote container.
1. Archive the `$HOME/.VS Code-server` directory (for example, `VS Code-server-with-extensions-for-1.100.2.tar.gz`) in either the local Docker container or in the terminal of the remotely connected Studio space.
1. Upload the tarball to Amazon S3.
1. Create an [LCC script](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-lifecycle-configurations.html) ([Example LCC script (LCC-install-VS Code-server-v1.100.2)](remote-access-local-ide-setup-vpc-no-internet.md#remote-access-local-ide-setup-vpc-no-internet-pre-packaged-vs-code-remote-server-and-extensions-example-lcc)) that:
+ Downloads the specific archive from Amazon S3.
+ Extracts it into the home directory when a Studio space in a private subnet launches.
1. (Optional) Extend the LCC script to support per-user VS Code server tarballs stored in user-specific Amazon S3 folders.
1. (Optional) Maintain version-specific LCC scripts ([Example LCC script (LCC-install-VS Code-server-v1.100.2)](remote-access-local-ide-setup-vpc-no-internet.md#remote-access-local-ide-setup-vpc-no-internet-pre-packaged-vs-code-remote-server-and-extensions-example-lcc)) that you can attach to your spaces, ensuring compatibility between your local VS Code client and the remote server.
# Set up automated Studio space filtering when using the AWS Toolkit
Users can filter spaces in the AWS Toolkit for Visual Studio Code explorer to display only relevant spaces. This section provides information on filtering and how to set up automated filtering.
This setup only applies when using the [Method 2: AWS Toolkit in the Remote IDE](remote-access-local-ide-setup.md#remote-access-local-ide-setup-local-vs-code-method-2-aws-toolkit-in-vs-code) method to connect from your Remote IDE to Amazon SageMaker Studio spaces. See [Set up remote access](remote-access-remote-setup.md) for more information.
**Topics**
+ [
## Filtering overview
](#remote-access-remote-setup-filter-overview)
+ [
## Set up when connecting with IAM credentials
](#remote-access-remote-setup-filter-set-up-iam-credentials)
## Filtering overview
**Manual filtering** allows users to manually select which user profiles to display spaces for through the AWS Toolkit interface. This method works for all authentication types and takes precedence over automated filtering. To manually filter, see [Manual filtering](remote-access-local-ide-setup-filter.md#remote-access-local-ide-setup-filter-manual).
**Automated filtering** automatically shows only spaces relevant to the authenticated user. This filtering behavior depends on the authentication method during sign-in. See [connecting to AWS from the Toolkit](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/connect.html#connect-to-aws) in the Toolkit for VS Code User Guide for more information. The following lists the sign-in options.
+ **Authenticate and connect with SSO**: Automated filtering works by default.
+ **Authenticate and connect with IAM credentials**: Automated filtering **requires administrator setup** for the following IAM credentials. Without this setup, AWS Toolkit cannot identify which spaces belong to the user, so all spaces are shown by default.
+ **Using IAM user credentials**
+ **Using assumed IAM role session credentials**
## Set up when connecting with IAM credentials
**When using IAM user credentials**
Toolkit for VS Code can match spaces belonging to user profiles that start with the authenticated IAM user name or assumed role session name. To set this up:
**Note**
Administrators must configure Studio user profile names to follow this naming convention for automated filtering to work correctly.
+ Administrators must ensure Studio user profile names follow the naming convention:
+ For IAM users: prefix with `IAM-user-name-`
+ For assumed roles: prefix with `assumed-role-session-name-`
+ `aws sts get-caller-identity` returns the identity information used for matching
+ Spaces belonging to the matched user profiles will be automatically filtered in the Toolkit for VS Code
**When using assumed IAM role session credentials** In addition to the setup when using IAM user credentials above, you will need to ensure session ARNs include user identifiers as prefixes that match. You can configure trust policies that ensure session ARNs include user identifiers as prefixes. [Create a trust policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) and attach it to the assumed role used for authentication.
This setup is not required for direct IAM user credentials or IdC authentication.
**Set up trust policy for IAM role session credentials example** Create a trust policy that enforces role sessions to include the IAM user name. The following is an example policy:
```
{
"Statement": [
{
"Sid": "RoleTrustPolicyRequireUsernameForSessionName",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {"AWS": "arn:aws:iam::ACCOUNT:root"},
"Condition": {
"StringLike": {"sts:RoleSessionName": "${aws:username}"}
}
}
]
}
```
# Set up Remote IDE
After administrators complete the instructions in [Connect your Remote IDE to SageMaker spaces with remote access](remote-access.md), you can connect your Remote IDE to your remote SageMaker spaces.
**Topics**
+ [
## Set up your local environment
](#remote-access-local-ide-setup-local-environment)
+ [
## Connect to your Remote IDE
](#remote-access-local-ide-setup-local-vs-code)
+ [
# Connect to VPC with subnets without internet access
](remote-access-local-ide-setup-vpc-no-internet.md)
+ [
# Filter your Studio spaces
](remote-access-local-ide-setup-filter.md)
## Set up your local environment
Install your preferred Remote IDE on your local machine:
+ [Visual Studio Code](https://code.visualstudio.com/)
+ [Kiro](https://kiro.dev/)
+ [Cursor](https://cursor.com/home)
For information on the version requirements, see [IDE version requirements](remote-access.md#remote-access-ide-version-requirements).
## Connect to your Remote IDE
Before you can establish a connection from your Remote IDE to your remote SageMaker spaces, your administrator must [Set up remote access](remote-access-remote-setup.md). Your administrator sets up a specific method for you to establish a connection. Choose the method that was set up for you.
**Topics**
+ [
### Method 1: Deep link from Studio UI
](#remote-access-local-ide-setup-local-vs-code-method-1-deep-link-from-studio-ui)
+ [
### Method 2: AWS Toolkit in the Remote IDE
](#remote-access-local-ide-setup-local-vs-code-method-2-aws-toolkit-in-vs-code)
+ [
### Method 3: Connect from the terminal via SSH CLI
](#remote-access-local-ide-setup-local-vs-code-method-3-connect-from-the-terminal-via-ssh-cli)
### Method 1: Deep link from Studio UI
Use the following procedure to establish a connection using deep link.
1. [Launch Amazon SageMaker Studio](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-updated-launch.html#studio-updated-launch-console).
1. In the Studio UI, navigate to your space.
1. Choose **Open in VS Code**, **Open in Kiro**, or **Open in Cursor** button for your preferred IDE. Ensure that your preferred IDE is already installed on your local computer.
1. When prompted, confirm to open your IDE. Your IDE opens with another pop-up to confirm. Once completed, the remote connection is established.
### Method 2: AWS Toolkit in the Remote IDE
Use the following procedure to establish a connection using the AWS Toolkit for Visual Studio Code. This method is available for VS Code, Kiro, and Cursor.
1. Open your Remote IDE (VS Code, Kiro, or Cursor).
1. Open the AWS Toolkit extension.
1. [Connect to AWS](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/connect.html).
1. In the AWS Explorer, expand **SageMaker AI**, then expand **Studio**.
1. Find your Studio space.
1. Choose the **Connect** icon next to your space to start it.
**Note**
Stop and restart the space in the Toolkit for Visual Studio to enable remote access, if not already connected.
If the space is not using a supported [instance size](https://docs.aws.amazon.com/sagemaker/latest/dg/remote-access.html#remote-access-instance-requirements), you will be asked to change the instance.
### Method 3: Connect from the terminal via SSH CLI
Choose one of the following platform options to view the procedure to establish a connection using the SSH CLI.
**Note**
Ensure that you have the latest versions of the [Local machine prerequisites](remote-access.md#remote-access-local-prerequisites) installed before following the instructions below.
If you [Bring your own image (BYOI)](studio-updated-byoi.md), ensure you have installed the required dependencies listed in [Image requirements](remote-access.md#remote-access-image-requirements) before proceeding
------
#### [ Linux/macOS ]
Create a shell script (for example, `/home/user/sagemaker_connect.sh`):
```
#!/bin/bash
# Disable the -x option if printing each command is not needed.
set -exuo pipefail
SPACE_ARN="$1"
AWS_PROFILE="${2:-}"
# Validate ARN and extract region
if [[ "$SPACE_ARN" =~ ^arn:aws[-a-z]*:sagemaker:([a-z0-9-]+):[0-9]{12}:space\/[^\/]+\/[^\/]+$ ]]; then
AWS_REGION="${BASH_REMATCH[1]}"
else
echo "Error: Invalid SageMaker Studio Space ARN format."
exit 1
fi
# Optional profile flag
PROFILE_ARG=()
if [[ -n "$AWS_PROFILE" ]]; then
PROFILE_ARG=(--profile "$AWS_PROFILE")
fi
# Start session
START_SESSION_JSON=$(aws sagemaker start-session \
--resource-identifier "$SPACE_ARN" \
--region "${AWS_REGION}" \
"${PROFILE_ARG[@]}")
# Extract fields using grep and sed
SESSION_ID=$(echo "$START_SESSION_JSON" | grep -o '"SessionId": "[^"]*"' | sed 's/.*: "//;s/"$//')
STREAM_URL=$(echo "$START_SESSION_JSON" | grep -o '"StreamUrl": "[^"]*"' | sed 's/.*: "//;s/"$//')
TOKEN=$(echo "$START_SESSION_JSON" | grep -o '"TokenValue": "[^"]*"' | sed 's/.*: "//;s/"$//')
# Validate extracted values
if [[ -z "$SESSION_ID" || -z "$STREAM_URL" || -z "$TOKEN" ]]; then
echo "Error: Failed to extract session information from sagemaker start session response."
exit 1
fi
# Call session-manager-plugin
session-manager-plugin \
"{\"streamUrl\":\"$STREAM_URL\",\"tokenValue\":\"$TOKEN\",\"sessionId\":\"$SESSION_ID\"}" \
"$AWS_REGION" "StartSession"
```
1. Make the script executable:
```
chmod +x /home/user/sagemaker_connect.sh
```
1. Configure `$HOME/.ssh/config` to add the following entry:
```
Host space-name
HostName 'arn:PARTITION:sagemaker:us-east-1:111122223333:space/domain-id/space-name'
ProxyCommand '/home/user/sagemaker_connect.sh' '%h'
ForwardAgent yes
AddKeysToAgent yes
StrictHostKeyChecking accept-new
```
For example, the `PARTITION` can be `aws`.
If you need to use a [named AWS credential profile](https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-files.html#cli-configure-files-using-profiles), change the proxy command as follows:
```
ProxyCommand '/home/user/sagemaker_connect.sh' '%h' YOUR_CREDENTIAL_PROFILE_NAME
```
+ Connect via SSH or run SCP command:
```
ssh space-name
scp file_abc space-name:/tmp/
```
------
#### [ Windows ]
**Prerequisites for Windows:**
+ PowerShell 5.1 or later
+ SSH client (OpenSSH recommended)
Create a PowerShell script (for example, `C:\Users\user-name\sagemaker_connect.ps1`):
```
# sagemaker_connect.ps1
param(
[Parameter(Mandatory=$true)]
[string]$SpaceArn,
[Parameter(Mandatory=$false)]
[string]$AwsProfile = ""
)
# Enable error handling
$ErrorActionPreference = "Stop"
# Validate ARN and extract region
if ($SpaceArn -match "^arn:aws[-a-z]*:sagemaker:([a-z0-9-]+):[0-9]{12}:space\/[^\/]+\/[^\/]+$") {
$AwsRegion = $Matches[1]
} else {
Write-Error "Error: Invalid SageMaker Studio Space ARN format."
exit 1
}
# Build AWS CLI command
$awsCommand = @("sagemaker", "start-session", "--resource-identifier", $SpaceArn, "--region", $AwsRegion)
if ($AwsProfile) {
$awsCommand += @("--profile", $AwsProfile)
}
try {
# Start session and capture output
Write-Host "Starting SageMaker session..." -ForegroundColor Green
$startSessionOutput = & aws @awsCommand
# Try to parse JSON response
try {
$sessionData = $startSessionOutput | ConvertFrom-Json
} catch {
Write-Error "Failed to parse JSON response: $_"
Write-Host "Raw response was:" -ForegroundColor Yellow
Write-Host $startSessionOutput
exit 1
}
$sessionId = $sessionData.SessionId
$streamUrl = $sessionData.StreamUrl
$token = $sessionData.TokenValue
# Validate extracted values
if (-not $sessionId -or -not $streamUrl -or -not $token) {
Write-Error "Error: Failed to extract session information from sagemaker start session response."
Write-Host "Parsed response was:" -ForegroundColor Yellow
Write-Host ($sessionData | ConvertTo-Json)
exit 1
}
Write-Host "Session started successfully. Connecting..." -ForegroundColor Green
# Create session manager plugin command
$sessionJson = @{
streamUrl = $streamUrl
tokenValue = $token
sessionId = $sessionId
} | ConvertTo-Json -Compress
# Escape the JSON string
$escapedJson = $sessionJson -replace '"', '\"'
# Call session-manager-plugin
& session-manager-plugin "$escapedJson" $AwsRegion "StartSession"
} catch {
Write-Error "Failed to start session: $_"
exit 1
}
```
+ Configure `C:\Users\user-name\.ssh\config` to add the following entry:
```
Host space-name
HostName "arn:aws:sagemaker:us-east-1:111122223333:space/domain-id/space-name"
ProxyCommand "C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -File "C:\\Users\\user-name\\sagemaker_connect.ps1" "%h"
ForwardAgent yes
AddKeysToAgent yes
User sagemaker-user
StrictHostKeyChecking accept-new
```
------
# Connect to VPC with subnets without internet access
Before connecting your Remote IDE to Studio spaces in private subnets without internet access, ensure your administrator has [Set up Studio to run with subnets without internet access within a VPC](remote-access-remote-setup-vpc-subnets-without-internet-access.md).
You have the following options to connect your Remote IDE to Studio spaces in private subnets:
+ Set up HTTP Proxy (supported for VS Code and Kiro)
+ Pre-packaged remote server and extensions (VS Code only)
**Important**
Cursor is not supported for connecting to Studio spaces in private subnets without outbound internet access.
**Topics**
+ [
## HTTP Proxy with controlled allow-listing
](#remote-access-local-ide-setup-vpc-no-internet-http-proxy-with-controlled-allow-listing)
+ [
## Pre-packaged remote server and extensions (VS Code only)
](#remote-access-local-ide-setup-vpc-no-internet-pre-packaged-vs-code-remote-server-and-extensions)
## HTTP Proxy with controlled allow-listing
When your Studio space is behind a firewall or proxy, ask your administrator to allow access to your IDE server and extension-related CDNs and endpoints. For more information, see [Set up HTTP Proxy with controlled allow-listing](remote-access-remote-setup-vpc-subnets-without-internet-access.md#remote-access-remote-setup-vpc-subnets-without-internet-access-setup-http-proxy-with-controlled-allow-listing).
------
#### [ VS Code ]
Configure the HTTP proxy for VS Code remote development by providing the proxy URL with the `remote.SSH.httpProxy` or `remote.SSH.httpsProxy` setting.
**Note**
Consider enabling "Remote.SSH: Use Curl And Wget Configuration Files" to use the configuration from the remote environment’s `curlrc` and `wgetrc` files. This is so that the `curlrc` and `wgetrc` files, placed in their respective default locations in the SageMaker space, can be used for enabling certain cases.
------
#### [ Kiro ]
Configure the HTTP proxy for Kiro remote development by setting the `aws.sagemaker.ssh.kiro.httpsProxy` setting to your HTTP or HTTPS proxy endpoint.
If you use MCP (Model Context Protocol) servers in Kiro, you also need to add the proxy environment variables to your MCP server configuration:
```
"env": {
"http_proxy": "${http_proxy}",
"https_proxy": "${https_proxy}"
}
```
------
This option works when you are allowed to set up HTTP proxy and lets you install additional extensions flexibly, as some extensions require a public endpoint.
## Pre-packaged remote server and extensions (VS Code only)
**Note**
This option is only available for Visual Studio Code. Kiro and Cursor do not support pre-packaged remote server setup.
When your Studio spaces can’t access external endpoints to download VS Code remote server and extensions, you can pre-package them. With this approach, your administrator can export a tarball containing the `.VS Code-server` directory for a specific version of VS Code. Then, the administrator uses a SageMaker AI Lifecycle Configuration (LCC) script to copy and extract the tarball into your home directory (`/home/sagemaker-user`). For more information, see [Set up Pre-packaged remote server and extensions (VS Code only)](remote-access-remote-setup-vpc-subnets-without-internet-access.md#remote-access-remote-setup-vpc-subnets-without-internet-access-setup-pre-packaged-vs-code-remote-server-and-extensions).
**Instructions for using pre-packaging for your VS Code remote server and extensions**
1. Install VS Code on your local machine
1. When you connect to the SageMaker space:
+ Use the Default profile to ensure compatibility with pre-packaged extensions. Otherwise, you’ll need to install extensions using downloaded VSIX files after connecting to the Studio space.
+ Choose a VS Code version specific LCC script to attach to the space when you launch the space.
### Example Dockerfile usage for pre-packaging your VS Code remote server and extensions
The following is a sample Dockerfile to launch a local container with SSH server pre-installed, if it is not possible to create a space with remote access and internet enabled.
**Note**
In this example the SSH server does not require authentication and is only used for exporting the VS Code remote server.
The container should be built and run on an x64 architecture.
```
FROM amazonlinux:2023
# Install OpenSSH server and required tools
RUN dnf install -y \
openssh-server \
shadow-utils \
passwd \
sudo \
tar \
gzip \
&& dnf clean all
# Create a user with no password
RUN useradd -m -s /bin/bash sagemaker-user && \
passwd -d sagemaker-user
# Add sagemaker-user to sudoers via wheel group
RUN usermod -aG wheel sagemaker-user && \
echo 'sagemaker-user ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/sagemaker-user && \
chmod 440 /etc/sudoers.d/sagemaker-user
# Configure SSH to allow empty passwords and password auth
RUN sed -i 's/^#\?PermitEmptyPasswords .*/PermitEmptyPasswords yes/' /etc/ssh/sshd_config && \
sed -i 's/^#\?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
# Generate SSH host keys
RUN ssh-keygen -A
# Expose SSH port
EXPOSE 22
WORKDIR /home/sagemaker-user
USER sagemaker-user
# Start SSH server
CMD ["bash"]
```
Use the following commands to build and run the container:
```
# Build the image
docker build . -t remote_server_export
# Run the container
docker run --rm -it -d \
-v /tmp/remote_access/.VS Code-server:/home/sagemaker-user/.VS Code-server \
-p 2222:22 \
--name remote_server_export \
remote_server_export
# change the permisson for the mounted folder
docker exec -i remote_server_export \
bash -c 'sudo chown sagemaker-user:sagemaker-user ~/.VS Code-server'
# start the ssh server in the container
docker exec -i remote_server_export bash -c 'sudo /usr/sbin/sshd -D &'
```
Connect using the following command:
```
ssh sagemaker-user@localhost -p 2222
```
Before this container can be connected, configure the following in the `.ssh/config` file. Afterwards you will be able to see the `remote_access_export` as a host name in the remote SSH side panel when connecting. For example:
```
Host remote_access_export
HostName localhost
User=sagemaker-user
Port 2222
ForwardAgent yes
```
Archive `/tmp/remote_access/.VS Code-server` and follow the steps in Pre-packaged VS Code remote server and extensions to connect and install the extension. After unzipping, ensure that the `.VS Code-server` folder shows as the parent folder.
```
cd /tmp/remote_access/
sudo tar -czvf VS Code-server-with-extensions-for-1.100.2.tar.gz .VS Code-server
```
### Example LCC script (LCC-install-VS Code-server-v1.100.2)
The following is an example of how to install a specific version of VS Code remote server.
```
#!/bin/bash
set -x
remote_server_file=VS Code-server-with-extensions-for-1.100.2.tar.gz
if [ ! -d "${HOME}/.VS Code-server" ]; then
cd /tmp
aws s3 cp s3://S3_BUCKET/remote_access/${remote_server_file} .
tar -xzvf ${remote_server_file}
mv .VS Code-server "${HOME}"
rm ${remote_server_file}
else
echo "${HOME}/.VS Code-server already exists, skipping download and install."
fi
```
# Filter your Studio spaces
You can use filtering to display only the relevant Amazon SageMaker AI spaces in the AWS Toolkit for Visual Studio Code explorer. The following provides information on manual filtering and automated filtering. For more information on the definitions of manual and automatic filtering, see [Filtering overview](remote-access-remote-setup-filter.md#remote-access-remote-setup-filter-overview).
This setup only applies when using the [Method 2: AWS Toolkit in the Remote IDE](remote-access-local-ide-setup.md#remote-access-local-ide-setup-local-vs-code-method-2-aws-toolkit-in-vs-code) method to connect from your Remote IDE to Amazon SageMaker Studio spaces. See [Set up remote access](remote-access-remote-setup.md) for more information.
**Topics**
+ [
## Manual filtering
](#remote-access-local-ide-setup-filter-manual)
+ [
## Automatic filtering setup when using IAM credentials to sign-in
](#remote-access-local-ide-setup-filter-automatic-IAM-credentials)
## Manual filtering
To manually filter displayed spaces:
+ Open your Remote IDE and navigate to the Toolkit for VS Code side panel explorer
+ Find the **SageMaker AI** section
+ Choose the filter icon on the right of the SageMaker AI section header. This will open a dropdown menu.
+ In the dropdown menu, select the user profiles for which you want to display spaces
## Automatic filtering setup when using IAM credentials to sign-in
Automated filtering depends on the authentication method during sign-in. See [Connecting to AWS from the Toolkit](https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/connect.html#connect-to-aws) in the Toolkit for VS Code User Guide for more information.
When you authenticate and connect with **IAM Credentials**, automated filtering requires [Set up when connecting with IAM credentials](remote-access-remote-setup-filter.md#remote-access-remote-setup-filter-set-up-iam-credentials). Without this setup, if users opt-in for identity filtering, no spaces will be shown.
Once the above is set up, AWS Toolkit matches spaces belonging to user profiles that start with the authenticated IAM user name or assumed role session name.
Automatic filtering is opt-in for users:
+ Open your Remote IDE settings
+ Navigate to the **AWS Toolkit** extension
+ Find **Enable Identity Filtering**
+ Choose to enable automatic filtration of spaces based on your AWS identity
# Supported AWS Regions
The following table lists the AWS Regions where Remote IDE connections to Studio spaces are supported, along with the IDEs available in each Region.
| AWS Region | VS Code | Kiro | Cursor |
| --- | --- | --- | --- |
| us-east-1 | Supported | Supported | Supported |
| us-east-2 | Supported | Supported | Supported |
| us-west-1 | Supported | Supported | Supported |
| us-west-2 | Supported | Supported | Supported |
| af-south-1 | Supported | Supported | Supported |
| ap-east-1 | Supported | Supported | Supported |
| ap-south-1 | Supported | Supported | Supported |
| ap-northeast-1 | Supported | Supported | Supported |
| ap-northeast-2 | Supported | Supported | Supported |
| ap-northeast-3 | Supported | Supported | Supported |
| ap-southeast-1 | Supported | Supported | Supported |
| ap-southeast-2 | Supported | Supported | Supported |
| ap-southeast-3 | Supported | Supported | Supported |
| ap-southeast-5 | Supported | Supported | Supported |
| ca-central-1 | Supported | Supported | Supported |
| eu-central-1 | Supported | Supported | Supported |
| eu-central-2 | Supported | Supported | Supported |
| eu-north-1 | Supported | Supported | Supported |
| eu-south-1 | Supported | Supported | Supported |
| eu-south-2 | Supported | Supported | Supported |
| eu-west-1 | Supported | Supported | Supported |
| eu-west-2 | Supported | Supported | Supported |
| eu-west-3 | Supported | Supported | Supported |
| il-central-1 | Supported | Supported | Supported |
| me-central-1 | Supported | Not supported | Not supported |
| me-south-1 | Supported | Not supported | Not supported |
| sa-east-1 | Supported | Supported | Supported |
# Bring your own image (BYOI)
An image is a file that identifies the kernels, language packages, and other dependencies required to run your applications. It includes:
+ Programming languages (like Python or R)
+ Kernels
+ Libraries and packages
+ Other necessary software
Amazon SageMaker Distribution (`sagemaker-distribution`) is a set of Docker images that include popular frameworks and packages for machine learning, data science, and visualization. For more information, see [SageMaker Studio image support policy](sagemaker-distribution.md).
If you need different functionality, you can bring your own image (BYOI). You may want to create a custom image if:
+ You need a specific version of a programming language or library
+ You want to include custom tools or packages
+ You're working with specialized software not available in the standard images
## Key terminology
The following section defines key terms for bringing your own image to use with SageMaker AI.
+ **Dockerfile:** A text-based document with instructions for building a Docker image. This identifies the language packages and other dependencies for your Docker image.
+ **Docker image:** A packaged set of software and dependencies built from a Dockerfile.
+ **SageMaker AI image store:** A storage of your custom images in SageMaker AI.
**Topics**
+ [
## Key terminology
](#studio-updated-byoi-basics)
+ [
# Custom image specifications
](studio-updated-byoi-specs.md)
+ [
# How to bring your own image
](studio-updated-byoi-how-to.md)
+ [
# Launch a custom image in Studio
](studio-updated-byoi-how-to-launch.md)
+ [
# View your custom image details
](studio-updated-byoi-view-images.md)
+ [
# Speed up container startup with SOCI
](soci-indexing.md)
+ [
# Detach and clean up custom image resources
](studio-updated-byoi-how-to-detach-from-domain.md)
# Custom image specifications
The image that you specify in your Dockerfile must match the specifications in the following sections to create the image successfully.
**Topics**
+ [
## Running the image
](#studio-updated-byoi-specs-run)
+ [
## Specifications for the user and file system
](#studio-updated-byoi-specs-user-and-filesystem)
+ [
## Health check and URL for applications
](#studio-updated-byoi-specs-app-healthcheck)
+ [
## Dockerfile samples
](#studio-updated-byoi-specs-dockerfile-templates)
## Running the image
The following configurations can be made by updating your [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ContainerConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ContainerConfig.html). For an example, see [Update container configuration](studio-updated-byoi-how-to-container-configuration.md).
+ `Entrypoint` – You can configure `ContainerEntrypoint` and `ContainerArguments` that are passed to the container at runtime. We recommend configuring your entry point using `ContainerConfig`. See the above link for an example.
+ `EnvVariables` – When using Studio, you can define custom `ContainerEnvironment` variables for your container. You can optionally update your environmental variables using `ContainerConfig`. See the above link for an example.
SageMaker AI-specific environment variables take precedence and will override any variables with the same names. For example, SageMaker AI automatically provides environment variables prefixed with `AWS_` and `SAGEMAKER_` to ensure proper integration with AWS services and SageMaker AI functionality. The following are a few example SageMaker AI-specific environment variables:
+ `AWS_ACCOUNT_ID`
+ `AWS_REGION`
+ `AWS_DEFAULT_REGION`
+ `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI`
+ `SAGEMAKER_SPACE_NAME`
+ `SAGEMAKER_APP_TYPE`
## Specifications for the user and file system
+ `WorkingDirectory` – The Amazon EBS volume for your space is mounted on the path `/home/sagemaker-user`. You can't change the mount path. Use the `WORKDIR` instruction to set the working directory of your image to a folder within `/home/sagemaker-user`.
+ `UID` – The user ID of the Docker container. UID=1000 is a supported value. You can add sudo access to your users. The IDs are remapped to prevent a process running in the container from having more privileges than necessary.
+ `GID` – The group ID of the Docker container. GID=100 is a supported value. You can add sudo access to your users. The IDs are remapped to prevent a process running in the container from having more privileges than necessary.
+ Metadata directories – The `/opt/.sagemakerinternal` and `/opt/ml` directories that are used by AWS. The metadata file in `/opt/ml` contains metadata about resources such as `DomainId`.
Use the following command to show the file system contents:
```
cat /opt/ml/metadata/resource-metadata.json
```
+ Logging directories – `/var/log/studio` are reserved for the logging directories of your applications and the extensions associated with it. We recommend that you don't use these folders in creating your image.
## Health check and URL for applications
The health check and URL depend on the applications. Choose the following link associated with the application you are building the image for.
+ [Health check and URL for applications](code-editor-custom-images.md#code-editor-custom-images-app-healthcheck) for Code Editor
+ [Health check and URL for applications](studio-updated-jl-admin-guide-custom-images.md#studio-updated-jl-admin-guide-custom-images-app-healthcheck) for JupyterLab
## Dockerfile samples
For Dockerfile samples that meet both the requirements on this page and your specific application needs, navigate to the sample Dockerfiles in the respective application's section. The following options include Amazon SageMaker Studio applications.
+ [Dockerfile examples](code-editor-custom-images.md#code-editor-custom-images-dockerfile-templates) for Code Editor
+ [Dockerfile examples](studio-updated-jl-admin-guide-custom-images.md#studio-updated-jl-custom-images-dockerfile-templates) for JupyterLab
**Note**
If you are bringing your own image to SageMaker Unified Studio, you will need to follow the [Dockerfile specifications](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/byoi-specifications.html) in the *Amazon SageMaker Unified Studio User Guide*.
`Dockerfile` examples for SageMaker Unified Studio can be found in [Dockerfile example](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/byoi-specifications.html#byoi-specifications-example) in the *Amazon SageMaker Unified Studio User Guide*.
# How to bring your own image
The following pages will provide instructions on how to bring your own custom image. Ensure that the following prerequisites are satisfied before continuing.
## Prerequisites
You will need to complete the following prerequisites to bring your own image to Amazon SageMaker AI.
+ Set up the Docker application. For more information, see [Get started](https://docs.docker.com/get-started/) in the *Docker documentation*.
+ Install the latest AWS CLI by following the steps in [Getting started with the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) in the *AWS Command Line Interface User Guide for Version 2*.
+ Permissions to access the Amazon Elastic Container Registry (Amazon ECR) service. For more information, see [Amazon ECR Managed Policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html) in the *Amazon ECR User Guide*.
+ An AWS Identity and Access Management role that has the [AmazonSageMakerFullAccess](https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/AmazonSageMakerFullAccess) policy attached.
**Topics**
+ [
## Prerequisites
](#studio-updated-byoi-how-to-prerequisites)
+ [
# Create a custom image and push to Amazon ECR
](studio-updated-byoi-how-to-prepare-image.md)
+ [
# Attach your custom image to your domain
](studio-updated-byoi-how-to-attach-to-domain.md)
+ [
# Update container configuration
](studio-updated-byoi-how-to-container-configuration.md)
# Create a custom image and push to Amazon ECR
This page provides instructions on how to create a local Dockerfile, build the container image, and add it to Amazon Elastic Container Registry (Amazon ECR).
**Note**
In the following examples, the tags are not specified, and the tag `latest` is applied by default. If you would like to specify a tag, you will need to append `:tag` to end of the image names. For more information, see [docker image tag](https://docs.docker.com/reference/cli/docker/image/tag/) in the *Docker documentation*.
**Topics**
+ [
## Create a local Dockerfile and build the container image
](#studio-updated-byoi-how-to-create-local-dockerfile)
+ [
## Add a Docker image to Amazon ECR
](#studio-updated-byoi-add-container-image)
## Create a local Dockerfile and build the container image
Use the following instructions to create a Dockerfile with your desired software and dependencies.
**To create your Dockerfile**
1. First set your variables for the AWS CLI commands that follow.
```
LOCAL_IMAGE_NAME=local-image-name
```
`local-image-name` is the name of the container image on your local device, that you define here.
1. Create a text-based document, named `Dockerfile`, that meet the specifications in [Custom image specifications](studio-updated-byoi-specs.md).
`Dockerfile` examples for supported applications can be found in [Dockerfile samples](studio-updated-byoi-specs.md#studio-updated-byoi-specs-dockerfile-templates).
**Note**
If you are bringing your own image to SageMaker Unified Studio, you will need to follow the [Dockerfile specifications](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/byoi-specifications.html) in the *Amazon SageMaker Unified Studio User Guide*.
`Dockerfile` examples for SageMaker Unified Studio can be found in [Dockerfile example](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/byoi-specifications.html#byoi-specifications-example) in the *Amazon SageMaker Unified Studio User Guide*.
1. In the directory containing your `Dockerfile`, build the Docker image using the following command. The period (`.`) specifies that the `Dockerfile` should be in the context of the build command.
```
docker build -t ${LOCAL_IMAGE_NAME} .
```
After the build completes, you can list your container image information with the following command.
```
docker images
```
1. (Optional) You can test your image by using the following command.
```
docker run -it ${LOCAL_IMAGE_NAME}
```
In the output you will find that your server is running at a URL, like `http://127.0.0.1:8888/...`. You can test the image by copying the URL into the browser.
If this does not work, you may need to include `-p port:port` in the docker run command. This option maps the exposed port on the container to a port on the host system. For more information about docker run, see the [Running containers](https://docs.docker.com/engine/containers/run/) in the *Docker documentation*.
Once you have verified that the server is working, you can stop the server and shut down all kernels before continuing. The instructions are viewable the output.
## Add a Docker image to Amazon ECR
To add a container image to Amazon ECR, you will need to do the following.
+ Create an Amazon ECR repository.
+ Log in to your default registry.
+ Push the image to the Amazon ECR repository.
**Note**
The Amazon ECR repository must be in the same AWS Region as the domain you are attaching the image to.
**To build and push the container image to Amazon ECR**
1. First set your variables for the AWS CLI commands that follow.
```
ACCOUNT_ID=account-id
REGION=aws-region
ECR_REPO_NAME=ecr-repository-name
```
+ `account-id` is your account ID. You can find this at the top right of any AWS console page. For example, the [SageMaker AI console](https://console.aws.amazon.com/sagemaker).
+ `aws-region` is the AWS Region of your Amazon SageMaker AI domain. You can find this at the top right of any AWS console page.
+ `ecr-repository-name` is the name of your Amazon Elastic Container Registry repository, that you define here. To view your Amazon ECR repositories, see the [Amazon ECR console](https://console.aws.amazon.com/ecr).
1. Log in to Amazon ECR and sign in to Docker.
```
aws ecr get-login-password \
--region ${REGION} | \
docker login \
--username AWS \
--password-stdin ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com
```
On a successful authentication, you will receive a succeeded log in message.
**Important**
If you receive an error, you may need to install or upgrade to the latest version of the AWS CLI. For more information, see [Installing the AWS Command Line Interface](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) in the *AWS Command Line Interface User Guide*.
1. Tag the image in a format compatible with Amazon ECR, to push to your repository.
```
docker tag \
${LOCAL_IMAGE_NAME} \
${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/${ECR_REPO_NAME}
```
1. Create an Amazon ECR repository using the AWS CLI. To create the repository using the Amazon ECR console, see [Creating an Amazon ECR private repository to store images](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html).
```
aws ecr create-repository \
--region ${REGION} \
--repository-name ${ECR_REPO_NAME}
```
1. Push the image to your Amazon ECR repository. You can also tag the Docker image.
```
docker push ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/${ECR_REPO_NAME}
```
Once the image has been successfully added to your Amazon ECR repository, you can view it in the [Amazon ECR console](https://console.aws.amazon.com/ecr).
# Attach your custom image to your domain
This page provides instructions on how to attach your custom image to your domain. Use the following procedure to use the Amazon SageMaker AI console to navigate to your domain and start the **Attach image** process.
The following instructions assume that you have pushed an image to a Amazon ECR repository in the same AWS Region as your domain. If you have not already done so, see [Create a custom image and push to Amazon ECR](studio-updated-byoi-how-to-prepare-image.md).
When you choose to attach an image, you will have two options:
+ Attach a **New image**: This option will create an image and image version in your SageMaker AI image store and then attach it to your domain.
**Note**
If you are continuing the BYOI process, from [Create a custom image and push to Amazon ECR](studio-updated-byoi-how-to-prepare-image.md), use the **New image** option.
+ Attach an **Existing image**: If you have already created your intended custom image in the SageMaker AI image store, use this option. This option attaches an existing custom image to your domain. To view your custom images in the SageMaker AI image store, see [View custom image details (console)](studio-updated-byoi-view-images.md#studio-updated-byoi-view-images-console).
------
#### [ New image ]
**To attach a new image to your domain**
1. Open the [SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. Expand the **Admin configurations** section, if not already done so.
1. Under **Admin configurations**, choose **Domains**.
1. From the list of **Domains**, select the domain you want to attach the image to.
**Note**
If you are attaching the image to a SageMaker Unified Studio project and you need clarification on which domain to use, see [View the SageMaker AI domain details associated with your project](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/view-project-details.html#view-project-details-smai-domain).
1. Open the **Environment** tab.
1. In the **Custom images for personal Studio apps** section, choose **Attach image**.
1. For the **Image source**, choose **New image**.
1. Include your Amazon ECR image URI. The format is as follows.
```
account-id.dkr.ecr.aws-region.amazonaws.com/repository-name:tag
```
1. To obtain your Amazon ECR image URI, navigate to your [Amazon ECR private repositories](https://console.aws.amazon.com/ecr/private-registry/repositories) page.
1. Choose your repository name link.
1. Choose the **Copy URI** icon that corresponds to your image version (**Image tag**).
1. Follow the rest of the instructions to attach your custom image.
**Note**
Ensure that you are using the application type consistent with your `Dockerfile`. For more information, see [Dockerfile samples](studio-updated-byoi-specs.md#studio-updated-byoi-specs-dockerfile-templates).
Once the image has been successfully attached to your domain, you will be able to view it in the **Environment** tab.
------
#### [ Existing image ]
**To attach an existing image to your domain**
1. Open the [SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. Expand the **Admin configurations** section, if not already done so.
1. Under **Admin configurations**, choose **Domains**.
1. From the list of **Domains**, select the domain you want to attach the image to.
**Note**
If you are attaching the image to a SageMaker Unified Studio project and you need clarification on which domain to use, see [View the SageMaker AI domain details associated with your project](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/view-project-details.html#view-project-details-smai-domain).
1. Open the **Environment** tab.
1. In the **Custom images for personal Studio apps** section, choose **Attach image**.
1. For the **Image source**, choose **Existing image**.
1. Choose an existing image and image version from the SageMaker AI image store.
If you are unable to view your image version, you may need to create an image version. For more information, see [View custom image details (console)](studio-updated-byoi-view-images.md#studio-updated-byoi-view-images-console).
1. Follow the rest of the instructions to attach your custom image.
**Note**
Ensure that you are using the application type consistent with your `Dockerfile`. For more information, see [Dockerfile samples](studio-updated-byoi-specs.md#studio-updated-byoi-specs-dockerfile-templates).
Once the image has been successfully attached to your domain, you will be able to view it in the **Environment** tab.
------
Once your image has been successfully attached to your domain, the domain users can choose the image for their application. For more information, see [Launch a custom image in Studio](studio-updated-byoi-how-to-launch.md).
**Note**
If you have attached a custom image to your SageMaker Unified Studio project, you will need to launch the application from within SageMaker Unified Studio. For more information, see [Launch your custom image](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/byoi-launch-custom-image.html) in the *Amazon SageMaker Unified Studio User Guide*.
# Update container configuration
You can bring custom Docker images into your machine learning workflows. A key aspect of customizing these images is configuring the container configurations, or [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ContainerConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ContainerConfig.html). The following page provides an example on how to configure your `ContainerConfig`.
An entrypoint is the command or script that runs when the container starts. Custom entrypoints enable you to set up your environment, initialize services, or perform any necessary setup before your application launches.
This example provides instructions on how to configure a custom entrypoint, for your JupyterLab application, using the AWS CLI. This example assumes that you have already created a custom image and domain. For instructions, see [Attach your custom image to your domain](studio-updated-byoi-how-to-attach-to-domain.md).
1. First set your variables for the AWS CLI commands that follow.
```
APP_IMAGE_CONFIG_NAME=app-image-config-name
ENTRYPOINT_FILE=entrypoint-file-name
ENV_KEY=environment-key
ENV_VALUE=environment-value
REGION=aws-region
DOMAIN_ID=domain-id
IMAGE_NAME=custom-image-name
IMAGE_VERSION=custom-image-version
```
+ `app-image-config-name` is the name of your application image configuration.
+ `entrypoint-file-name` is the name of your container's entrypoint script. For example, `entrypoint.sh`.
+ `environment-key` is the name of your environment variable.
+ `environment-value` is the value assigned to your environment variable.
+ `aws-region` is the AWS Region of your Amazon SageMaker AI domain. You can find this at the top right of any AWS console page.
+ `domain-id` is your domain ID. To view your domains, see [View domains](domain-view.md).
+ `custom-image-name` is the name of your custom image. To view your custom image details, see [View custom image details (console)](studio-updated-byoi-view-images.md#studio-updated-byoi-view-images-console).
If you followed the instructions in [Attach your custom image to your domain](studio-updated-byoi-how-to-attach-to-domain.md), you may want to use the same image name you used in that process.
+ `custom-image-version` is the version number of your custom image. This should be an integer, representing the version of your image. To view your custom image details, see [View custom image details (console)](studio-updated-byoi-view-images.md#studio-updated-byoi-view-images-console).
1. Use the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAppImageConfig.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAppImageConfig.html) API to create an image configuration.
```
aws sagemaker create-app-image-config \
--region ${REGION} \
--app-image-config-name "${APP_IMAGE_CONFIG_NAME}" \
--jupyter-lab-app-image-config "ContainerConfig = {
ContainerEntrypoint = "${ENTRYPOINT_FILE}",
ContainerEnvironmentVariables = {
"${ENV_KEY}"="${ENV_VALUE}"
}
}"
```
1. Use the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateDomain.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateDomain.html) API to update the default settings for your domain. This will attach the custom image as well as the application image configuration.
```
aws sagemaker update-domain \
--region ${REGION} \
--domain-id "${DOMAIN_ID}" \
--default-user-settings "{
\"JupyterLabAppSettings\": {
\"CustomImages\": [
{
\"ImageName\": \"${IMAGE_NAME}\",
\"ImageVersionNumber\": ${IMAGE_VERSION},
\"AppImageConfigName\": \"${APP_IMAGE_CONFIG_NAME}\"
}
]
}
}"
```
# Launch a custom image in Studio
After you have attached a custom image to your Amazon SageMaker AI domain, the image becomes available to the users in the domain. Use the following instructions to launch an application with the custom image.
**Note**
If you have attached a custom image to your SageMaker Unified Studio project, you will need to launch the application from within SageMaker Unified Studio. For more information, see [Launch your custom image](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/byoi-launch-custom-image.html) in the *Amazon SageMaker Unified Studio User Guide*.
1. Launch Amazon SageMaker Studio. For instructions, see [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. If not done so already, expand the **Applications** section.
1. Choose the application from the **Applications** section. If you do not see the application available, the application may be hidden from you. In this case, contact your administrator.
1. To create a space, choose **\$1 Create *application* space** and follow the instructions to create the space.
To choose an existing space, choose the link name of the space you want to open.
1. Under **Image**, choose the image you want to use.
If the **Image** dropdown is unavailable, you may need to stop your space. Choose **Stop space** to do so.
1. Confirm the settings for the space and choose **Run space**.
# View your custom image details
The following page provides instructions on how to view your custom image details in the SageMaker AI image store.
## View custom image details (console)
The following provides instructions on how to view your custom images using the SageMaker AI console. In this section, you can view and edit your image details.
**View your custom images (console)**
1. Open the [SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. Expand the **Admin configurations** section.
1. Under **Admin configurations**, choose **Images**.
1. From the list of **Custom images**, select the hyperlink of your image name.
## View custom image details (AWS CLI)
The following section shows an example on how to view your custom images using the AWS CLI.
```
aws sagemaker list-images \
--region aws-region
```
# Speed up container startup with SOCI
SOCI (Seekable Open Container Initiative) indexing enables lazy loading of custom container images in [Amazon SageMaker Studio](studio-updated.md) or [Amazon SageMaker Unified Studio](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/what-is-sagemaker-unified-studio.html). SOCI significantly reduces startup times by roughly 30-70% for your custom [Bring your own image (BYOI)](studio-updated-byoi.md) containers. Latency improvement varies depending on the size of the image, hosting instance availability, and other application dependencies. SOCI creates an index that allows containers to launch with only necessary components, fetching additional files on-demand as needed.
SOCI addresses slow container startup times, that interrupt iterative machine learning (ML) development workflows, for custom images. As ML workloads become more complex, container images have grown larger, creating startup delays that hamper development cycles.
**Topics**
+ [
## Key benefits
](#soci-indexing-key-benefits)
+ [
## How SOCI indexing works
](#soci-indexing-how-works)
+ [
## Architecture components
](#soci-indexing-architecture-components)
+ [
## Supported tools
](#soci-indexing-supported-tools)
+ [
# Permissions for SOCI indexing
](soci-indexing-setup.md)
+ [
# Create SOCI indexes with nerdctl and SOCI CLI example
](soci-indexing-example-create-indexes.md)
+ [
# Integrate SOCI-indexed images with Studio example
](soci-indexing-example-integrate-studio.md)
## Key benefits
+ **Faster iteration cycles**: Reduce container startup, depending on image and instance types
+ **Universal optimization**: Extend performance benefits to all custom BYOI containers in Studio
## How SOCI indexing works
SOCI creates a specialized metadata index that maps your container image's internal file structure. This index enables access to individual files without downloading the entire image. The SOCI index is stored as an OCI (Open Container Initiative) compliant artifact in [Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html) and linked to your original container image, preserving image digests and signature validity.
When you launch a container in Studio, the system uses the SOCI index to identify and download only essential files needed for startup. Additional components are fetched in parallel as your application requires them.
## Architecture components
+ **Original container image**: Your base container stored in Amazon ECR
+ **SOCI index artifact**: Metadata mapping your image's file structure
+ **OCI Image Index manifest**: Links your original image and SOCI index
+ **Finch container runtime**: Enables lazy loading integration with Studio
## Supported tools
| Tool | Integration |
| --- | --- |
| nerdctl | Requires containerd setup |
| Finch CLI | Native SOCI support |
| Docker \$1 SOCI CLI | Additional tooling required |
**Topics**
+ [
## Key benefits
](#soci-indexing-key-benefits)
+ [
## How SOCI indexing works
](#soci-indexing-how-works)
+ [
## Architecture components
](#soci-indexing-architecture-components)
+ [
## Supported tools
](#soci-indexing-supported-tools)
+ [
# Permissions for SOCI indexing
](soci-indexing-setup.md)
+ [
# Create SOCI indexes with nerdctl and SOCI CLI example
](soci-indexing-example-create-indexes.md)
+ [
# Integrate SOCI-indexed images with Studio example
](soci-indexing-example-integrate-studio.md)
# Permissions for SOCI indexing
Create SOCI indexes for your container images and store them in Amazon ECR before using SOCI indexing with [Amazon SageMaker Studio](studio-updated.md) or [Amazon SageMaker Unified Studio](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/what-is-sagemaker-unified-studio.html).
**Topics**
+ [
## Prerequisites
](#soci-indexing-setup-prerequisites)
+ [
## Required IAM permissions
](#soci-indexing-setup-iam-permissions)
## Prerequisites
+ AWS account with an [AWS Identity and Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started.html) (IAM) role with permissions to manage
+ [Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html)
+ [Amazon SageMaker AI](https://docs.aws.amazon.com/sagemaker/latest/dg/gs.html)
+ [Amazon ECR private repositories](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Repositories.html) for storing your container images
+ [AWS CLI v2.0\$1](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) configured with appropriate credentials
+ The following container tools:
+ Required: [soci-snapshotter](https://github.com/awslabs/soci-snapshotter)
+ Options:
+ [nerdctl](https://github.com/containerd/nerdctl)
+ [finch](https://github.com/runfinch/finch)
## Required IAM permissions
Your IAM role needs permissions to:
+ Create and manage SageMaker AI resources (domains, images, app configs).
+ You may use the [SageMakerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerFullAccess.html) AWS managed policy. For more permission details, see [AWS managed policy: AmazonSageMakerFullAccess](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonSageMakerFullAccess).
+ [IAM permissions for pushing an image to an Amazon ECR private repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-push-iam.html).
# Create SOCI indexes with nerdctl and SOCI CLI example
The following page provides an example on how to create SOCI indexes with nerdctl and SOCI CLI.
**Create SOCI indexes example**
1. First set your variables for the AWS CLI commands that follow. The following is an example of setting up your variables.
```
ACCOUNT_ID="111122223333"
REGION="us-east-1"
REPOSITORY_NAME="repository-name"
ORIGINAL_IMAGE_TAG="original-image-tag"
SOCI_IMAGE_TAG="soci-indexed-image-tag"
```
Variable definitions:
+ `ACCOUNT_ID` is your AWS account ID
+ `REGION` is the AWS Region of your Amazon ECR private registry
+ `REPOSITORY_NAME` is the name of your Amazon ECR private registry
+ `ORIGINAL_IMAGE_TAG` is the tag of your original image
+ `SOCI_IMAGE_TAG` is the tag of your SOCI-indexed image
1. Install required tools:
```
# Install SOCI CLI, containerd, and nerdctl
sudo yum install soci-snapshotter
sudo yum install containerd jq
sudo systemctl start soci-snapshotter
sudo systemctl restart containerd
sudo yum install nerdctl
```
1. Set your registry variables:
```
REGISTRY_USER=AWS
REGISTRY="$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com"
```
1. Export your region and authenticate to Amazon ECR:
```
export AWS_REGION=$REGION
REGISTRY_PASSWORD=$(/usr/local/bin/aws ecr get-login-password --region $AWS_REGION)
echo $REGISTRY_PASSWORD | sudo nerdctl login -u $REGISTRY_USER --password-stdin $REGISTRY
```
1. Pull your original container image:
```
sudo nerdctl pull $REGISTRY/$REPOSITORY_NAME:$ORIGINAL_IMAGE_TAG
```
1. Create the SOCI index:
```
sudo nerdctl image convert --soci $REGISTRY/$REPOSITORY_NAME:$ORIGINAL_IMAGE_TAG $REGISTRY/$REPOSITORY_NAME:$SOCI_IMAGE_TAG
```
1. Push the SOCI-indexed image:
```
sudo nerdctl push --platform linux/amd64 $REGISTRY/$REPOSITORY_NAME:$SOCI_IMAGE_TAG
```
This process creates two artifacts for the original container image in your ECR repository:
+ SOCI index - Metadata enabling lazy loading
+ Image Index manifest - OCI-compliant manifest
# Integrate SOCI-indexed images with Studio example
You must reference the SOCI-indexed image tag to use SOCI-indexed images in Studio, rather than the original container image tag. Use the tag you specified during the SOCI conversion process (e.g., `SOCI_IMAGE_TAG` in the [Create SOCI indexes with nerdctl and SOCI CLI example](soci-indexing-example-create-indexes.md)).
**Integrate SOCI-indexed images example**
1. First set your variables for the AWS CLI commands that follow. The following is an example of setting up your variables.
```
ACCOUNT_ID="111122223333"
REGION="us-east-1"
IMAGE_NAME="sagemaker-image-name"
IMAGE_CONFIG_NAME="sagemaker-image-config-name"
ROLE_ARN="your-role-arn"
DOMAIN_ID="domain-id"
SOCI_IMAGE_TAG="soci-indexed-image-tag"
```
Variable definitions:
+ `ACCOUNT_ID` is your AWS account ID
+ `REGION` is the AWS Region of your Amazon ECR private registry
+ `IMAGE_NAME` is the name of your SageMaker image
+ `IMAGE_CONFIG_NAME` is the name of your SageMaker image configuration
+ `ROLE_ARN` is the ARN of your execution role with the permissions listed in [Required IAM permissions](soci-indexing-setup.md#soci-indexing-setup-iam-permissions)
+ `DOMAIN_ID` is the [domain ID](https://docs.aws.amazon.com/sagemaker/latest/dg/domain-view.html)
**Note**
If you are attaching the image to a SageMaker Unified Studio project and you need clarification on which domain to use, see [View the SageMaker AI domain details associated with your project](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/view-project-details.html#view-project-details-smai-domain).
+ `SOCI_IMAGE_TAG` is the tag of your SOCI-indexed image
1. Export your region:
```
export AWS_REGION=$REGION
```
1. Create a SageMaker image:
```
aws sagemaker create-image \
--image-name "$IMAGE_NAME" \
--role-arn "$ROLE_ARN"
```
1. Create a SageMaker Image Version using your SOCI index URI:
```
IMAGE_INDEX_URI="$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/$IMAGE_NAME:$SOCI_IMAGE_TAG"
aws sagemaker create-image-version \
--image-name "$IMAGE_NAME" \
--base-image "$IMAGE_INDEX_URI"
```
1. Create an application image configuration and update your Amazon SageMaker AI domain to include the custom image for your app. You can do this for Code Editor, based on Code-OSS, Visual Studio Code - Open Source (Code Editor) and JupyterLab applications. Choose the application option below to view the steps.
------
#### [ Code Editor ]
Create an application image configuration for Code Editor:
```
aws sagemaker create-app-image-config \
--app-image-config-name "$IMAGE_CONFIG_NAME" \
--code-editor-app-image-config '{ "FileSystemConfig": { "MountPath": "/home/sagemaker-user", "DefaultUid": 1000, "DefaultGid": 100 } }'
```
Update your Amazon SageMaker AI domain to include the custom image for Code Editor:
```
aws sagemaker update-domain \
--domain-id "$DOMAIN_ID" \
--default-user-settings '{
"CodeEditorAppSettings": {
"CustomImages": [{
"ImageName": "$IMAGE_NAME",
"AppImageConfigName": "$IMAGE_CONFIG_NAME"
}]
}
}'
```
------
#### [ JupyterLab ]
Create an application image configuration for JupyterLab:
```
aws sagemaker create-app-image-config \
--app-image-config-name "$IMAGE_CONFIG_NAME" \
--jupyter-lab-app-image-config '{ "FileSystemConfig": { "MountPath": "/home/sagemaker-user", "DefaultUid": 1000, "DefaultGid": 100 } }'
```
Update your Amazon SageMaker AI domain to include the custom image for JupyterLab:
```
aws sagemaker update-domain \
--domain-id "$DOMAIN_ID" \
--default-user-settings '{
"JupyterLabAppSettings": {
"CustomImages": [{
"ImageName": "$IMAGE_NAME",
"AppImageConfigName": "$IMAGE_CONFIG_NAME"
}]
}
}'
```
------
1. After you update your domain to include your custom image, you can create an application in Studio using your custom image. When you [Launch a custom image in Studio](studio-updated-byoi-how-to-launch.md) ensure that you are using your custom image.
# Detach and clean up custom image resources
The following page provides instructions on how to detach your custom images and clean up the related resources using the Amazon SageMaker AI console or the AWS Command Line Interface (AWS CLI).
**Important**
You must first detach your custom image from your domain before deleting the image from the SageMaker AI image store. If not, you may experience errors while viewing your domain information or attaching new custom images to your domain.
If you are experiencing an error loading a custom image, see [Failure to load custom image](studio-updated-troubleshooting.md#studio-updated-troubleshooting-custom-image).
## Detach and delete custom images (console)
The following provides instructions on how to detach your custom images from SageMaker AI and clean up your custom image resources using the console.
**Detach your custom image from your domain**
1. Open the [SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. Expand the **Admin configurations** section.
1. Under **Admin configurations**, choose **Domains**.
1. From the list of **domains**, select a domain.
1. Open the **Environment** tab.
1. For **Custom images for personal Studio apps**, select the checkboxes for the images you want to detach.
1. Choose **Detach**.
1. Follow the instructions to detach.
**Delete your custom image**
1. Open the [SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. Expand the **Admin configurations** section, if not already done so.
1. Under **Admin configurations**, choose **Images**.
1. From the list of **Images**, select an image you would like to delete.
1. Choose **Delete**.
1. Follow the instructions to delete your image and all its versions from SageMaker AI.
**Delete your custom images and repository from Amazon ECR**
**Important**
This will also delete any container images and artifacts in this repository.
1. Open the [Amazon ECR console](https://console.aws.amazon.com/ecr).
1. If not already done so, expand the left navigation pane.
1. Under **Private registry**, choose **Repositories**.
1. Select the repositories you wish to delete.
1. Choose **Delete**.
1. Follow the instructions to delete.
## Detach and delete custom images (AWS CLI)
The following section shows an example on how to detach your custom images using the AWS CLI.
1. First set your variables for the AWS CLI commands that follow.
```
ACCOUNT_ID=account-id
REGION=aws-region
APP_IMAGE_CONFIG=app-image-config
SAGEMAKER_IMAGE_NAME=custom-image-name
```
+ `aws-region` is the AWS Region of your Amazon SageMaker AI domain. You can find this at the top right of any AWS console page.
+ `app-image-config` is the name of your application image configuration. Use the following AWS CLI command to list the application image configurations in your AWS Region.
```
aws sagemaker list-app-image-configs \
--region ${REGION}
```
+ `custom-image-name` is the custom image name. Use the following AWS CLI command to list the images in your AWS Region.
```
aws sagemaker list-images \
--region ${REGION}
```
1. To detach the image and image versions from your domain using these instructions, you will need to create or update a domain configuration json file.
**Note**
If you followed the instructions in [Attach your custom image to your domain](studio-updated-byoi-how-to-attach-to-domain.md), you may have updated your domain using the file named `update-domain.json`.
If you do not have that file, you can create a new json file instead.
Create a file named `update-domain.json` that you will use to update your domain.
1. To delete the custom images, you will need to leave `CustomImages` blank, such that `"CustomImages": []`. Choose one of the following to view example configuration files for Code Editor or JupyterLab.
------
#### [ Code Editor: update domain configuration file example ]
A configuration file example for Code Editor, using [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CodeEditorAppSettings.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CodeEditorAppSettings.html).
```
{
"DomainId": "domain-id",
"DefaultUserSettings": {
"CodeEditorAppSettings": {
"CustomImages": [
]
}
}
}
```
------
#### [ JupyterLab: update domain configuration file example ]
A configuration file example for JupyterLab, using [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_JupyterLabAppSettings.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_JupyterLabAppSettings.html).
```
{
"DomainId": "domain-id",
"DefaultUserSettings": {
"JupyterLabAppSettings": {
"CustomImages": [
]
}
}
}
```
------
`domain-id` is the domain ID that your image is attached to. Use the following command to list your domains.
```
aws sagemaker list-domains \
--region ${REGION}
```
1. Save the file.
1. Call the [update-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-domain.html) AWS CLI using the update domain configuration file, `update-domain.json`.
**Note**
Before you can update the custom images, you must delete all of the **applications** in your domain. You **do not** need to delete user profiles or shared spaces. For instructions on deleting applications, choose one of the following options.
If you want to use the SageMaker AI console, see [Shut down SageMaker AI resources in your domain](sm-console-domain-resources-shut-down.md).
If you want to use the AWS CLI, use steps 1 through 3 of [Delete an Amazon SageMaker AI domain (AWS CLI)](gs-studio-delete-domain.md#gs-studio-delete-domain-cli).
```
aws sagemaker update-domain \
--cli-input-json file://update-domain.json \
--region ${REGION}
```
1. Delete the app image config.
```
aws sagemaker delete-app-image-config \
--app-image-config-name ${APP_IMAGE_CONFIG}
```
1. Delete the custom image. This also deletes all of the image versions. This does not delete the Amazon ECR container image and image versions. To do so, use the optional steps below.
```
aws sagemaker delete-image \
--image-name ${SAGEMAKER_IMAGE_NAME}
```
1. (Optional) Delete your Amazon ECR resources. The following list provides AWS CLI commands to obtain your Amazon ECR resource information for the steps below.
1. Set your variables for the AWS CLI commands that follow.
```
ECR_REPO_NAME=ecr-repository-name
```
`ecr-repository-name` is the name of your Amazon Elastic Container Registry repository.
To list the details of your repositories, use the following command.
```
aws ecr describe-repositories \
--region ${REGION}
```
1. Delete your repository from Amazon ECR.
**Important**
This will also delete any container images and artifacts in this repository.
```
aws ecr delete-repository \
--repository-name ${ECR_REPO_NAME} \
--force \
--region ${REGION}
```
# Lifecycle configurations within Amazon SageMaker Studio
Lifecycle configurations (LCCs) are scripts that administrators and users can use to automate the customization of the following applications within your Amazon SageMaker Studio environment:
+ Amazon SageMaker AI JupyterLab
+ Code Editor, based on Code-OSS, Visual Studio Code - Open Source
+ Studio Classic
+ Notebook instance
Customizing your application includes:
+ Installing custom packages
+ Configuring extensions
+ Preloading datasets
+ Setting up source code repositories
Users create and attach built-in lifecycle configurations to their own user profiles. Administrators create and attach default or built-in lifecycle configurations at the domain, space, or user profile level.
**Important**
Amazon SageMaker Studio first runs the built-in lifecycle configuration and then runs the default LCC. Amazon SageMaker AI won't resolve package conflicts between the user and administrator LCCs. For example, if the built-in LCC installs `python3.11` and the default LCC installs `python3.12`, Studio installs `python3.12`.
# Create and attach lifecycle configurations
You can create and attach lifecycle configurations using either the AWS Management Console or the AWS Command Line Interface.
**Topics**
+ [
## Create and attach lifecycle configurations (AWS CLI)
](#studio-lifecycle-configurations-create-cli)
+ [
## Create and attach lifecycle configurations (console)
](#studio-lifecycle-configurations-create-console)
## Create and attach lifecycle configurations (AWS CLI)
**Important**
Before you begin, complete the following prerequisites:
Update the AWS CLI by following the steps in [Installing the current AWS CLI Version](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html#install-tool-bundled).
From your local machine, run `aws configure` and provide your AWS credentials. For information about AWS credentials, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html).
Onboard to Amazon SageMaker AI domain. For conceptual information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md). For a quickstart guide, see [Use quick setup for Amazon SageMaker AI](onboard-quick-start.md).
The following procedure shows how to create a lifecycle configuration script that prints `Hello World` within Code Editor or JupyterLab.
**Note**
Each script can have up to **16,384 characters**.
1. From your local machine, create a file named `my-script.sh` with the following content:
```
#!/bin/bash
set -eux
echo 'Hello World!'
```
1. Use the following to convert your `my-script.sh` file into base64 format. This requirement prevents errors that occur from spacing and line break encoding.
```
LCC_CONTENT=`openssl base64 -A -in my-script.sh`
```
1. Create a lifecycle configuration for use with Studio. The following command creates a lifecycle configuration that runs when you launch an associated `JupyterLab` application:
```
aws sagemaker create-studio-lifecycle-config \
--region region \
--studio-lifecycle-config-name my-lcc \
--studio-lifecycle-config-content $LCC_CONTENT \
--studio-lifecycle-config-app-type application-type
```
For `studio-lifecycle-config-app-type`, specify either *CodeEditor* or *JupyterLab*.
**Note**
The ARN of the newly created lifecycle configuration that is returned. This ARN is required to attach the lifecycle configuration to your application.
To ensure that the environments are customized properly, users and administrators use different commands to attach lifecycle configurations.
### Attach default lifecycle configurations (administrator)
To attach the lifecycle configuration, you must update the `UserSettings` for your domain or user profile. Lifecycle configuration scripts that are associated at the domain level are inherited by all users. However, scripts that are associated at the user profile level are scoped to a specific user.
You can create a new user profile, domain, or space with a lifecycle configuration attached by using the following commands:
+ [create-user-profile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-user-profile.html)
+ [create-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-domain.html)
+ [create-space](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-space.html)
The following command creates a user profile with a lifecycle configuration for a JupyterLab application. Add the lifecycle configuration ARN from the preceding step to the `JupyterLabAppSettings` of the user. You can add multiple lifecycle configurations at the same time by passing a list of them. When a user launches a JupyterLab application with the AWS CLI, they can specify a lifecycle configuration instead of using the default one. The lifecycle configuration that the user passes must belong to the list of lifecycle configurations in `JupyterLabAppSettings`.
```
# Create a new UserProfile
aws sagemaker create-user-profile --domain-id domain-id \
--user-profile-name user-profile-name \
--region region \
--user-settings '{
"JupyterLabAppSettings": {
"LifecycleConfigArns":
[lifecycle-configuration-arn-list]
}
}'
```
The following command creates a user profile with a lifecycle configuration for a Code Editor application. Add the lifecycle configuration ARN from the preceding step to the `CodeEditorAppSettings` of the user. You can add multiple lifecycle configurations at the same time by passing a list of them. When a user launches a Code Editor application with the AWS CLI, they can specify a lifecycle configuration instead of using the default one. The lifecycle configuration that the user passes must belong to the list of lifecycle configurations in `CodeEditorAppSettings`.
```
# Create a new UserProfile
aws sagemaker create-user-profile --domain-id domain-id \
--user-profile-name user-profile-name \
--region region \
--user-settings '{
"CodeEditorAppSettings": {
"LifecycleConfigArns":
[lifecycle-configuration-arn-list]
}
}'
```
### Attach built-in lifecycle configurations (user)
To attach the lifecycle configuration, you must update the `UserSettings` for your user profile.
The following command creates a user profile with a lifecycle configuration for a JupyterLab application. Add the lifecycle configuration ARN from the preceding step to the `JupyterLabAppSettings` of your user profile.
```
# Update a UserProfile
aws sagemaker update-user-profile --domain-id domain-id \
--user-profile-name user-profile-name \
--region region \
--user-settings '{
"JupyterLabAppSettings": {
"BuiltInLifecycleConfigArn":"lifecycle-configuration-arn"
}
}'
```
The following command creates a user profile with a lifecycle configuration for a Code Editor application. Add the lifecycle configuration ARN from the preceding step to the `CodeEditorAppSettings` of your user profile. The lifecycle configuration that the user passes must belong to the list of lifecycle configurations in `CodeEditorAppSettings`.
```
# Update a UserProfile
aws sagemaker update-user-profile --domain-id domain-id \
--user-profile-name user-profile-name \
--region region \
--user-settings '{
"CodeEditorAppSettings": {
"BuiltInLifecycleConfigArn":"lifecycle-configuration-arn"
}
}'
```
## Create and attach lifecycle configurations (console)
To create and attach lifecycle configurations in the AWS Management Console, navigate to the [Amazon SageMaker AI console](https://console.aws.amazon.com/sagemaker) and choose **Lifecycle configurations** in the left-hand navigation. The console will guide you through the process of creating the lifecycle configuration.
# Debug lifecycle configurations
The following topics show how to get information about and debug your lifecycle configurations.
**Topics**
+ [
## Verify lifecycle configuration process from CloudWatch Logs
](#studio-lifecycle-configurations-debug-logs)
+ [
# Lifecycle configuration timeout
](studio-lifecycle-configurations-debug-timeout.md)
## Verify lifecycle configuration process from CloudWatch Logs
Lifecycle configurations only log `STDOUT` and `STDERR`.
`STDOUT` is the default output for bash scripts. You can write to `STDERR` by appending `>&2` to the end of a bash command. For example, `echo 'hello'>&2`.
Logs for your lifecycle configurations are published to your AWS account using Amazon CloudWatch. These logs can be found in the `/aws/sagemaker/studio` log stream in the CloudWatch console.
1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. Choose **Logs** from the left navigation pane. From the dropdown menu, select **Log groups**.
1. On the **Log groups** page, search for `aws/sagemaker/studio`.
1. Select the log group.
1. On the **Log group details** page, choose the **Log streams** tab.
1. To find the logs for a specific space and app, search the log streams using the following format:
```
domain-id/space-name/app-type/default/LifecycleConfigOnStart
```
For example, to find the lifecycle configuration logs for domain ID `d-m85lcu8vbqmz`, space name `i-sonic-js`, and application type `JupyterLab`, use the following search string:
```
d-m85lcu8vbqmz/i-sonic-js/JupyterLab/default/LifecycleConfigOnStart
```
1. To view the script execution logs, select the log stream appended with `LifecycleConfigOnStart`.
# Lifecycle configuration timeout
There is a lifecycle configuration timeout limitation of 5 minutes. If a lifecycle configuration script takes longer than 5 minutes to run, you get an error.
To resolve this error, make sure that your lifecycle configuration script completes in less than 5 minutes.
To help decrease the runtime of scripts, try the following:
+ Reduce unnecessary steps. For example, limit which conda environments to install large packages in.
+ Run tasks in parallel processes.
+ Use the nohup command in your script to make sure that hangup signals are ignored so that the script runs without stopping.
# Amazon SageMaker Studio spaces
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
Spaces are used to manage the storage and resource needs of some Amazon SageMaker Studio applications. Each space is composed of multiple resources and can be either private or shared. Each space has a 1:1 relationship with an instance of an application. Every supported application that is created gets its own space. The following applications in Studio run on spaces:
+ [Code Editor in Amazon SageMaker Studio](code-editor.md)
+ [SageMaker JupyterLab](studio-updated-jl.md)
+ [Amazon SageMaker Studio Classic](studio.md)
A space is composed of the following resources:
+ A storage volume.
+ For Studio Classic, the space is connected to the shared Amazon Elastic File System (Amazon EFS) volume for the domain.
+ For other applications, a distinct Amazon Elastic Block Store (Amazon EBS) volume is attached to the space. All applications are given their own Amazon EBS volume. Applications do not have access to the Amazon EBS volume of other applications. For more information about Amazon EBS volumes, see [Amazon Elastic Block Store (Amazon EBS)](https://docs.aws.amazon.com//AWSEC2/latest/UserGuide/AmazonEBS.html).
+ The application type of the space.
+ The image that the application is based on.
Spaces can be either private or shared:
+ **Private**: Private spaces are scoped to a single user in a domain. Private spaces cannot be shared with other users. All applications that support spaces also support private spaces.
+ **Shared**: Shared spaces are accessible by all users in the domain. For more information about shared spaces, see [Collaboration with shared spaces](domain-space.md).
Spaces can be created in domains that use either AWS IAM Identity Center or AWS Identity and Access Management (IAM) authentication. The following sections give general information about how to access spaces. For specific information about creating and accessing a space, see the documentation for the respective application type of the space that you're creating.
For information about viewing, stopping, or deleting your applications, instances, or spaces, see [Stop and delete your Studio running applications and spaces](studio-updated-running-stop.md).
**Topics**
+ [
# Launch spaces
](studio-updated-spaces-access.md)
+ [
# Collaboration with shared spaces
](domain-space.md)
# Launch spaces
The following sections give information about accessing spaces in a domain. Spaces can be accessed in one of the following ways:
+ from the Amazon SageMaker AI console
+ from Studio
+ using the AWS CLI
## Accessing spaces from the Amazon SageMaker AI console
**To access spaces from the Amazon SageMaker AI console**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. Under **Admin configurations**, choose **Domains**.
1. From the list of domains, select the domain that contains the spaces.
1. On the **Domain details** page, select the **Space management** tab. For more information about managing spaces, see [Collaboration with shared spaces](domain-space.md).
1. From the list of spaces for that domain, select the space to launch.
1. Choose **Launch Studio** for the space that you want to launch.
## Accessing spaces from Studio
Follow these steps to access spaces from Studio for a specific application type.
**To access spaces from Studio**
1. Open Studio by following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. Select the application type with spaces that you want to access.
## Accessing spaces using the AWS CLI
The following sections show how to access a space from the AWS Command Line Interface (AWS CLI). The procedures are for domains that use AWS Identity and Access Management (IAM) or AWS IAM Identity Center authentication.
### IAM authentication
The following procedure outlines generally how to access a space using IAM authentication from the AWS CLI.
1. Create a presigned domain URL specifying the name of the space that you want to access.
```
aws \
--region region \
sagemaker \
create-presigned-domain-url \
--domain-id domain-id \
--user-profile-name user-profile-name \
--space-name space-name
```
1. Navigate to the URL.
### Accessing a space in IAM Identity Center authentication
The following procedure outlines how to access a space using IAM Identity Center authentication from the AWS CLI.
1. Use the following command to return the URL associated with the space.
```
aws \
--region region \
sagemaker \
describe-space \
--domain-id domain-id \
--space-name space-name
```
1. Append the respective redirect parameter for the application type to the URL to be federated through IAM Identity Center. For more information about the redirect parameters, see [describe-space](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/describe-space.html).
1. Navigate to the URL to be federated through IAM Identity Center.
# Collaboration with shared spaces
An Amazon SageMaker Studio Classic shared space consists of a shared JupyterServer application and a shared directory. A JupyterLab shared space consists of a shared JupyterLab application and a shared directory within Amazon SageMaker Studio. All user profiles in a domain have access to all shared spaces in the domain. Amazon SageMaker AI automatically scopes resources in a shared space within the context of the Amazon SageMaker Studio Classic application that you launch in that shared space. Resources in a shared space include notebooks, files, experiments, and models. Use shared spaces to collaborate with other users in real-time using features like automatic tagging, real time co-editing of notebooks, and customization.
Shared spaces are available in:
+ Amazon SageMaker Studio Classic
+ JupyterLab
A Studio Classic shared space only supports Studio Classic and KernelGateway applications. A shared space only supports the use of a JupyterLab 3 image Amazon Resource Name (ARN). For more information, see [JupyterLab Versioning in Amazon SageMaker Studio Classic](studio-jl.md).
Amazon SageMaker AI automatically tags all SageMaker AI resources that you create within the scope of a shared space. You can use these tags to monitor costs and plan budgets using tools, such as AWS Budgets.
A shared space uses the same VPC settings as the domain that it's created in.
**Note**
Shared spaces do not support the use of Amazon SageMaker Data Wrangler or Amazon EMR cross-account clusters.
**Automatic tagging**
All resources created in a shared space are automatically tagged with a domain ARN tag and shared space ARN tag. The domain ARN tag is based on the domain ID, while the shared space ARN tag is based on the shared space name.
You can use these tags to monitor AWS CloudTrail usage. For more information, see [Log Amazon SageMaker API Calls with AWS CloudTrail](https://docs.aws.amazon.com//sagemaker/latest/dg/logging-using-cloudtrail.html).
You can also use these tags to monitor costs with AWS Billing and Cost Management. For more information, see [Using AWS cost allocation tags](https://docs.aws.amazon.com//awsaccountbilling/latest/aboutv2/cost-alloc-tags.html).
**Real time co-editing of notebooks**
A key benefit of a shared space is that it facilitates collaboration between members of the shared space in real time. Users collaborating in a workspace get access to a shared Studio Classic application where they can access, read, and edit their notebooks in real time. Real time collaboration is only supported for JupyterServer applications within a shared space.
Users with access to a shared space can simultaneously open, view, edit, and execute Jupyter notebooks in the shared Studio Classic or JupyterLab application in that space.
The notebook indicates each co-editing user with a different cursor that shows the user profile name. While multiple users can view the same notebook, co-editing is best suited for small groups of two to five users.
To track changes being made by multiple users, we strongly recommended using Studio Classic's built-in Git-based version control.
**JupyterServer 2**
To use shared spaces in Studio Classic, Jupyter Server version 2 is required. Certain JupyterLab extensions and packages can forcefully downgrade Jupyter Server to version 1. This prevents the use of shared space. Run the following from the command prompt to change the version number and continue using shared spaces.
```
conda activate studio
pip install jupyter-server==2.0.0rc3
```
**Customize a shared space**
To attach a lifecycle configuration or custom image to a shared space, you must use the AWS CLI. For more information about creating and attaching lifecycle configurations, see [Create and Associate a Lifecycle Configuration with Amazon SageMaker Studio Classic](studio-lcc-create.md). For more information about creating and attaching custom images, see [Custom Images in Amazon SageMaker Studio Classic](studio-byoi.md).
# Create a shared space
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
The following topic demonstrates how to create a shared space in an existing Amazon SageMaker AI domain. If you created your domain without support for shared spaces, you must add support for shared spaces to your existing domain before you can create a shared space.
**Topics**
+ [
## Add shared space support to an existing domain
](#domain-space-add)
+ [
## Create a shared space
](#domain-space-create-app)
## Add shared space support to an existing domain
You can use the SageMaker AI console or the AWS CLI to add support for shared spaces to an existing domain. If the domain is using `VPC only` network access, then you can only add shared space support using the AWS CLI.
### Console
Complete the following procedure to add support for Studio Classic shared spaces to an existing domain from the SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain that you want to open the **domain settings** page for.
1. On the **domain details** page, choose the **domain settings** tab.
1. Choose **Edit**.
1. For **Space default execution role**, set an IAM role that is used by default for all shared spaces created in the domain.
1. Choose **Next**.
1. Choose **Next**.
1. Choose **Next**.
1. Choose **Submit**.
### AWS CLI
------
#### [ Studio Classic ]
Run the following command from the terminal of your local machine to add default shared space settings to a domain from the AWS CLI. If you are adding default shared space settings to a domain within an Amazon VPC, you must also include a list of security groups. Studio Classic shared spaces only support the use of JupyterLab 3 image ARNs. For more information, see [JupyterLab Versioning in Amazon SageMaker Studio Classic](studio-jl.md).
```
# Public Internet domain
aws --region region \
sagemaker update-domain \
--domain-id domain-id \
--default-space-settings "ExecutionRole=execution-role-arn,JupyterServerAppSettings={DefaultResourceSpec={InstanceType=example-instance-type,SageMakerImageArn=sagemaker-image-arn}}"
# VPCOnly domain
aws --region region \
sagemaker update-domain \
--domain-id domain-id \
--default-space-settings "ExecutionRole=execution-role-arn,JupyterServerAppSettings={DefaultResourceSpec={InstanceType=system,SageMakerImageArn=sagemaker-image-arn}},SecurityGroups=[security-groups]"
```
Use the following command to verify that the default shared space settings have been updated.
```
aws --region region \
sagemaker describe-domain \
--domain-id domain-id
```
------
#### [ JupyterLab ]
Run the following command from the terminal of your local machine to add default shared space settings to a domain from the AWS CLI. If you are adding default shared space settings to a domain within an Amazon VPC, you must also include a list of security groups. Studio Classic shared spaces only support the use of JupyterLab 4 image ARNs. For more information, see [JupyterLab Versioning in Amazon SageMaker Studio Classic](studio-jl.md).
```
# Public Internet domain
aws --region region \
sagemaker update-domain \
--domain-id domain-id \
--default-space-settings "ExecutionRole=execution-role-arn", JupyterLabAppSettings={DefaultResourceSpec={InstanceType=example-instance-type,SageMakerImageArn=sagemaker-image-arn}}"
# VPCOnly domain
aws --region region \
sagemaker update-domain \
--domain-id domain-id \
--default-space-settings "ExecutionRole=execution-role-arn, SecurityGroups=[security-groups]"
```
Use the following command to verify that the default shared space settings have been updated.
```
aws --region region \
sagemaker describe-domain \
--domain-id domain-id
```
------
## Create a shared space
The following sections demonstrate how to create a shared space from the Amazon SageMaker AI console, Amazon SageMaker Studio, or the AWS CLI.
### Create from Studio
Use the following procedures to create a shared space in a domain from Studio.
------
#### [ Studio Classic ]
1. Navigate to Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. From the Studio UI, find the applications pane on the left side.
1. From the applications pane, select **Studio Classic**.
1. Choose **Create Studio Classic space**
1. In the pop up window, enter a name for the space.
1. Choose **Create space**.
------
#### [ JupyterLab ]
1. Navigate to Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. From the Studio UI, find the applications pane on the left side.
1. From the applications pane, select **JupyterLab**.
1. Choose **Create JupyterLab space**
1. In the pop up window, enter a name for the space.
1. Choose **Create space**.
------
### Create from the console
Complete the following procedure to create a shared space in a domain from the SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain that you want to create a shared space for.
1. On the **domain details** page, choose the **Space management** tab.
1. Choose **Create**.
1. Enter a name for your shared space. shared space names within a domain must be unique. The execution role for the shared space is set to the domain IAM execution role.
### Create from AWS CLI
This section shows how to create a shared space from the AWS CLI.
You cannot set the execution role of a shared space when creating or updating it. The `DefaultDomainExecRole` can only be set when creating or updating the domain. shared spaces only support the use of JupyterLab 3 image ARNs. For more information, see [JupyterLab Versioning in Amazon SageMaker Studio Classic](studio-jl.md).
To create a shared space from the AWS CLI, run one of the following commands from the terminal of your local machine.
------
#### [ Studio Classic ]
```
aws --region region \
sagemaker create-space \
--domain-id domain-id \
--space-name space-name \
--space-settings '{
"JupyterServerAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "sagemaker-image-arn",
"InstanceType": "system"
}
}
}'
```
------
#### [ JupyterLab ]
```
aws --region region \
sagemaker create-space \
--domain-id domain-id \
--space-name space-name \
--ownership-settings "{\"OwnerUserProfileName\": \"user-profile-name\"}" \
--space-sharing-settings "{\"SharingType\": \"Shared\"}" \
--space-settings "{\"AppType\": \"JupyterLab\"}"
```
------
# Get information about shared spaces
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
This guide shows how to access a list of shared spaces in an Amazon SageMaker AI domain with the Amazon SageMaker AI console, Amazon SageMaker Studio, or the AWS CLI. It also shows how to view details of a shared space from the AWS CLI.
**Topics**
+ [
## List shared spaces
](#domain-space-list-spaces)
+ [
## View shared space details
](#domain-space-describe)
## List shared spaces
The following topic describes how to view a list of shared spaces within a domain from the SageMaker AI console or the AWS CLI.
### List shared spaces from Studio
Complete the following procedure to view a list of the shared spaces in a domain from Studio.
1. Navigate to Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. From the Studio UI, find the applications pane on the left side.
1. From the applications pane, select **Studio Classic** or **JupyterLab**. You can view the spaces that are being used to run the application type.
### List shared spaces from the console
Complete the following procedure to view a list of the shared spaces in a domain from the SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain that you want to view the list of shared spaces for.
1. On the **domain details** page, choose the **Space management** tab.
### List shared spaces from the AWS CLI
To list the shared spaces in a domain from the AWS CLI, run the following command from the terminal of your local machine.
```
aws --region region \
sagemaker list-spaces \
--domain-id domain-id
```
## View shared space details
The following section describes how to view shared space details from the SageMaker AI console, Studio, or the AWS CLI.
### View shared spaces details from Studio
Complete the following procedure to view the details of a shared spaces in a domain from Studio.
1. Navigate to Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. From the Studio UI, find the applications pane on the left side.
1. From the applications pane, select **Studio Classic** or **JupyterLab**. You can view the spaces that are running the application.
1. Select the name of the space that you want to view more details for.
### View shared space details from the console
You can view the details of a shared space from the SageMaker AI console using the following procedure.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain that you want to view the list of shared spaces for.
1. On the **domain details** page, choose the **Space management** tab.
1. Select the name of the space to open a new page that lists details about the shared space.
### View shared space details from the AWS CLI
To view the details of a shared space from the AWS CLI, run the following command from the terminal of your local machine.
```
aws --region region \
sagemaker describe-space \
--domain-id domain-id \
--space-name space-name
```
# Edit a shared space
You can only edit the details for an Amazon SageMaker Studio Classic or JupyterLab shared space using the AWS CLI. You can't edit the details of a shared space from the Amazon SageMaker AI console. You can only update workspace attributes when there are no running applications in the shared space.
------
#### [ Studio Classic ]
To edit the details of a Studio Classic shared space from the AWS CLI, run the following one of the following commands from the terminal of your local machine. shared spaces only support the use of JupyterLab 3 image ARNs. For more information, see [JupyterLab Versioning in Amazon SageMaker Studio Classic](studio-jl.md).
```
aws --region region \
sagemaker update-space \
--domain-id domain-id \
--space-name space-name \
--query SpaceArn --output text \
--space-settings '{
"JupyterServerAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "sagemaker-image-arn",
"InstanceType": "system"
}
}
}'
```
------
#### [ JupyterLab ]
To edit the details of a JupyterLab shared space from the AWS CLI, run the following one of the following commands from the terminal of your local machine. shared spaces only support the use of JupyterLab 4 image ARNs. For more information, see [SageMaker JupyterLab](studio-updated-jl.md).
```
aws --region region \
sagemaker update-space \
--domain-id domain-id \
--space-name space-name \
--space-settings "{
"SpaceStorageSettings": {
"EbsStorageSettings": {
"EbsVolumeSizeInGb":100
}
}
}
}"
```
------
# Delete a shared space
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following topic shows how to delete an Amazon SageMaker Studio Classic shared space from the Amazon SageMaker AI console or AWS CLI. A shared space can only be deleted if it has no running applications.
**Topics**
+ [
## Console
](#domain-space-delete-console)
+ [
## AWS CLI
](#domain-space-delete-cli)
## Console
Complete the following procedure to delete a shared space in the Amazon SageMaker AI domain from the SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain that you want to create a shared space for.
1. On the **domain details** page, choose the **Space management** tab.
1. Select the shared space that you want to delete. The shared space must not contain any non-failed apps.
1. Choose **Delete**. This opens a new window.
1. Choose **Yes, delete space**.
1. Enter *delete* in the field.
1. Choose **Delete space**.
## AWS CLI
To delete a shared space from the AWS CLI, run the following command from the terminal of your local machine.
```
aws --region region \
sagemaker delete-space \
--domain-id domain-id \
--space-name space-name
```
# Trusted identity propagation with Studio
Trusted identity propagation is an AWS IAM Identity Center feature that administrators of connected AWS services can use to grant and audit access to service data. Access to this data is based on user attributes such as group associations. Setting up trusted identity propagation requires collaboration between the administrators of connected AWS services and the IAM Identity Center administrator. For more information, see [Prerequisites and considerations](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overall-prerequisites.html).
The Amazon SageMaker Studio and IAM Identity Center administrators can collaborate to connect the services for trusted identity propagation. Trusted identity propagation addresses enterprise authentication needs across AWS services by simplifying:
+ Enhanced auditing that tracks actions to specific users
+ Access management for data science and machine learning workloads through integration with compatible AWS services
+ Compliance requirements in regulated industries
Studio supports trusted identity propagation for audit purposes and access control with connected AWS services. Trusted identity propagation in Studio does not directly handle authentication or authorization decisions within Studio itself. Instead, it propagates identity context information to compatible services that can use this information for access control.
When you use trusted identity propagation with Studio, your IAM Identity Center identity propagates to connected AWS services, creating more granular permissions and security governance.
**Topics**
+ [
# Trusted identity propagation architecture and compatibility
](trustedidentitypropagation-compatibility.md)
+ [
# Setting up trusted identity propagation for Studio
](trustedidentitypropagation-setup.md)
+ [
# Monitoring and auditing with CloudTrail
](trustedidentitypropagation-auditing.md)
+ [
# User background sessions
](trustedidentitypropagation-user-background-sessions.md)
+ [
# How to connect with other AWS services with trusted identity propagation enabled
](trustedidentitypropagation-connect-other.md)
# Trusted identity propagation architecture and compatibility
Trusted identity propagation integrates AWS IAM Identity Center with Amazon SageMaker Studio and other connected AWS services to propagate users' identity context across services. The following page summarizes the trusted identity propagation architecture and compatibility with SageMaker AI. For a comprehensive overview of how trusted identity propagation works across AWS, see [Trusted identity propagation overview](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html).
The key components of the trusted identity propagation architecture include:
+ **Trusted identity propagation**: A methodology of propagating user's identity context between applications and services
+ **Identity context**: Information about a user
+ **Identity-enhanced IAM role session**: Identity-enhanced role sessions have an added identity context that carries a user identifier to the AWS service that it calls
+ **Connected AWS services**: Other AWS services that can recognize the identity context that is propagated through trusted identity propagation
Trusted identity propagation allows connected AWS services to make access decisions based on a user's identity. Within Studio itself, IAM roles are used as carriers of the identity context rather than for making access control decisions. The identity context is propagated to connected AWS services where it can be used for both access control and audit purposes. See [trusted identity propagation considerations](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overall-prerequisites.html#trustedidentitypropagation-considerations) for more information.
When you enable trusted identity propagation with Studio and authenticate through IAM Identity Center, SageMaker AI:
+ Captures the user's identity context from the IAM Identity Center
+ Creates an identity-enhanced IAM role session that include the user's identity context
+ Passes identity-enhanced IAM role session to compatible AWS services when the user accesses resources
+ Enables downstream AWS services to make access decisions and log activities based on the user identity
## Compatible SageMaker AI features
Trusted identity propagation works with the following Studio features:
+ [Amazon SageMaker Studio](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-updated-launch.html) private spaces (JupyterLab and Code Editor, based on Code-OSS, Visual Studio Code - Open Source)
**Note**
When Studio launches with trusted identity propagation enabled, it uses your identity context in addition to your execution role permissions. However, the following processes during instance setup will only use the execution role permissions, without the identity context: Lifecycle Configuration, Bring-Your-Own-Image, CloudWatch agent for user log forwarding.
[Remote access](https://docs.aws.amazon.com/sagemaker/latest/dg/remote-access.html) is not currently supported with trusted identity propagation.
When you use assume role operations within Studio notebooks, the assumed roles don't propagate trusted identity propagation context. Only the original execution role maintains the identity context.
+ [SageMaker Training](https://docs.aws.amazon.com/sagemaker/latest/dg/how-it-works-training.html)
+ [SageMaker Processing](https://docs.aws.amazon.com/sagemaker/latest/dg/processing-job.html)
+ [SageMaker AI realtime hosting](https://docs.aws.amazon.com/sagemaker/latest/dg/realtime-endpoints-options.html)
+ [SageMaker Pipelines](https://docs.aws.amazon.com/sagemaker/latest/dg/pipelines-overview.html)
+ [SageMaker real-time inference](https://docs.aws.amazon.com/sagemaker/latest/dg/realtime-endpoints.html)
+ [SageMaker Asynchronous Inference](https://docs.aws.amazon.com/sagemaker/latest/dg/async-inference.html)
+ [Managed MLflow](https://docs.aws.amazon.com/sagemaker/latest/dg/mlflow.html)
## Compatible AWS services
Trusted identity propagation for Amazon SageMaker Studio integrates with compatible AWS services, where trusted identity propagation is enabled. See [use cases](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-integrations.html) for a comprehensive list with examples on how to enable trusted identity propagation. The trusted identity propagation compatible services include the following.
+ [Amazon Athena](https://docs.aws.amazon.com/athena/latest/ug/workgroups-identity-center.html)
+ [Amazon EMR on EC2](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-idc-start.html)
+ [EMR Serverless](https://docs.aws.amazon.com/emr/latest/EMR-Serverless-UserGuide/security-iam-service-trusted-prop.html)
+ [AWS Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/identity-center-integration.html)
+ [Amazon Redshift Data API](https://docs.aws.amazon.com/redshift/latest/mgmt/data-api-trusted-identity-propagation.html)
+ Amazon S3 (via [Amazon S3 Access Grants](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-get-started.html))
+ [AWS Glue Connections](https://docs.aws.amazon.com/glue/latest/dg/security-trusted-identity-propagation.html)
When trusted identity propagation is enabled with SageMaker AI, each other AWS service with trusted identity propagation is enabled is connected. Once they are connected they recognize and use the user's identity context for access control and auditing.
## Supported AWS Regions
Studio supports trusted identity propagation where [IAM Identity Center is supported](https://docs.aws.amazon.com/singlesignon/latest/userguide/regions.html) and Studio with IAM Identity Center authentication is supported. Studio supports trusted identity propagation in the following AWS Regions:
+ af-south-1
+ ap-east-1
+ ap-northeast-1
+ ap-northeast-2
+ ap-northeast-3
+ ap-south-1
+ ap-southeast-1
+ ap-southeast-2
+ ap-southeast-3
+ ca-central-1
+ eu-central-1
+ eu-central-2
+ eu-north-1
+ eu-south-1
+ eu-west-1
+ eu-west-2
+ eu-west-3
+ il-central-1
+ me-south-1
+ sa-east-1
+ us-east-1
+ us-east-2
+ us-west-1
+ us-west-2
# Setting up trusted identity propagation for Studio
Setting up trusted identity propagation for Amazon SageMaker Studio requires your Amazon SageMaker AI domain to have IAM Identity Center authentication method configured. This section guides you through the prerequisites and steps needed to enable and configure trusted identity propagation for your Studio users.
**Topics**
+ [
## Prerequisites
](#trustedidentitypropagation-setup-prerequisites)
+ [
## Enable trusted identity propagation for your Amazon SageMaker AI domain
](#trustedidentitypropagation-setup-enable)
+ [
## Configure your SageMaker AI execution role
](#trustedidentitypropagation-setup-permissions)
## Prerequisites
Before setting up trusted identity propagation for SageMaker AI, set up your IAM Identity Center using the following instructions.
**Note**
Ensure that your IAM Identity Center and domain are in the same region.
+ [IAM Identity Center trusted identity propagation prerequisites](https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overall-prerequisites.html#trustedidentitypropagation-prerequisites)
+ [Set up IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/getting-started.html)
+ [Add users to your IAM Identity Center directory](https://docs.aws.amazon.com/singlesignon/latest/userguide/addusers.html)
## Enable trusted identity propagation for your Amazon SageMaker AI domain
**Important**
You can only enable trusted identity propagation for domains with AWS IAM Identity Center authentication method configured.
Your IAM Identity Center and Amazon SageMaker AI domain must be in the same AWS Region.
Use one of the following options to learn how to enable trusted identity propagation for a new or existing domain.
------
#### [ New domain - console ]
**Enable trusted identity propagation for a new domain using the SageMaker AI console**
1. Open the [Amazon SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. Navigate to **Domains**.
1. [Create a custom domain](https://docs.aws.amazon.com/sagemaker/latest/dg/onboard-custom.html). The domain must have the **AWS IAM Identity Center** authentication method configured.
1. In the **Trusted identity propagation** section, choose to **Enable the trusted identity propagation for all users on this domain**.
1. Complete the custom creation process.
------
#### [ Existing domain - console ]
**Enable trusted identity propagation for an existing domain using the SageMaker AI console**
**Note**
For trusted identity propagation to work properly after it is enabled for an existing domain, users will need to restart their existing IAM Identity Center sessions. To do so, either:
Users will need to log out and log back in to their existing IAM Identity Center sessions
Administrators can [end active sessions for their workforce users](https://docs.aws.amazon.com/singlesignon/latest/userguide/end-active-sessions.html).
1. Open the [Amazon SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. Navigate to **Domains**.
1. Select your existing domain. The domain must have the **AWS IAM Identity Center** authentication method configured.
1. In the **Domain settings** tab, choose **Edit** in the **Authentication and permissions** section.
1. Choose to **Enable the trusted identity propagation for all users on this domain**.
1. Complete the domain configuration.
------
#### [ Existing domain - AWS CLI ]
Enable trusted identity propagation for an existing domain using the AWS CLI
**Note**
For trusted identity propagation to work properly after it is enabled for an existing domain, users will need to restart their existing IAM Identity Center sessions. To do so, either:
Users will need to log out and log back in to their existing IAM Identity Center sessions
Administrators can [end active sessions for their workforce users](https://docs.aws.amazon.com/singlesignon/latest/userguide/end-active-sessions.html).
```
aws sagemaker update-domain \
--region $REGION \
--domain-id $DOMAIN_ID \
--domain-settings "TrustedIdentityPropagationSettings={Status=ENABLED}"
```
+ `DOMAIN_ID` is the Amazon SageMaker AI domain ID. See [View domains](https://docs.aws.amazon.com/sagemaker/latest/dg/domain-view.html) for more information.
+ `REGION` is the AWS Region of your Amazon SageMaker AI domain. You can find this at the top right of any AWS console page.
------
## Configure your SageMaker AI execution role
To enable trusted identity propagation for your Studio users, all trusted identity propagation roles need the set the following context permissions. Update the trust policy for all roles to include the `sts:AssumeRole` and `sts:SetContext` actions. Use the following policy when you [update your role trust policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-trust-policy.html).
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"sagemaker.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole",
"sts:SetContext"
]
}
]
}
```
------
# Monitoring and auditing with CloudTrail
With trusted identity propagation enabled, AWS CloudTrail logs include the identity information of the specific user who performed an action, rather than just the IAM role. This provides enhanced auditing capabilities for compliance and security.
To view identity information in CloudTrail logs:
+ Open the [CloudTrail console](https://console.aws.amazon.com/cloudtrail).
+ Choose **Event history** from the left navigation pane.
+ Choose events from SageMaker AI and related services.
+ Under the **Event record** find `onBehalfOf` key. This contains the `userId` key and other user identification information that can be mapped to a specific IAM Identity Center user.
See [CloudTrail use cases for IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/sso-cloudtrail-use-cases.html) for more information.
# User background sessions
User background sessions continue even when the user is no longer active. These allow for long-running jobs that can continue even after the user has logged off. This can be enabled through SageMaker AI's trusted identity propagation. The following page explains the configuration options and behaviors for user background sessions.
**Note**
Existing active user sessions are not impacted when trusted identity propagation is enabled. The default duration applies only to new user sessions or restarted sessions.
User background sessions apply to any long-running SageMaker AI workflows or jobs with persistent states. This includes, but is not limited to, any SageMaker AI resources that maintain execution status or require ongoing monitoring. For example, SageMaker Training, Processing, and Pipelines execution jobs.
**Topics**
+ [
## Configure user background session
](#configure-user-background-sessions)
+ [
## Default user background session duration
](#default-user-background-session-duration)
+ [
## Impact of disabling trusted identity propagation in Studio
](#user-background-session-impact-disable-trustedidentitypropagation-studio)
+ [
## Impact of disabling user background sessions in the IAM Identity Center console
](#user-background-session-impact-disable-trustedidentitypropagation-identity-center)
+ [
## Runtime considerations
](#user-background-session-runtime-considerations)
## Configure user background session
Once trusted identity propagation for Amazon SageMaker Studio is enabled, default duration limits can be configured through the [user background sessions in the IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/user-background-sessions.html).
## Default user background session duration
By default, all user background sessions have a duration limit of 7 days. Administrators can [modify this duration in the IAM Identity Center console](https://docs.aws.amazon.com/singlesignon/latest/userguide/user-background-sessions.html). This setting applies at the IAM Identity Center instance level, affecting all supported IAM Identity Center applications and Studio domains within that instance.
When trusted identity propagation is enabled, administrators in the SageMaker AI console will find a banner with the following information:
+ The duration limit for user background sessions
+ A link to the IAM Identity Center console where administrators can change this configuration
+ The duration can be set to any value from 15 minutes up to 90 days
An error message will occur when a user background session has expired. You can use the link to the IAM Identity Center console to update the duration.
## Impact of disabling trusted identity propagation in Studio
If an administrator disables trusted identity propagation, after initially enabling it, in the SageMaker AI console:
+ Existing jobs continue to run without interruption when user background sessions are enabled.
+ When user background sessions are disabled, any long-running SageMaker AI workflows or jobs with persistent states will switch to using interactive sessions. This includes, but is not limited to, any SageMaker AI resources that maintain execution status or require ongoing monitoring. For example, Amazon SageMaker Training and Processing jobs.
+ Users can restart expired jobs from checkpoints.
+ New jobs run with IAM role credentials and do not propagate the identity context.
## Impact of disabling user background sessions in the IAM Identity Center console
When the user background session is **disabled** for the IAM Identity Center instance, the SageMaker AI job uses user interactive sessions. When using interactive sessions, a SageMaker AI job will fail within 15 minutes when:
+ The user logs out
+ The interactive session is revoked by the administrator
When the user background session is **enabled** for the IAM Identity Center instance, the SageMaker AI job uses user background sessions. When using interactive sessions, a SageMaker AI job will fail within 15 minutes when:
+ The user background session expires
+ The user background session is manually revoked by an administrator
The following provides example behavior with SageMaker Training jobs. When an administrator enables trusted identity propagation but disables [user background sessions](https://docs.aws.amazon.com/singlesignon/latest/userguide/user-background-sessions.html) in the IAM Identity Center console:
+ If a user stays logged in, their Training jobs created while background sessions are disabled fallback to the interactive session.
+ If the user logs off, the session expires and Training jobs depending on the interactive session will fail.
+ Users can restart their Training job from the last checkpoint. The session duration is determined by what is set for the interactive session duration in the IAM Identity Center console.
+ If a user disables background sessions **after** starting a job, the job will continue to use its existing background sessions. In other words, SageMaker AI will not create any new background sessions.
The same behavior applies if background sessions are enabled at the IAM Identity Center instance level but disabled specifically for the Studio application using [IAM Identity Center APIs](https://docs.aws.amazon.com/singlesignon/latest/APIReference/welcome.html).
## Runtime considerations
When an administrator sets `MaxRuntimeInSeconds` for long-running Training or Processing jobs that is lower than the user background session duration, SageMaker AI runs the job for the minimum of either `MaxRuntimeInSeconds` or user background session duration. For more information about `MaxRuntimeInSeconds`, see [CreateTrainingJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateTrainingJob.html#sagemaker-CreateTrainingJob-request-StoppingCondition). See [user background sessions in the IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/user-background-sessions.html) for information on how to set the runtime.
# How to connect with other AWS services with trusted identity propagation enabled
When trusted identity propagation is enabled for your Amazon SageMaker AI domain, the domain users can connect to other trusted identity propagation enabled AWS services. When trusted identity propagation is enabled, your identity context is automatically propagated to compatible services, allowing for fine-grained access control and improved auditing across your machine learning workflows. This integration eliminates the need for complex IAM role switching and provides a unified identity experience across AWS services. The following pages provide information on how to connect Amazon SageMaker Studio to other AWS services when trusted identity propagation is enabled.
**Topics**
+ [
# Connect Studio JupyterLab notebooks to Amazon S3 Access Grants with trusted identity propagation enabled
](trustedidentitypropagation-s3-access-grants.md)
+ [
# Connect Studio JupyterLab notebooks to Amazon EMR with trusted identity propagation enabled
](trustedidentitypropagation-emr-ec2.md)
+ [
# Connect your Studio JupyterLab notebooks to EMR Serverless with trusted identity propagation enabled
](trustedidentitypropagation-emr-serverless.md)
+ [
# Connect Studio JupyterLab notebooks to Redshift Data API with trusted identity propagation enabled
](trustedidentitypropagation-redshift-data-apis.md)
+ [
# Connect Studio JupyterLab notebooks to Lake Formation and Athena with trusted identity propagation enabled
](trustedidentitypropagation-lake-formation-athena.md)
# Connect Studio JupyterLab notebooks to Amazon S3 Access Grants with trusted identity propagation enabled
You can use [Amazon S3 Access Grants](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants.html) to flexibly grant identity-based fine-grain access control to Amazon S3 locations. These grant Amazon S3 buckets access directly to your corporate users and groups. The following pages provides information and instructions on how to use Amazon S3 Access Grants with trusted identity propagation for SageMaker AI.
## Prerequisites
To connect Studio to Lake Formation and Athena with trusted identity propagation enabled, ensure you have completed the following prerequisites:
+ [Setting up trusted identity propagation for Studio](trustedidentitypropagation-setup.md)
+ Follow the [getting started with Amazon S3 Access Grants](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-get-started.html) to set up Amazon S3 Access Grants for your bucket. See [scaling data access with Amazon S3 Access Grants](https://aws.amazon.com/blogs/storage/scaling-data-access-with-amazon-s3-access-grants/) for more information.
**Note**
Standard Amazon S3 APIs do not automatically work with Amazon S3 Access Grants. You must explicitly use Amazon S3 Access Grants APIs. See [Managing access with Amazon S3 Access Grants](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants.html) for more information.
**Topics**
+ [
## Prerequisites
](#s3-access-grants-prerequisites)
+ [
# Connect Amazon S3 Access Grants with Studio JupyterLab notebooks
](s3-access-grants-setup.md)
+ [
# Connect Studio JupyterLab notebooks to Amazon S3 Access Grants with Training and Processing jobs
](trustedidentitypropagation-s3-access-grants-jobs.md)
# Connect Amazon S3 Access Grants with Studio JupyterLab notebooks
Use the following information to grant Amazon S3 Access Grants in Studio JupyterLab notebooks.
After Amazon S3 Access Grants is set up, [add the following permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) to your domain or user [execution role](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html#sagemaker-roles-get-execution-role).
+ `us-east-1` is your AWS Region
+ `111122223333` is your AWS account ID
+ `S3-ACCESS-GRANT-ROLE` is your Amazon S3 Access Grant role
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowDataAccessAPI",
"Effect": "Allow",
"Action": [
"s3:GetDataAccess"
],
"Resource": [
"arn:aws:s3:us-east-1:111122223333:access-grants/default"
]
},
{
"Sid": "RequiredForTIP",
"Effect": "Allow",
"Action": "sts:SetContext",
"Resource": "arn:aws:iam::111122223333:role/S3-ACCESS-GRANT-ROLE"
}
]
}
```
------
Ensure that your Amazon S3 Access Grants role's trust policy allows the `sts:SetContext` and `sts:AssumeRole` actions. The following is an example policy for when you [update your role trust policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-trust-policy.html).
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"access-grants.s3.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole",
"sts:SetContext"
],
"Condition": {
"StringEquals": {
"aws:SourceAccount": "111122223333",
"aws:SourceArn": "arn:aws:s3:us-east-1:111122223333:access-grants/default"
}
}
}
]
}
```
------
## Use Amazon S3 Access Grants to call Amazon S3
The following is an example Python script showing how Amazon S3 Access Grants can be used to call Amazon S3. This assumes you have already successfully set up trusted identity propagation with SageMaker AI.
```
import boto3
from botocore.config import Config
def get_access_grant_credentials(account_id: str, target: str,
permission: str = 'READ'):
s3control = boto3.client('s3control')
response = s3control.get_data_access(
AccountId=account_id,
Target=target,
Permission=permission
)
return response['Credentials']
def create_s3_client_from_credentials(credentials) -> boto3.client:
return boto3.client(
's3',
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken']
)
# Create client
credentials = get_access_grant_credentials('111122223333',
"s3://tip-enabled-bucket/tip-enabled-path/")
s3 = create_s3_client_from_credentials(credentials)
s3.list_objects(Bucket="tip-enabled-bucket", Prefix="tip-enabled-path/")
```
If you use a path to an Amazon S3 bucket where Amazon S3 access grant is not enabled, the call will fail.
For other programming languages, see [Managing access with Amazon S3 Access Grants](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants.html) for more information.
# Connect Studio JupyterLab notebooks to Amazon S3 Access Grants with Training and Processing jobs
Use the following information to grant Amazon S3 Access Grants to access data in Amazon SageMaker Training and Processing jobs.
When a user with trusted identity propagation enabled launches a SageMaker Training or Processing job that needs to access Amazon S3 data:
+ SageMaker AI calls Amazon S3 Access Grants to get temporary credentials based on the user's identity
+ If successful, these temporary credentials access the Amazon S3 data
+ If unsuccessful, SageMaker AI falls back to using the IAM role credentials
**Note**
To enforce that all of the permission are granted through Amazon S3 Access Grants, you will need to remove related Amazon S3 access permission your execution role and attach them to your corresponding [Amazon S3 Access Grant](https://docs.aws.amazon.com/singlesignon/latest/userguide/tip-tutorial-s3.html#tip-tutorial-s3-create-grant).
**Topics**
+ [
## Considerations
](#s3-access-grants-jobs-considerations)
+ [
## Set up Amazon S3 Access Grants with Training and Processing jobs
](#s3-access-grants-jobs-setup)
## Considerations
Amazon S3 Access Grants cannot be used with [Pipe mode](https://docs.aws.amazon.com/sagemaker/latest/dg/augmented-manifest-stream.html) for both SageMaker Training and Processing for Amazon S3 input.
When trusted identity propagation is enabled, you cannot launch a SageMaker Training Job with the following feature
+ Remote Debug
+ Debugger
+ Profiler
When trusted identity propagation is enabled, you cannot launch a Processing job with the following feature
+ DatasetDefinition
## Set up Amazon S3 Access Grants with Training and Processing jobs
After Amazon S3 Access Grants is set up, [add the following permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) to your domain or user [execution role](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html#sagemaker-roles-get-execution-role).
+ `us-east-1` is your AWS Region
+ `111122223333` is your AWS account ID
+ `S3-ACCESS-GRANT-ROLE` is your Amazon S3 Access Grant role
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowDataAccessAPI",
"Effect": "Allow",
"Action": [
"s3:GetDataAccess",
"s3:GetAccessGrantsInstanceForPrefix"
],
"Resource": [
"arn:aws:s3:us-east-1:111122223333:access-grants/default"
]
},
{
"Sid": "RequiredForIdentificationPropagation",
"Effect": "Allow",
"Action": "sts:SetContext",
"Resource": "arn:aws:iam::111122223333:role/S3-ACCESS-GRANT-ROLE"
}
]
}
```
------
# Connect Studio JupyterLab notebooks to Amazon EMR with trusted identity propagation enabled
Connecting Amazon SageMaker Studio JupyterLab notebooks to Amazon EMR clusters enables you to leverage the distributed computing power of Amazon EMR for large-scale data processing and analytics workloads. With trusted identity propagation enabled, your identity context is propagated to Amazon EMR, allowing for fine-grained access control and comprehensive audit trails. The following page provides instructions on how to connect your Studio notebook to Amazon EMR clusters. Once set up, you can use the `Connect to Cluster` option in your Studio notebook.
To connect Studio to Amazon EMR with trusted identity propagation enabled, ensure you have completed the following setups:
+ [Setting up trusted identity propagation for Studio](trustedidentitypropagation-setup.md)
+ [Getting started with AWS IAM Identity Center integration for Amazon EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-idc-start.html)
+ [Enable communications between Studio and Amazon EMR clusters](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-emr-cluster.html)
**Connect to the Amazon EMR cluster**
For a full list of options on how to connect your JupyterLab notebook to Amazon EMR, see [Connect to an Amazon EMR cluster](https://docs.aws.amazon.com/sagemaker/latest/dg/connect-emr-clusters.html).
# Connect your Studio JupyterLab notebooks to EMR Serverless with trusted identity propagation enabled
Amazon EMR Serverless provides a serverless option for running Apache Spark and Apache Hive applications without managing clusters. When integrated with trusted identity propagation, EMR Serverless automatically scales compute resources while maintaining your identity context for access control and auditing. This approach eliminates the operational overhead of cluster management while preserving the security benefits of identity-based access control. The following section provides information on how to connect your trusted identity propagation enabled Studio with the EMR Serverless.
To connect Studio to Amazon EMR Serverless with trusted identity propagation enabled, ensure you have completed the following setups:
+ [Setting up trusted identity propagation for Studio](trustedidentitypropagation-setup.md)
+ [Trusted identity propagation with EMR Serverless](https://docs.aws.amazon.com/emr/latest/EMR-Serverless-UserGuide/security-iam-service-trusted-prop.html)
+ [Enable communications between Studio and EMR Serverless](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-emr-serverless.html)
**Connect to the EMR Serverless application**
For a full list of options on how to connect your JupyterLab notebook to EMR Serverless, see [Connect to an EMR Serverless application](https://docs.aws.amazon.com/sagemaker/latest/dg/connect-emr-serverless-application.html).
# Connect Studio JupyterLab notebooks to Redshift Data API with trusted identity propagation enabled
Amazon Redshift Data API enables you to interact with your Amazon Redshift clusters programmatically without managing persistent connections. When combined with trusted identity propagation, the Redshift Data API provides secure, identity-based access to your data warehouse, allowing you to run SQL queries and retrieve results while maintaining full audit trails of user activities. This integration is particularly valuable for data science workflows that require access to structured data stored in Redshift. The following page includes information and instructions on how to connect trusted identity propagation with Amazon SageMaker Studio to Redshift Data API.
To connect Studio to Redshift Data API with trusted identity propagation enabled, ensure you have completed the following setups:
+ [Setting up trusted identity propagation for Studio](trustedidentitypropagation-setup.md)
+ [Using Redshift Data API with trusted identity propagation](https://docs.aws.amazon.com/redshift/latest/mgmt/data-api-trusted-identity-propagation.html)
+ Ensure your execution role has relevant permissions for Redshift Data API. See [authorizing access](https://docs.aws.amazon.com/redshift/latest/mgmt/data-api-access.html) for more information.
+ [Simplify access management with Amazon Redshift and AWS Lake Formation for users in an External Identity Provider](https://aws.amazon.com/blogs/big-data/simplify-access-management-with-amazon-redshift-and-aws-lake-formation-for-users-in-an-external-identity-provider/)
# Connect Studio JupyterLab notebooks to Lake Formation and Athena with trusted identity propagation enabled
AWS Lake Formation and Amazon Athena work together to provide a comprehensive data lake solution with fine-grained access control and serverless query capabilities. Lake Formation centralizes permissions management for your data lake, while Athena provides interactive query services. When integrated with trusted identity propagation, this combination enables data scientists to access only the data they're authorized to see, with all queries and data access automatically logged for compliance and auditing purposes. The following page provides information and instructions on how to connect trusted identity propagation with Amazon SageMaker Studio to Lake Formation and Athena
To connect Studio to Lake Formation and Athena with trusted identity propagation enabled, ensure you have completed the following setups:
+ [Setting up trusted identity propagation for Studio](trustedidentitypropagation-setup.md)
+ [Create a Lake Formation role](https://docs.aws.amazon.com/lake-formation/latest/dg/prerequisites-identity-center.html)
+ [Connect Lake Formation with IAM Identity Center](https://docs.aws.amazon.com/lake-formation/latest/dg/connect-lf-identity-center.html)
+ Create Lake Formation resources:
+ [Database](https://docs.aws.amazon.com/lake-formation/latest/dg/creating-database.html)
+ [Tables](https://docs.aws.amazon.com/lake-formation/latest/dg/creating-tables.html)
+ [Create Athena workgroup](https://docs.aws.amazon.com/athena/latest/ug/creating-workgroups.html)
+ Choose **AthenaSQL** for the engine
+ Choose **IAM Identity Center** for authentication method
+ Create a new service role
+ Ensure that the IAM Identity Center users have access to the query result location using Amazon S3 Access Grants
+ [Granting database permissions using the named resource method](https://docs.aws.amazon.com/lake-formation/latest/dg/granting-database-permissions.html)
# Perform common UI tasks
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
The following sections describe how to perform common tasks in the Amazon SageMaker Studio UI. For an overview of the Studio user interface, see [Amazon SageMaker Studio UI overview](studio-updated-ui.md).
**Set cookie preferences**
1. Launch Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. At the bottom of the Studio user interface, choose **Cookie Preferences**.
1. Select the check box for each type of cookie that you want Amazon SageMaker AI to use.
1. Choose **Save preferences**.
**Manage notifications**
Notifications give information about important changes to Studio, updates to applications, and issues to resolve.
1. Launch Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. On the top navigation bar, choose the **Notifications** icon (![\[Logo for Notifications, a cloud service with a stylized bell icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/monarch/notification.png)).
1. From the list of notifications, select the notification to get information about it.
**Leave feedback**
We take your feedback seriously. We encourage you to provide feedback.
At the top navigation of Studio, choose **Provide feedback**.
**Sign out**
Signing out of the Studio UI is different than closing the browser window. Signing out clears session data from the browser and deletes unsaved changes.
This same behavior also happens when the Studio session times out. This happens after 5 minutes.
1. Launch Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. Choose the **User options** icon (![\[User icon with a circular avatar placeholder and a downward-pointing arrow.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/monarch/user-settings.png)).
1. Choose **Sign out**.
1. In the pop-up window, choose **Sign out**.
# NVMe stores with Amazon SageMaker Studio
Amazon SageMaker Studio applications and their associated notebooks run on Amazon Elastic Compute Cloud (Amazon EC2) instances. Some of the Amazon EC2 instance types, such as the `ml.m5d` instance family, offer non-volatile memory express (NVMe) solid state drives (SSD) instance stores. NVMe instance stores are local ephemeral disk stores that are physically connected to an instance for fast temporary storage. Studio applications support NVMe instance stores for supported instance types. For more information about instance types and their associated NVMe store volumes, see the [Amazon Elastic Compute Cloud Instance Type Details](https://aws.amazon.com/ec2/instance-types/). This topic provides information about accessing and using NVMe instance stores, as well as considerations when using NVMe instance stores with Studio.
## Considerations
The following considerations apply when using NVMe instance stores with Studio.
+ An NVMe instance store is temporary storage. The data stored on the NVMe store is deleted when the instance is terminated, stopped, or hibernated. When using NVMe stores with Studio applications, the data on the NVMe instance store is lost whenever the application is deleted, restarted, or patched. We recommend that you back up valuable data to persistent storage solutions, such as Amazon Elastic Block Store, Amazon Elastic File System, or Amazon Simple Storage Service.
+ Studio patches instances periodically to install new security updates. When an instance is patched, the instance is restarted. This restart results in the deletion of data stored in the NVMe instance store. We recommend that you frequently back up necessary data from the NVMe instance store to persistent storage solutions, such as Amazon Elastic Block Store, Amazon Elastic File System, or Amazon Simple Storage Service.
+ The following Studio applications support using NVMe storage:
+ JupyterLab
+ Code Editor, based on Code-OSS, Visual Studio Code - Open Source
+ KernelGateway
## Access NVMe instance stores
When you select an instance type with attached NVMe instance stores to host a Studio application, the NVMe instance store directory is mounted to the application container at the following location:
```
/mnt/sagemaker-nvme
```
If an instance has more than 1 NVMe instance store attached to it, Studio creates a striped logical volume that spans all of the local disks attached. Studio then mounts this striped logical volume to the `/mnt/sagemaker-nvme` directory. As a result, the directory storage size is the sum of all NVMe instance store volume sizes attached to the instance.
If the `/mnt/sagemaker-nvme` directory does not exist, verify that the instance type hosting your application has an attached NVMe instance store volume.
# Local mode support in Amazon SageMaker Studio
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
Amazon SageMaker Studio applications support the use of local mode to create estimators, processors, and pipelines, then deploy them to a local environment. With local mode, you can test machine learning scripts before running them in Amazon SageMaker AI managed training or hosting environments. Studio supports local mode in the following applications:
+ Amazon SageMaker Studio Classic
+ JupyterLab
+ Code Editor, based on Code-OSS, Visual Studio Code - Open Source
Local mode in Studio applications is invoked using the SageMaker Python SDK. In Studio applications, local mode functions similarly to how it functions in Amazon SageMaker notebook instances, with some differences. With the [Rootless Docker configuration](studio-updated-local-get-started.md#studio-updated-local-rootless) enabled, you can also access additional Docker registries through your VPC configuration, including on-premises repositories, and public registries. For more information about using local mode with the SageMaker Python SDK, see [Local Mode](https://sagemaker.readthedocs.io/en/stable/overview.html#local-mode).
**Note**
Studio applications do not support multi-container jobs in local mode. Local mode jobs are limited to a single instance for training, inference, and processing jobs. When creating a local mode job, the instance count configuration must be `1`.
## Docker support
As part of local mode support, Studio applications support limited Docker access capabilities. With this support, users can interact with the Docker API from Jupyter notebooks or the image terminal of the application. Customers can interact with Docker using one of the following:
+ [Docker CLI](https://docs.docker.com/engine/reference/run/)
+ [Docker Compose CLI ](https://docs.docker.com/compose/reference/)
+ Language specific Docker SDK clients
Studio also supports limited Docker access capabilities with the following restrictions:
+ Usage of Docker networks is not supported.
+ Docker [volume](https://docs.docker.com/storage/volumes/) usage is not supported during container run. Only volume bind mount inputs are allowed during container orchestration. The volume bind mount inputs must be located on the Amazon Elastic File System (Amazon EFS) volume for Studio Classic. For JupyterLab and Code Editor applications, it must be located on the Amazon Elastic Block Store (Amazon EBS) volume.
+ Container inspect operations are allowed.
+ Container port to host mapping is not allowed. However, you can specify a port for hosting. The endpoint is then accessible from Studio using the following URL:
```
http://localhost:port
```
### Docker operations supported
The following table lists all of the Docker API endpoints that are supported in Studio, including any support limitations. If an API endpoint is missing from the table, Studio doesn't support it.
| API Documentation | Limitations |
| --- | --- |
| [SystemAuth](https://docs.docker.com/engine/api/v1.43/#tag/System/operation/SystemAuth) | |
| [SystemEvents](https://docs.docker.com/engine/api/v1.43/#tag/System/operation/SystemEvents) | |
| [SystemVersion](https://docs.docker.com/engine/api/v1.43/#tag/System/operation/SystemVersion) | |
| [SystemPing](https://docs.docker.com/engine/api/v1.43/#tag/System/operation/SystemPing) | |
| [SystemPingHead](https://docs.docker.com/engine/api/v1.43/#tag/System/operation/SystemPingHead) | |
| [ContainerCreate](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/studio-updated-local.html) |
| [ContainerStart](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerStart) | |
| [ContainerStop](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerStop) | |
| [ContainerKill](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerKill) | |
| [ContainerDelete](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerDelete) | |
| [ContainerList](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerList) | |
| [ContainerLogs](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerLogs) | |
| [ContainerInspect](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect) | |
| [ContainerWait](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerWait) | |
| [ContainerAttach](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerAttach) | |
| [ContainerPrune](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerPrune) | |
| [ContainerResize](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerResize) | |
| [ImageCreate](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageCreate) | VPC-only mode support is limited to Amazon ECR images in allowlisted accounts. With the [Rootless Docker configuration](studio-updated-local-get-started.md#studio-updated-local-rootless) enabled, you can also access additional Docker registries through your VPC configuration, including on-premises repositories, and public registries. |
| [ImagePrune](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImagePrune) | |
| [ImagePush](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImagePush) | VPC-only mode support is limited to Amazon ECR images in allowlisted accounts. With the [Rootless Docker configuration](studio-updated-local-get-started.md#studio-updated-local-rootless) enabled, you can also access additional Docker registries through your VPC configuration, including on-premises repositories, and public registries. |
| [ImageList](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageList) | |
| [ImageInspect](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect) | |
| [ImageGet](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageGet) | |
| [ImageDelete](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageDelete) | |
| [ImageBuild](https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageBuild) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/studio-updated-local.html) |
**Topics**
+ [
## Docker support
](#studio-updated-local-docker)
+ [
# Getting started with local mode
](studio-updated-local-get-started.md)
# Getting started with local mode
The following sections outline the steps needed to get started with local mode in Amazon SageMaker Studio, including:
+ Completing prerequisites
+ Setting `EnableDockerAccess`
+ Docker installation
## Prerequisites
Complete the following prerequisites to use local mode in Studio applications:
+ To pull images from an Amazon Elastic Container Registry repository, the account hosting the Amazon ECR image must provide access permission for the user’s execution role. The domain’s execution role must also allow Amazon ECR access.
+ Verify that you are using the latest version of the Studio Python SDK by using the following command:
```
pip install -U sagemaker
```
+ To use local mode and Docker capabilities, set the following parameter of the domain’s `DockerSettings` using the AWS Command Line Interface (AWS CLI):
```
EnableDockerAccess : ENABLED
```
+ Using `EnableDockerAccess`, you can also control whether users in the domain can use local mode. By default, local mode and Docker capabilities aren't allowed in Studio applications. For more information, see [Setting `EnableDockerAccess`](#studio-updated-local-enable).
+ Install the Docker CLI in the Studio application by following the steps in [Docker installation](#studio-updated-local-docker-installation).
+ For the [Rootless Docker configuration](#studio-updated-local-rootless), ensure your VPC has appropriate endpoints and routing configured for your desired Docker registries.
## Setting `EnableDockerAccess`
The following sections show how to set `EnableDockerAccess` when the domain has public internet access or is in `VPC-only` mode.
**Note**
Changes to `EnableDockerAccess` only apply to applications created after the domain is updated. You must create a new application after updating the domain.
**Public internet access**
The following example commands show how to set `EnableDockerAccess` when creating a new domain or updating an existing domain with public internet access:
```
# create new domain
aws --region region \
sagemaker create-domain --domain-name domain-name \
--vpc-id vpc-id \
--subnet-ids subnet-ids \
--auth-mode IAM \
--default-user-settings "ExecutionRole=execution-role" \
--domain-settings '{"DockerSettings": {"EnableDockerAccess": "ENABLED"}}' \
--query DomainArn \
--output text
# update domain
aws --region region \
sagemaker update-domain --domain-id domain-id \
--domain-settings-for-update '{"DockerSettings": {"EnableDockerAccess": "ENABLED"}}'
```
**`VPC-only` mode**
When using a domain in `VPC-only` mode, Docker image push and pull requests are routed through the service VPC instead of the VPC configured by the customer. Because of this functionality, administrators can configure a list of trusted AWS accounts that users can make Amazon ECR Docker pull and push operations requests to.
If a Docker image push or pull request is made to an AWS account that is not in the list of trusted AWS accounts, the request fails. Docker pull and push operations outside of Amazon Elastic Container Registry (Amazon ECR) aren't supported in `VPC-only` mode.
The following AWS accounts are trusted by default:
+ The account hosting the SageMaker AI domain.
+ SageMaker AI accounts that host the following SageMaker images:
+ DLC framework images
+ Sklearn, Spark, XGBoost processing images
To configure a list of additional trusted AWS accounts, specify the `VpcOnlyTrustedAccounts` value as follows:
```
aws --region region \
sagemaker update-domain --domain-id domain-id \
--domain-settings-for-update '{"DockerSettings": {"EnableDockerAccess": "ENABLED", "VpcOnlyTrustedAccounts": ["account-list"]}}'
```
**Note**
When the [Rootless Docker configuration](#studio-updated-local-rootless) is enabled, `VpcOnlyTrustedAccounts` is ignored and Docker traffic routes through your VPC configuration, allowing access to any registry your VPC can reach.
## Rootless Docker configuration
When [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DockerSettings.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DockerSettings.html) is enabled, Studio uses a [rootless Docker daemon](https://docs.docker.com/engine/security/rootless/) that routes traffic through your VPC. This provides enhanced security and allows access to additional Docker registries. The key differences with `RootlessDocker` are:
+ Your VPC configuration determines which registries are accessible for Docker operations. `VpcOnlyTrustedAccounts` is ignored and Docker traffic routes through your VPC configuration.
To use rootless Docker, you will need to set both `EnableDockerAccess` and `RootlessDocker` to `ENABLED` for your `DockerSettings`. For example, in the [Setting `EnableDockerAccess`](#studio-updated-local-enable) examples above, you can modify your domain settings to include:
```
'{"DockerSettings": {"EnableDockerAccess": "ENABLED", "RootlessDocker": "ENABLED"}}'
```
## Docker installation
To use Docker, you must manually install Docker from the terminal of your Studio application. The steps to install Docker are different if the domain has access to the internet or not.
### Internet access
If the domain is created with public internet access or in `VPC-only` mode with limited internet access, use the following steps to install Docker.
1. (Optional) If your domain is created in `VPC-only` mode with limited internet access, create a public NAT gateway with access to the Docker website. For instructions, see [NAT gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html).
1. Navigate to the terminal of the Studio application that you want to install Docker in.
1. To return the operating system of the application, run the following command from the terminal:
```
cat /etc/os-release
```
1. Install Docker following the instructions for the operating system of the application in the [Amazon SageMaker AI Local Mode Examples repository](https://github.com/aws-samples/amazon-sagemaker-local-mode/tree/main/sagemaker_studio_docker_cli_install).
For example, install Docker on Ubuntu following the script at [https://github.com/aws-samples/amazon-sagemaker-local-mode/blob/main/sagemaker\$1studio\$1docker\$1cli\$1install/sagemaker-ubuntu-focal-docker-cli-install.sh](https://github.com/aws-samples/amazon-sagemaker-local-mode/blob/main/sagemaker_studio_docker_cli_install/sagemaker-ubuntu-focal-docker-cli-install.sh) with the following considerations:
+ If chained commands fail, run commands one at a time.
+ Studio only supports Docker version `20.10.X.` and Docker Engine API version `1.41`.
+ The following packages aren't required to use the Docker CLI in Studio and their installation can be skipped:
+ `containerd.io`
+ `docker-ce`
+ `docker-buildx-plugin`
**Note**
You do not need to start the Docker service in your applications. The instance that hosts the Studio application runs Docker service by default. All Docker API calls are routed through the Docker service automatically.
1. Use the exposed Docker socket for Docker interactions within Studio applications. By default, the following socket is exposed:
```
unix:///docker/proxy.sock
```
The following Studio application environmental variable for the default `USER` uses this exposed socket:
```
DOCKER_HOST
```
### No internet access
If the domain is created in `VPC-only` mode with no internet access, use the following steps to install Docker.
1. Navigate to the terminal of the Studio application that you want to install Docker in.
1. Run the following command from the terminal to return the operating system of the application:
```
cat /etc/os-release
```
1. Download the required Docker `.deb` files to your local machine. For instructions about downloading the required files for the operating system of the Studio application, see [Install Docker Engine](https://docs.docker.com/engine/install/).
For example, install Docker from a package on Ubuntu following the steps 1–4 in [Install from a package](https://docs.docker.com/engine/install/ubuntu/#install-from-a-package) with the following considerations:
+ Install Docker from a package. Using other methods to install Docker will fail.
+ Install the latest packages corresponding to Docker version `20.10.X`.
+ The following packages aren't required to use the Docker CLI in Studio. You don't need to install the following:
+ `containerd.io`
+ `docker-ce`
+ `docker-buildx-plugin`
**Note**
You do not need to start the Docker service in your applications. The instance that hosts the Studio application runs Docker service by default. All Docker API calls are routed through the Docker service automatically.
1. Upload the `.deb` files to the Amazon EFS file system or to the Amazon EBS file system of the application.
1. Manually install the `docker-ce-cli` and `docker-compose-plugin` `.deb` packages from the Studio application terminal. For more information and instructions, see step 5 in [Install from a package](https://docs.docker.com/engine/install/ubuntu/#install-from-a-package) on the Docker docs website.
1. Use the exposed Docker socket for Docker interactions within Studio applications. By default, the following socket is exposed:
```
unix:///docker/proxy.sock
```
The following Studio application environmental variable for the default `USER` uses this exposed socket:
```
DOCKER_HOST
```
# View your Studio running instances, applications, and spaces
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
The following topics include information and instructions about how to view your Studio running instances, applications, and spaces. For more information about Studio spaces, see [Amazon SageMaker Studio spaces](studio-updated-spaces.md).
## View your Studio running instances and applications
The **Running instances** page gives information about all running application instances that were created in Amazon SageMaker Studio by the user, or were shared with the user.
You can view and stop running instances for all of your applications and spaces. If an instance is stopped, it does not appear on this page. Stopped instances can be viewed from the landing page for their respective application types.
You can view a list of running applications and their details in Studio.
**To view running instances**
1. Launch Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. On the left navigation pane, choose **Running instances**.
1. From the **Running instances** page, you can view a list of running applications and details about those applications.
To view non-running instances, from the left navigation pane choose, the relevant application under **Applications**. The non-running applications will have the **Stopped** status under the **Status** column.
## View your Studio spaces
The **Spaces** section within your **Domain details** page gives information about Studio spaces within your domain. You can view, create, and delete spaces on this page.
The spaces that you can view in the **Spaces** section are running spaces for the following:
+ JupyterLab private space. For information about JupyterLab, see [SageMaker JupyterLab](studio-updated-jl.md).
+ Code Editor private space. For information about Code Editor, based on Code-OSS, Visual Studio Code - Open Source, see [Code Editor in Amazon SageMaker Studio](code-editor.md).
+ Studio Classic shared space. For information about Studio Classic shared space, see [Collaboration with shared spaces](domain-space.md).
There are no spaces for SageMaker Canvas, Studio Classic (private), or RStudio.
**View your Studio spaces in a domain**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the domain where you want to view the spaces.
1. On the **Domain details** page, choose the **Space management** tab to open the **Spaces** section.
**View your Studio spaces using the AWS CLI**
Use the following command to list all spaces in your domain:
```
aws sagemaker list-spaces --region us-east-1 --domain-id domain-id
```
+ `us-east-1` is your AWS Region.
+ *domain-id* is your domain ID. See [View domains](domain-view.md) for more information.
# Stop and delete your Studio running applications and spaces
The following page includes information and instructions on how to stop and delete unused Amazon SageMaker Studio resources to avoid unwanted additional costs. For the Studio resources you no longer you wish to use, you will need to both:
+ Stop the application: This stops both the application and deletes the instance that the application is running on. Once you stop an application you can start it back up again.
+ Delete the space: This deletes the Amazon EBS volume that was created for the application and instance.
**Important**
If you delete the space, you will lose access to the data within that space. Do not delete the space unless you're sure that you want to.
For more information about the differences between Studio spaces and applications, see [View your Studio running instances, applications, and spaces](studio-updated-running.md).
**Topics**
+ [
## Stop your Amazon SageMaker Studio application
](#studio-updated-running-stop-app)
+ [
## Delete a Studio space
](#studio-updated-running-stop-space)
## Stop your Amazon SageMaker Studio application
To avoid additional charges from unused running applications, you must stop them. The following includes information on what stopping an application does and how to do it.
+ The following instructions uses the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteApp.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteApp.html) API to stop the application. This also stops the instance that the application is running on.
+ After you stop an application, you can start up the application again later.
+ When you stop an application, the files in the space will persist. You can run the application again and expect to have access to the same files that are stored in the space, as you did before deleting the application.
+ When you stop an application, the *metadata* for the application will be deleted within 24 hours. For more information, see the note in the `CreationTime` response element for the [DescribeApp](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeApp.html#sagemaker-DescribeApp-response-CreationTime) API.
**Note**
If the service detects that an application is unhealthy, it assumes the [AmazonSageMakerNotebooksServiceRolePolicy](security-iam-awsmanpol-notebooks.md#security-iam-awsmanpol-AmazonSageMakerNotebooksServiceRolePolicy) service linked role and deletes the application using the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteApp.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteApp.html) API.
The following tabs provide instructions to stop an application from your domain using the Studio UI, the SageMaker AI console, or the AWS CLI.
**Note**
To view and stop all of your Studio running instances in one location, we recommend the [Stop applications using the Studio UI](#studio-updated-running-stop-app-using-studio-updated-ui) workflow from the following options.
### Stop applications using the Studio UI
To stop your Studio applications using the Studio UI, use the following instructions.
**To delete your applications (Studio UI)**
1. Launch Studio. This process may differ depending on your setup. For information about launching Studio, see [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. From the left navigation pane, choose **Running instances**.
If the table on the page is empty, you don't have any running instances or applications in your spaces.
1. In the table under the **Name** and **Application** columns, find the space name and the application that you want to stop.
1. Choose the corresponding **Stop** button to stop the application.
### Stop applications using the SageMaker AI console
To view or stop Studio running instances from a centralized location, see [Stop applications using the Studio UI](#studio-updated-running-stop-app-using-studio-updated-ui). Otherwise, use the following instructions.
In the SageMaker AI console, you can only stop the running Studio applications for the spaces that you are able to view in the **Spaces** section of the console. For a list of the viewable spaces, see [View your Studio spaces](studio-updated-running.md#studio-updated-running-view-space).
These steps show how to stop your Studio applications by using the SageMaker AI console.
**To stop your applications (SageMaker AI console)**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the domain that you want to revert.
1. On the **Domain details** page, choose the **Space management** tab.
1.
**Important**
In the **Space management** tab, you have the option to delete the space. There is a difference between deleting the space and deleting an application. If you delete the space, you will lose access to the data within that space. Do not delete the space unless you're sure that you want to.
To stop the application, in the **Space management** tab and under the **Name** column, choose the space for the application.
1. In the **Apps** section and under the **App type** column, search for the app to stop.
1. Under the **Action** column, choose the corresponding **Delete app** button.
1. In the pop-up box, choose **Yes, delete app**. After you do so the delete input field becomes available.
1. Enter **delete** in the delete input field to confirm deletion.
1. Choose **Delete**.
### Stop your domain applications using the AWS CLI
To view or stop any of your Studio running instances from a centralized location, see [Stop applications using the Studio UI](#studio-updated-running-stop-app-using-studio-updated-ui). Otherwise, use the following instructions.
The following code examples use the [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteApp.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeleteApp.html) API to stop an application in an example domain.
To stop your running **JupyterLab** or **Code Editor** instances, use the following code example:
```
aws sagemaker delete-app \
--domain-id example-domain-id \
--region AWS Region \
--app-name default \
--app-type example-app-type \
--space-name example-space-name
```
+ To obtain your `example-domain-id`, use the following instructions:
**To get `example-domain-id`**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the relevant domain.
1. On the **Domain details** page, choose the **Domain settings** tab.
1. Copy the **Domain ID**.
+ To obtain your `AWS Region`, use the following instructions to ensure you are using the correct AWS Region for your domain:
**To get `AWS Region`**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the relevant domain.
1. On the **Domain details** page, verify that this is the relevant domain.
1. Expand the region dropdown list from the top right of the SageMaker AI console, and use the corresponding AWS Region ID to the right of your AWS Region name. For example, `us-west-1`.
+ For `example-app-type`, use the application type that's relevant to the application that you want to stop. For example, replace `example-app-type` with one of the following application types:
+ JupyterLab application type: `JupyterLab`. For information about JupyterLab, see [SageMaker JupyterLab](studio-updated-jl.md).
+ Code Editor application type: `CodeEditor`. For information about Code Editor, based on Code-OSS, Visual Studio Code - Open Source, see [Code Editor in Amazon SageMaker Studio](code-editor.md).
+ To obtain your `example-space-name`, use the following steps:
**To get `example-space-name`**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the relevant domain.
1. On the **Domain details** page, choose the **Space management** tab.
1. Copy the relevant space name.
To stop running instances for **SageMaker Canvas**, **Studio Classic**, or **RStudio**, use the following code example:
```
aws sagemaker delete-app \
--domain-id example-domain-id \
--region AWS Region \
--app-name default \
--app-type example-app-type \
--user-profile example-user-name
```
+ For `example-app-type`, use the application type relevant to the application that you want to stop. For example, replace `example-app-type` with one of the following application types:
+ SageMaker Canvas application type: `Canvas`. For information about SageMaker Canvas, see [Amazon SageMaker Canvas](canvas.md).
+ Studio Classic application type: `JupyterServer`. For information about Studio Classic, see [Amazon SageMaker Studio Classic](studio.md).
+ RStudio application type: `RStudioServerPro`. For information about RStudio, see [RStudio on Amazon SageMaker AI](rstudio.md).
+ To obtain your `example-user-name`, navigate to the **Domain details** page.
+ Next, choose the **User profiles** tab, and copy the relevant space name.
For alternative instructions to stop your running Studio applications, see:
+ JupyterLab: [Delete unused resources](studio-updated-jl-admin-guide-clean-up.md).
+ Code Editor: [Shut down Code Editor resources](code-editor-use-log-out.md).
+ SageMaker Canvas: [Logging out of Amazon SageMaker Canvas](canvas-log-out.md).
+ Studio Classic: [Shut Down and Update Amazon SageMaker Studio Classic and Apps](studio-tasks-update.md).
+ RStudio: [Shut down RStudio](rstudio-shutdown.md).
## Delete a Studio space
**Important**
After you delete your space, you will lose all of the data stored in the space. We recommend that you back up your data before deleting your space.
You will need to have administrator permissions, or at least have permissions to update domain, IAM, and Amazon S3, to delete a Studio space.
+ Spaces are used to manage the storage and resource needs of the relevant application. When you delete a space, the storage volume also deletes. Therefore, you lose access to the files stored on that space. For more information about Studio spaces, see [Amazon SageMaker Studio spaces](studio-updated-spaces.md).
We recommend that you back up your data if you choose to delete a space.
+ After you delete a space, you can't access that space again.
You can delete the Studio spaces that are viewable in the **Spaces** section of the console. For a list of the viewable spaces, see [View your Studio spaces](studio-updated-running.md#studio-updated-running-view-space).
There are no spaces for SageMaker Canvas, Studio Classic (private), and RStudio. To stop and delete your SageMaker Canvas, Studio Classic (private), or RStudio applications, see [Stop your Amazon SageMaker Studio application](#studio-updated-running-stop-app).
### Delete a space using the SageMaker AI console
The **Spaces** section within your **Domain details** page gives information about Studio spaces within your domain. You can view, create, and delete spaces on this page.
**To view Studio spaces in a domain**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the domain where you want to view the spaces.
1. On the **Domain details**, choose **Space management** to open the **Spaces** section.
1. Select the space to delete.
1. Choose **Delete**.
1. In the pop-up box titled **Delete space**, you have two options:
+ If you already shut down all applications in the space, choose **Yes, delete space**.
+ If you still have applications running in the space, choose **Yes, shut down all apps and delete space**.
1. Enter **delete** in the delete input field to confirm deletion.
1. To delete the space, you have two options:
+ If you already shut down all applications in the space, choose **Delete space**.
+ If you still have applications running in the space, choose **Shut down all apps and delete space**.
### Delete a space using the AWS CLI
Before you can delete a space using the AWS CLI, you must delete the application associated with it. For information about stopping your Studio applications, see [Stop your Amazon SageMaker Studio application](#studio-updated-running-stop-app).
Use the following AWS CLI command to delete a space within a domain:
```
aws sagemaker delete-space \
--domain-id example-domain-id \
--region AWS Region \
--space-name example-space-name
```
+ To obtain your `example-domain-id`, use the following instructions:
**To get `example-domain-id`**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the relevant domain.
1. On the **Domain details** page, choose the **Domain settings** tab.
1. Copy the **Domain ID**.
+ To obtain your `AWS Region`, use the following instructions to ensure you are using the correct AWS Region for your domain:
**To get `AWS Region`**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the relevant domain.
1. On the **Domain details** page, verify that this is the relevant domain.
1. Expand the region dropdown list from the top right of the SageMaker AI console, and use the corresponding AWS Region ID to the right of your AWS Region name. For example, `us-west-1`.
+ To obtain your `example-space-name`, use the following steps:
**To get `example-space-name`**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the relevant domain.
1. On the **Domain details** page, choose the **Space management** tab.
1. Copy the relevant space name.
# SageMaker Studio image support policy
**Important**
Currently, all packages in SageMaker Distribution images are licensed for use with Amazon SageMaker AI and do not require additional commercial licenses. However, this might be subject to change in the future, and we recommend reviewing the licensing terms regularly for any updates.
Amazon SageMaker Distribution is a set of Docker images available on SageMaker Studio that include popular frameworks for machine learning, data science, and visualization.
The images include deep learning frameworks like PyTorch, TensorFlow and Keras; popular Python packages like numpy, scikit-learn and pandas; and IDEs like JupyterLab and Code Editor, based on Code-OSS, Visual Studio Code - Open Source. The distribution contains the latest versions of all these packages such that they are mutually compatible.
This page details the support policy and availability for SageMaker Distribution Images on SageMaker Studio.
## Versioning, release cadence, and support policy
The table below outlines the release schedule for SageMaker Distribution Image versions and their planned support. AWS provides ongoing functionality and security updates for supported image versions. New minor versions are released for major versions for 12 months, and supported minor versions receive ongoing functionality and security patches. In some cases, an image version may need to be designated end of support earlier than originally planned if (a) security issues cannot be addressed while maintaining semantic versioning guidelines or (b) any of our major dependencies, like Python, reach end-of-life. AWS releases ad-hoc major or minor versions on an as-needed basis.
| Version | Description | Release cadence | Planned support |
| --- | --- | --- | --- |
| Major | Amazon SageMaker Distribution's major version releases involve upgrading all of its core dependencies to the latest compatible versions. These major releases may also add or remove packages as part of the update. Major versions are denoted by the first number in the version string, such as 1.0, 2.0, or 3.0. | 6 months | 18 months |
| Minor | Amazon SageMaker Distribution's minor version releases include upgrading all of its core dependencies to the latest compatible minor versions within the same major version. SageMaker Distribution can add new packages during a minor version release. Minor versions are denoted by the second number in the version string, for example, 1.1, 1.2, or 2.1. | 1 month | 6 months |
| Patch | Amazon SageMaker Distribution's patch version releases include updating all of its core dependencies to the latest compatible patch versions within the same minor version. SageMaker Distribution does not add or remove any packages during a patch version release. Patch versions are denoted by the third number in the version string, for example, 1.1.1, 1.2.1, or 2.1.3. Since patch versions are generally released for fixing security vulnerabilities, we recommend always upgrading to the newest patch version when they become available. | As necessary for fixing security vulnerabilities | Until new patch version is released |
Each major version of the Amazon SageMaker Distribution is available for 18 months. During the first 12 months, new minor versions are released monthly. For the remaining 6 months, the existing minor versions continue to be supported.
## Supported image versions
The tables below list the supported SageMaker Distribution image versions, their planned end of support dates, and their availability on SageMaker Studio. For image versions where support ends sooner than the planned end of support date, the versions continue to be available on Studio until the designated availability date. You can continue using the image to launch applications for up to 90 days or until the availability date on Studio, whichever comes first. For more information about such cases, reach out to Support.
You can migrate to a newer supported version as soon as possible to ensure that you receive ongoing functionality and security updates. When choosing an image version in SageMaker Studio, we recommend that you choose a supported image version from the tables below.
### Supported major versions
The following table lists the supported SageMaker Distribution major image versions.
| Image version | Last minor version release | Supported until | Description |
| --- | --- | --- | --- |
| 1.x.x | Apr 30th, 2025 | Oct 30th, 2025 | SageMaker Distribution major version 1 is built with Python 3.10. |
| 2.x.x | Aug 25th, 2025 | Feb 25th, 2026 | SageMaker Distribution major version 2 is built with Python 3.11. |
| 3.x.x | Mar 29th, 2026 | Sep 29th, 2026 | SageMaker Distribution major version 3 is built with Python 3.12. |
### CPU image minor versions
The following table lists the supported SageMaker Distribution minor image versions for CPUs.
| Image version | Amazon ECR image URI | Planned end of support date | Availability on Studio until | Release notes |
| --- | --- | --- | --- | --- |
| 3.1.x | public.ecr.aws/sagemaker/sagemaker-distribution:3.1-cpu | Nov 19th, 2025 | Nov 19th, 2025 | [Release notes](https://github.com/aws/sagemaker-distribution/tree/main/build_artifacts/v3/v3.1) |
| 3.0.x | public.ecr.aws/sagemaker/sagemaker-distribution:3.0-cpu | Jun 30th, 2025 | Sep 29th, 2025 | [Release notes](https://github.com/aws/sagemaker-distribution/tree/main/build_artifacts/v3/v3.0) |
| 2.6.x | public.ecr.aws/sagemaker/sagemaker-distribution:2.6-cpu | Jun 30th, 2025 | Oct 28th, 2025 | [Release notes](https://github.com/aws/sagemaker-distribution/tree/main/build_artifacts/v2/v2.6) |
### GPU image minor versions
The following table lists the supported SageMaker Distribution minor image versions for GPUs.
| Image version | Amazon ECR image URI | Planned end of support date | Availability on Studio until | Release notes for newest patch |
| --- | --- | --- | --- | --- |
| 3.1.x | public.ecr.aws/sagemaker/sagemaker-distribution:3.1-gpu | Nov 19th, 2025 | Nov 19th, 2025 | [Release notes](https://github.com/aws/sagemaker-distribution/tree/main/build_artifacts/v3/v3.1) |
| 3.0.x | public.ecr.aws/sagemaker/sagemaker-distribution:3.0-gpu | Jun 30th, 2025 | Sep 29th, 2025 | [Release notes](https://github.com/aws/sagemaker-distribution/tree/main/build_artifacts/v3/v3.0) |
| 2.6.x | public.ecr.aws/sagemaker/sagemaker-distribution:2.6-gpu | Jun 30th, 2025 | Oct 28th, 2025 | [Release notes](https://github.com/aws/sagemaker-distribution/tree/main/build_artifacts/v2/v2.6) |
### Unsupported images
The following table lists unsupported SageMaker Distribution image versions.
| Image version | Amazon ECR image URI | End of support date | Availability on Studio until |
| --- | --- | --- | --- |
| 2.4.x | public.ecr.aws/sagemaker/sagemaker-distribution:2.4-cpu public.ecr.aws/sagemaker/sagemaker-distribution:2.4-cpu | Sep 7th, 2025 | Sep 7th, 2025 |
| 2.3.x | public.ecr.aws/sagemaker/sagemaker-distribution:2.3-cpu public.ecr.aws/sagemaker/sagemaker-distribution:2.3-cpu | July 27th, 2025 | July 27th, 2025 |
| 2.2.x | public.ecr.aws/sagemaker/sagemaker-distribution:2.2-cpu public.ecr.aws/sagemaker/sagemaker-distribution:2.2-gpu | May 15th, 2025 | May 15th, 2025 |
| 2.1.x | public.ecr.aws/sagemaker/sagemaker-distribution:2.1-cpu public.ecr.aws/sagemaker/sagemaker-distribution:2.1-gpu | Apr 25th, 2025 | May 12th, 2025 |
| 2.0.x | public.ecr.aws/sagemaker/sagemaker-distribution:2.0-cpu public.ecr.aws/sagemaker/sagemaker-distribution:2.0-gpu | Feb 25th, 2025 | Apr 21st, 2025 |
| 1.13.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.13-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.13-gpu | May 15th, 2025 | Sep 20th, 2025 |
| 1.12.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.12-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.12-gpu | July 23rd, 2025 | July 23rd, 2025 |
| 1.11.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.11-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.11-gpu | Apr 1st, 2025 | May 12th, 2025 |
| 1.10.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.10-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.10-gpu | Feb 5th, 2025 | Apr 10th, 2025 |
| 1.9.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.9-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.9-gpu | Jan 15th, 2025 | Apr 10th, 2025 |
| 1.8.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.8-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.8-gpu | Dec 31st, 2024 | Apr 10th, 2025 |
| 1.7.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.7-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.7-gpu | Dec 15th, 2024 | Apr 10th, 2025 |
| 1.6.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.6-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.6-gpu | Dec 15th, 2024 | Apr 10th, 2025 |
| 1.5.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.5-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.5-gpu | Oct 31st, 2024 | Nov 1st, 2024 |
| 1.4.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.4-cpu public.ecr.aws/sagemaker/sagemaker-distribution:1.4-gpu | Oct 31st, 2024 | Nov 1st, 2024 |
| 1.3.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.3-cpu | June 28th, 2024 | Oct 18th, 2024 |
| 1.2.x | public.ecr.aws/sagemaker/sagemaker-distribution:1.2-cpu | June 28th, 2024 | Oct 18th, 2024 |
### Frequently asked questions
**What constitutes a major image version release?**
Major image versions are released every 6 months. A major image version release for Amazon SageMaker Distribution involves upgrading all core dependencies to the latest compatible versions and may include adding or removing packages. Python framework is only upgraded with new major version releases. For example, with major version 2 release, Python framework was upgraded from 3.10 to 3.11, PyTorch was upgraded from 2.0 to 2.3, TensorFlow was upgraded from 2.14 to 2.17, Autogluon was upgraded from 0.8 to 1.1, and 4 packages were added to the image.
**What constitutes a minor image version release?**
Minor image versions are released for all supported major versions monthly. A minor image version release for Amazon SageMaker Distribution involves upgrading all core dependencies except Python and CUDA to the latest compatible minor versions within the same major version and may include adding new packages. For example, with a minor version release, langchain might be upgraded from 0.1 to 0.2 and jupyter-ai from 2.18 to 2.20.
**What constitutes a patch image version release?**
Patch image versions are released as necessary to fix security vulnerabilities. A patch image version release for Amazon SageMaker Distribution involves updating all of its core dependencies to the latest compatible patch versions within the same minor version. SageMaker Distribution does not add or remove any packages during a patch version release. For example, with a patch version release, matplotlib might be upgraded from 3.9.1 to 3.9.2 and boto3 from 1.34.131 to 1.34.162.
**Where can I find the packages available in a specific image version?**
Each image version has a `release.md` file in the [GitHub repository's](https://github.com/aws/sagemaker-distribution) `build_artifacts` folder, showing all packages and package versions for CPU and GPU images. Separate changelog files for CPU and GPU versions detail package upgrades. Changelogs compare the new image version to the previous. For example, version 1.9.0 compares to the latest patch version of 1.8, version 1.9.1 compares to 1.9.0, and version 2.0.0 compares to the latest patch version of the latest minor version available at the time.
**How are images scanned for Common Vulnerabilities and Exposures (CVEs)?**
Amazon SageMaker AI leverages [Amazon Elastic Container Registry (Amazon ECR) enhanced scanning](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning-enhanced.html) to automatically detect vulnerabilities and fixes for SageMaker Distribution Images. AWS continuously runs ECR enhanced scanning for the latest patch version of all supported image versions. When vulnerabilities are detected and a fix is available, AWS releases an updated image version to remediate the issue.
**Can I still use older images after an image is no longer supported?**
Images are available on SageMaker Studio until the designated availability date. Older images remain available in ECR after they reach end of support and are removed from Studio. You can download older image versions from ECR and [create a custom SageMaker image](studio-byoi-create.md). However, we highly recommend upgrading to a supported image version that continuously receives security updates and bug fixes. Customers who build their own custom images are responsible for scanning and patching their images. For more information, see the [AWS Shared Responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/).
**Important**
SageMaker Distribution v0.x.y is only used in Studio Classic. SageMaker Distribution v1.x.y is only used in JupyterLab.
# Amazon SageMaker Studio pricing
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
There is no additional charge for using the Amazon SageMaker Studio UI.
The following do incur costs:
+ Amazon Elastic Block Store or Amazon Elastic File System volumes that are mounted with your applications.
+ Any jobs and resources that users launch from Studio applications.
+ Launching a JupyterLab application, even if no resources or jobs launched in the application.
For information about how Amazon SageMaker Studio Classic is billed, see [Amazon SageMaker Studio Classic Pricing](studio-pricing.md).
For more information about billing along with pricing examples, see [Amazon SageMaker Pricing](https://aws.amazon.com//sagemaker/pricing/).
# Troubleshooting
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the updated Studio experience. For information about using the Studio Classic application, see [Amazon SageMaker Studio Classic](studio.md).
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
This section shows how to troubleshoot common problems in Amazon SageMaker Studio.
## Recovery mode
Recovery mode allows you to access your Studio application when a configuration issue prevents your normal start up. It provides a simplified environment with essential functionality to help you diagnose and fix the issue.
When an application fails to launch, you may see an error message about accessing recovery mode to address one of the following configuration issues.
+ Corrupted [https://docs.conda.io/projects/conda/en/latest/user-guide/configuration/use-condarc.html](https://docs.conda.io/projects/conda/en/latest/user-guide/configuration/use-condarc.html) file.
For information on troubleshooting your `.condarc` file, see the [troubleshooting](https://docs.conda.io/projects/conda/en/latest/user-guide/troubleshooting.html) page in the *Conda user guide*.
+ Insufficient storage volume available.
You can increase the Amazon EBS space storage available for the application or enter recovery mode to remove unnecessary data.
For information on increasing the Amazon EBS volume size, see [request a quota size](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) in the *Service Quotas Developer Guide*.
In recovery mode:
+ Your home directory will differ from your normal start up. This directory is temporary and ensures that any corrupted configurations in your standard home directory does not impact your recovery mode operations. You can navigate to your standard home directory by using the command `cd /home/sagemaker-user`.
+ Standard mode: `/home/sagemaker-user`
+ Recovery mode: `/tmp/sagemaker-recovery-mode-home`
+ The conda environment uses a minimal base conda environment with essential packages only. The simplified conda setup helps isolate environment-related issues and provides basic functionality for troubleshooting.
You can use the Studio UI or the AWS CLI to access the application in recovery mode.
### Use the Studio UI to access the application in recovery mode
The following provides instructions on accessing your application in recovery mode.
1. If you have not already done so, launch the Studio UI by following the instructions in [Launch from the Amazon SageMaker AI console](studio-updated-launch.md#studio-updated-launch-console).
1. In the left navigation menu, under **Applications**, choose the application.
1. Choose the space you are having configuration issues with.
The following steps become available to you when you have one one or more of the configuration issues mentioned previously. In this case, you will see a warning banner and **Recovery mode** message.
**Note**
The warning banner should have a recommended solution for the issue. Take note of it before proceeding.
1. Choose **Run space (Recovery mode)**.
1. To access your application in recovery mode, choose **Open *application* (Recovery mode)**.
### Use the AWS CLI to access the application in recovery mode
To access your application in recovery mode, you must append `--recovery-mode` to your [create-app](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-app.html) AWS CLI command. The following provides an example on how to access your application in recovery mode.
For the following example, you will need your:
+ *domain-id*
To obtain your domain details, see [View domains](domain-view.md).
+ *space-name*
To obtain the space names associated with your domain, see [Use the AWS CLI to view the SageMaker AI spaces in your domain](sm-console-domain-resources-view.md#sm-console-domain-resources-view-spaces-cli).
+ *app-name*
The name of your application. To view your applications, see [Use the AWS CLI to view the SageMaker AI applications in your domain](sm-console-domain-resources-view.md#sm-console-domain-resources-view-apps-cli).
------
#### [ Access Code Editor application in recovery mode ]
```
aws sagemaker create-app \
--app-name app-name \
--app-type CodeEditor \
--domain-id domain-id \
--space-name space-name \
--recovery-mode
```
------
#### [ Access JupyterLab application in recovery mode ]
```
aws sagemaker create-app \
--app-name app-name \
--app-type JupyterLab \
--domain-id domain-id \
--space-name space-name \
--recovery-mode
```
------
## Cannot delete the Code Editor or JupyterLab application
This issue occurs when a user creates an application from Amazon SageMaker Studio, that is only available in Studio, then reverts their default experience to Studio Classic. As a result, the user cannot delete an application for Code Editor, based on Code-OSS, Visual Studio Code - Open Source or JupyterLab, because they can't access the Studio UI.
To resolve this issue, notify your administrator so that they can delete the application manually using the AWS Command Line Interface (AWS CLI).
## EC2InsufficientCapacityError
This issue occurs when you try to run a space and AWS does not currently have enough available on-demand capacity to fulfill your request.
To resolve this issue, complete the following.
+ Wait a few minutes, then resubmit your request. Capacity can shift frequently.
+ Run the space with an alternate instance size or type.
**Note**
Capacity is available in different Availability Zones. To maximize capacity availability for users, we recommend setting up subnets in all Availability Zones. Studio retries all available Availability Zones for the domain.
Instance type availability differs between regions. For a list of supported instances types per Region, see [Amazon SageMaker AI pricing](https://aws.amazon.com/sagemaker/pricing/))
The following table lists instance families and their recommended alternatives.
| Instance family | CPU Type | vCPUs | Memory (GiB) | GPU type | GPUs | GPU Memory (GiB) | Recommended alternative |
| --- | --- | --- | --- | --- | --- | --- | --- |
| G4dn | 2nd Generation Intel Xeon Scalable Processors | 4 to 96 | 16 to 384 | NVIDIA T4 Tensor Core | 1 to 8 | 16 per GPU | G6 |
| G5 | 2nd generation AMD EPYC processors | 4 to 192 | 16 to 768 | NVIDIA A10G Tensor core | 1 to 8 | 24 per GPU | G6e |
| G6 | 3rd generation AMD EPYC processors | 4 to 192 | 16 to 768 | NVIDIA L4 Tensor Core | 1 to 8 | 24 per GPU | G4dn |
| G6e | 3rd generation AMD EPYC processors | 4 to 192 | 32 to 1536 | NVIDIA L40S Tensor Core | 1 to 8 | 48 per GPU | G5, P4 |
| P3 | Intel Xeon Scalable Processors | 8 to 96 | 61 to 768 | NVIDIA Tesla V100 | 1 to 8 | 16 per GPU (32 per GPU for P3dn) | G6e, P4 |
| P4 | 2nd Generation Intel Xeon Scalable processors | 96 | 1152 | NVIDIA A100 Tensor Core | 8 | 320 (640 for P4de) | G6e |
| P5 | 3rd Gen AMD EPYC processors | 192 | 2000 | NVIDIA H100 Tensor Core | 8 | 640 | P4de |
## Insufficient limit (quota increase required)
This issue occurs when you get the following error message while attempting to run a space.
```
Error when creating application for space: ... : The account-level service limit is X Apps, with current utilization Y Apps and a request delta of 1 Apps. Please use Service Quotas to request an increase for this quota.
```
There is a default limit on the number of instances, for each instance type, that you can run in each AWS Region. This error means that you have reached that limit.
To resolve this issue, request an instance limit increase for the AWS Region that you are launching the space in. For more information, see [Requesting a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html).
## Failure to load custom image
This issue occurs when a SageMaker AI image is deleted before detaching the image from your domain. This can be seen when you view the **Environment** tab for your domain.
To resolve this issue, you will need to create a temporary new image with the same name as the deleted one, detach the image, then delete the temporary image. Use the following instructions for a walk through.
1. If you have not already done so, launch the [SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. In the left navigation menu, under **Admin configurations**, choose **Domains**.
1. Choose your domain.
1. Choose the **Environment** tab. You will see the error message on this page.
1. Copy your image name from the image ARN.
1. In the left navigation menu, under **Admin configurations**, choose **Images**.
1. Choose **Create image**.
1. Follow the steps in the procedure, but ensure that your image name is the same as the image name from above.
If you do not have an image in a Amazon ECR directory, see the instructions in [Create a custom image and push to Amazon ECR](studio-updated-byoi-how-to-prepare-image.md).
1. Once you have created your SageMaker AI image, navigate back to your domain **Environment** tab. You will see the image attached to your domain.
1. Select the image and choose **Detach**.
1. Follow the instructions to detach and delete the temporary SageMaker AI image.
# Migration from Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
When you open Amazon SageMaker Studio, the web-based UI is based on the chosen default experience. Amazon SageMaker AI currently supports two different default experiences: the Amazon SageMaker Studio experience and the Amazon SageMaker Studio Classic experience. To access the latest Amazon SageMaker Studio features, you must migrate existing domains from the Amazon SageMaker Studio Classic experience. When you migrate your default experience from Studio Classic to Studio, you don't lose any features, and can still access the Studio Classic IDE within Studio. For information about the added benefits of the Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
**Note**
For existing customers that created their accounts before November 30, 2023, Studio Classic may be the default experience. You can enable Studio as your default experience using the AWS Command Line Interface (AWS CLI) or the Amazon SageMaker AI console. For more information about Studio Classic, see [Amazon SageMaker Studio Classic](studio.md).
For customers that created their accounts after November 30, 2023, we recommend using Studio as the default experience because it contains various integrated development environments (IDEs), including the Studio Classic IDE, and other new features.
JupyterLab 3 reached its end of maintenance date on May 15, 2024. After December 31, 2024, you can only create new Studio Classic notebooks on JupyterLab 3 for a limited period. However after December 31, 2024, SageMaker AI will no longer provide fixes for critical issues on Studio Classic notebooks on JupyterLab 3. We recommend that you migrate your workloads to the new Studio experience, which supports JupyterLab 4.
+ If Studio is your default experience, the UI is similar to the images found in [Amazon SageMaker Studio UI overview](studio-updated-ui.md).
+ If Studio Classic is your default experience, the UI is similar to the images found in [Amazon SageMaker Studio Classic UI Overview](studio-ui.md).
To migrate, you must update an existing domain. Migrating an existing domain from Studio Classic to Studio requires three distinct phases:
1. ** Migrate the UI from Studio Classic to Studio**: One time, low lift task that requires creating a test domain to ensure Studio is compliant with your organization's network configurations before migrating the existing domain's UI from Studio Classic to Studio.
1. **(Optional) Migrate custom images and lifecycle configuration scripts**: Medium lift task for migrating your custom images and LCC scripts from Studio Classic to Studio.
1. **(Optional) Migrate data from Studio Classic to Studio**: Heavy lift task that requires using AWS DataSync to migrate data from the Studio Classic Amazon Elastic File System volume to either a target Amazon EFS or Amazon Elastic Block Store volume.
1. **(Optional) Migrate data flows from Data Wrangler in Studio Classic**: One time, low lift task for migrating your data flows from Data Wrangler in Studio Classic to Studio, which you can then access in the latest version of Studio through SageMaker Canvas. For more information, see [Migrate data flows from Data Wrangler](studio-updated-migrate-data.md#studio-updated-migrate-flows).
The following topics show how to complete these phases to migrate an existing domain from Studio Classic to Studio.
## Automatic migration
Between July 2024 and August 2024, we are automatically upgrading the default landing experience for users to the new Studio experience. This only changes the default landing UI to the updated Studio UI. The Studio Classic application is still accessible from the new Studio UI.
To ensure that migration works successfully for your users, see [Migrate the UI from Studio Classic to Studio](studio-updated-migrate-ui.md). In particular, ensure the following:
+ the domain's execution role has the right permissions
+ the default landing experience is set to Studio
+ the domain's Amazon VPC, if applicable, is configured to Studio using the Studio VPC endpoint
However, if you need to continue having Studio Classic as your default UI for a limited time, set the landing experience to Studio Classic explicitly. For more information, see [Set Studio Classic as the default experience](studio-updated-migrate-ui.md#studio-updated-migrate-revert).
**Topics**
+ [
## Automatic migration
](#studio-updated-migrate-auto)
+ [
# Complete prerequisites to migrate the Studio experience
](studio-updated-migrate-prereq.md)
+ [
# Migrate the UI from Studio Classic to Studio
](studio-updated-migrate-ui.md)
+ [
# (Optional) Migrate custom images and lifecycle configurations
](studio-updated-migrate-lcc.md)
+ [
# (Optional) Migrate data from Studio Classic to Studio
](studio-updated-migrate-data.md)
# Complete prerequisites to migrate the Studio experience
Migration of the default experience from Studio Classic to Studio is managed by the administrator of the existing domain. If you do not have permissions to set Studio as the default experience for the existing domain, contact your administrator. To migrate your default experience, you must have administrator permissions or at least have permissions to update the existing domain, AWS Identity and Access Management (IAM), and Amazon Simple Storage Service (Amazon S3). Complete the following prerequisites before migrating an existing domain from Studio Classic to Studio.
+ The AWS Identity and Access Management role used to complete migration must have a policy attached with at least the following permissions. For information about creating an IAM policy, see [Creating IAM policies](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_create.html).
**Note**
The release of Studio includes updates to the AWS managed policies. For more information, see [SageMaker AI Updates to AWS Managed Policies](security-iam-awsmanpol.md#security-iam-awsmanpol-updates).
+ Phase 1 required permissions:
+ `iam:CreateServiceLinkedRole`
+ `iam:PassRole`
+ `sagemaker:DescribeDomain`
+ `sagemaker:UpdateDomain`
+ `sagemaker:CreateDomain`
+ `sagemaker:CreateUserProfile`
+ `sagemaker:ListApps`
+ `sagemaker:AddTags`
+ `sagemaker:DeleteApp`
+ `sagemaker:DeleteSpace`
+ `sagemaker:UpdateSpace`
+ `sagemaker:DeleteUserProfile`
+ `sagemaker:DeleteDomain`
+ `s3:PutBucketCORS`
+ Phase 2 required permissions (Optional, only if using lifecycle configuration scripts):
No additional permissions needed. If the existing domain has lifecycle configurations and custom images, the admin will already have the required permissions.
+ Phase 3 using custom Amazon Elastic File System required permissions (Optional, only if transfering data):
+ `efs:CreateFileSystem`
+ `efs:CreateMountTarget`
+ `efs:DescribeFileSystems`
+ `efs:DescribeMountTargets`
+ `efs:DescribeMountTargetSecurityGroups`
+ `efs:ModifyMountTargetSecurityGroups`
+ `ec2:DescribeSubnets`
+ `ec2:DescribeSecurityGroups`
+ `ec2:DescribeNetworkInterfaceAttribute`
+ `ec2:DescribeNetworkInterfaces`
+ `ec2:AuthorizeSecurityGroupEgress`
+ `ec2:AuthorizeSecurityGroupIngress`
+ `ec2:CreateNetworkInterface`
+ `ec2:CreateNetworkInterfacePermission`
+ `ec2:RevokeSecurityGroupIngress`
+ `ec2:RevokeSecurityGroupEgress`
+ `ec2:DeleteSecurityGroup`
+ `datasync:CreateLocationEfs`
+ `datasync:CreateTask`
+ `datasync:StartTaskExecution`
+ `datasync:DeleteTask`
+ `datasync:DeleteLocation`
+ `sagemaker:ListUserProfiles`
+ `sagemaker:DescribeUserProfile`
+ `sagemaker:UpdateDomain`
+ `sagemaker:UpdateUserProfile`
+ Phase 3 using Amazon Simple Storage Service required permissions (Optional, only if transfering data):
+ `iam:CreateRole`
+ `iam:GetRole`
+ `iam:AttachRolePolicy`
+ `iam:DetachRolePolicy`
+ `iam:DeleteRole`
+ `efs:DescribeFileSystems`
+ `efs:DescribeMountTargets`
+ `efs:DescribeMountTargetSecurityGroups`
+ `ec2:DescribeSubnets`
+ `ec2:CreateSecurityGroup`
+ `ec2:DescribeSecurityGroups`
+ `ec2:DescribeNetworkInterfaces`
+ `ec2:CreateNetworkInterface`
+ `ec2:CreateNetworkInterfacePermission`
+ `ec2:DetachNetworkInterfaces`
+ `ec2:DeleteNetworkInterface`
+ `ec2:DeleteNetworkInterfacePermission`
+ `ec2:CreateTags`
+ `ec2:AuthorizeSecurityGroupEgress`
+ `ec2:AuthorizeSecurityGroupIngress`
+ `ec2:RevokeSecurityGroupIngress`
+ `ec2:RevokeSecurityGroupEgress`
+ `ec2:DeleteSecurityGroup`
+ `datasync:CreateLocationEfs`
+ `datasync:CreateLocationS3`
+ `datasync:CreateTask`
+ `datasync:StartTaskExecution`
+ `datasync:DescribeTaskExecution`
+ `datasync:DeleteTask`
+ `datasync:DeleteLocation`
+ `sagemaker:CreateStudioLifecycleConfig`
+ `sagemaker:UpdateDomain`
+ `s3:ListBucket`
+ `s3:GetObject`
+ Access to AWS services from a terminal environment on either:
+ Your local machine using the AWS CLI version `2.13+`. Use the following command to verify the AWS CLI version.
```
aws --version
```
+ AWS CloudShell. For more information, see [What is AWS CloudShell?](https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html)
+ From your local machine or AWS CloudShell, run the following command and provide your AWS credentials. For information about AWS credentials, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html).
```
aws configure
```
+ Verify that the lightweight JSON processor, jq, is installed in the terminal environment. jq is required to parse AWS CLI responses.
```
jq --version
```
If jq is not installed, install it using one of the following commands:
+
```
sudo apt-get install -y jq
```
+
```
sudo yum install -y jq
```
# Migrate the UI from Studio Classic to Studio
The first phase for migrating an existing domain involves migrating the UI from Amazon SageMaker Studio Classic to Amazon SageMaker Studio. This phase does not include the migration of data. Users can continue working with their data the same way as they were before migration. For information about migrating data, see [(Optional) Migrate data from Studio Classic to Studio](studio-updated-migrate-data.md).
Phase 1 consists of the following steps:
1. Update application creation permissions for new applications available in Studio.
1. Update the VPC configuration for the domain.
1. Upgrade the domain to use the Studio UI.
## Prerequisites
Before running these steps, complete the prerequisites in [Complete prerequisites to migrate the Studio experience](studio-updated-migrate-prereq.md).
## Step 1: Update application creation permissions
Before migrating the domain, update the domain's execution role to grant users permissions to create applications.
1. Create an AWS Identity and Access Management policy with one of the following contents by following the steps in [Creating IAM policies](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_create.html):
+ Use the following policy to grant permissions for all application types and spaces.
**Note**
If the domain uses the `SageMakerFullAccess` policy, you do not need to perform this action. `SageMakerFullAccess` grants permissions to create all applications.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "SMStudioUserProfileAppPermissionsCreateAndDelete",
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:app/*",
"Condition": {
"Null": {
"sagemaker:OwnerUserProfileArn": "true"
}
}
},
{
"Sid": "SMStudioCreatePresignedDomainUrlForUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl"
],
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}"
},
{
"Sid": "SMStudioAppPermissionsListAndDescribe",
"Effect": "Allow",
"Action": [
"sagemaker:ListApps",
"sagemaker:ListDomains",
"sagemaker:ListUserProfiles",
"sagemaker:ListSpaces",
"sagemaker:DescribeApp",
"sagemaker:DescribeDomain",
"sagemaker:DescribeUserProfile",
"sagemaker:DescribeSpace"
],
"Resource": "*"
},
{
"Sid": "SMStudioAppPermissionsTagOnCreate",
"Effect": "Allow",
"Action": [
"sagemaker:AddTags"
],
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:*/*",
"Condition": {
"Null": {
"sagemaker:TaggingAction": "false"
}
}
},
{
"Sid": "SMStudioRestrictSharedSpacesWithoutOwners",
"Effect": "Allow",
"Action": [
"sagemaker:CreateSpace",
"sagemaker:UpdateSpace",
"sagemaker:DeleteSpace"
],
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:space/${sagemaker:DomainId}/*",
"Condition": {
"Null": {
"sagemaker:OwnerUserProfileArn": "true"
}
}
},
{
"Sid": "SMStudioRestrictSpacesToOwnerUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreateSpace",
"sagemaker:UpdateSpace",
"sagemaker:DeleteSpace"
],
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:space/${sagemaker:DomainId}/*",
"Condition": {
"ArnLike": {
"sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:us-east-1:111122223333:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}"
},
"StringEquals": {
"sagemaker:SpaceSharingType": [
"Private",
"Shared"
]
}
}
},
{
"Sid": "SMStudioRestrictCreatePrivateSpaceAppsToOwnerUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:app/${sagemaker:DomainId}/*",
"Condition": {
"ArnLike": {
"sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:us-east-1:111122223333:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}"
},
"StringEquals": {
"sagemaker:SpaceSharingType": [
"Private"
]
}
}
},
{
"Sid": "AllowAppActionsForSharedSpaces",
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*",
"Condition": {
"StringEquals": {
"sagemaker:SpaceSharingType": [
"Shared"
]
}
}
}
]
}
```
------
+ Because Studio shows an expanded set of applications, users may have access to applications that weren't displayed before. Administrators can limit access to these default applications by creating an AWS Identity and Access Management (IAM) policy that grants denies permissions for some applications to specific users.
**Note**
Application type can be either `jupyterlab` or `codeeditor`.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "DenySageMakerCreateAppForSpecificAppTypes",
"Effect": "Deny",
"Action": "sagemaker:CreateApp",
"Resource": "arn:aws:sagemaker:us-east-1:111122223333:app/domain-id/*/app-type/*"
}
]
}
```
------
1. Attach the policy to the execution role of the domain. For instructions, follow the steps in [Adding IAM identity permissions (console)](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_manage-attach-detach.html#add-policies-console).
## Step 2: Update VPC configuration
If you use your domain in `VPC-Only` mode, ensure your VPC configuration meets the requirements for using Studio in `VPC-Only` mode. For more information, see [Connect Amazon SageMaker Studio in a VPC to External Resources](studio-updated-and-internet-access.md).
## Step 3: Upgrade to the Studio UI
Before you migrate your existing domain from Studio Classic to Studio, we recommend creating a test domain using Studio with the same configurations as your existing domain.
### (Optional) Create a test domain
Use this test domain to interact with Studio, test out networking configurations, and launch applications, before migrating the existing domain.
1. Get the domain ID of your existing domain.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the existing domain.
1. On the **Domain details** page, choose the **Domain settings** tab.
1. Copy the **Domain ID**.
1. Add the domain ID of your existing domain.
```
export REF_DOMAIN_ID="domain-id"
export SM_REGION="region"
```
1. Use `describe-domain` to get important information about the existing domain.
```
export REF_EXECROLE=$(aws sagemaker describe-domain --region=$SM_REGION --domain-id=$REF_DOMAIN_ID | jq -r '.DefaultUserSettings.ExecutionRole')
export REF_VPC=$(aws sagemaker describe-domain --region=$SM_REGION --domain-id=$REF_DOMAIN_ID | jq -r '.VpcId')
export REF_SIDS=$(aws sagemaker describe-domain --region=$SM_REGION --domain-id=$REF_DOMAIN_ID | jq -r '.SubnetIds | join(",")')
export REF_SGS=$(aws sagemaker describe-domain --region=$SM_REGION --domain-id=$REF_DOMAIN_ID | jq -r '.DefaultUserSettings.SecurityGroups | join(",")')
export AUTHMODE=$(aws sagemaker describe-domain --region=$SM_REGION --domain-id=$REF_DOMAIN_ID | jq -r '.AuthMode')
```
1. Validate the parameters.
```
echo "Execution Role: $REF_EXECROLE || VPCID: $REF_VPC || SubnetIDs: $REF_SIDS || Security GroupIDs: $REF_SGS || AuthMode: $AUTHMODE"
```
1. Create a test domain using the configurations from the existing domain.
```
IFS=',' read -r -a subnet_ids <<< "$REF_SIDS"
IFS=',' read -r -a security_groups <<< "$REF_SGS"
security_groups_json=$(printf '%s\n' "${security_groups[@]}" | jq -R . | jq -s .)
aws sagemaker create-domain \
--domain-name "TestV2Config" \
--vpc-id $REF_VPC \
--auth-mode $AUTHMODE \
--subnet-ids "${subnet_ids[@]}" \
--app-network-access-type VpcOnly \
--default-user-settings "
{
\"ExecutionRole\": \"$REF_EXECROLE\",
\"StudioWebPortal\": \"ENABLED\",
\"DefaultLandingUri\": \"studio::\",
\"SecurityGroups\": $security_groups_json
}
"
```
1. After the test domain is `In Service`, use the test domain's ID to create a user profile. This user profile is used to launch and test applications.
```
aws sagemaker create-user-profile \
--region="$SM_REGION" --domain-id=test-domain-id \
--user-profile-name test-network-user
```
#### Test Studio functionality
Launch the test domain using the `test-network-user` user profile. We suggest that you thoroughly test the Studio UI and create applications to test Studio functionality in `VPCOnly` mode. Test the following workflows:
+ Create a new JupyterLab Space, test environment and connectivity.
+ Create a new Code Editor, based on Code-OSS, Visual Studio Code - Open Source Space, test environment and connectivity.
+ Launch a new Studio Classic App, test environment and connectivity.
+ Test Amazon Simple Storage Service connectivity with test read and write actions.
If these tests are successful, then upgrade the existing domain. If you encounter any failures, we recommended fixing your environment and connectivity issues before updating the existing domain.
#### Clean up test domain resources
After you have migrated the existing domain, clean up test domain resources.
1. Add the test domain's ID.
```
export TEST_DOMAIN="test-domain-id"
export SM_REGION="region"
```
1. List all applications in the domain that are in a running state.
```
active_apps_json=$(aws sagemaker list-apps --region=$SM_REGION --domain-id=$TEST_DOMAIN)
echo $active_apps_json
```
1. Parse the JSON list of running applications and delete them. If users attempted to create an application that they do not have permissions for, there may be spaces that are not captured in the following script. You must manually delete these spaces.
```
echo "$active_apps_json" | jq -c '.Apps[]' | while read -r app;
do
if echo "$app" | jq -e '. | has("SpaceName")' > /dev/null;
then
app_type=$(echo "$app" | jq -r '.AppType')
app_name=$(echo "$app" | jq -r '.AppName')
domain_id=$(echo "$app" | jq -r '.DomainId')
space_name=$(echo "$app" | jq -r '.SpaceName')
echo "Deleting App - AppType: $app_type || AppName: $app_name || DomainId: $domain_id || SpaceName: $space_name"
aws sagemaker delete-app --region=$SM_REGION --domain-id=$domain_id \
--app-type $app_type --app-name $app_name --space-name $space_name
echo "Deleting Space - AppType: $app_type || AppName: $app_name || DomainId: $domain_id || SpaceName: $space_name"
aws sagemaker delete-space --region=$SM_REGION --domain-id=$domain_id \
--space-name $space_name
else
app_type=$(echo "$app" | jq -r '.AppType')
app_name=$(echo "$app" | jq -r '.AppName')
domain_id=$(echo "$app" | jq -r '.DomainId')
user_profile_name=$(echo "$app" | jq -r '.UserProfileName')
echo "Deleting Studio Classic - AppType: $app_type || AppName: $app_name || DomainId: $domain_id || UserProfileName: $user_profile_name"
aws sagemaker delete-app --region=$SM_REGION --domain-id=$domain_id \
--app-type $app_type --app-name $app_name --user-profile-name $user_profile_name
fi
done
```
1. Delete the test user profile.
```
aws sagemaker delete-user-profile \
--region=$SM_REGION --domain-id=$TEST_DOMAIN \
--user-profile-name "test-network-user"
```
1. Delete the test domain.
```
aws sagemaker delete-domain \
--region=$SM_REGION --domain-id=$TEST_DOMAIN
```
After you have tested Studio functionality with the configurations in your test domain, migrate the existing domain. When Studio is the default experience for a domain, Studio is the default experience for all users in the domain. However, the user settings takes precedence over the domain settings. Therefore, if a user has their default experience set to Studio Classic in their user settings, then that user will have Studio Classic as their default experience.
You can migrate the existing domain by updating it from the SageMaker AI console, the AWS CLI, or AWS CloudFormation. Choose one of the following tabs to view the relevant instructions.
### Set Studio as the default experience for the existing domain using the SageMaker AI console
You can set Studio as the default experience for the existing domain by using the SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane expand **Admin configurations** and choose **Domains**.
1. Choose the existing domain that you want to enable Studio as the default experience for.
1. On the **Domain details** page expand **Enable the new Studio**.
1. (Optional) To view the details about the steps involved in enabling Studio as your default experience, choose **View details**. The page shows the following.
+ In the **SageMaker Studio Overview** section you can view the applications that are included or available in the Studio web-based interface.
+ In the **Enablement process** section you can view descriptions of the workflow tasks to enable Studio.
**Note**
You will need to migrate your data manually. For instructions about migrating your data, see [(Optional) Migrate data from Studio Classic to Studio](studio-updated-migrate-data.md).
+ In the **Revert to Studio Classic experience** section you can view how to revert back to Studio Classic after enabling Studio as your default experience.
1. To begin the process to enable Studio as your default experience, choose **Enable the new Studio**.
1. In the **Specify and configure role** section, you can view the default applications that are automatically included in Studio.
To prevent users from running these applications, choose the AWS Identity and Access Management (IAM) Role that has an IAM policy that denies access. For information about how to create a policy to limit access, see [Step 1: Update application creation permissions](#studio-updated-migrate-limit-apps).
1. In the **Choose default S3 bucket to attach CORS policy** section, you can give Studio access to Amazon S3 buckets. The default Amazon S3 bucket, in this case, is the default Amazon S3 bucket for your Studio Classic. In this step you can do the following:
+ Verify the domain’s default Amazon S3 bucket to attach the CORS policy to. If your domain does not have a default Amazon S3 bucket, SageMaker AI creates an Amazon S3 bucket with the correct CORS policy attached.
+ You can include 10 additional Amazon S3 buckets to attach the CORS policy to.
If you wish to include more than 10 buckets, you can add them manually. For more information about manually attaching the CORS policy to your Amazon S3 buckets, see [(Optional) Update your CORS policy to access Amazon S3 buckets](#studio-updated-migrate-cors).
To proceed, select the check box next to **Do you agree to overriding any existing CORS policy on the chosen Amazon S3 buckets?**.
1. The **Migrate data** section contains information about the different data storage volumes for Studio Classic and Studio. Your data will not be migrated automatically through this process. For instructions about migrating your data, lifecycle configurations, and JupyterLab extensions, see [(Optional) Migrate data from Studio Classic to Studio](studio-updated-migrate-data.md).
1. Once you have completed the tasks on the page and verified your configuration, choose **Enable the new Studio**.
### Set Studio as the default experience for the existing domain using the AWS CLI
To set Studio as the default experience for the existing domain using the AWS CLI, use the [update-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-domain.html) call. You must set `ENABLED` as the value for `StudioWebPortal`, and set `studio::` as the value for `DefaultLandingUri` as part of the `default-user-settings` parameter.
`StudioWebPortal` indicates if the Studio experience is the default experience and `DefaultLandingUri` indicates the default experience that the user is directed to when accessing the domain. In this example, setting these values on a domain level (in `default-user-settings`) makes Studio the default experience for users within the domain.
If a user within the domain has their `StudioWebPortal` set to `DISABLED` and `DefaultLandingUri` set to `app:JupyterServer:` on a user level (in `UserSettings`), this takes precedence over the domain settings. In other words, that user will have Studio Classic as their default experience, regardless of the domain settings.
The following code example shows how to set Studio as the default experience for users within the domain:
```
aws sagemaker update-domain \
--domain-id existing-domain-id \
--region AWS Region \
--default-user-settings '
{
"StudioWebPortal": "ENABLED",
"DefaultLandingUri": "studio::"
}
'
```
+ To obtain your `existing-domain-id`, use the following instructions:
**To get `existing-domain-id`**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the existing domain.
1. On the **Domain details** page, choose the **Domain settings** tab.
1. Copy the **Domain ID**.
+ To ensure you are using the correct AWS Region for your domain, use the following instructions:
**To get `AWS Region`**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the existing domain.
1. On the **Domain details** page, verify that this is the existing domain.
1. Expand the AWS Region dropdown list from the top right of the SageMaker AI console, and use the corresponding AWS Region ID to the right of your AWS Region name. For example, `us-west-1`.
After you migrate your default experience to Studio, you can give Studio access to Amazon S3 buckets. For example, you can include access to your Studio Classic default Amazon S3 bucket and additional Amazon S3 buckets. To do so, you must manually attach a [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) (CORS) configuration to the Amazon S3 buckets. For more information about how to manually attach the CORS policy to your Amazon S3 buckets, see [(Optional) Update your CORS policy to access Amazon S3 buckets](#studio-updated-migrate-cors).
Similarly, you can set Studio as the default experience when you create a domain from the AWS CLI using the [create-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-domain.html) call.
### Set Studio as the default experience for the existing domain using the AWS CloudFormation
You can set the default experience when creating a domain using the AWS CloudFormation. For an CloudFormation migration template, see [SageMaker Studio Administrator IaC Templates](https://github.com/aws-samples/sagemaker-studio-admin-iac-templates/tree/main?tab=readme-ov-file#phase-1-migration). For more information about creating a domain using CloudFormation, see [Creating Amazon SageMaker AI domain using CloudFormation](https://github.com/aws-samples/cloudformation-studio-domain?tab=readme-ov-file#creating-sagemaker-studio-domains-using-cloudformation).
For information about the domain resource supported by AWS CloudFormation, see [AWS::SageMaker AI::Domain](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-domain.html#cfn-sagemaker-domain-defaultusersettings).
After you migrate your default experience to Studio, you can give Studio access to Amazon S3 buckets. For example, you can include access to your Studio Classic default Amazon S3 bucket and additional Amazon S3 buckets. To do so, you must manually attach a [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) (CORS) configuration to the Amazon S3 buckets. For information about how to manually attach the CORS policy to your Amazon S3 buckets, see [(Optional) Update your CORS policy to access Amazon S3 buckets](#studio-updated-migrate-cors).
### (Optional) Update your CORS policy to access Amazon S3 buckets
In Studio Classic, users can create, list, and upload files to Amazon Simple Storage Service (Amazon S3) buckets. To support the same experience in Studio, administrators must attach a [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) (CORS) configuration to the Amazon S3 buckets. This is required because Studio makes Amazon S3 calls from the internet browser. The browser invokes CORS on behalf of users. As a result, all of the requests to Amazon S3 buckets fail unless the CORS policy is attached to the Amazon S3 buckets.
You may need to manually attach the CORS policy to Amazon S3 buckets for the following reasons.
+ If there is already an existing Amazon S3 default bucket that doesn’t have the correct CORS policy attached when you migrate the existing domain's default experience to Studio.
+ If you are using the AWS CLI to migrate the existing domain's default experience to Studio. For information about using the AWS CLI to migrate, see [Set Studio as the default experience for the existing domain using the AWS CLI](#studio-updated-migrate-set-studio-updated-cli).
+ If you want to attach the CORS policy to additional Amazon S3 buckets.
**Note**
If you plan to use the SageMaker AI console to enable Studio as your default experience, the Amazon S3 buckets that you attach the CORS policy to will have their existing CORS policies overridden during the migration. For this reason, you can ignore the following manual instructions.
However, if you have already used the SageMaker AI console to migrate and want to include more Amazon S3 buckets to attach the CORS policy to, then continue with the following manual instructions.
The following procedure shows how to manually add a CORS configuration to an Amazon S3 bucket.
**To add a CORS configuration to an Amazon S3 bucket**
1. Verify that there is an Amazon S3 bucket in the same AWS Region as the existing domain with the following name. For instructions, see [Viewing the properties for an Amazon S3 bucket](https://docs.aws.amazon.com//AmazonS3/latest/userguide/view-bucket-properties.html).
```
sagemaker-region-account-id
```
1. Add a CORS configuration with the following content to the default Amazon S3 bucket. For instructions, see [Configuring cross-origin resource sharing (CORS)](https://docs.aws.amazon.com//AmazonS3/latest/userguide/enabling-cors-examples.html).
```
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"POST",
"PUT",
"GET",
"HEAD",
"DELETE"
],
"AllowedOrigins": [
"https://*.sagemaker.aws"
],
"ExposeHeaders": [
"ETag",
"x-amz-delete-marker",
"x-amz-id-2",
"x-amz-request-id",
"x-amz-server-side-encryption",
"x-amz-version-id"
]
}
]
```
### (Optional) Migrate from Data Wrangler in Studio Classic to SageMaker Canvas
Amazon SageMaker Data Wrangler exists as its own feature in the Studio Classic experience. When you enable Studio as your default experience, use the [Amazon SageMaker Canvas](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas.html) application to access Data Wrangler functionality. SageMaker Canvas is an application in which you can train and deploy machine learning models without writing any code, and Canvas provides data preparation features powered by Data Wrangler.
The new Studio experience doesn’t support the classic Data Wrangler UI, and you must create a Canvas application if you want to continue using Data Wrangler. However, you must have the necessary permissions to create and use Canvas applications.
Complete the following steps to attach the necessary permissions policies to your SageMaker AI domain's or user’s AWS IAM role.
**To grant permissions for Data Wrangler functionality inside Canvas**
1. Attach the AWS managed policy [AmazonSageMakerFullAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonSageMakerFullAccess) to your user’s IAM role. For a procedure that shows you how to attach IAM policies to a role, see [Adding IAM identity permissions (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html#add-policies-console) in the *AWS IAM User Guide.*
If this permissions policy is too permissive for your use case, you can create scoped-down policies that include at least the following permissions:
```
{
"Sid": "AllowStudioActions",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:DescribeDomain",
"sagemaker:ListDomains",
"sagemaker:DescribeUserProfile",
"sagemaker:ListUserProfiles",
"sagemaker:DescribeSpace",
"sagemaker:ListSpaces",
"sagemaker:DescribeApp",
"sagemaker:ListApps"
],
"Resource": "*"
},
{
"Sid": "AllowAppActionsForUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/canvas/*",
"Condition": {
"Null": {
"sagemaker:OwnerUserProfileArn": "true"
}
}
}
```
1. Attach the AWS managed policy [AmazonSageMakerCanvasDataPrepFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasDataPrepFullAccess.html) to your user’s IAM role.
After attaching the necessary permissions, you can create a Canvas application and log in. For more information, see [Getting started with using Amazon SageMaker Canvas](canvas-getting-started.md).
When you’ve logged into Canvas, you can directly access Data Wrangler and begin creating data flows. For more information, see [Data preparation](canvas-data-prep.md) in the Canvas documentation.
### (Optional) Migrate from Autopilot in Studio Classic to SageMaker Canvas
[Amazon SageMaker Autopilot](https://docs.aws.amazon.com/sagemaker/AWSIronmanApiDoc/integ/npepin-studio-migration-autopilot-to-canvas/latest/dg/autopilot-automate-model-development.html) exists as its own feature in the Studio Classic experience. When you migrate to using the updated Studio experience, use the [Amazon SageMaker Canvas](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas.html) application to continue using the same automated machine learning (AutoML) capabilities via a user interface (UI). SageMaker Canvas is an application in which you can train and deploy machine learning models without writing any code, and Canvas provides a UI to run your AutoML tasks.
The new Studio experience doesn’t support the classic Autopilot UI. You must create a Canvas application if you want to continue using Autopilot's AutoML features via a UI.
However, you must have the necessary permissions to create and use Canvas applications.
+ If you are accessing SageMaker Canvas from Studio, add those permissions to the execution role of your SageMaker AI domain or user profile.
+ If you are accessing SageMaker Canvas from the Console, add those permissions to your user’s AWS IAM role.
+ If you are accessing SageMaker Canvas via a [presigned URL](https://docs.aws.amazon.com/sagemaker/latest/dg/setting-up-canvas-sso.html#canvas-optional-access), add those permissions to the IAM role that you're using for Okta SSO access.
To enable AutoML capabilities in Canvas, add the following policies to your execution role or IAM user role.
+ AWS managed policy: [`CanvasFullAccess`.](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasFullAccess)
+ Inline policy:
```
{
"Sid": "AllowAppActionsForUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:region:account-id:app/domain-id/user-profile-name/canvas/*",
"Condition": {
"Null": {
"sagemaker:OwnerUserProfileArn": "true"
}
}
}
```
**To attach IAM policies to an execution role**
1.
**Find the execution role attached to your SageMaker AI user profile**
1. In the SageMaker AI console [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/), navigate to **Domains**, then choose your SageMaker AI domain.
1. The execution role ARN is listed under *Execution role* on the **User Details** page of your user profile. Make note of the execution role name in the ARN.
1. In the IAM console [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/), choose **Roles**.
1. Search for your role by name in the search field.
1. Select the role.
1. Add policies to the role
1. In the IAM console [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/), choose **Roles**.
1. Search for your role by name in the search field.
1. Select the role.
1. In the **Permissions** tab, navigate to the dropdown menu **Add permissions**.
1.
+ For managed policies: Select **Attach policies**, search for the name of the manage policy you want to attach.
Select the policy then choose **Add permissions**.
+ For inline policies: Select **Create inline policy**, paste your policy in the JSON tab, choose next, name your policy, and choose **Create**.
For a procedure that shows you how to attach IAM policies to a role, see [Adding IAM identity permissions (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html#add-policies-console) in the *AWS IAM User Guide.*
After attaching the necessary permissions, you can create a Canvas application and log in. For more information, see [Getting started with using Amazon SageMaker Canvas](canvas-getting-started.md).
## Set Studio Classic as the default experience
Administrators can revert to Studio Classic as the default experience for an existing domain. This can be done through the AWS CLI.
**Note**
When Studio Classic is set as the default experience on a domain level, Studio Classic is the default experience for all users in the domain. However, settings on a user level takes precedence over the domain level settings. So if a user has their default experience set to Studio, then that user will have Studio as their default experience.
To revert to Studio Classic as the default experience for the existing domain using the AWS CLI, use the [update-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-domain.html) call. As part of the `default-user-settings` field, you must set:
+ `StudioWebPortal` value to `DISABLED`.
+ `DefaultLandingUri` value to `app:JupyterServer:`
`StudioWebPortal` indicates if the Studio experience is the default experience and `DefaultLandingUri` indicates the default experience that the user is directed to when accessing the domain. In this example, setting these values on a domain level (in `default-user-settings`) makes Studio Classic the default experience for users within the domain.
If a user within the domain has their `StudioWebPortal` set to `ENABLED` and `DefaultLandingUri` set to `studio::` on a user level (in `UserSettings`), this takes precedence over the domain level settings. In other words, that user will have Studio as their default experience, regardless of the domain level settings.
The following code example shows how to set Studio Classic as the default experience for users within the domain:
```
aws sagemaker update-domain \
--domain-id existing-domain-id \
--region AWS Region \
--default-user-settings '
{
"StudioWebPortal": "DISABLED",
"DefaultLandingUri": "app:JupyterServer:"
}
'
```
Use the following instructions to obtain your `existing-domain-id`.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the existing domain.
1. On the **Domain details** page, choose the **Domain settings** tab.
1. Copy the **Domain ID**.
To obtain your `AWS Region`, use the following instructions to ensure you are using the correct AWS Region for your domain.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation pane, expand **Admin configurations** and choose **Domains**.
1. Choose the existing domain.
1. On the **Domain details** page, verify that this is the existing domain.
1. Expand the AWS Region dropdown list from the top right of the SageMaker AI console, and use the corresponding AWS Region ID to the right of your AWS Region name. For example, `us-west-1`.
# (Optional) Migrate custom images and lifecycle configurations
You must update your custom images and lifecycle configuration (LCC) scripts to work with the simplified local run model in Amazon SageMaker Studio. If you have not created custom images or lifecycle configurations in your domain, skip this phase.
Amazon SageMaker Studio Classic operates in a split environment with:
+ A `JupyterServer` application running the Jupyter Server.
+ Studio Classic notebooks running on one or more `KernelGateway` applications.
Studio has shifted away from a split environment. Studio runs the JupyterLab and Code Editor, based on Code-OSS, Visual Studio Code - Open Source applications in a local runtime model. For more information about the change in architecture, see [Boost productivity on Amazon SageMaker Studio](https://aws.amazon.com/blogs//machine-learning/boost-productivity-on-amazon-sagemaker-studio-introducing-jupyterlab-spaces-and-generative-ai-tools/).
## Migrate custom images
Your existing Studio Classic custom images may not work in Studio. We recommend creating a new custom image that satisfies the requirements for use in Studio. The release of Studio simplifies the process to build custom images by providing [SageMaker Studio image support policy](sagemaker-distribution.md). SageMaker AI Distribution images include popular libraries and packages for machine learning, data science, and data analytics visualization. For a list of base SageMaker Distribution images and Amazon Elastic Container Registry account information, see [Amazon SageMaker Images Available for Use With Studio Classic Notebooks](notebooks-available-images.md).
To build a custom image, complete one of the following.
+ Extend a SageMaker Distribution image with custom packages and modules. These images are pre-configured with JupyterLab and Code Editor, based on Code-OSS, Visual Studio Code - Open Source.
+ Build a custom Dockerfile file by following the instructions in [Bring your own image (BYOI)](studio-updated-byoi.md). You must install JupyterLab and the open source CodeServer on the image to make it compatible with Studio.
## Migrate lifecycle configurations
Because of the simplified local runtime model in Studio, we recommend migrating the structure of your existing Studio Classic LCCs. In Studio Classic, you often have to create separate lifecycle configurations for both KernelGateway and JupyterServer applications. Because the JupyterServer and KernelGateway applications run on separate compute resources within Studio Classic, Studio Classic LCCs can be one of either type:
+ JupyterServer LCC: These LCCs mostly govern a user’s home actions, including setting proxy, creating environment variables, and auto-shutdown of resources.
+ KernelGateway LCC: These LCCs govern Studio Classic notebook environment optimizations. This includes updating numpy package versions in the `Data Science 3.0` kernel and installing the snowflake package in `Pytorch 2.0 GPU` kernel.
In the simplified Studio architecture, you only need one LCC script that runs at application start up. While migration of your LCC scripts varies based on development environment, we recommend combining JupyterServer and KernelGateway LCCs to build a combined LCC.
LCCs in Studio can be associated with one of the following applications:
+ JupyterLab
+ Code Editor
Users can select the LCC for the respective application type when creating a space or use the default LCC set by the admin.
**Note**
Existing Studio Classic auto-shutdown scripts do not work with Studio. For an example Studio auto-shutdown script, see [SageMaker Studio Lifecycle Configuration examples](https://github.com/aws-samples/sagemaker-studio-apps-lifecycle-config-examples).
### Considerations when refactoring LCCs
Consider the following differences between Studio Classic and Studio when refactoring your LCCs.
+ JupyterLab and Code Editor applications, when created, are run as `sagemaker-user` with `UID:1001` and `GID:101`. By default, `sagemaker-user` has permissions to assume sudo/root permissions. KernelGateway applications are run as `root` by default.
+ SageMaker Distribution images that run inside JupyterLab and Code Editor apps use the Debian-based package manager, `apt-get`.
+ Studio JupyterLab and Code Editor applications use the Conda package manager. SageMaker AI creates a single base Python3 Conda environment when a Studio application is launched. For information about updating packages in the base Conda environment and creating new Conda environments, see [JupyterLab user guide](studio-updated-jl-user-guide.md). In contrast, not all KernelGateway applications use Conda as a package manager.
+ The Studio JupyterLab application uses `JupyterLab 4.0`, while Studio Classic uses `JupyterLab 3.0`. Validate that all JupyterLab extensions you use are compatible with `JupyterLab 4.0`. For more information about extensions, see [Extension Compatibility with JupyterLab 4.0](https://github.com/jupyterlab/jupyterlab/issues/14590).
# (Optional) Migrate data from Studio Classic to Studio
Studio Classic and Studio use two different types of storage volumes. Studio Classic uses a single Amazon Elastic File System (Amazon EFS) volume to store data across all users and shared spaces in the domain. In Studio, each space gets its own Amazon Elastic Block Store (Amazon EBS) volume. When you update the default experience of an existing domain, SageMaker AI automatically mounts a folder in an Amazon EFS volume for each user in a domain. As a result, users are able to access files from Studio Classic in their Studio applications. For more information, see [Amazon EFS auto-mounting in Studio](studio-updated-automount.md).
You can also opt out of Amazon EFS auto-mounting and manually migrate the data to give users access to files from Studio Classic in Studio applications. To accomplish this, you must transfer the files from the user home directories to the Amazon EBS volumes associated with those spaces. The following section gives information about this workflow. For more information about opting out of Amazon EFS auto-mounting, see [Opt out of Amazon EFS auto-mounting](studio-updated-automount-optout.md).
## Manually migrate all of your data from Studio Classic
The following section describes how to migrate all of the data from your Studio Classic storage volume to the new Studio experience.
When manually migrating a user's data, code, and artifacts from Studio Classic to Studio, we recommend one of the following approaches:
1. Using a custom Amazon EFS volume
1. Using Amazon Simple Storage Service (Amazon S3)
If you used Amazon SageMaker Data Wrangler in Studio Classic and want to migrate your data flow files, then choose one of the following options for migration:
+ If you want to migrate all of the data from your Studio Classic storage volume, including your data flow files, go to [Manually migrate all of your data from Studio Classic](#studio-updated-migrate-data-all) and complete the section **Use Amazon S3 to migrate data**. Then, skip to the [Import the flow files into Canvas](#studio-updated-migrate-flows-import) section.
+ If you only want to migrate your data flow files and no other data from your Studio Classic storage volume, skip to the [Migrate data flows from Data Wrangler](#studio-updated-migrate-flows) section.
### Prerequisites
Before running these steps, complete the prerequisites in [Complete prerequisites to migrate the Studio experience](studio-updated-migrate-prereq.md). You must also complete the steps in [Migrate the UI from Studio Classic to Studio](studio-updated-migrate-ui.md).
### Choosing an approach
Consider the following when choosing an approach to migrate your Studio Classic data.
** Pros and cons of using a custom Amazon EFS volume**
In this approach, you use an Amazon EFS-to-Amazon EFS AWS DataSync task (one time or cadence) to copy data, then mount the target Amazon EFS volume to a user’s spaces. This gives users access to data from Studio Classic in their Studio compute environments.
Pros:
+ Only the user’s home directory data is visible in the user's spaces. There is no data cross-pollination.
+ Syncing from the source Amazon EFS volume to a target Amazon EFS volume is safer than directly mounting the source Amazon EFS volume managed by SageMaker AI into spaces. This avoids the potential to impact home directory user files.
+ Users have the flexibility to continue working in Studio Classic and Studio applications, while having their data available in both applications if AWS DataSync is set up on a regular cadence.
+ No need for repeated push and pull with Amazon S3.
Cons:
+ No write access to the target Amazon EFS volume mounted to user's spaces. To get write access to the target Amazon EFS volume, customers would need to mount the target Amazon EFS volume to an Amazon Elastic Compute Cloud instance and provide appropriate permissions for users to write to the Amazon EFS prefix.
+ Requires modification to the security groups managed by SageMaker AI to allow network file system (NFS) inbound and outbound flow.
+ Costs more than using Amazon S3.
+ If [migrating data flows from Data Wrangler in Studio Classic](#studio-updated-migrate-flows), you must follow the steps for manually exporting flow files.
**Pros and cons of using Amazon S3**
In this approach, you use an Amazon EFS-to-Amazon S3 AWS DataSync task (one time or cadence) to copy data, then create a lifecycle configuration to copy the user’s data from Amazon S3 to their private space’s Amazon EBS volume.
Pros:
+ If the LCC is attached to the domain, users can choose to use the LCC to copy data to their space or to run the space with no LCC script. This gives users the choice to copy their files only to the spaces they need.
+ If an AWS DataSync task is set up on a cadence, users can restart their Studio application to get the latest files.
+ Because the data is copied over to Amazon EBS, users have write permissions on the files.
+ Amazon S3 storage is cheaper than Amazon EFS.
+ If [migrating data flows from Data Wrangler in Studio Classic](#studio-updated-migrate-flows), you can skip the manual export steps and directly import the data flows into SageMaker Canvas from Amazon S3.
Cons:
+ If administrators need to prevent cross-pollination, they must create AWS Identity and Access Management policies at the user level to ensure users can only access the Amazon S3 prefix that contains their files.
### Use a custom Amazon EFS volume to migrate data
In this approach, you use an Amazon EFS-to-Amazon EFS AWS DataSync to copy the contents of a Studio Classic Amazon EFS volume to a target Amazon EFS volume once or in a regular cadence, then mount the target Amazon EFS volume to a user’s spaces. This gives users access to data from Studio Classic in their Studio compute environments.
1. Create a target Amazon EFS volume. You will transfer data into this Amazon EFS volume and mount it to a corresponding user's space using prefix-level mounting.
```
export SOURCE_DOMAIN_ID="domain-id"
export AWS_REGION="region"
export TARGET_EFS=$(aws efs create-file-system --performance-mode generalPurpose --throughput-mode bursting --encrypted --region $REGION | jq -r '.FileSystemId')
echo "Target EFS volume Created: $TARGET_EFS"
```
1. Add variables for the source Amazon EFS volume currently attached to the domain and used by all users. The domain's Amazon Virtual Private Cloud information is required to ensure the target Amazon EFS is created in the same Amazon VPC and subnet, with the same security group configuration.
```
export SOURCE_EFS=$(aws sagemaker describe-domain --domain-id $SOURCE_DOMAIN_ID | jq -r '.HomeEfsFileSystemId')
export VPC_ID=$(aws sagemaker describe-domain --domain-id $SOURCE_DOMAIN_ID | jq -r '.VpcId')
echo "EFS managed by SageMaker: $SOURCE_EFS | VPC: $VPC_ID"
```
1. Create an Amazon EFS mount target in the same Amazon VPC and subnet as the source Amazon EFS volume, with the same security group configuration. The mount target takes a few minutes to be available.
```
export EFS_VPC_ID=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].VpcId")
export EFS_AZ_NAME=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].AvailabilityZoneName")
export EFS_AZ_ID=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].AvailabilityZoneId")
export EFS_SUBNET_ID=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].SubnetId")
export EFS_MOUNT_TARG_ID=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].MountTargetId")
export EFS_SG_IDS=$(aws efs describe-mount-target-security-groups --mount-target-id $EFS_MOUNT_TARG_ID | jq -r '.SecurityGroups[]')
aws efs create-mount-target \
--file-system-id $TARGET_EFS \
--subnet-id $EFS_SUBNET_ID \
--security-groups $EFS_SG_IDS
```
1. Create Amazon EFS source and destination locations for the AWS DataSync task.
```
export SOURCE_EFS_ARN=$(aws efs describe-file-systems --file-system-id $SOURCE_EFS | jq -r ".FileSystems[0].FileSystemArn")
export TARGET_EFS_ARN=$(aws efs describe-file-systems --file-system-id $TARGET_EFS | jq -r ".FileSystems[0].FileSystemArn")
export EFS_SUBNET_ID_ARN=$(aws ec2 describe-subnets --subnet-ids $EFS_SUBNET_ID | jq -r ".Subnets[0].SubnetArn")
export ACCOUNT_ID=$(aws ec2 describe-security-groups --group-id $EFS_SG_IDS | jq -r ".SecurityGroups[0].OwnerId")
export EFS_SG_ID_ARN=arn:aws:ec2:$REGION:$ACCOUNT_ID:security-group/$EFS_SG_IDS
export SOURCE_LOCATION_ARN=$(aws datasync create-location-efs --subdirectory "/" --efs-filesystem-arn $SOURCE_EFS_ARN --ec2-config SubnetArn=$EFS_SUBNET_ID_ARN,SecurityGroupArns=$EFS_SG_ID_ARN --region $REGION | jq -r ".LocationArn")
export DESTINATION_LOCATION_ARN=$(aws datasync create-location-efs --subdirectory "/" --efs-filesystem-arn $TARGET_EFS_ARN --ec2-config SubnetArn=$EFS_SUBNET_ID_ARN,SecurityGroupArns=$EFS_SG_ID_ARN --region $REGION | jq -r ".LocationArn")
```
1. Allow traffic between the source and target network file system (NFS) mounts. When a new domain is created, SageMaker AI creates 2 security groups.
+ NFS inbound security group with only inbound traffic.
+ NFS outbound security group with only outbound traffic.
The source and target NFS are placed inside the same security groups. You can allow traffic between these mounts from the AWS Management Console or AWS CLI.
+ Allow traffic from the AWS Management Console
1. Sign in to the AWS Management Console and open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. Choose **Security Groups**.
1. Search for the existing domain's ID on the **Security Groups** page.
```
d-xxxxxxx
```
The results should return two security groups that include the domain ID in the name.
+ `security-group-for-inbound-nfs-domain-id`
+ `security-group-for-outbound-nfs-domain-id`
1. Select the inbound security group ID. This opens a new page with details about the security group.
1. Select the **Outbound Rules** tab.
1. Select **Edit outbound rules**.
1. Update the existing outbound rules or add a new outbound rule with the following values:
+ **Type**: NFS
+ **Protocol**: TCP
+ **Port range**: 2049
+ **Destination**: security-group-for-outbound-nfs-*domain-id* \$1 *security-group-id*
1. Choose **Save rules**.
1. Select the **Inbound Rules** tab.
1. Select **Edit inbound rules**.
1. Update the existing inbound rules or add a new outbound rule with the following values:
+ **Type**: NFS
+ **Protocol**: TCP
+ **Port range**: 2049
+ **Destination**: security-group-for-outbound-nfs-*domain-id* \$1 *security-group-id*
1. Choose **Save rules**.
+ Allow traffic from the AWS CLI
1. Update the security group inbound and outbound rules with the following values:
+ **Protocol**: TCP
+ **Port range**: 2049
+ **Group ID**: Inbound security group ID or outbound security group ID
```
export INBOUND_SG_ID=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=security-group-for-inbound-nfs-$SOURCE_DOMAIN_ID" | jq -r ".SecurityGroups[0].GroupId")
export OUTBOUND_SG_ID=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=security-group-for-outbound-nfs-$SOURCE_DOMAIN_ID" | jq -r ".SecurityGroups[0].GroupId")
echo "Outbound SG ID: $OUTBOUND_SG_ID | Inbound SG ID: $INBOUND_SG_ID"
aws ec2 authorize-security-group-egress \
--group-id $INBOUND_SG_ID \
--protocol tcp --port 2049 \
--source-group $OUTBOUND_SG_ID
aws ec2 authorize-security-group-ingress \
--group-id $OUTBOUND_SG_ID \
--protocol tcp --port 2049 \
--source-group $INBOUND_SG_ID
```
1. Add both the inbound and outbound security groups to the source and target Amazon EFS mount targets. This allows traffic between the 2 Amazon EFS mounts.
```
export SOURCE_EFS_MOUNT_TARGET=$(aws efs describe-mount-targets --file-system-id $SOURCE_EFS | jq -r ".MountTargets[0].MountTargetId")
export TARGET_EFS_MOUNT_TARGET=$(aws efs describe-mount-targets --file-system-id $TARGET_EFS | jq -r ".MountTargets[0].MountTargetId")
aws efs modify-mount-target-security-groups \
--mount-target-id $SOURCE_EFS_MOUNT_TARGET \
--security-groups $INBOUND_SG_ID $OUTBOUND_SG_ID
aws efs modify-mount-target-security-groups \
--mount-target-id $TARGET_EFS_MOUNT_TARGET \
--security-groups $INBOUND_SG_ID $OUTBOUND_SG_ID
```
1. Create a AWS DataSync task. This returns a task ARN that can be used to run the task on-demand or as part of a regular cadence.
```
export EXTRA_XFER_OPTIONS='VerifyMode=ONLY_FILES_TRANSFERRED,OverwriteMode=ALWAYS,Atime=NONE,Mtime=NONE,Uid=NONE,Gid=NONE,PreserveDeletedFiles=REMOVE,PreserveDevices=NONE,PosixPermissions=NONE,TaskQueueing=ENABLED,TransferMode=CHANGED,SecurityDescriptorCopyFlags=NONE,ObjectTags=NONE'
export DATASYNC_TASK_ARN=$(aws datasync create-task --source-location-arn $SOURCE_LOCATION_ARN --destination-location-arn $DESTINATION_LOCATION_ARN --name "SMEFS_to_CustomEFS_Sync" --region $REGION --options $EXTRA_XFER_OPTIONS | jq -r ".TaskArn")
```
1. Start a AWS DataSync task to automatically copy data from the source Amazon EFS to the target Amazon EFS mount. This does not retain the file's POSIX permissions, which allows users to read from the target Amazon EFS mount, but not write to it.
```
aws datasync start-task-execution --task-arn $DATASYNC_TASK_ARN
```
1. Mount the target Amazon EFS volume on the domain at the root level.
```
aws sagemaker update-domain --domain-id $SOURCE_DOMAIN_ID \
--default-user-settings '{"CustomFileSystemConfigs": [{"EFSFileSystemConfig": {"FileSystemId": "'"$TARGET_EFS"'", "FileSystemPath": "/"}}]}'
```
1. Overwrite every user profile with a `FileSystemPath` prefix. The prefix includes the user’s UID, which is created by SageMaker AI. This ensure user’s only have access to their data and prevents cross-pollination. When a space is created in the domain and the target Amazon EFS volume is mounted to the application, the user’s prefix overwrites the domain prefix. As a result, SageMaker AI only mounts the `/user-id` directory on the user's application.
```
aws sagemaker list-user-profiles --domain-id $SOURCE_DOMAIN_ID | jq -r '.UserProfiles[] | "\(.UserProfileName)"' | while read user; do
export uid=$(aws sagemaker describe-user-profile --domain-id $SOURCE_DOMAIN_ID --user-profile-name $user | jq -r ".HomeEfsFileSystemUid")
echo "$user $uid"
aws sagemaker update-user-profile --domain-id $SOURCE_DOMAIN_ID --user-profile-name $user --user-settings '{"CustomFileSystemConfigs": [{"EFSFileSystemConfig":{"FileSystemId": "'"$TARGET_EFS"'", "FileSystemPath": "'"/$uid/"'"}}]}'
done
```
1. Users can then select the custom Amazon EFS filesystem when launching an application. For more information, see [JupyterLab user guide](studio-updated-jl-user-guide.md) or [Launch a Code Editor application in Studio](code-editor-use-studio.md).
### Use Amazon S3 to migrate data
In this approach, you use an Amazon EFS-to-Amazon S3 AWS DataSync task to copy the contents of a Studio Classic Amazon EFS volume to an Amazon S3 bucket once or in a regular cadence, then create a lifecycle configuration to copy the user’s data from Amazon S3 to their private space’s Amazon EBS volume.
**Note**
This approach only works for domains that have internet access.
1. Set the source Amazon EFS volume ID from the domain containing the data that you are migrating.
```
timestamp=$(date +%Y%m%d%H%M%S)
export SOURCE_DOMAIN_ID="domain-id"
export AWS_REGION="region"
export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
export EFS_ID=$(aws sagemaker describe-domain --domain-id $SOURCE_DOMAIN_ID | jq -r '.HomeEfsFileSystemId')
```
1. Set the target Amazon S3 bucket name. For information about creating an Amazon S3 bucket, see [Creating a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html). The bucket used must have a CORS policy as described in [(Optional) Update your CORS policy to access Amazon S3 buckets](studio-updated-migrate-ui.md#studio-updated-migrate-cors). Users in the domain must also have permissions to access the Amazon S3 bucket.
In this example, we are copying files to a prefix named `studio-new`. If you are using a single Amazon S3 bucket to migrate multiple domains, use the `studio-new/` prefix to restrict permissions to the files using IAM.
```
export BUCKET_NAME=s3-bucket-name
export S3_DESTINATION_PATH=studio-new
```
1. Create a trust policy that gives AWS DataSync permissions to assume the execution role of your account.
```
export TRUST_POLICY=$(cat <
If you have previously used Amazon SageMaker Data Wrangler in Amazon SageMaker Studio Classic for data preparation tasks, you can migrate to the new Amazon SageMaker Studio and access the latest version of Data Wrangler in Amazon SageMaker Canvas. Data Wrangler in SageMaker Canvas provides you with an enhanced user experience and access to the latest features, such as a natural language interface and faster performance.
You can onboard to SageMaker Canvas at any time to begin using the new Data Wrangler experience. For more information, see [Getting started with using Amazon SageMaker Canvas](canvas-getting-started.md).
If you have data flow files saved in Studio Classic that you were previously working on, you can onboard to Studio and then import the flow files into Canvas. You have the following options for migration:
+ One-click migration: When you sign in to Canvas, you can use a one-time import option that migrates all of your flow files on your behalf.
+ Manual migration: You can manually import your flow files into Canvas. From Studio Classic, either export the files to Amazon S3 or download them to your local machine. Then, you sign in to the SageMaker Canvas application, import the flow files, and continue your data preparation tasks.
The following guide describes the prerequisites to migration and how to migrate your data flow files using either the one-click or manual option.
### Prerequisites
Review the following prerequisites before you begin migrating your flow files.
**Step 1. Migrate the domain and grant permissions**
Before migrating data flow files, you need to follow specific steps of the [Migration from Amazon SageMaker Studio Classic](studio-updated-migrate.md) guide to ensure that your user profile's AWS IAM execution role has the required permissions. Follow the [Prerequisites](studio-updated-migrate-prereq.md) and [Migrate the UI from Studio Classic to Studio](studio-updated-migrate-ui.md) before proceeding, which describe how to grant the required permissions, configure Studio as the new experience, and migrate your existing domain.
Specifically, you must have permissions to create a SageMaker Canvas application and use the SageMaker Canvas data preparation features. To obtain these permissions, you can either:
+ Add the [ AmazonSageMakerCanvasDataPrepFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasDataPrepFullAccess.html) policy to your IAM role, or
+ Attach a least-permissions policy, as shown in the **(Optional) Migrate from Data Wrangler in Studio Classic to SageMaker Canvas** section of the page [Migrate the UI from Studio Classic to Studio](studio-updated-migrate-ui.md).
Make sure to use the same user profile for both Studio and SageMaker Canvas.
After completing the prerequisites outlined in the migration guide, you should have a new domain with the required permissions to access SageMaker Canvas through Studio.
**Step 2. (Optional) Prepare an Amazon S3 location**
If you are doing a manual migration and plan to use Amazon S3 to transfer your flow files instead of using the local download option, you should have an Amazon S3 bucket in your account that you'd like to use for storing the flow files.
### One-click migration method
SageMaker Canvas offers a one-time import option for migrating your data flows from Data Wrangler in Studio Classic to Data Wrangler in SageMaker Canvas. As long as your Studio Classic and Canvas applications share the same Amazon EFS storage volume, you can migrate in one click from Canvas. This streamlined process eliminates the need for manual export and import steps, and you can import all of your flows at once.
Use the following procedure to migrate all of your flow files:
1. Open your latest version of Studio.
1. In Studio, in the left navigation pane, choose the **Data** dropdown menu.
1. From the navigation options, choose **Data Wrangler**.
1. On the **Data Wrangler** page, choose **Run in Canvas**. If you have successfully set up the permissions, this creates a Canvas application for you. The Canvas application may take a few minutes before it's ready.
1. When Canvas is ready, choose **Open in Canvas.**
1. Canvas opens to the **Data Wrangler** page, and a banner at the top of the page appears that says Import your data flows from Data Wrangler in Studio Classic to Canvas. This is a one time import. Learn more. In the banner, choose **Import All**.
**Warning**
If you close the banner notification, you won't be able to re-open it or use the one-click migration method anymore.
A pop-up notification appears, indicating that Canvas is importing your flow files from Studio Classic. If the import is fully successful, you receive another notification that `X` number of flow files were imported, and you can see your flow files on the **Data Wrangler** page of the Canvas application. Any imported flow files that have the same name as existing data flows in your Canvas application are renamed with a postfix. You can open a data flow to verify that it looks as expected.
In case any of your flow files don't import successfully, you receive a notification that the import was either partially successful or failed. Choose **View errors** on the notification message to check the individual error messages for guidance on how to reformat any incorrectly formatted flow files.
After importing your flow files, you should now be able to continue using Data Wrangler to prepare data in SageMaker Canvas.
### Manual migration method
The following sections describe how to manually import your flow files into Canvas in case the one-click migration method didn't work.
#### Export the flow files from Studio Classic
**Note**
If you've already migrated your Studio Classic data to Amazon S3 by following the instructions in [(Optional) Migrate data from Studio Classic to Studio](#studio-updated-migrate-data), you can skip this step and go straight to the [Import the flow files into Canvas](#studio-updated-migrate-flows-import) section in which you import your flow files from the Amazon S3 location where your Studio Classic data is stored.
You can export your flow files by either saving them to Amazon S3 or downloading them to your local machine. When you import your flow files into SageMaker Canvas in the next step, if you choose the local upload option, then you can only upload 20 flow files at a time. If you have a large number of flow files to import, we recommend that you use Amazon S3 instead.
Follow the instructions in either [Method 1: Use Amazon S3 to transfer flow files](#studio-updated-migrate-flows-export-s3) or [Method 2: Use your local machine to transfer flow files](#studio-updated-migrate-flows-export-local) to proceed.
##### Method 1: Use Amazon S3 to transfer flow files
With this method, you use Amazon S3 as the intermediary between Data Wrangler in Studio Classic and Data Wrangler in SageMaker Canvas (accessed through the latest version of Studio). You export the flow files from Studio Classic to Amazon S3, and then in the next step, you access Canvas through Studio and import the flow files from Amazon S3.
Make sure that you have an Amazon S3 bucket prepared as the storage location for the flow files.
Use the following procedure to export your flow files from Studio Classic to Amazon S3:
1. Open Studio Classic.
1. Open a new terminal by doing the following:
1. On the top navigation bar, choose **File**.
1. In the context menu, hover over **New**, and then select **Terminal**.
1. By default, the terminal should open in your home directory. Navigate to the folder that contains all of the flow files that you want to migrate.
1. Use the following command to synchronize all of the flow files to the specified Amazon S3 location. Replace `{bucket-name}` and `{folder}` with the path to your desired Amazon S3 location. For more information about the command and parameters, see the [sync](https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html) command in the AWS AWS CLI Command Reference.
```
aws s3 sync . s3://{bucket-name}/{folder}/ --exclude "*.*" --include "*.flow"
```
If you are using your own AWS KMS key, then use the following command instead to synchronize the files, and specify your KMS key ID. Make sure that the user's IAM execution role (which should be the same role used in **Step 1. Migrate the domain and grant permissions** of the preceding [Prerequisites](#studio-updated-migrate-flows-prereqs)) has been granted access to use the KMS key.
```
aws s3 sync . s3://{bucket-name}/{folder}/ --exclude "*.*" --include "*.flow" --sse-kms-key-id {your-key-id}
```
Your flow files should now be exported. You can check your Amazon S3 bucket to make sure that the flow files synchronized successfully.
To import these files in the latest version of Data Wrangler, follow the steps in [Import the flow files into Canvas](#studio-updated-migrate-flows-import).
##### Method 2: Use your local machine to transfer flow files
With this method, you download the flow files from Studio Classic to your local machine. You can download the files directly, or you can compress them as a zip archive. Then, you unpack the zip file locally (if applicable), sign in to Canvas, and import the flow files by uploading them from your local machine.
Use the following procedure to download your flow files from Studio Classic:
1. Open Studio Classic.
1. (Optional) If you want to compress multiple flow files into a zip archive and download them all at once, then do the following:
1. On the top navigation bar of Studio Classic, choose **File**.
1. In the context menu, hover over **New**, and then select **Terminal**.
1. By default, the terminal opens in your home directory. Navigate to the folder that contains all of the flow files that you want to migrate.
1. Use the following command to pack the flow files in the current directory as a zip. The command excludes any hidden files:
```
find . -not -path "*/.*" -name "*.flow" -print0 | xargs -0 zip my_archive.zip
```
1. Download the zip archive or individual flow files to your local machine by doing the following:
1. In the left navigation pane of Studio Classic, choose **File Browser**.
1. Find the file you want to download in the file browser.
1. Right click the file, and in the context menu, select **Download**.
The file should download to your local machine. If you packed them as a zip archive, extract the files locally. After the files are extracted, to import these files in the latest version of Data Wrangler, follow the steps in [Import the flow files into Canvas](#studio-updated-migrate-flows-import).
#### Import the flow files into Canvas
After exporting your flow files, access Canvas through Studio and import the files.
Use the following procedure to import flow files into Canvas:
1. Open your latest version of Studio.
1. In Studio, in the left navigation pane, choose the **Data** dropdown menu.
1. From the navigation options, choose **Data Wrangler**.
1. On the **Data Wrangler** page, choose **Run in Canvas**. If you have successfully set up the permissions, this creates a Canvas application for you. The Canvas application may take a few minutes before it's ready.
1. When Canvas is ready, choose **Open in Canvas.**
1. Canvas opens to the **Data Wrangler** page. In the top pane, choose **Import data flows**.
1. For **Data source**, choose either **Amazon S3** or **Local upload**.
1. Select your flow files from your Amazon S3 bucket, or upload the files from your local machine.
**Note**
For local upload, you can upload a maximum of 20 flow files at a time. For larger imports, use Amazon S3. If you select a folder to import, any flow files in sub-folders are also imported.
1. Choose **Import data**.
If the import was successful, you receive a notification that `X` number of flow files were successfully imported.
In case your flow files don't import successfully, you receive a notification in the SageMaker Canvas application. Choose **View errors** on the notification message to check the individual error messages for guidance on how to reformat any incorrectly formatted flow files.
After your flow files are done importing, go to the **Data Wrangler** page of the SageMaker Canvas application to view your data flows. You can try opening a data flow to verify that it looks as expected.
# Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic is a web-based integrated development environment (IDE) for machine learning (ML). Studio Classic lets you build, train, debug, deploy, and monitor your ML models. Studio Classic includes all of the tools you need to take your models from data preparation to experimentation to production with increased productivity. In a single visual interface, you can do the following tasks:
+ Write and run code in Jupyter notebooks
+ Prepare data for machine learning
+ Build and train ML models
+ Deploy the models and monitor the performance of their predictions
+ Track and debug ML experiments
+ Collaborate with other users in real time
For information on the onboarding steps for Studio Classic, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
For information about collaborating with other users in real time, see [Collaboration with shared spaces](domain-space.md).
For the AWS Regions supported by Studio Classic, see [Supported Regions and Quotas](regions-quotas.md).
## Amazon SageMaker Studio Classic maintenance phase plan
The following table gives information about the timeline for when Amazon SageMaker Studio Classic entered its extended maintenance phase.
| Date | Description |
| --- | --- |
| 12/31/2024 | Starting December 31st, Studio Classic reaches end of maintenance. At this point, Studio Classic will no longer receive updates and security fixes. All new domains will be created with Amazon SageMaker Studio as the default. |
| 1/31/2025 | Starting January 31st, users will no longer be able to create new JupyterLab 3 notebooks in Studio Classic. Users will also not be able to restart or update existing notebooks. Users will be able to access existing Studio Classic applications from Studio only to delete or stop existing notebooks. |
**Note**
Your existing Studio Classic domain is not automatically migrated to Studio. For information about migrating, see [Migration from Amazon SageMaker Studio Classic](studio-updated-migrate.md).
**Topics**
+ [
## Amazon SageMaker Studio Classic maintenance phase plan
](#studio-deprecation)
+ [
## Amazon SageMaker Studio Classic Features
](#studio-features)
+ [
# Amazon SageMaker Studio Classic UI Overview
](studio-ui.md)
+ [
# Launch Amazon SageMaker Studio Classic
](studio-launch.md)
+ [
# JupyterLab Versioning in Amazon SageMaker Studio Classic
](studio-jl.md)
+ [
# Use the Amazon SageMaker Studio Classic Launcher
](studio-launcher.md)
+ [
# Use Amazon SageMaker Studio Classic Notebooks
](notebooks.md)
+ [
# Customize Amazon SageMaker Studio Classic
](studio-customize.md)
+ [
# Perform Common Tasks in Amazon SageMaker Studio Classic
](studio-tasks.md)
+ [
# Amazon SageMaker Studio Classic Pricing
](studio-pricing.md)
+ [
# Troubleshooting Amazon SageMaker Studio Classic
](studio-troubleshooting.md)
## Amazon SageMaker Studio Classic Features
Studio Classic includes the following features:
+ [SageMaker Autopilot](https://docs.aws.amazon.com/sagemaker/latest/dg/autopilot-automate-model-development.html)
+ [SageMaker Clarify](https://docs.aws.amazon.com/sagemaker/latest/dg/model-explainability.html)
+ [SageMaker Data Wrangler](https://docs.aws.amazon.com/sagemaker/latest/dg/data-wrangler.html)
+ [SageMaker Debugger](https://docs.aws.amazon.com/sagemaker/latest/dg/debugger-on-studio.html)
+ [SageMaker Experiments](https://docs.aws.amazon.com/sagemaker/latest/dg/experiments.html)
+ [SageMaker Feature Store](https://docs.aws.amazon.com/sagemaker/latest/dg/feature-store-use-with-studio.html)
+ [SageMaker JumpStart](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-jumpstart.html)
+ [Amazon SageMaker Pipelines](https://docs.aws.amazon.com/sagemaker/latest/dg/pipelines-studio.html)
+ [SageMaker Model Registry](https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry.html)
+ [SageMaker Projects](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-projects.html)
+ [SageMaker Studio Classic Notebooks](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks.html)
+ [SageMaker Studio Universal Notebook](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-emr-cluster.html)
# Amazon SageMaker Studio Classic UI Overview
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic extends the capabilities of JupyterLab with custom resources that can speed up your Machine Learning (ML) process by harnessing the power of AWS compute. Previous users of JupyterLab will notice the similarity of the user interface. The most prominent additions are detailed in the following sections. For an overview of the original JupyterLab interface, see [The JupyterLab Interface](https://jupyterlab.readthedocs.io/en/latest/user/interface.html).
The following image shows the default view upon launching Amazon SageMaker Studio Classic. The *left navigation* panel displays all top-level categories of features, and a *[Amazon SageMaker Studio Classic home page](#studio-ui-home)* is open in the *main working area*. Come back to this central point of orientation by choosing the **Home** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/house.png)) at any time, then selecting the **Home** node in the navigation menu.
Try the **Getting started notebook** for an in-product hands-on guide on how to set up and get familiar with Amazon SageMaker Studio Classic features. On the **Quick actions** section of the Studio Classic Home page, choose **Open the Getting started notebook**.
![\[SageMaker Studio Classic home page.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-home.png)
**Note**
This chapter is based on Studio Classic's updated user interface (UI) available on version `v5.38.x` and above on JupyterLab3.
To retrieve your version of Studio Classic UI, from the [Studio Classic Launcher](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-launcher.html), open a System Terminal, then
Run `conda activate studio`
Run `jupyter labextension list`
Search for the version displayed after `@amzn/sagemaker-ui version` in the output.
For information about updating Amazon SageMaker Studio Classic, see [Shut Down and Update Amazon SageMaker Studio Classic](studio-tasks-update-studio.md).
**Topics**
+ [
## Amazon SageMaker Studio Classic home page
](#studio-ui-home)
+ [
## Amazon SageMaker Studio Classic layout
](#studio-ui-layout)
## Amazon SageMaker Studio Classic home page
The Home page provides access to common tasks and workflows. In particular, it includes a list of **Quick actions** for common tasks such as **Open Launcher** to create notebooks and other resources and **Import & prepare data visually** to create a new flow in Data Wrangler.The **Home** page also offers tooltips on key controls in the UI.
The **Prebuilt and automated solutions** help you get started quickly with SageMaker AI's low-code solutions such as Amazon SageMaker JumpStart and Autopilot.
In **Workflows and tasks**, you can find a list of relevant tasks for each step of your ML workflow that takes you to the right tool for the job. For example, **Transform, analyse, and export data** takes you to Amazon SageMaker Data Wrangler and opens the workflow to create a new data flow, or **View all experiments** takes you to SageMaker Experiments and opens the experiments list view.
Upon Studio Classic launch, the **Home** page is open in the main working area. You can customize your SageMaker AI **Home** page by choosing the **Customize Layout** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/layout.png)) at the top right of the **Home** tab.
## Amazon SageMaker Studio Classic layout
The Amazon SageMaker Studio Classic interface consists of a *menu bar* at the top, a collapsible *left sidebar* displaying a variety of icons such as the **Home** icon and the **File Browser**, a *status bar* at the bottom of the screen, and a *central area* divided horizontally into two panes. The left pane is a collapsible *navigation panel*. The right pane, or main working area, contains one or more tabs for resources such as launchers, notebooks, terminals, metrics, and graphs, and can be further divided.
**Report a bug** in Studio Classic or choose the notification icon (![\[Red circle icon with white exclamation mark, indicating an alert or warning.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/Notification.png)) to view notifications from Studio Classic, such as new Studio Classic versions and new SageMaker AI features, on the right corner of the menu bar. To update to a new version of Studio Classic, see [Shut Down and Update Amazon SageMaker Studio Classic and Apps](studio-tasks-update.md).
The following sections describe the Studio Classic main user interface areas.
### Left sidebar
The *left sidebar* includes the following icons. When hovering over an icon, a tooltip displays the icon name. A single click on an icon opens up the left navigation panel with the described functionality. A double click minimizes the left navigation panel.
| Icon | Description |
| --- | --- |
| ![\[The Home icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/house@2x.png) | **Home** Choose the **Home** icon to open a top-level navigation menu in the *left navigation* panel. Using the **Home** navigation menu, you can discover and navigate to the right tools for each step of your ML workflow. The menu also provides shortcuts to quick-start solutions and learning resources such as documentation and guided tutorials. The menu categories group relevant features together. Choosing **Data**, for example, expands the relevant SageMaker AI capabilities for your data preparations tasks. From here, you can prepare your data with Data Wrangler, create and store ML features with Amazon SageMaker Feature Store, and manage Amazon EMR clusters for large-scale data processing. The categories are ordered following a typical ML workflow from preparing data, to building, training, and deploying ML models (data, pipelines, models, and deployments). When you choose a specific node (such as Data Wrangler), a corresponding page opens in the main working area. Choose **Home** in the navigation menu to open the [Amazon SageMaker Studio Classic home page](#studio-ui-home) |
| ![\[The File Browser icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder@2x.png) | **File Browser** The **File Browser** displays lists of your notebooks, experiments, trials, trial components, endpoints, and low-code solutions. Whether you are in a personal or shared space determines who has access to your files. You can identify which type of space you are in by looking at the top right corner. If you are in a personal app, you see a user icon followed by *[user\$1name]*** / Personal Studio** and if you are in a collaborative space, you see a globe icon followed by "*[user\$1name] ***/** *[space\$1name].*" [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/studio-ui.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/studio-ui.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/studio-ui.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/studio-ui.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/studio-ui.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/studio-ui.html) For hierarchical entries, a selectable breadcrumb at the top of the browser shows your location in the hierarchy. |
| ![\[The Property Inspector icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/gears@2x.png) | **Property Inspector** The Property Inspector is a notebook cell tools inspector which displays contextual property settings when open. |
| ![\[The Running Terminals and Kernels icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/running-terminals-kernels@2x.png) | **Running Terminals and Kernels** You can check the list of all the *kernels* and *terminals* currently running across all notebooks, code consoles, and directories. You can shut down individual resources, including notebooks, terminals, kernels, apps, and instances. You can also shut down all resources in one of these categories at the same time. For more information, see [Shut Down Resources from Amazon SageMaker Studio Classic](notebooks-run-and-manage-shut-down.md). |
| ![\[The Git icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/git@2x.png) | **Git** You can connect to a Git repository and then access a full range of Git tools and operations. For more information, see [Clone a Git Repository in Amazon SageMaker Studio Classic](studio-tasks-git.md). |
| ![\[The Table of Contents icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/table-of-contents@2x.png) | **Table of Contents**You can navigate the structure of a document when a notebook or Python files are open. A table of contents is auto-generated in the left navigation panel when you have a notebook, Markdown files, or Python files opened. The entries are clickable and scroll the document to the heading in question. |
| ![\[The Extensions icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/extensions@2x.png) | **Extensions** You can turn on and manage third-party JupyterLab extensions. You can check the already installed extensions and search for extensions by typing the name in the search bar. When you have found the extension you want to install, choose **Install**. After installing your new extensions, be sure to restart JupyterLab by refreshing your browser. For more information, see [JupyterLab Extensions documentation](https://jupyterlab.readthedocs.io/en/stable/user/extensions.html). |
### Left navigation panel
The left navigation panel content varies with the Icon selected in the left sidebar.
For example, choosing the **Home** icon displays the navigation menu. Choosing **File browser** lists all the files and directories available in your workspace (notebooks, experiments, data flows, trials, trial components, endpoints, or low-code solutions).
In the navigation menu, choosing a node brings up the corresponding feature page in the main working area. For example, choosing **Data Wrangler** in the **Data** menu opens up the **Data Wrangler** tab listing all existing flows.
### Main working area
The main working area consists of multiple tabs that contain your open notebooks, terminals, and detailed information about your experiments and endpoints. In the main working area, you can arrange documents (such as notebooks and text files) and other activities (such as terminals and code consoles) into panels of tabs that you can resize or subdivide. Drag a tab to the center of a tab panel to move the tab to the panel. Subdivide a tab panel by dragging a tab to the left, right, top, or bottom of the panel. The tab for the current activity is marked with a colored top border (blue by default).
**Note**
All feature pages provide in-product contextual help. To access help, choose **Show information**. The help interface provides a brief introduction to the tool and links to additional resources, such as videos, tutorials, or blogs.
# Launch Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
After you have onboarded to an Amazon SageMaker AI domain, you can launch an Amazon SageMaker Studio Classic application from either the SageMaker AI console or the AWS CLI. For more information about onboarding to a domain, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
**Topics**
+ [
## Launch Amazon SageMaker Studio Classic Using the Amazon SageMaker AI Console
](#studio-launch-console)
+ [
## Launch Amazon SageMaker Studio Classic Using the AWS CLI
](#studio-launch-cli)
## Launch Amazon SageMaker Studio Classic Using the Amazon SageMaker AI Console
The process to navigate to Studio Classic from the Amazon SageMaker AI Console differs depending on if Studio Classic or Amazon SageMaker Studio are set as the default experience for your domain. For more information about setting the default experience for your domain, see [Migration from Amazon SageMaker Studio Classic](studio-updated-migrate.md).
**Topics**
+ [
### Prerequisite
](#studio-launch-console-prerequisites)
### Prerequisite
To complete this procedure, you must onboard to a domain by following the steps in [Onboard to Amazon SageMaker AI domain](https://docs.aws.amazon.com//sagemaker/latest/dg/gs-studio-onboard.html).
### Launch Studio Classic if Studio is your default experience
1. Navigate to Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. From the Studio UI, find the applications pane on the left side.
1. From the applications pane, select **Studio Classic**.
1. From the Studio Classic landing page, select the Studio Classic instance to open.
1. Choose “Open”.
### Launch Studio Classic if Studio Classic is your default experience
When Studio Classic is your default experience, you can launch a Amazon SageMaker Studio Classic application from the SageMaker AI console using the Studio Classic landing page or the Amazon SageMaker AI domain details page. The following sections demonstrate how to launch the Studio Classic application from the SageMaker AI console.
#### Launch Studio Classic from the domain details page
The following sections describe how to launch a Studio Classic application from the domain details page. The steps to launch the Studio Classic application after you have navigated to the domain details page differ depending on if you’re launching a personal application or a shared space.
**Navigate to the domain details page**
The following procedure shows how to navigate to the domain details page.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domain, select the domain that you want to launch the Studio Classic application in.
**Launch a user profile app**
The following procedure shows how to launch a Studio Classic application that is scoped to a user profile.
1. On the domain details page, choose the **User profiles** tab.
1. Identify the user profile that you want to launch the Studio Classic application for.
1. Choose **Launch** for your selected user profile, then choose **Studio Classic**.
**Launch a shared space app**
The following procedure shows how to launch a Studio Classic application that is scoped to a shared space.
1. On the domain details page, choose the **Space management** tab.
1. Identify the shared space that you want to launch the Studio Classic application for.
1. Choose **Launch Studio Classic** for your selected shared space.
#### Launch Studio Classic from the Studio Classic landing page
The following procedure describes how to launch a Studio Classic application from the Studio Classic landing page.
**Launch Studio Classic**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose Studio Classic.
1. Under **Get started**, select the domain that you want to launch the Studio Classic application in. If your user profile only belongs to one domain, you do not see the option for selecting a domain.
1. Select the user profile that you want to launch the Studio Classic application for. If there is no user profile in the domain, choose **Create user profile**. For more information, see [Add user profiles](domain-user-profile-add.md).
1. Choose **Launch Studio Classic**. If the user profile belongs to a shared space, choose **Open Spaces**.
1. To launch a Studio Classic application scoped to a user profile, choose **Launch personal Studio Classic**.
1. To launch a shared Studio Classic application, choose the **Launch shared Studio Classic** button next to the shared space that you want to launch into.
## Launch Amazon SageMaker Studio Classic Using the AWS CLI
You can use the AWS Command Line Interface (AWS CLI) to launch Amazon SageMaker Studio Classic by creating a presigned domain URL.
**Prerequisites**
Before you begin, complete the following prerequisites:
+ Onboard to Amazon SageMaker AI domain. For more information, see [Onboard to Amazon SageMaker AI domain](https://docs.aws.amazon.com//sagemaker/latest/dg/gs-studio-onboard.html).
+ Update the AWS CLI by following the steps in [Installing the current AWS CLI Version](https://docs.aws.amazon.com//cli/latest/userguide/install-cliv1.html#install-tool-bundled).
+ From your local machine, run `aws configure` and provide your AWS credentials. For information about AWS credentials, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com//general/latest/gr/aws-sec-cred-types.html).
The following code snippet demonstrates how to launch Amazon SageMaker Studio Classic from the AWS CLI using a presigned domain URL. For more information, see [create-presigned-domain-url](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-presigned-domain-url.html).
```
aws sagemaker create-presigned-domain-url \
--region region \
--domain-id domain-id \
--space-name space-name \
--user-profile-name user-profile-name \
--session-expiration-duration-in-seconds 43200
```
# JupyterLab Versioning in Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The Amazon SageMaker Studio Classic interface is based on JupyterLab, which is a web-based interactive development environment for notebooks, code, and data. Studio Classic only supports using JupyterLab 3.
If you created your domain and user profile using the AWS Management Console before 08/31/2022 or using the AWS Command Line Interface before 02/22/23, then your Studio Classic instance defaulted to JupyterLab 1. After 07/01/2024, you cannot create any Studio Classic applications that run JupyterLab 1.
## JupyterLab 3
JupyterLab 3 includes the following features that are not available in previous versions. For more information about these features, see [JupyterLab 3.0 is released\$1](https://blog.jupyter.org/jupyterlab-3-0-is-out-4f58385e25bb).
+ Visual debugger when using the Base Python 2.0 and Data Science 2.0 kernels.
+ File browser filter
+ Table of Contents (TOC)
+ Multi-language support
+ Simple mode
+ Single interface mode
### Important changes to JupyterLab 3
Consider the following when using JupyterLab 3:
+ When setting the JupyterLab version using the AWS CLI, select the corresponding image for your Region and JupyterLab version from the image list in [From the AWS CLI](#studio-jl-set-cli).
+ In JupyterLab 3, you must activate the `studio` conda environment before installing extensions. For more information, see [Installing JupyterLab and Jupyter Server extensions](#studio-jl-install).
+ Debugger is only supported when using the following images:
+ Base Python 2.0
+ Data Science 2.0
+ Base Python 3.0
+ Data Science 3.0
## Restricting default JupyterLab version using an IAM policy condition key
You can use IAM policy condition keys to restrict the version of JupyterLab that your users can launch.
The following policy shows how to limit the JupyterLab version at the domain level.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "BlockJupyterLab3DomainLevelAppCreation",
"Effect": "Deny",
"Action": [
"sagemaker:CreateDomain",
"sagemaker:UpdateDomain"
],
"Resource": "*",
"Condition": {
"ForAnyValue:ArnLike": {
"sagemaker:ImageArns": "arn:aws:sagemaker:us-east-1:111122223333:image/jupyter-server-3"
}
}
}
]
}
```
------
The following policy shows how to limit the JupyterLab version at the user profile level.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "BlockUsersFromCreatingJupyterLab3Apps",
"Effect": "Deny",
"Action": [
"sagemaker:CreateUserProfile",
"sagemaker:UpdateUserProfile"
],
"Resource": "*",
"Condition": {
"ForAnyValue:ArnLike": {
"sagemaker:ImageArns": "arn:aws:sagemaker:us-east-1:111122223333:image/jupyter-server-3"
}
}
}
]
}
```
------
The following policy shows how to limit the JupyterLab version at the application level. The `CreateApp` request must include the image ARN for this policy to apply.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "BlockJupyterLab3AppLevelAppCreation",
"Effect": "Deny",
"Action": "sagemaker:CreateApp",
"Resource": "*",
"Condition": {
"ForAnyValue:ArnLike": {
"sagemaker:ImageArns": "arn:aws:sagemaker:us-east-1:111122223333:image/jupyter-server-3"
}
}
}
]
}
```
------
## Setting a default JupyterLab version
The following sections show how to set a default JupyterLab version for Studio Classic using either the console or the AWS CLI.
### From the console
You can select the default JupyterLab version to use on either the domain or user profile level during resource creation. To set the default JupyterLab version using the console, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
### From the AWS CLI
You can select the default JupyterLab version to use on either the domain or user profile level using the AWS CLI.
To set the default JupyterLab version using the AWS CLI, you must include the ARN of the desired default JupyterLab version as part of an AWS CLI command. This ARN differs based on the version and the Region of the SageMaker AI domain.
The following table lists the ARNs of the available JupyterLab versions for each Region:
| Region | JL3 |
| --- | --- |
| us-east-1 | arn:aws:sagemaker:us-east-1:081325390199:image/jupyter-server-3 |
| us-east-2 | arn:aws:sagemaker:us-east-2:429704687514:image/jupyter-server-3 |
| us-west-1 | arn:aws:sagemaker:us-west-1:742091327244:image/jupyter-server-3 |
| us-west-2 | arn:aws:sagemaker:us-west-2:236514542706:image/jupyter-server-3 |
| af-south-1 | arn:aws:sagemaker:af-south-1:559312083959:image/jupyter-server-3 |
| ap-east-1 | arn:aws:sagemaker:ap-east-1:493642496378:image/jupyter-server-3 |
| ap-south-1 | arn:aws:sagemaker:ap-south-1:394103062818:image/jupyter-server-3 |
| ap-northeast-2 | arn:aws:sagemaker:ap-northeast-2:806072073708:image/jupyter-server-3 |
| ap-southeast-1 | arn:aws:sagemaker:ap-southeast-1:492261229750:image/jupyter-server-3 |
| ap-southeast-2 | arn:aws:sagemaker:ap-southeast-2:452832661640:image/jupyter-server-3 |
| ap-northeast-1 | arn:aws:sagemaker:ap-northeast-1:102112518831:image/jupyter-server-3 |
| ca-central-1 | arn:aws:sagemaker:ca-central-1:310906938811:image/jupyter-server-3 |
| eu-central-1 | arn:aws:sagemaker:eu-central-1:936697816551:image/jupyter-server-3 |
| eu-west-1 | arn:aws:sagemaker:eu-west-1:470317259841:image/jupyter-server-3 |
| eu-west-2 | arn:aws:sagemaker:eu-west-2:712779665605:image/jupyter-server-3 |
| eu-west-3 | arn:aws:sagemaker:eu-west-3:615547856133:image/jupyter-server-3 |
| eu-north-1 | arn:aws:sagemaker:eu-north-1:243637512696:image/jupyter-server-3 |
| eu-south-1 | arn:aws:sagemaker:eu-south-1:592751261982:image/jupyter-server-3 |
| eu-south-2 | arn:aws:sagemaker:eu-south-2:127363102723:image/jupyter-server-3 |
| sa-east-1 | arn:aws:sagemaker:sa-east-1:782484402741:image/jupyter-server-3 |
| cn-north-1 | arn:aws-cn:sagemaker:cn-north-1:390048526115:image/jupyter-server-3 |
| cn-northwest-1 | arn:aws-cn:sagemaker:cn-northwest-1:390780980154:image/jupyter-server-3 |
#### Create or update domain
You can set a default JupyterServer version at the domain level by invoking [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html) or [UpdateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateDomain.html) and passing the `UserSettings.JupyterServerAppSettings.DefaultResourceSpec.SageMakerImageArn` field.
The following shows how to create a domain with JupyterLab 3 as the default, using the AWS CLI:
```
aws --region \
sagemaker create-domain \
--domain-name \
--auth-mode \
--subnet-ids \
--vpc-id \
--default-user-settings '{
"JupyterServerAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "arn:aws:sagemaker:::image/jupyter-server-3",
"InstanceType": "system"
}
}
}'
```
The following shows how to update a domain to use JupyterLab 3 as the default, using the AWS CLI:
```
aws --region \
sagemaker update-domain \
--domain-id \
--default-user-settings '{
"JupyterServerAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "arn:aws:sagemaker:::image/jupyter-server-3",
"InstanceType": "system"
}
}
}'
```
#### Create or update user profile
You can set a default JupyterServer version at the user profile level by invoking [CreateUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html) or [UpdateUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateUserProfile.html) and passing the `UserSettings.JupyterServerAppSettings.DefaultResourceSpec.SageMakerImageArn` field.
The following shows how to create a user profile with JupyterLab 3 as the default on an existing domain, using the AWS CLI:
```
aws --region \
sagemaker create-user-profile \
--domain-id \
--user-profile-name \
--query UserProfileArn --output text \
--user-settings '{
"JupyterServerAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "arn:aws:sagemaker:::image/jupyter-server-3",
"InstanceType": "system"
}
}
}'
```
The following shows how to update a user profile to use JupyterLab 3 as the default, using the AWS CLI:
```
aws --region \
sagemaker update-user-profile \
--domain-id \
--user-profile-name \
--user-settings '{
"JupyterServerAppSettings": {
"DefaultResourceSpec": {
"SageMakerImageArn": "arn:aws:sagemaker:::image/jupyter-server-3",
"InstanceType": "system"
}
}
}'
```
## View and update the JupyterLab version of an application from the console
The following shows how to view and update the JupyterLab version of an application.
1. Navigate to the SageMaker AI **domains** page.
1. Select a domain to view its user profiles.
1. Select a user to view their applications.
1. To view the JupyterLab version of an application, select the application's name.
1. To update the JupyterLab version, select **Action**.
1. From the dropdown menu, select **Change JupyterLab version**.
1. From the **Studio Classic settings** page, select the JupyterLab version from the dropdown menu.
1. After the JupyterLab version for the user profile has been successfully updated, restart the JupyterServer application to make the version changes effective. For more information about restarting a JupyterServer application, see [Shut Down and Update Amazon SageMaker Studio Classic](studio-tasks-update-studio.md).
## Installing JupyterLab and Jupyter Server extensions
In JupyterLab 3, you must activate the `studio` conda environment before installing extensions. The method for this differs if you're installing the extensions from within Studio Classic or using a lifecycle configuration script.
### Installing Extension from within Studio Classic
To install extensions from within Studio Classic, you must activate the `studio` environment before you install extensions.
```
# Before installing extensions
conda activate studio
# Install your extensions
pip install
# After installing extensions
conda deactivate
```
### Installing Extensions using a lifecycle configuration script
If you're installing JupyterLab and Jupyter Server extensions in your lifecycle configuration script, you must modify your script so that it works with JupyterLab 3. The following sections show the code needed for existing and new lifecycle configuration scripts.
#### Existing lifecycle configuration script
If you're reusing an existing lifecycle configuration script that must work with both versions of JupyterLab, use the following code in your script:
```
# Before installing extension
export AWS_SAGEMAKER_JUPYTERSERVER_IMAGE="${AWS_SAGEMAKER_JUPYTERSERVER_IMAGE:-'jupyter-server'}"
if [ "$AWS_SAGEMAKER_JUPYTERSERVER_IMAGE" = "jupyter-server-3" ] ; then
eval "$(conda shell.bash hook)"
conda activate studio
fi;
# Install your extensions
pip install
# After installing extension
if [ "$AWS_SAGEMAKER_JUPYTERSERVER_IMAGE" = "jupyter-server-3" ]; then
conda deactivate
fi;
```
#### New lifecycle configuration script
If you're writing a new lifecycle configuration script that only uses JupyterLab 3, you can use the following code in your script:
```
# Before installing extension
eval "$(conda shell.bash hook)"
conda activate studio
# Install your extensions
pip install
conda deactivate
```
# Use the Amazon SageMaker Studio Classic Launcher
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You can use the Amazon SageMaker Studio Classic Launcher to create notebooks and text files, and to launch terminals and interactive Python shells.
You can open Studio Classic Launcher in any of the following ways:
+ Choose **Amazon SageMaker Studio Classic** at the top left of the Studio Classic interface.
+ Use the keyboard shortcut `Ctrl + Shift + L`.
+ From the Studio Classic menu, choose **File** and then choose **New Launcher**.
+ If the SageMaker AI file browser is open, choose the plus (**\$1**) sign in the Studio Classic file browser menu.
+ In the **Quick actions** section of the **Home** tab, choose **Open Launcher**. The Launcher opens in a new tab. The **Quick actions** section is visible by default but can be toggled off. Choose **Customize Layout** to turn this section back on.
![\[SageMaker Studio Classic launcher.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-new-launcher.png)
The Launcher consists of the following two sections:
**Topics**
+ [
## Notebooks and compute resources
](#studio-launcher-launch)
+ [
## Utilities and files
](#studio-launcher-other)
## Notebooks and compute resources
In this section, you can create a notebook, open an image terminal, or open a Python console.
To create or launch one of those items:
1. Choose **Change environment** to select a SageMaker image, a kernel, an instance type, and, optionally, add a lifecycle configuration script that runs on image start-up. For more information on lifecycle configuration scripts, see [Use Lifecycle Configurations to Customize Amazon SageMaker Studio Classic](studio-lcc.md). For more information about kernel updates, see [Change the Image or a Kernel for an Amazon SageMaker Studio Classic Notebook](notebooks-run-and-manage-change-image.md).
1. Select an item.
**Note**
When you choose an item from this section, you might incur additional usage charges. For more information, see [Usage Metering for Amazon SageMaker Studio Classic Notebooks](notebooks-usage-metering.md).
The following items are available:
+ **Notebook**
Launches the notebook in a kernel session on the chosen SageMaker image.
Creates the notebook in the folder that you have currently selected in the file browser. To view the file browser, in the left sidebar of Studio Classic, choose the **File Browser** icon.
+ **Console**
Launches the shell in a kernel session on the chosen SageMaker image.
Opens the shell in the folder that you have currently selected in the file browser.
+ **Image terminal**
Launches the terminal in a terminal session on the chosen SageMaker image.
Opens the terminal in the root folder for the user (as shown by the **Home** folder in the file browser).
**Note**
By default, CPU instances launch on a `ml.t3.medium` instance, while GPU instances launch on a `ml.g4dn.xlarge` instance.
## Utilities and files
In this section, you can add contextual help in a notebook; create Python, Markdown and text files; and open a system terminal.
**Note**
Items in this section run in the context of Amazon SageMaker Studio Classic and don't incur usage charges.
The following items are available:
+ **Show Contextual Help**
Opens a new tab that displays contextual help for functions in a Studio Classic notebook. To display the help, choose a function in an active notebook. To make it easier to see the help in context, drag the help tab so that it's adjacent to the notebook tab. To open the help tab from within a notebook, press `Ctrl + I`.
The following screenshot shows the contextual help for the `Experiment.create` method.
![\[SageMaker Studio Classic contextual help.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-context-help.png)
+ **System terminal**
Opens a `bash` shell in the root folder for the user (as shown by the **Home** folder in the file browser).
+ **Text File** and **Markdown File**
Creates a file of the associated type in the folder that you have currently selected in the file browser. To view the file browser, in the left sidebar, choose the **File Browser** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)).
# Use Amazon SageMaker Studio Classic Notebooks
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic notebooks are collaborative notebooks that you can launch quickly because you don't need to set up compute instances and file storage beforehand. Studio Classic notebooks provide persistent storage, which enables you to view and share notebooks even if the instances that the notebooks run on are shut down.
You can share your notebooks with others, so that they can easily reproduce your results and collaborate while building models and exploring your data. You provide access to a read-only copy of the notebook through a secure URL. Dependencies for your notebook are included in the notebook's metadata. When your colleagues copy the notebook, it opens in the same environment as the original notebook.
A Studio Classic notebook runs in an environment defined by the following:
+ Amazon EC2 instance type – The hardware configuration the notebook runs on. The configuration includes the number and type of processors (vCPU and GPU), and the amount and type of memory. The instance type determines the pricing rate.
+ SageMaker image – A container image that is compatible with SageMaker Studio Classic. The image consists of the kernels, language packages, and other files required to run a notebook in Studio Classic. There can be multiple images in an instance. For more information, see [Custom Images in Amazon SageMaker Studio Classic](studio-byoi.md).
+ KernelGateway app – A SageMaker image runs as a KernelGateway app. The app provides access to the kernels in the image. There is a one-to-one correspondence between a SageMaker AI image and a KernelGateway app.
+ Kernel – The process that inspects and runs the code contained in the notebook. A kernel is defined by a *kernel spec* in the image. There can be multiple kernels in an image.
You can change any of these resources from within the notebook.
The following diagram outlines how a notebook kernel runs in relation to the KernelGateway App, User, and domain.
![\[How a notebook kernel runs in relation to the KernelGateway App, User, and domain.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-components.png)
Sample SageMaker Studio Classic notebooks are available in the [aws\$1sagemaker\$1studio](https://github.com/awslabs/amazon-sagemaker-examples/tree/master/aws_sagemaker_studio) folder of the [Amazon SageMaker example GitHub repository](https://github.com/awslabs/amazon-sagemaker-examples). Each notebook comes with the necessary SageMaker image that opens the notebook with the appropriate kernel.
We recommend that you familiarize yourself with the SageMaker Studio Classic interface and the Studio Classic notebook toolbar before creating or using a Studio Classic notebook. For more information, see [Amazon SageMaker Studio Classic UI Overview](studio-ui.md) and [Use the Studio Classic Notebook Toolbar](notebooks-menu.md).
**Topics**
+ [
# How Are Amazon SageMaker Studio Classic Notebooks Different from Notebook Instances?
](notebooks-comparison.md)
+ [
# Get Started with Amazon SageMaker Studio Classic Notebooks
](notebooks-get-started.md)
+ [
# Amazon SageMaker Studio Classic Tour
](gs-studio-end-to-end.md)
+ [
# Create or Open an Amazon SageMaker Studio Classic Notebook
](notebooks-create-open.md)
+ [
# Use the Studio Classic Notebook Toolbar
](notebooks-menu.md)
+ [
# Install External Libraries and Kernels in Amazon SageMaker Studio Classic
](studio-notebooks-add-external.md)
+ [
# Share and Use an Amazon SageMaker Studio Classic Notebook
](notebooks-sharing.md)
+ [
# Get Amazon SageMaker Studio Classic Notebook and App Metadata
](notebooks-run-and-manage-metadata.md)
+ [
# Get Notebook Differences in Amazon SageMaker Studio Classic
](notebooks-diff.md)
+ [
# Manage Resources for Amazon SageMaker Studio Classic Notebooks
](notebooks-run-and-manage.md)
+ [
# Usage Metering for Amazon SageMaker Studio Classic Notebooks
](notebooks-usage-metering.md)
+ [
# Available Resources for Amazon SageMaker Studio Classic Notebooks
](notebooks-resources.md)
# How Are Amazon SageMaker Studio Classic Notebooks Different from Notebook Instances?
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
When you're starting a new notebook, we recommend that you create the notebook in Amazon SageMaker Studio Classic instead of launching a notebook instance from the Amazon SageMaker AI console. There are many benefits to using a Studio Classic notebook, including the following:
+ **Faster: **Starting a Studio Classic notebook is faster than launching an instance-based notebook. Typically, it is 5-10 times faster than instance-based notebooks.
+ **Easy notebook sharing: **Notebook sharing is an integrated feature in Studio Classic. Users can generate a shareable link that reproduces the notebook code and also the SageMaker image required to execute it, in just a few clicks.
+ **Latest Python SDK: **Studio Classic notebooks come pre-installed with the latest [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable).
+ **Access all Studio Classic features: **Studio Classic notebooks are accessed from within Studio Classic. This enables you to build, train, debug, track, and monitor your models without leaving Studio Classic.
+ **Persistent user directories:** Each member of a Studio team gets their own home directory to store their notebooks and other files. The directory is automatically mounted onto all instances and kernels as they're started, so their notebooks and other files are always available. The home directories are stored in Amazon Elastic File System (Amazon EFS) so that you can access them from other services.
+ **Direct access:** When using IAM Identity Center, you use your IAM Identity Center credentials through a unique URL to directly access Studio Classic. You don't have to interact with the AWS Management Console to run your notebooks.
+ **Optimized images:** Studio Classic notebooks are equipped with a set of predefined SageMaker image settings to get you started faster.
**Note**
Studio Classic notebooks don't support *local mode*. However, you can use a notebook instance to train a sample of your dataset locally, and then use the same code in a Studio Classic notebook to train on the full dataset.
When you open a notebook in SageMaker Studio Classic, the view is an extension of the JupyterLab interface. The primary features are the same, so you'll find the typical features of a Jupyter notebook and JupyterLab. For more information about the Studio Classic interface, see [Amazon SageMaker Studio Classic UI Overview](studio-ui.md).
# Get Started with Amazon SageMaker Studio Classic Notebooks
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
To get started, you or your organization's administrator need to complete the SageMaker AI domain onboarding process. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
You can access a Studio Classic notebook in any of the following ways:
+ You receive an email invitation to access Studio Classic through your organization's IAM Identity Center, which includes a direct link to login to Studio Classic without having to use the Amazon SageMaker AI console. You can proceed to the [Next Steps](#notebooks-get-started-next-steps).
+ You receive a link to a shared Studio Classic notebook, which includes a direct link to log in to Studio Classic without having to use the SageMaker AI console. You can proceed to the [Next Steps](#notebooks-get-started-next-steps).
+ You onboard to a domain and then log in to the SageMaker AI console. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
## Launch Amazon SageMaker AI
Complete the steps in [Launch Amazon SageMaker Studio Classic](studio-launch.md) to launch Studio Classic.
## Next Steps
Now that you're in Studio Classic, you can try any of the following options:
+ To create a Studio Classic notebook or explore Studio Classic end-to-end tutorial notebooks – See [Amazon SageMaker Studio Classic Tour](gs-studio-end-to-end.md) in the next section.
+ To familiarize yourself with the Studio Classic interface – See [Amazon SageMaker Studio Classic UI Overview](studio-ui.md) or try the **Getting started notebook** by selecting **Open the Getting started notebook** in the **Quick actions** section of the Studio Classic Home page.
# Amazon SageMaker Studio Classic Tour
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
For a walkthrough that takes you on a tour of the main features of Amazon SageMaker Studio Classic, see the [xgboost\$1customer\$1churn\$1studio.ipynb](https://sagemaker-examples.readthedocs.io/en/latest/aws_sagemaker_studio/getting_started/xgboost_customer_churn_studio.html) sample notebook from the [aws/amazon-sagemaker-examples](https://github.com/aws/amazon-sagemaker-examples) GitHub repository. The code in the notebook trains multiple models and sets up the SageMaker Debugger and SageMaker Model Monitor. The walkthrough shows you how to view the trials, compare the resulting models, show the debugger results, and deploy the best model using the Studio Classic UI. You don't need to understand the code to follow this walkthrough.
**Prerequisites**
To run the notebook for this tour, you need:
+ An IAM account to sign in to Studio. For information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
+ Basic familiarity with the Studio user interface and Jupyter notebooks. For information, see [Amazon SageMaker Studio Classic UI Overview](studio-ui.md).
+ A copy of the [aws/amazon-sagemaker-examples](https://github.com/aws/amazon-sagemaker-examples) repository in your Studio environment.
**To clone the repository**
1. Launch Studio Classic following the steps in [Launch Amazon SageMaker Studio Classic](studio-launch.md) For users in IAM Identity Center, sign in using the URL from your invitation email.
1. On the top menu, choose **File**, then **New**, then **Terminal**.
1. At the command prompt, run the following command to clone the [aws/amazon-sagemaker-examples](https://github.com/aws/amazon-sagemaker-examples) GitHub repository.
```
$ git clone https://github.com/aws/amazon-sagemaker-examples.git
```
**To navigate to the sample notebook**
1. From the **File Browser** on the left menu, select **amazon-sagemaker-examples**.
1. Navigate to the example notebook with the following path.
`~/amazon-sagemaker-examples/aws_sagemaker_studio/getting_started/xgboost_customer_churn_studio.ipynb`
1. Follow the notebook to learn about Studio Classic's main features.
**Note**
If you encounter an error when you run the sample notebook, and some time has passed from when you cloned the repository, review the notebook on the remote repository for updates.
# Create or Open an Amazon SageMaker Studio Classic Notebook
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
When you [Create a Notebook from the File Menu](#notebooks-create-file-menu) in Amazon SageMaker Studio Classic or [Open a notebook in Studio Classic](#notebooks-open) for the first time, you are prompted to set up your environment by choosing a SageMaker image, a kernel, an instance type, and, optionally, a lifecycle configuration script that runs on image start-up. SageMaker AI launches the notebook on an instance of the chosen type. By default, the instance type is set to `ml.t3.medium` (available as part of the [AWS Free Tier](https://aws.amazon.com/free)) for CPU-based images. For GPU-based images, the default instance type is `ml.g4dn.xlarge`.
If you create or open additional notebooks that use the same instance type, whether or not the notebooks use the same kernel, the notebooks run on the same instance of that instance type.
After you launch a notebook, you can change its instance type, SageMaker image, and kernel from within the notebook. For more information, see [Change the Instance Type for an Amazon SageMaker Studio Classic Notebook](notebooks-run-and-manage-switch-instance-type.md) and [Change the Image or a Kernel for an Amazon SageMaker Studio Classic Notebook](notebooks-run-and-manage-change-image.md).
**Note**
You can have only one instance of each instance type. Each instance can have multiple SageMaker images running on it. Each SageMaker image can run multiple kernels or terminal instances.
Billing occurs per instance and starts when the first instance of a given instance type is launched. If you want to create or open a notebook without the risk of incurring charges, open the notebook from the **File** menu and choose **No Kernel** from the **Select Kernel** dialog box. You can read and edit a notebook without a running kernel but you can't run cells.
Billing ends when the SageMaker image for the instance is shut down. For more information, see [Usage Metering for Amazon SageMaker Studio Classic Notebooks](notebooks-usage-metering.md).
For information about shutting down the notebook, see [Shut down resources](notebooks-run-and-manage-shut-down.md#notebooks-run-and-manage-shut-down-sessions).
**Topics**
+ [
## Open a notebook in Studio Classic
](#notebooks-open)
+ [
## Create a Notebook from the File Menu
](#notebooks-create-file-menu)
+ [
## Create a Notebook from the Launcher
](#notebooks-create-launcher)
+ [
## List of the available instance types, images, and kernels
](#notebooks-instance-image-kernels)
## Open a notebook in Studio Classic
Amazon SageMaker Studio Classic can only open notebooks listed in the Studio Classic file browser. For instructions on uploading a notebook to the file browser, see [Upload Files to Amazon SageMaker Studio Classic](studio-tasks-files.md) or [Clone a Git Repository in Amazon SageMaker Studio Classic](studio-tasks-git.md).
**To open a notebook**
1. In the left sidebar, choose the **File Browser** icon ( ![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)) to display the file browser.
1. Browse to a notebook file and double-click it to open the notebook in a new tab.
## Create a Notebook from the File Menu
**To create a notebook from the File menu**
1. From the Studio Classic menu, choose **File**, choose **New**, and then choose **Notebook**.
1. In the **Change environment** dialog box, use the dropdown menus to select your **Image**, **Kernel**, **Instance type**, and **Start-up script**, then choose **Select**. Your notebook launches and opens in a new Studio Classic tab.
![\[Studio Classic notebook environment setup.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-notebook-environment-setup.png)
## Create a Notebook from the Launcher
**To create a notebook from the Launcher**
1. To open the Launcher, choose **Amazon SageMaker Studio Classic** at the top left of the Studio Classic interface or use the keyboard shortcut `Ctrl + Shift + L`.
To learn about all the available ways to open the Launcher, see [Use the Amazon SageMaker Studio Classic Launcher](studio-launcher.md)
1. In the Launcher, in the **Notebooks and compute resources** section, choose **Change environment**.
![\[SageMaker Studio Classic set notebook environment.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-launcher-notebook-creation.png)
1. In the **Change environment** dialog box, use the dropdown menus to select your **Image**, **Kernel**, **Instance type**, and **Start-up script**, then choose **Select**.
1. In the Launcher, choose **Create notebook**. Your notebook launches and opens in a new Studio Classic tab.
To view the notebook's kernel session, in the left sidebar, choose the **Running Terminals and Kernels** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/running-terminals-kernels.png)). You can stop the notebook's kernel session from this view.
## List of the available instance types, images, and kernels
For a list of all available resources, see:
+ [Instance Types Available for Use With Amazon SageMaker Studio Classic Notebooks](notebooks-available-instance-types.md)
+ [Amazon SageMaker Images Available for Use With Studio Classic Notebooks](notebooks-available-images.md)
# Use the Studio Classic Notebook Toolbar
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic notebooks extend the JupyterLab interface. For an overview of the original JupyterLab interface, see [The JupyterLab Interface](https://jupyterlab.readthedocs.io/en/latest/user/interface.html).
The following image shows the toolbar and an empty cell from a Studio Classic notebook.
![\[SageMaker Studio Classic notebook menu.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-notebook-menu.png)
When you pause on a toolbar icon, a tooltip displays the icon function. Additional notebook commands are found in the Studio Classic main menu. The toolbar includes the following icons:
| Icon | Description |
| --- | --- |
| ![\[The Save and checkpoint icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-save-and-checkpoint.png) | **Save and checkpoint** Saves the notebook and updates the checkpoint file. For more information, see [Get the Difference Between the Last Checkpoint](notebooks-diff.md#notebooks-diff-checkpoint). |
| ![\[The Insert cell icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-insert-cell.png) | **Insert cell** Inserts a code cell below the current cell. The current cell is noted by the blue vertical marker in the left margin. |
| ![\[The Cut, copy, and paste cells icons.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-cut-copy-paste.png) | **Cut, copy, and paste cells** Cuts, copies, and pastes the selected cells. |
| ![\[The Run cells icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-run.png) | **Run cells** Runs the selected cells and then makes the cell that follows the last selected cell the new selected cell. |
| ![\[The Interrupt kernel icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-interrupt-kernel.png) | **Interrupt kernel** Interrupts the kernel, which cancels the currently running operation. The kernel remains active. |
| ![\[The Restart kernel icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-restart-kernel.png) | **Restart kernel** Restarts the kernel. Variables are reset. Unsaved information is not affected. |
| ![\[The Restart kernel and run all cells icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-restart-kernel-run-all-cells.png) | **Restart kernel and run all cells** Restarts the kernel, then run all the cells of the notebook. |
| ![\[The Cell type icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-cell-type.png) | **Cell type** Displays or changes the current cell type. The cell types are: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-menu.html) |
| ![\[The Launch terminal icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-launch-terminal.png) | **Launch terminal** Launches a terminal in the SageMaker image hosting the notebook. For an example, see [Get App Metadata](notebooks-run-and-manage-metadata.md#notebooks-run-and-manage-metadata-app). |
| ![\[The Checkpoint diff icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-checkpoint-diff.png) | **Checkpoint diff** Opens a new tab that displays the difference between the notebook and the checkpoint file. For more information, see [Get the Difference Between the Last Checkpoint](notebooks-diff.md#notebooks-diff-checkpoint). |
| ![\[The Git diff icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-git-diff.png) | **Git diff** Only enabled if the notebook is opened from a Git repository. Opens a new tab that displays the difference between the notebook and the last Git commit. For more information, see [Get the Difference Between the Last Commit](notebooks-diff.md#notebooks-diff-git). |
| **2 vCPU \$1 4 GiB** | **Instance type** Displays or changes the instance type the notebook runs in. The format is as follows: `number of vCPUs + amount of memory + number of GPUs` `Unknown` indicates the notebook was opened without specifying a kernel. The notebook runs on the SageMaker Studio instance and doesn't accrue runtime charges. You can't assign the notebook to an instance type. You must specify a kernel and then Studio assigns the notebook to a default type. For more information, see [Create or Open an Amazon SageMaker Studio Classic Notebook](notebooks-create-open.md) and [Change the Instance Type for an Amazon SageMaker Studio Classic Notebook](notebooks-run-and-manage-switch-instance-type.md). |
| ![\[The Cluster icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-cluster.png) | **Cluster** Connect your notebook to an Amazon EMR cluster and scale your ETL jobs or run large-scale model training using Apache Spark, Hive, or Presto. For more information, see [Data preparation using Amazon EMR](studio-notebooks-emr-cluster.md). |
| **Python 3 (Data Science)** | **Kernel and SageMaker Image** Displays or changes the kernel that processes the cells in the notebook. The format is as follows: `Kernel (SageMaker Image)` `No Kernel` indicates the notebook was opened without specifying a kernel. You can edit the notebook but you can't run any cells. For more information, see [Change the Image or a Kernel for an Amazon SageMaker Studio Classic Notebook](notebooks-run-and-manage-change-image.md). |
| ![\[The Kernel busy status icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-kernel-status.png) | **Kernel busy status** Displays the busy status of the kernel. When the edge of the circle and its interior are the same color, the kernel is busy. The kernel is busy when it is starting and when it is processing cells. Additional kernel states are displayed in the status bar at the bottom-left corner of SageMaker Studio. |
| ![\[The Share notebook icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-share.png) | **Share notebook** Shares the notebook. For more information, see [Share and Use an Amazon SageMaker Studio Classic Notebook](notebooks-sharing.md). |
To select multiple cells, click in the left margin outside of a cell. Hold down the `Shift` key and use `K` or the `Up` key to select previous cells, or use `J` or the `Down` key to select following cells.
# Install External Libraries and Kernels in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic notebooks come with multiple images already installed. These images contain kernels and Python packages including scikit-learn, Pandas, NumPy, TensorFlow, PyTorch, and MXNet. You can also install your own images that contain your choice of packages and kernels. For more information on installing your own image, see [Custom Images in Amazon SageMaker Studio Classic](studio-byoi.md).
The different Jupyter kernels in Amazon SageMaker Studio Classic notebooks are separate conda environments. For information about conda environments, see [Managing environments](https://conda.io/docs/user-guide/tasks/manage-environments.html).
## Package installation tools
**Important**
Currently, all packages in Amazon SageMaker notebooks are licensed for use with Amazon SageMaker AI and do not require additional commercial licenses. However, this might be subject to change in the future, and we recommend reviewing the licensing terms regularly for any updates.
The method that you use to install Python packages from the terminal differs depending on the image. Studio Classic supports the following package installation tools:
+ **Notebooks** – The following commands are supported. If one of the following does not work on your image, try the other one.
+ `%conda install`
+ `%pip install`
+ **The Jupyter terminal** – You can install packages using pip and conda directly. You can also use `apt-get install` to install system packages from the terminal.
**Note**
We do not recommend using `pip install -u` or `pip install --user`, because those commands install packages on the user's Amazon EFS volume and can potentially block JupyterServer app restarts. Instead, use a lifecycle configuration to reinstall the required packages on app restarts as shown in [Install packages using lifecycle configurations](#nbi-add-external-lcc).
We recommend using `%pip` and `%conda` to install packages from within a notebook because they correctly take into account the active environment or interpreter being used. For more information, see [Add %pip and %conda magic functions](https://github.com/ipython/ipython/pull/11524). You can also use the system command syntax (lines starting with \$1) to install packages. For example, `!pip install` and `!conda install`.
### Conda
Conda is an open source package management system and environment management system that can install packages and their dependencies. SageMaker AI supports using conda with the conda-forge channel. For more information, see [Conda channels](https://docs.conda.io/projects/conda/en/latest/user-guide/concepts/channels.html). The conda-forge channel is a community channel where contributors can upload packages.
**Note**
Installing packages from conda-forge can take up to 10 minutes. Timing relates to how conda resolves the dependency graph.
All of the SageMaker AI provided environments are functional. User installed packages may not function correctly.
Conda has two methods for activating environments: `conda activate`, and `source activate`. For more information, see [Managing environment](https://docs.conda.io/projects/conda/en/latest/user-guide/tasks/manage-environments.html).
**Supported conda operations**
+ `conda install` of a package in a single environment
+ `conda install` of a package in all environments
+ Installing a package from the main conda repository
+ Installing a package from conda-forge
+ Changing the conda install location to use Amazon EBS
+ Supporting both `conda activate` and `source activate`
### Pip
Pip is the tool for installing and managing Python packages. Pip searches for packages on the Python Package Index (PyPI) by default. Unlike conda, pip doesn't have built in environment support. Therfore, pip isn't as thorough as conda when it comes to packages with native or system library dependencies. Pip can be used to install packages in conda environments. You can use alternative package repositories with pip instead of the PyPI.
**Supported pip operations**
+ Using pip to install a package without an active conda environment
+ Using pip to install a package in a conda environment
+ Using pip to install a package in all conda environments
+ Changing the pip install location to use Amazon EBS
+ Using an alternative repository to install packages with pip
### Unsupported
SageMaker AI aims to support as many package installation operations as possible. However, if the packages were installed by SageMaker AI and you use the following operations on these packages, it might make your environment unstable:
+ Uninstalling
+ Downgrading
+ Upgrading
Due to potential issues with network conditions or configurations, or the availability of conda or PyPi, packages may not install in a fixed or deterministic amount of time.
**Note**
Attempting to install a package in an environment with incompatible dependencies can result in a failure. If issues occur, you can contact the library maintainer about updating the package dependencies. When you modify the environment, such as removing or updating existing packages, this may result in instability of that environment.
## Install packages using lifecycle configurations
Install custom images and kernels on the Studio Classic instance's Amazon EBS volume so that they persist when you stop and restart the notebook, and that any external libraries you install are not updated by SageMaker AI. To do that, use a lifecycle configuration that includes both a script that runs when you create the notebook (`on-create)` and a script that runs each time you restart the notebook (`on-start`). For more information about using lifecycle configurations with Studio Classic, see [Use Lifecycle Configurations to Customize Amazon SageMaker Studio Classic](studio-lcc.md). For sample lifecycle configuration scripts, see [SageMaker AI Studio Classic Lifecycle Configuration Samples](https://github.com/aws-samples/sagemaker-studio-lifecycle-config-examples).
# Share and Use an Amazon SageMaker Studio Classic Notebook
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You can share your Amazon SageMaker Studio Classic notebooks with your colleagues. The shared notebook is a copy. After you share your notebook, any changes you make to your original notebook aren't reflected in the shared notebook and any changes your colleague's make in their shared copies of the notebook aren't reflected in your original notebook. If you want to share your latest version, you must create a new snapshot and then share it.
**Topics**
+ [
## Share a Notebook
](#notebooks-sharing-share)
+ [
## Use a Shared Notebook
](#notebooks-sharing-using)
+ [
## Shared spaces and realtime collaboration
](#notebooks-sharing-rtc)
## Share a Notebook
The following screenshot shows the menu from a Studio Classic notebook.
![\[The location of the Share icon in a Studio Classic notebook.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-notebook-menu-share.png)
**To share a notebook**
1. In the upper-right corner of the notebook, choose **Share**.
1. (Optional) In **Create shareable snapshot**, choose any of the following items:
+ **Include Git repo information** – Includes a link to the Git repository that contains the notebook. This enables you and your colleague to collaborate and contribute to the same Git repository.
+ **Include output** – Includes all notebook output that has been saved.
**Note**
If you're an user in IAM Identity Center and you don't see these options, your IAM Identity Center administrator probably disabled the feature. Contact your administrator.
1. Choose **Create**.
1. After the snapshot is created, choose **Copy link** and then choose **Close**.
1. Share the link with your colleague.
After selecting your sharing options, you are provided with a URL. You can share this link with users that have access to Amazon SageMaker Studio Classic. When the user opens the URL, they're prompted to log in using IAM Identity Center or IAM authentication. This shared notebook becomes a copy, so changes made by the recipient will not be reproduced in your original notebook.
## Use a Shared Notebook
You use a shared notebook in the same way you would with a notebook that you created yourself. You must first login to your account, then open the shared link. If you don't have an active session, you receive an error.
When you choose a link to a shared notebook for the first time, a read-only version of the notebook opens. To edit the shared notebook, choose **Create a Copy**. This copies the shared notebook to your personal storage.
The copied notebook launches on an instance of the instance type and SageMaker image that the notebook was using when the sender shared it. If you aren't currently running an instance of the instance type, a new instance is started. Customization to the SageMaker image isn't shared. You can also inspect the notebook snapshot by choosing **Snapshot Details**.
The following are some important considerations about sharing and authentication:
+ If you have an active session, you see a read-only view of the notebook until you choose **Create a Copy**.
+ If you don't have an active session, you need to log in.
+ If you use IAM to login, after you login, select your user profile then choose **Open Studio Classic**. Then you need to choose the link you were sent.
+ If you use IAM Identity Center to login, after you login the shared notebook is opened automatically in Studio.
## Shared spaces and realtime collaboration
A shared space consists of a shared JupyterServer application and a shared directory. A key benefit of a shared space is that it facilitates collaboration between members of the shared space in real time. Users collaborating in a workspace get access to a shared Studio Classic application where they can access, read, and edit their notebooks in real time. Real time collaboration is only supported for JupyterServer applications within a shared space. Users with access to a shared space can simultaneously open, view, edit, and execute Jupyter notebooks in the shared Studio Classic application in that space. For more information about shared spaced and real time collaboration, see [Collaboration with shared spaces](domain-space.md).
# Get Amazon SageMaker Studio Classic Notebook and App Metadata
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You can access notebook metadata and App metadata using the Amazon SageMaker Studio Classic UI.
**Topics**
+ [
## Get Studio Classic Notebook Metadata
](#notebooks-run-and-manage-metadata-notebook)
+ [
## Get App Metadata
](#notebooks-run-and-manage-metadata-app)
## Get Studio Classic Notebook Metadata
Jupyter notebooks contain optional metadata that you can access through the Amazon SageMaker Studio Classic UI.
**To view the notebook metadata:**
1. In the right sidebar, choose the **Property Inspector** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/gears.png)).
1. Open the **Advanced Tools** section.
The metadata should look similar to the following.
```
{
"instance_type": "ml.t3.medium",
"kernelspec": {
"display_name": "Python 3 (Data Science)",
"language": "python",
"name": "python3__SAGEMAKER_INTERNAL__arn:aws:sagemaker:us-west-2::image/datascience-1.0"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.7.10"
}
}
```
## Get App Metadata
When you create a notebook in Amazon SageMaker Studio Classic, the App metadata is written to a file named `resource-metadata.json` in the folder `/opt/ml/metadata/`. You can get the App metadata by opening an Image terminal from within the notebook. The metadata gives you the following information, which includes the SageMaker image and instance type the notebook runs in:
+ **AppType** – `KernelGateway`
+ **DomainId** – Same as the Studio ClassicID
+ **UserProfileName** – The profile name of the current user
+ **ResourceArn** – The Amazon Resource Name (ARN) of the App, which includes the instance type
+ **ResourceName** – The name of the SageMaker image
Additional metadata might be included for internal use by Studio Classic and is subject to change.
**To get the App metadata**
1. In the center of the notebook menu, choose the **Launch Terminal** icon (![\[Dollar sign icon representing currency or financial transactions.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-launch-terminal.png)). This opens a terminal in the SageMaker image that the notebook runs in.
1. Run the following commands to display the contents of the `resource-metadata.json` file.
```
$ cd /opt/ml/metadata/
cat resource-metadata.json
```
The file should look similar to the following.
```
{
"AppType": "KernelGateway",
"DomainId": "d-xxxxxxxxxxxx",
"UserProfileName": "profile-name",
"ResourceArn": "arn:aws:sagemaker:us-east-2:account-id:app/d-xxxxxxxxxxxx/profile-name/KernelGateway/datascience--1-0-ml-t3-medium",
"ResourceName": "datascience--1-0-ml",
"AppImageVersion":""
}
```
# Get Notebook Differences in Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You can display the difference between the current notebook and the last checkpoint or the last Git commit using the Amazon SageMaker AI UI.
The following screenshot shows the menu from a Studio Classic notebook.
![\[The location of the relevant menu in a Studio Classic notebook.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-notebook-menu-diffs.png)
**Topics**
+ [
## Get the Difference Between the Last Checkpoint
](#notebooks-diff-checkpoint)
+ [
## Get the Difference Between the Last Commit
](#notebooks-diff-git)
## Get the Difference Between the Last Checkpoint
When you create a notebook, a hidden checkpoint file that matches the notebook is created. You can view changes between the notebook and the checkpoint file or revert the notebook to match the checkpoint file.
By default, a notebook is auto-saved every 120 seconds and also when you close the notebook. However, the checkpoint file isn't updated to match the notebook. To save the notebook and update the checkpoint file to match, you must choose the **Save notebook and create checkpoint** icon ( ![\[Padlock icon representing security or access control in cloud services.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-save-and-checkpoint.png)) on the left of the notebook menu or use the `Ctrl + S` keyboard shortcut.
To view the changes between the notebook and the checkpoint file, choose the **Checkpoint diff** icon (![\[Clock icon representing time or duration in a user interface.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-checkpoint-diff.png)) in the center of the notebook menu.
To revert the notebook to the checkpoint file, from the main Studio Classic menu, choose **File** then **Revert Notebook to Checkpoint**.
## Get the Difference Between the Last Commit
If a notebook is opened from a Git repository, you can view the difference between the notebook and the last Git commit.
To view the changes in the notebook from the last Git commit, choose the **Git diff** icon (![\[Dark button with white text displaying "git" in lowercase letters.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/notebook-git-diff.png)) in the center of the notebook menu.
# Manage Resources for Amazon SageMaker Studio Classic Notebooks
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You can change the instance type, and SageMaker image and kernel from within an Amazon SageMaker Studio Classic notebook. To create a custom kernel to use with your notebooks, see [Custom Images in Amazon SageMaker Studio Classic](studio-byoi.md).
**Topics**
+ [
# Change the Instance Type for an Amazon SageMaker Studio Classic Notebook
](notebooks-run-and-manage-switch-instance-type.md)
+ [
# Change the Image or a Kernel for an Amazon SageMaker Studio Classic Notebook
](notebooks-run-and-manage-change-image.md)
+ [
# Shut Down Resources from Amazon SageMaker Studio Classic
](notebooks-run-and-manage-shut-down.md)
# Change the Instance Type for an Amazon SageMaker Studio Classic Notebook
When you open a new Studio Classic notebook for the first time, you are assigned a default Amazon Elastic Compute Cloud (Amazon EC2) instance type to run the notebook. When you open additional notebooks on the same instance type, the notebooks run on the same instance as the first notebook, even if the notebooks use different kernels.
You can change the instance type that your Studio Classic notebook runs on from within the notebook.
The following information only applies to Studio Classic notebooks. For information about how to change the instance type of a Amazon SageMaker notebook instance, see [Update a Notebook Instance](nbi-update.md).
**Important**
If you change the instance type, unsaved information and existing settings for the notebook are lost, and installed packages must be re-installed.
The previous instance type continues to run even if no kernel sessions or apps are active. You must explicitly stop the instance to stop accruing charges. To stop the instance, see [Shut down resources](notebooks-run-and-manage-shut-down.md#notebooks-run-and-manage-shut-down-sessions).
The following screenshot shows the menu from a Studio Classic notebook. The processor and memory of the instance type powering the notebook are displayed as **2 vCPU \$1 4 GiB**.
![\[The location of the processor and memory of the instance type for the Studio Classic notebook.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-notebook-menu-instance.png)
**To change the instance type**
1. Choose the processor and memory of the instance type powering the notebook. This opens a pop up window.
1. From the **Set up notebook environment** pop up window, select the **Instance type** dropdown menu.
1. From the **Instance type** dropdown, choose one of the instance types that are listed.
1. After choosing a type, choose **Select**.
1. Wait for the new instance to become enabled, and then the new instance type information is displayed.
For a list of the available instance types, see [Instance Types Available for Use With Amazon SageMaker Studio Classic Notebooks](notebooks-available-instance-types.md).
# Change the Image or a Kernel for an Amazon SageMaker Studio Classic Notebook
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
With Amazon SageMaker Studio Classic notebooks, you can change the notebook's image or kernel from within the notebook.
The following screenshot shows the menu from a Studio Classic notebook. The current SageMaker AI kernel and image are displayed as **Python 3 (Data Science)**, where `Python 3` denotes the kernel and `Data Science` denotes the SageMaker AI image that contains the kernel. The color of the circle to the right indicates the kernel is idle or busy. The kernel is busy when the center and the edge of the circle are the same color.
![\[The location of the current kernel and image in the menu bar from a Studio Classic notebook.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-notebook-menu-kernel.png)
**To change a notebook's image or kernel**
1. Choose the image/kernel name in the notebook menu.
1. From the **Set up notebook environment** pop up window, select the **Image** or **Kernel** dropdown menu.
1. From the dropdown menu, choose one of the images or kernels that are listed.
1. After choosing an image or kernel, choose **Select**.
1. Wait for the kernel's status to show as idle, which indicates the kernel has started.
For a list of available SageMaker images and kernels, see [Amazon SageMaker Images Available for Use With Studio Classic Notebooks](notebooks-available-images.md).
# Shut Down Resources from Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You can shut down individual Amazon SageMaker AI resources, including notebooks, terminals, kernels, apps, and instances from Studio Classic. You can also shut down all of the resources in one of these categories at the same time. Amazon SageMaker Studio Classic does not support shutting down resources from within a notebook.
**Note**
When you shut down a Studio Classic notebook instance, additional resources that you created in Studio Classic are not deleted. For example, additional resources can include SageMaker AI endpoints, Amazon EMR clusters, and Amazon S3 buckets. To stop the accrual of charges, you must manually delete these resources. For information about finding resources that are accruing charges, see [Analyzing your costs with AWS Cost Explorer](https://docs.aws.amazon.com/cost-management/latest/userguide/ce-what-is.html).
The following topics demonstrate how to delete these SageMaker AI resources.
**Topics**
+ [
## Shut down an open notebook
](#notebooks-run-and-manage-shut-down-notebook)
+ [
## Shut down resources
](#notebooks-run-and-manage-shut-down-sessions)
## Shut down an open notebook
When you shut down a Studio Classic notebook, the notebook is not deleted. The kernel that the notebook is running on is shut down and any unsaved information in the notebook is lost. You can shut down an open notebook from the Studio Classic **File** menu or from the Running Terminal and Kernels pane. The following procedure shows how to shut down an open notebook from the Studio Classic **File** menu.
**To shut down an open notebook from the File menu**
1. Launch Studio Classic by following the steps in [Launch Amazon SageMaker Studio Classic](studio-launch.md).
1. (Optional) Save the notebook contents by choosing **File**, then **Save Notebook**.
1. Choose **File**.
1. Choose **Close and Shutdown Notebook**. This opens a pop-up window.
1. From the pop-up window, choose **OK**.
## Shut down resources
You can reach the **Running Terminals and Kernels** pane of Amazon SageMaker Studio Classic by selecting the **Running Terminals and Kernels** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/running-terminals-kernels.png)). The **Running Terminals and Kernels** pane consists of four sections. Each section lists all the resources of that type. You can shut down each resource individually or shut down all the resources in a section at the same time.
When you choose to shut down all resources in a section, the following occurs:
+ **RUNNING INSTANCES/RUNNING APPS** – All instances, apps, notebooks, kernel sessions, consoles/shells, and image terminals are shut down. System terminals aren't shut down.
+ **KERNEL SESSIONS** – All kernels, notebooks and consoles/shells are shut down.
+ **TERMINAL SESSIONS** – All image terminals and system terminals are shut down.
**To shut down resources**
1. Launch Studio Classic by following the steps in [Launch Amazon SageMaker Studio Classic](studio-launch.md).
1. Choose the **Running Terminals and Kernels** icon.
1. Do either of the following:
+ To shut down a specific resource, choose the **Shut Down** icon on the same row as the resource.
For running instances, a confirmation dialog box lists all of the resources that SageMaker AI will shut down. A confirmation dialog box displays all running apps. To proceed, choose **Shut down all**.
**Note**
A confirmation dialog box isn't displayed for kernel sessions or terminal sessions.
+ To shut down all resources in a section, choose the **X** to the right of the section label. A confirmation dialog box is displayed. Choose **Shut down all** to proceed.
**Note**
When you shut down these Studio Classic resources, any additional resources created from Studio Classic, such as SageMaker AI endpoints, Amazon EMR clusters, and Amazon S3 buckets are not deleted. You must manually delete these resources to stop the accrual of charges. For information about finding resources that are accruing charges, see [Analyzing your costs with AWS Cost Explorer](https://docs.aws.amazon.com/cost-management/latest/userguide/ce-what-is.html).
# Usage Metering for Amazon SageMaker Studio Classic Notebooks
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
There is no additional charge for using Amazon SageMaker Studio Classic. The costs incurred for running Amazon SageMaker Studio Classic notebooks, interactive shells, consoles, and terminals are based on Amazon Elastic Compute Cloud (Amazon EC2) instance usage.
When you run the following resources, you must choose a SageMaker image and kernel:
**From the Studio Classic Launcher**
+ Notebook
+ Interactive Shell
+ Image Terminal
**From the **File** menu**
+ Notebook
+ Console
When launched, the resource is run on an Amazon EC2 instance of the chosen instance type. If an instance of that type was previously launched and is available, the resource is run on that instance.
For CPU based images, the default suggested instance type is `ml.t3.medium`. For GPU based images, the default suggested instance type is `ml.g4dn.xlarge`.
The costs incurred are based on the instance type. You are billed separately for each instance.
Metering starts when an instance is created. Metering ends when all the apps on the instance are shut down, or the instance is shut down. For information about how to shut down an instance, see [Shut Down Resources from Amazon SageMaker Studio Classic](notebooks-run-and-manage-shut-down.md).
**Important**
You must shut down the instance to stop incurring charges. If you shut down the notebook running on the instance but don't shut down the instance, you will still incur charges. When you shut down the Studio Classic notebook instances, any additional resources, such as SageMaker AI endpoints, Amazon EMR clusters, and Amazon S3 buckets created from Studio Classic are not deleted. Delete those resources to stop accrual of charges.
When you open multiple notebooks on the same instance type, the notebooks run on the same instance even if they are using different kernels. You are billed only for the time that one instance is running.
You can change the instance type from within the notebook after you open it. For more information, see [Change the Instance Type for an Amazon SageMaker Studio Classic Notebook](notebooks-run-and-manage-switch-instance-type.md).
For information about billing along with pricing examples, see [Amazon SageMaker Pricing](https://aws.amazon.com/sagemaker/pricing/).
# Available Resources for Amazon SageMaker Studio Classic Notebooks
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following sections list the available resources for Amazon SageMaker Studio Classic notebooks.
**Topics**
+ [
# Instance Types Available for Use With Amazon SageMaker Studio Classic Notebooks
](notebooks-available-instance-types.md)
+ [
# Amazon SageMaker Images Available for Use With Studio Classic Notebooks
](notebooks-available-images.md)
# Instance Types Available for Use With Amazon SageMaker Studio Classic Notebooks
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic notebooks run on Amazon Elastic Compute Cloud (Amazon EC2) instances. The following Amazon EC2 instance types are available for use with Studio Classic notebooks. For detailed information on which instance types fit your use case, and their performance capabilities, see [Amazon Elastic Compute Cloud Instance types](https://aws.amazon.com/ec2/instance-types/). For information about pricing for these instance types, see [Amazon EC2 Pricing](https://aws.amazon.com/ec2/pricing/).
For information about available Amazon SageMaker Notebook Instance types, see [CreateNotebookInstance](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html#sagemaker-CreateNotebookInstance-request-InstanceType).
**Note**
For most use cases, you should use a `ml.t3.medium`. This is the default instance type for CPU-based SageMaker images, and is available as part of the [AWS Free Tier](https://aws.amazon.com/free).
**Topics**
+ [
## CPU instances
](#notebooks-resources-no-gpu)
+ [
## Instances with 1 or more GPUs
](#notebooks-resources-gpu)
## CPU instances
The following table lists the Amazon EC2 CPU instance types with no GPU attached that are available for use with Studio Classic notebooks. It also lists information about the specifications of each instance type. The default instance type for CPU-based images is `ml.t3.medium`.
For detailed information on which instance types fit your use case, and their performance capabilities, see [Amazon Elastic Compute Cloud Instance types](https://aws.amazon.com/ec2/instance-types/). For information about pricing for these instance types, see [Amazon EC2 Pricing](https://aws.amazon.com/ec2/pricing/).
CPU instances
| Instance | Use case | Fast launch | vCPU | Memory (GiB) | Instance Storage (GB) |
| --- | --- | --- | --- | --- | --- |
| ml.t3.medium | General purpose | Yes | 2 | 4 | Amazon EBS Only |
| ml.t3.large | General purpose | No | 2 | 8 | Amazon EBS Only |
| ml.t3.xlarge | General purpose | No | 4 | 16 | Amazon EBS Only |
| ml.t3.2xlarge | General purpose | No | 8 | 32 | Amazon EBS Only |
| ml.m5.large | General purpose | Yes | 2 | 8 | Amazon EBS Only |
| ml.m5.xlarge | General purpose | No | 4 | 16 | Amazon EBS Only |
| ml.m5.2xlarge | General purpose | No | 8 | 32 | Amazon EBS Only |
| ml.m5.4xlarge | General purpose | No | 16 | 64 | Amazon EBS Only |
| ml.m5.8xlarge | General purpose | No | 32 | 128 | Amazon EBS Only |
| ml.m5.12xlarge | General purpose | No | 48 | 192 | Amazon EBS Only |
| ml.m5.16xlarge | General purpose | No | 64 | 256 | Amazon EBS Only |
| ml.m5.24xlarge | General purpose | No | 96 | 384 | Amazon EBS Only |
| ml.m5d.large | General purpose | No | 2 | 8 | 1 x 75 NVMe SSD |
| ml.m5d.xlarge | General purpose | No | 4 | 16 | 1 x 150 NVMe SSD |
| ml.m5d.2xlarge | General purpose | No | 8 | 32 | 1 x 300 NVMe SSD |
| ml.m5d.4xlarge | General purpose | No | 16 | 64 | 2 x 300 NVMe SSD |
| ml.m5d.8xlarge | General purpose | No | 32 | 128 | 2 x 600 NVMe SSD |
| ml.m5d.12xlarge | General purpose | No | 48 | 192 | 2 x 900 NVMe SSD |
| ml.m5d.16xlarge | General purpose | No | 64 | 256 | 4 x 600 NVMe SSD |
| ml.m5d.24xlarge | General purpose | No | 96 | 384 | 4 x 900 NVMe SSD |
| ml.c5.large | Compute optimized | Yes | 2 | 4 | Amazon EBS Only |
| ml.c5.xlarge | Compute optimized | No | 4 | 8 | Amazon EBS Only |
| ml.c5.2xlarge | Compute optimized | No | 8 | 16 | Amazon EBS Only |
| ml.c5.4xlarge | Compute optimized | No | 16 | 32 | Amazon EBS Only |
| ml.c5.9xlarge | Compute optimized | No | 36 | 72 | Amazon EBS Only |
| ml.c5.12xlarge | Compute optimized | No | 48 | 96 | Amazon EBS Only |
| ml.c5.18xlarge | Compute optimized | No | 72 | 144 | Amazon EBS Only |
| ml.c5.24xlarge | Compute optimized | No | 96 | 192 | Amazon EBS Only |
| ml.r5.large | Memory optimized | No | 2 | 16 | Amazon EBS Only |
| ml.r5.xlarge | Memory optimized | No | 4 | 32 | Amazon EBS Only |
| ml.r5.2xlarge | Memory optimized | No | 8 | 64 | Amazon EBS Only |
| ml.r5.4xlarge | Memory optimized | No | 16 | 128 | Amazon EBS Only |
| ml.r5.8xlarge | Memory optimized | No | 32 | 256 | Amazon EBS Only |
| ml.r5.12xlarge | Memory optimized | No | 48 | 384 | Amazon EBS Only |
| ml.r5.16xlarge | Memory optimized | No | 64 | 512 | Amazon EBS Only |
| ml.r5.24xlarge | Memory optimized | No | 96 | 768 | Amazon EBS Only |
## Instances with 1 or more GPUs
The following table lists the Amazon EC2 instance types with 1 or more GPUs attached that are available for use with Studio Classic notebooks. It also lists information about the specifications of each instance type. The default instance type for GPU-based images is `ml.g4dn.xlarge`.
For detailed information on which instance types fit your use case, and their performance capabilities, see [Amazon Elastic Compute Cloud Instance types](https://aws.amazon.com/ec2/instance-types/). For information about pricing for these instance types, see [Amazon EC2 Pricing](https://aws.amazon.com/ec2/pricing/).
Instances with 1 or more GPUs
| Instance | Use case | Fast launch | GPUs | vCPU | Memory (GiB) | GPU Memory (GiB) | Instance Storage (GB) |
| --- | --- | --- | --- | --- | --- | --- | --- |
| ml.p3.2xlarge | Accelerated computing | No | 1 | 8 | 61 | 16 | Amazon EBS Only |
| ml.p3.8xlarge | Accelerated computing | No | 4 | 32 | 244 | 64 | Amazon EBS Only |
| ml.p3.16xlarge | Accelerated computing | No | 8 | 64 | 488 | 128 | Amazon EBS Only |
| ml.p3dn.24xlarge | Accelerated computing | No | 8 | 96 | 768 | 256 | 2 x 900 NVMe SSD |
| ml.p4d.24xlarge | Accelerated computing | No | 8 | 96 | 1152 | 320 GB HBM2 | 8 x 1000 NVMe SSD |
| ml.p4de.24xlarge | Accelerated computing | No | 8 | 96 | 1152 | 640 GB HBM2e | 8 x 1000 NVMe SSD |
| ml.g4dn.xlarge | Accelerated computing | Yes | 1 | 4 | 16 | 16 | 1 x 125 NVMe SSD |
| ml.g4dn.2xlarge | Accelerated computing | No | 1 | 8 | 32 | 16 | 1 x 225 NVMe SSD |
| ml.g4dn.4xlarge | Accelerated computing | No | 1 | 16 | 64 | 16 | 1 x 225 NVMe SSD |
| ml.g4dn.8xlarge | Accelerated computing | No | 1 | 32 | 128 | 16 | 1 x 900 NVMe SSD |
| ml.g4dn.12xlarge | Accelerated computing | No | 4 | 48 | 192 | 64 | 1 x 900 NVMe SSD |
| ml.g4dn.16xlarge | Accelerated computing | No | 1 | 64 | 256 | 16 | 1 x 900 NVMe SSD |
| ml.g5.xlarge | Accelerated computing | No | 1 | 4 | 16 | 24 | 1 x 250 NVMe SSD |
| ml.g5.2xlarge | Accelerated computing | No | 1 | 8 | 32 | 24 | 1 x 450 NVMe SSD |
| ml.g5.4xlarge | Accelerated computing | No | 1 | 16 | 64 | 24 | 1 x 600 NVMe SSD |
| ml.g5.8xlarge | Accelerated computing | No | 1 | 32 | 128 | 24 | 1 x 900 NVMe SSD |
| ml.g5.12xlarge | Accelerated computing | No | 4 | 48 | 192 | 96 | 1 x 3800 NVMe SSD |
| ml.g5.16xlarge | Accelerated computing | No | 1 | 64 | 256 | 24 | 1 x 1900 NVMe SSD |
| ml.g5.24xlarge | Accelerated computing | No | 4 | 96 | 384 | 96 | 1 x 3800 NVMe SSD |
| ml.g5.48xlarge | Accelerated computing | No | 8 | 192 | 768 | 192 | 2 x 3800 NVMe SSD |
# Amazon SageMaker Images Available for Use With Studio Classic Notebooks
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
This page lists the SageMaker images and associated kernels that are available in Amazon SageMaker Studio Classic. This page also gives information about the format needed to create the ARN for each image. SageMaker images contain the latest [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable) and the latest version of the kernel. For more information, see [Deep Learning Containers Images](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/deep-learning-containers-images.html).
**Topics**
+ [
## Image ARN format
](#notebooks-available-images-arn)
+ [
## Supported URI tags
](#notebooks-available-uri-tag)
+ [
## Supported images
](#notebooks-available-images-supported)
+ [
## Images slated for deprecation
](#notebooks-available-images-deprecation)
+ [
## Deprecated images
](#notebooks-available-images-deprecated)
## Image ARN format
The following table lists the image ARN and URI format for each Region. To create the full ARN for an image, replace the *resource-identifier* placeholder with the corresponding resource identifier for the image. The resource identifier is found in the SageMaker images and kernels table. To create the full URI for an image, replace the *tag* placeholder with the corresponding cpu or gpu tag. For the list of tags you can use, see [Supported URI tags](#notebooks-available-uri-tag).
**Note**
SageMaker Distribution images use a distinct set of image ARNs, which are listed in the following table.
| Region | Image ARN Format | SageMaker Distribution Image ARN Format | SageMaker Distribution Image URI Format |
| --- | --- | --- | --- |
| us-east-1 | arn:aws:sagemaker:us-east-1:081325390199:image/resource-identifier | arn:aws:sagemaker:us-east-1:885854791233:image/resource-identifier | 885854791233.dkr.ecr.us-east-1.amazonaws.com/sagemaker-distribution-prod:tag |
| us-east-2 | arn:aws:sagemaker:us-east-2:429704687514:image/resource-identifier | arn:aws:sagemaker:us-east-2:137914896644:image/resource-identifier | 137914896644.dkr.ecr.us-east-2.amazonaws.com/sagemaker-distribution-prod:tag |
| us-west-1 | arn:aws:sagemaker:us-west-1:742091327244:image/resource-identifier | arn:aws:sagemaker:us-west-1:053634841547:image/resource-identifier | 053634841547.dkr.ecr.us-west-1.amazonaws.com/sagemaker-distribution-prod:tag |
| us-west-2 | arn:aws:sagemaker:us-west-2:236514542706:image/resource-identifier | arn:aws:sagemaker:us-west-2:542918446943:image/resource-identifier | 542918446943.dkr.ecr.us-west-2.amazonaws.com/sagemaker-distribution-prod:tag |
| af-south-1 | arn:aws:sagemaker:af-south-1:559312083959:image/resource-identifier | arn:aws:sagemaker:af-south-1:238384257742:image/resource-identifier | 238384257742.dkr.ecr.af-south-1.amazonaws.com/sagemaker-distribution-prod:tag |
| ap-east-1 | arn:aws:sagemaker:ap-east-1:493642496378:image/resource-identifier | arn:aws:sagemaker:ap-east-1:523751269255:image/resource-identifier | 523751269255.dkr.ecr.ap-east-1.amazonaws.com/sagemaker-distribution-prod:tag |
| ap-south-1 | arn:aws:sagemaker:ap-south-1:394103062818:image/resource-identifier | arn:aws:sagemaker:ap-south-1:245090515133:image/resource-identifier | 245090515133.dkr.ecr.ap-south-1.amazonaws.com/sagemaker-distribution-prod:tag |
| ap-northeast-2 | arn:aws:sagemaker:ap-northeast-2:806072073708:image/resource-identifier | arn:aws:sagemaker:ap-northeast-2:064688005998:image/resource-identifier | 064688005998.dkr.ecr.ap-northeast-2.amazonaws.com/sagemaker-distribution-prod:tag |
| ap-southeast-1 | arn:aws:sagemaker:ap-southeast-1:492261229750:image/resource-identifier | arn:aws:sagemaker:ap-southeast-1:022667117163:image/resource-identifier | 022667117163.dkr.ecr.ap-southeast-1.amazonaws.com/sagemaker-distribution-prod:tag |
| ap-southeast-2 | arn:aws:sagemaker:ap-southeast-2:452832661640:image/resource-identifier | arn:aws:sagemaker:ap-southeast-2:648430277019:image/resource-identifier | 648430277019.dkr.ecr.ap-southeast-2.amazonaws.com/sagemaker-distribution-prod:tag |
| ap-northeast-1 | arn:aws:sagemaker:ap-northeast-1:102112518831:image/resource-identifier | arn:aws:sagemaker:ap-northeast-1:010972774902:image/resource-identifier | 010972774902.dkr.ecr.ap-northeast-1.amazonaws.com/sagemaker-distribution-prod:tag |
| ca-central-1 | arn:aws:sagemaker:ca-central-1:310906938811:image/resource-identifier | arn:aws:sagemaker:ca-central-1:481561238223:image/resource-identifier | 481561238223.dkr.ecr.ca-central-1.amazonaws.com/sagemaker-distribution-prod:tag |
| eu-central-1 | arn:aws:sagemaker:eu-central-1:936697816551:image/resource-identifier | arn:aws:sagemaker:eu-central-1:545423591354:image/resource-identifier | 545423591354.dkr.ecr.eu-central-1.amazonaws.com/sagemaker-distribution-prod:tag |
| eu-west-1 | arn:aws:sagemaker:eu-west-1:470317259841:image/resource-identifier | arn:aws:sagemaker:eu-west-1:819792524951:image/resource-identifier | 819792524951.dkr.ecr.eu-west-1.amazonaws.com/sagemaker-distribution-prod:tag |
| eu-west-2 | arn:aws:sagemaker:eu-west-2:712779665605:image/resource-identifier | arn:aws:sagemaker:eu-west-2:021081402939:image/resource-identifier | 021081402939.dkr.ecr.eu-west-2.amazonaws.com/sagemaker-distribution-prod:tag |
| eu-west-3 | arn:aws:sagemaker:eu-west-3:615547856133:image/resource-identifier | arn:aws:sagemaker:eu-west-3:856416204555:image/resource-identifier | 856416204555.dkr.ecr.eu-west-3.amazonaws.com/sagemaker-distribution-prod:tag |
| eu-north-1 | arn:aws:sagemaker:eu-north-1:243637512696:image/resource-identifier | arn:aws:sagemaker:eu-north-1:175620155138:image/resource-identifier | 175620155138.dkr.ecr.eu-north-1.amazonaws.com/sagemaker-distribution-prod:tag |
| eu-south-1 | arn:aws:sagemaker:eu-south-1:592751261982:image/resource-identifier | arn:aws:sagemaker:eu-south-1:810671768855:image/resource-identifier | 810671768855.dkr.ecr.eu-south-1.amazonaws.com/sagemaker-distribution-prod:tag |
| sa-east-1 | arn:aws:sagemaker:sa-east-1:782484402741:image/resource-identifier | arn:aws:sagemaker:sa-east-1:567556641782:image/resource-identifier | 567556641782.dkr.ecr.sa-east-1.amazonaws.com/sagemaker-distribution-prod:tag |
| ap-northeast-3 | arn:aws:sagemaker:ap-northeast-3:792733760839:image/resource-identifier | arn:aws:sagemaker:ap-northeast-3:564864627153:image/resource-identifier | 564864627153.dkr.ecr.ap-northeast-3.amazonaws.com/sagemaker-distribution-prod:tag |
| ap-southeast-3 | arn:aws:sagemaker:ap-southeast-3:276181064229:image/resource-identifier | arn:aws:sagemaker:ap-southeast-3:370607712162:image/resource-identifier | 370607712162.dkr.ecr.ap-southeast-3.amazonaws.com/sagemaker-distribution-prod:tag |
| me-south-1 | arn:aws:sagemaker:me-south-1:117516905037:image/resource-identifier | arn:aws:sagemaker:me-south-1:523774347010:image/resource-identifier | 523774347010.dkr.ecr.me-south-1.amazonaws.com/sagemaker-distribution-prod:tag |
| me-central-1 | arn:aws:sagemaker:me-central-1:103105715889:image/resource-identifier | arn:aws:sagemaker:me-central-1:358593528301:image/resource-identifier | 358593528301.dkr.ecr.me-central-1.amazonaws.com/sagemaker-distribution-prod:tag |
## Supported URI tags
The following list shows the tags you can include in your image URI.
+ 1-cpu
+ 1-gpu
+ 0-cpu
+ 0-gpu
**The following examples show URIs with various tag formats:**
+ 542918446943.dkr.ecr.us-west-2.amazonaws.com/sagemaker-distribution-prod:1-cpu
+ 542918446943.dkr.ecr.us-west-2.amazonaws.com/sagemaker-distribution-prod:0-gpu
## Supported images
The following table gives information about the SageMaker images and associated kernels that are available in Amazon SageMaker Studio Classic. It also gives information about the resource identifier and Python version included in the image.
SageMaker images and kernels
| SageMaker Image | Description | Resource Identifier | Kernels (and Identifier) | Python Version |
| --- | --- | --- | --- | --- |
| Base Python 4.3 | Official Python 3.11 image from DockerHub with boto3 and AWS CLI included. | sagemaker-base-python-v4 | Python 3 (python3) | Python 3.11 |
| Base Python 4.2 | Official Python 3.11 image from DockerHub with boto3 and AWS CLI included. | sagemaker-base-python-v4 | Python 3 (python3) | Python 3.11 |
| Base Python 4.1 | Official Python 3.11 image from DockerHub with boto3 and AWS CLI included. | sagemaker-base-python-v4 | Python 3 (python3) | Python 3.11 |
| Base Python 4.0 | Official Python 3.11 image from DockerHub with boto3 and AWS CLI included. | sagemaker-base-python-v4 | Python 3 (python3) | Python 3.11 |
| Base Python 3.0 | Official Python 3.10 image from DockerHub with boto3 and AWS CLI included. | sagemaker-base-python-310-v1 | Python 3 (python3) | Python 3.10 |
| Data Science 5.3 | Data Science 5.3 is a Python 3.11 [conda](https://docs.conda.io/projects/conda/en/latest/index.html) image based on Ubuntu version jammy-20240212. It includes the most commonly used Python packages and libraries, such as NumPy and SciKit Learn. | sagemaker-data-science-v5 | Python 3 (python3) | Python 3.11 |
| Data Science 5.2 | Data Science 5.2 is a Python 3.11 [conda](https://docs.conda.io/projects/conda/en/latest/index.html) image based on Ubuntu version jammy-20240212. It includes the most commonly used Python packages and libraries, such as NumPy and SciKit Learn. | sagemaker-data-science-v5 | Python 3 (python3) | Python 3.11 |
| Data Science 5.1 | Data Science 5.1 is a Python 3.11 [conda](https://docs.conda.io/projects/conda/en/latest/index.html) image based on Ubuntu version jammy-20240212. It includes the most commonly used Python packages and libraries, such as NumPy and SciKit Learn. | sagemaker-data-science-v5 | Python 3 (python3) | Python 3.11 |
| Data Science 5.0 | Data Science 5.0 is a Python 3.11 [conda](https://docs.conda.io/projects/conda/en/latest/index.html) image based on Ubuntu version jammy-20240212. It includes the most commonly used Python packages and libraries, such as NumPy and SciKit Learn. | sagemaker-data-science-v5 | Python 3 (python3) | Python 3.11 |
| Data Science 4.0 | Data Science 4.0 is a Python 3.11 [conda](https://docs.conda.io/projects/conda/en/latest/index.html) image based on Ubuntu version 22.04. It includes the most commonly used Python packages and libraries, such as NumPy and SciKit Learn. | sagemaker-data-science-311-v1 | Python 3 (python3) | Python 3.11 |
| Data Science 3.0 | Data Science 3.0 is a Python 3.10 [conda](https://docs.conda.io/projects/conda/en/latest/index.html) image based on Ubuntu version 22.04. It includes the most commonly used Python packages and libraries, such as NumPy and SciKit Learn. | sagemaker-data-science-310-v1 | Python 3 (python3) | Python 3.10 |
| Geospatial 1.0 | Amazon SageMaker geospatial is a Python image consisting of commonly used geospatial libraries such as GDAL, Fiona, GeoPandas, Shapley, and Rasterio. It allows you to visualize geospatial data within SageMaker AI. For more information, see [Amazon SageMaker geospatial Notebook SDK](https://docs.aws.amazon.com/sagemaker/latest/dg/geospatial-notebook-sdk.html) | sagemaker-geospatial-1.0 | Python 3 (python3) | Python 3.10 |
| SparkAnalytics 4.3 | The SparkAnalytics 4.3 image provides Spark and PySpark kernel options on Amazon SageMaker Studio Classic, including SparkMagic Spark, SparkMagic PySpark, Glue Spark, and Glue PySpark, enabling flexible distributed data processing. | sagemaker-spark-analytics-v4 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-images.html) | Python 3.11 |
| SparkAnalytics 4.2 | The SparkAnalytics 4.2 image provides Spark and PySpark kernel options on Amazon SageMaker Studio Classic, including SparkMagic Spark, SparkMagic PySpark, Glue Spark, and Glue PySpark, enabling flexible distributed data processing. | sagemaker-spark-analytics-v4 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-images.html) | Python 3.11 |
| SparkAnalytics 4.1 | The SparkAnalytics 4.1 image provides Spark and PySpark kernel options on Amazon SageMaker Studio Classic, including SparkMagic Spark, SparkMagic PySpark, Glue Spark, and Glue PySpark, enabling flexible distributed data processing. | sagemaker-spark-analytics-v4 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-images.html) | Python 3.11 |
| SparkAnalytics 4.0 | The SparkAnalytics 4.0 image provides Spark and PySpark kernel options on Amazon SageMaker Studio Classic, including SparkMagic Spark, SparkMagic PySpark, Glue Spark, and Glue PySpark, enabling flexible distributed data processing. | sagemaker-spark-analytics-v4 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-images.html) | Python 3.11 |
| SparkAnalytics 3.0 | The SparkAnalytics 3.0 image provides Spark and PySpark kernel options on Amazon SageMaker Studio Classic, including SparkMagic Spark, SparkMagic PySpark, Glue Spark, and Glue PySpark, enabling flexible distributed data processing. | sagemaker-sparkanalytics-311-v1 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-images.html) | Python 3.11 |
| SparkAnalytics 2.0 | Anaconda Individual Edition with PySpark and Spark kernels. For more information, see [sparkmagic](https://github.com/jupyter-incubator/sparkmagic). | sagemaker-sparkanalytics-310-v1 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-images.html) | Python 3.10 |
| PyTorch 2.4.0 Python 3.11 CPU Optimized | The AWS Deep Learning Containers for PyTorch 2.4.0 with CUDA 12.4 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.4.0-cpu-py311 | Python 3 (python3) | Python 3.11 |
| PyTorch 2.4.0 Python 3.11 GPU Optimized | The AWS Deep Learning Containers for PyTorch 2.4.0 with CUDA 12.4 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.4.0-gpu-py311 | Python 3 (python3) | Python 3.11 |
| PyTorch 2.3.0 Python 3.11 CPU Optimized | The AWS Deep Learning Containers for PyTorch 2.3.0 with CUDA 12.1 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.3.0-cpu-py311 | Python 3 (python3) | Python 3.11 |
| PyTorch 2.3.0 Python 3.11 GPU Optimized | The AWS Deep Learning Containers for PyTorch 2.3.0 with CUDA 12.1 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.3.0-gpu-py311 | Python 3 (python3) | Python 3.11 |
| PyTorch 2.2.0 Python 3.10 CPU Optimized | The AWS Deep Learning Containers for PyTorch 2.2 with CUDA 12.1 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.2.0-cpu-py310 | Python 3 (python3) | Python 3.10 |
| PyTorch 2.2.0 Python 3.10 GPU Optimized | The AWS Deep Learning Containers for PyTorch 2.2 with CUDA 12.1 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.2.0-gpu-py310 | Python 3 (python3) | Python 3.10 |
| PyTorch 2.1.0 Python 3.10 CPU Optimized | The AWS Deep Learning Containers for PyTorch 2.1 with CUDA 12.1 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.1.0-cpu-py310 | Python 3 (python3) | Python 3.10 |
| PyTorch 2.1.0 Python 3.10 GPU Optimized | The AWS Deep Learning Containers for PyTorch 2.1 with CUDA 12.1 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.1.0-gpu-py310 | Python 3 (python3) | Python 3.10 |
| PyTorch 1.13 HuggingFace Python 3.10 Neuron Optimized | PyTorch 1.13 image with HuggingFace and Neuron packages installed for training on Trainium instances optimized for performance and scale on AWS. | pytorch-1.13-hf-neuron-py310 | Python 3 (python3) | Python 3.10 |
| PyTorch 1.13 Python 3.10 Neuron Optimized | PyTorch 1.13 image with Neuron packages installed for training on Trainium instances optimized for performance and scale on AWS. | pytorch-1.13-neuron-py310 | Python 3 (python3) | Python 3.10 |
| TensorFlow 2.14.0 Python 3.10 CPU Optimized | The AWS Deep Learning Containers for TensorFlow 2.14 with CUDA 11.8 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | tensorflow-2.14.1-cpu-py310-ubuntu20.04-sagemaker-v1.0 | Python 3 (python3) | Python 3.10 |
| TensorFlow 2.14.0 Python 3.10 GPU Optimized | The AWS Deep Learning Containers for TensorFlow 2.14 with CUDA 11.8 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | tensorflow-2.14.1-gpu-py310-cu118-ubuntu20.04-sagemaker-v1.0 | Python 3 (python3) | Python 3.10 |
## Images slated for deprecation
SageMaker AI ends support for images the day after any of the packages in the image reach end-of life by their publisher. The following SageMaker images are slated for deprecation.
Images based on Python 3.8 reached [end-of-life](https://endoflife.date/python) on October 31st, 2024. Starting on November 1, 2024, SageMaker AI will discontinue support for these images and they will not be selectable from the Studio Classic UI. To avoid non-compliance issues, if you're using any of these images, we recommend that you move to an image with a later version.
SageMaker images slated for deprecation
| SageMaker Image | Deprecation date | Description | Resource Identifier | Kernels | Python Version |
| --- | --- | --- | --- | --- | --- |
| SageMaker Distribution v0.12 CPU | November 1, 2024 | SageMaker Distribution v0 CPU is a Python 3.8 image that includes popular frameworks for machine learning, data science and visualization on CPU. This includes deep learning frameworks like PyTorch, TensorFlow and Keras; popular Python packages like numpy, scikit-learn and pandas; and IDEs like Jupyter Lab. For more information, see the [Amazon SageMaker AI Distribution](https://github.com/aws/sagemaker-distribution) repo. | sagemaker-distribution-cpu-v0 | Python 3 (python3) | Python 3.8 |
| SageMaker Distribution v0.12 GPU | November 1, 2024 | SageMaker Distribution v0 GPU is a Python 3.8 image that includes popular frameworks for machine learning, data science and visualization on GPU. This includes deep learning frameworks like PyTorch, TensorFlow and Keras; popular Python packages like numpy, scikit-learn and pandas; and IDEs like Jupyter Lab. For more information, see the [Amazon SageMaker AI Distribution](https://github.com/aws/sagemaker-distribution) repo. | sagemaker-distribution-gpu-v0 | Python 3 (python3) | Python 3.8 |
| Base Python 2.0 | November 1, 2024 | Official Python 3.8 image from DockerHub with boto3 and AWS CLI included. | sagemaker-base-python-38 | Python 3 (python3) | Python 3.8 |
| Data Science 2.0 | November 1, 2024 | Data Science 2.0 is a Python 3.8 [conda](https://docs.conda.io/projects/conda/en/latest/index.html) image based on Ubuntu version 22.04. It includes the most commonly used Python packages and libraries, such as NumPy and SciKit Learn. | sagemaker-data-science-38 | Python 3 (python3) | Python 3.8 |
| PyTorch 1.13 Python 3.9 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 1.13 with CUDA 11.3 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-1.13-cpu-py39 | Python 3 (python3) | Python 3.9 |
| PyTorch 1.13 Python 3.9 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 1.13 with CUDA 11.7 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-1.13-gpu-py39 | Python 3 (python3) | Python 3.9 |
| PyTorch 1.12 Python 3.8 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 1.12 with CUDA 11.3 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers for PyTorch 1.12.0](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-for-pytorch-1-12-0-on-sagemaker/). | pytorch-1.12-cpu-py38 | Python 3 (python3) | Python 3.8 |
| PyTorch 1.12 Python 3.8 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 1.12 with CUDA 11.3 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers for PyTorch 1.12.0](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-for-pytorch-1-12-0-on-sagemaker/). | pytorch-1.12-gpu-py38 | Python 3 (python3) | Python 3.8 |
| PyTorch 1.10 Python 3.8 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 1.10 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers for PyTorch 1.10.2 on SageMaker AI](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-for-pytorch-1-10-2-on-sagemaker/). | pytorch-1.10-cpu-py38 | Python 3 (python3) | Python 3.8 |
| PyTorch 1.10 Python 3.8 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 1.10 with CUDA 11.3 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers for PyTorch 1.10.2 on SageMaker AI](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-for-pytorch-1-10-2-on-sagemaker/). | pytorch-1.10-gpu-py38 | Python 3 (python3) | Python 3.8 |
| SparkAnalytics 1.0 | November 1, 2024 | Anaconda Individual Edition with PySpark and Spark kernels. For more information, see [sparkmagic](https://github.com/jupyter-incubator/sparkmagic). | sagemaker-sparkanalytics-v1 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-images.html) | Python 3.8 |
| TensorFlow 2.13.0 Python 3.10 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.13 with CUDA 11.8 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers.](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | tensorflow-2.13.0-cpu-py310-ubuntu20.04-sagemaker-v1.0 | Python 3 (python3) | Python 3.10 |
| TensorFlow 2.13.0 Python 3.10 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.13 with CUDA 11.8 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers.](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html) | tensorflow-2.13.0-gpu-py310-cu118-ubuntu20.04-sagemaker-v1.0 | Python 3 (python3) | Python 3.10 |
| TensorFlow 2.6 Python 3.8 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.6 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers for TensorFlow 2.6](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-for-tensorflow-2-6/). | tensorflow-2.6-cpu-py38-ubuntu20.04-v1 | Python 3 (python3) | Python 3.8 |
| TensorFlow 2.6 Python 3.8 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.6 with CUDA 11.2 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers for TensorFlow 2.6](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-for-tensorflow-2-6/). | tensorflow-2.6-gpu-py38-cu112-ubuntu20.04-v1 | Python 3 (python3) | Python 3.8 |
| PyTorch 2.0.1 Python 3.10 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 2.0.1 with CUDA 12.1 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.0.1-cpu-py310 | Python 3 (python3) | Python 3.10 |
| PyTorch 2.0.1 Python 3.10 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 2.0.1 with CUDA 12.1 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.0.1-gpu-py310 | Python 3 (python3) | Python 3.10 |
| PyTorch 2.0.0 Python 3.10 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 2.0.0 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.0.0-cpu-py310 | Python 3 (python3) | Python 3.10 |
| PyTorch 2.0.0 Python 3.10 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for PyTorch 2.0.0 with CUDA 11.8 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | pytorch-2.0.0-gpu-py310 | Python 3 (python3) | Python 3.10 |
| TensorFlow 2.12.0 Python 3.10 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.12.0 with CUDA 11.2 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | tensorflow-2.12.0-cpu-py310-ubuntu20.04-sagemaker-v1.0 | Python 3 (python3) | Python 3.10 |
| TensorFlow 2.12.0 Python 3.10 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.12.0 with CUDA 11.8 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | tensorflow-2.12.0-gpu-py310-cu118-ubuntu20.04-sagemaker-v1 | Python 3 (python3) | Python 3.10 |
| TensorFlow 2.11.0 Python 3.9 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.11.0 with CUDA 11.2 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | tensorflow-2.11.0-cpu-py39-ubuntu20.04-sagemaker-v1.1 | Python 3 (python3) | Python 3.9 |
| TensorFlow 2.11.0 Python 3.9 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.11.0 with CUDA 11.2 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | tensorflow-2.11.0-gpu-py39-cu112-ubuntu20.04-sagemaker-v1.1 | Python 3 (python3) | Python 3.9 |
| TensorFlow 2.10 Python 3.9 CPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.10 with CUDA 11.2 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | tensorflow-2.10.1-cpu-py39-ubuntu20.04-sagemaker-v1.2 | Python 3 (python3) | Python 3.9 |
| TensorFlow 2.10 Python 3.9 GPU Optimized | November 1, 2024 | The AWS Deep Learning Containers for TensorFlow 2.10 with CUDA 11.2 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [Release Notes for Deep Learning Containers](https://docs.aws.amazon.com/deep-learning-containers/latest/devguide/dlc-release-notes.html). | tensorflow-2.10.1-gpu-py39-ubuntu20.04-sagemaker-v1.2 | Python 3 (python3) | Python 3.9 |
## Deprecated images
SageMaker AI has ended support for the following images. Deprecation occurs the day after any of the packages in the image reach end-of life by their publisher.
SageMaker images slated for deprecation
| SageMaker Image | Deprecation date | Description | Resource Identifier | Kernels | Python Version |
| --- | --- | --- | --- | --- | --- |
| Data Science | October 30, 2023 | Data Science is a Python 3.7 [conda](https://docs.conda.io/projects/conda/en/latest/index.html) image with the most commonly used Python packages and libraries, such as NumPy and SciKit Learn. | datascience-1.0 | Python 3 | Python 3.7 |
| SageMaker JumpStart Data Science 1.0 | October 30, 2023 | SageMaker JumpStart Data Science 1.0 is a JumpStart image that includes commonly used packages and libraries. | sagemaker-jumpstart-data-science-1.0 | Python 3 | Python 3.7 |
| SageMaker JumpStart MXNet 1.0 | October 30, 2023 | SageMaker JumpStart MXNet 1.0 is a JumpStart image that includes MXNet. | sagemaker-jumpstart-mxnet-1.0 | Python 3 | Python 3.7 |
| SageMaker JumpStart PyTorch 1.0 | October 30, 2023 | SageMaker JumpStart PyTorch 1.0 is a JumpStart image that includes PyTorch. | sagemaker-jumpstart-pytorch-1.0 | Python 3 | Python 3.7 |
| SageMaker JumpStart TensorFlow 1.0 | October 30, 2023 | SageMaker JumpStart TensorFlow 1.0 is a JumpStart image that includes TensorFlow. | sagemaker-jumpstart-tensorflow-1.0 | Python 3 | Python 3.7 |
| SparkMagic | October 30, 2023 | Anaconda Individual Edition with PySpark and Spark kernels. For more information, see [sparkmagic](https://github.com/jupyter-incubator/sparkmagic). | sagemaker-sparkmagic | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-images.html) | Python 3.7 |
| TensorFlow 2.3 Python 3.7 CPU Optimized | October 30, 2023 | The AWS Deep Learning Containers for TensorFlow 2.3 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers with TensorFlow 2.3.0](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-with-tensorflow-2-3-0/). | tensorflow-2.3-cpu-py37-ubuntu18.04-v1 | Python 3 | Python 3.7 |
| TensorFlow 2.3 Python 3.7 GPU Optimized | October 30, 2023 | The AWS Deep Learning Containers for TensorFlow 2.3 with CUDA 11.0 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers for TensorFlow 2.3.1 with CUDA 11.0](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-for-tensorflow-2-3-1-with-cuda-11-0/). | tensorflow-2.3-gpu-py37-cu110-ubuntu18.04-v3 | Python 3 | Python 3.7 |
| TensorFlow 1.15 Python 3.7 CPU Optimized | October 30, 2023 | The AWS Deep Learning Containers for TensorFlow 1.15 include containers for training on CPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers v7.0 for TensorFlow](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-v7-0-for-tensorflow/). | tensorflow-1.15-cpu-py37-ubuntu18.04-v7 | Python 3 | Python 3.7 |
| TensorFlow 1.15 Python 3.7 GPU Optimized | October 30, 2023 | The AWS Deep Learning Containers for TensorFlow 1.15 with CUDA 11.0 include containers for training on GPU, optimized for performance and scale on AWS. For more information, see [AWS Deep Learning Containers v7.0 for TensorFlow](https://aws.amazon.com/releasenotes/aws-deep-learning-containers-v7-0-for-tensorflow/). | tensorflow-1.15-gpu-py37-cu110-ubuntu18.04-v8 | Python 3 | Python 3.7 |
# Customize Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
There are four options for customizing your Amazon SageMaker Studio Classic environment. You bring your own SageMaker image, use a lifecycle configuration script, attach suggested Git repos to Studio Classic, or create kernels using persistent Conda environments in Amazon EFS. Use each option individually, or together.
+ **Bring your own SageMaker image:** A SageMaker image is a file that identifies the kernels, language packages, and other dependencies required to run a Jupyter notebook in Amazon SageMaker Studio Classic. Amazon SageMaker AI provides many built-in images for you to use. If you need different functionality, you can bring your own custom images to Studio Classic.
+ **Use lifecycle configurations with Amazon SageMaker Studio Classic:** Lifecycle configurations are shell scripts triggered by Amazon SageMaker Studio Classic lifecycle events, such as starting a new Studio Classic notebook. You can use lifecycle configurations to automate customization for your Studio Classic environment. For example, you can install custom packages, configure notebook extensions, preload datasets, and set up source code repositories.
+ **Attach suggested Git repos to Studio Classic:** You can attach suggested Git repository URLs at the Amazon SageMaker AI domain or user profile level. Then, you can select the repo URL from the list of suggestions and clone that into your environment using the Git extension in Studio Classic.
+ **Persist Conda environments to the Studio Classic Amazon EFS volume:** Studio Classic uses an Amazon EFS volume as a persistent storage layer. You can save your Conda environment on this Amazon EFS volume, then use the saved environment to create kernels. Studio Classic automatically picks up all valid environments saved in Amazon EFS as KernelGateway kernels. These kernels persist through restart of the kernel, app, and Studio Classic. For more information, see the **Persist Conda environments to the Studio Classic EFS volume** section in [Four approaches to manage Python packages in Amazon SageMaker Studio Classic notebooks](https://aws.amazon.com/blogs/machine-learning/four-approaches-to-manage-python-packages-in-amazon-sagemaker-studio-notebooks/).
The following topics show how to use these three options to customize your Amazon SageMaker Studio Classic environment.
**Topics**
+ [
# Custom Images in Amazon SageMaker Studio Classic
](studio-byoi.md)
+ [
# Use Lifecycle Configurations to Customize Amazon SageMaker Studio Classic
](studio-lcc.md)
+ [
# Attach Suggested Git Repos to Amazon SageMaker Studio Classic
](studio-git-attach.md)
# Custom Images in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
A SageMaker image is a file that identifies the kernels, language packages, and other dependencies required to run a Jupyter notebook in Amazon SageMaker Studio Classic. These images are used to create an environment that you then run Jupyter notebooks from. Amazon SageMaker AI provides many built-in images for you to use. For the list of built-in images, see [Amazon SageMaker Images Available for Use With Studio Classic Notebooks](notebooks-available-images.md).
If you need different functionality, you can bring your own custom images to Studio Classic. You can create images and image versions, and attach image versions to your domain or shared space, using the SageMaker AI control panel, the [AWS SDK for Python (Boto3)](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sagemaker.html), and the [AWS Command Line Interface (AWS CLI)](https://docs.aws.amazon.com/cli/latest/reference/sagemaker/). You can also create images and image versions using the SageMaker AI console, even if you haven't onboarded to a SageMaker AI domain. SageMaker AI provides sample Dockerfiles to use as a starting point for your custom SageMaker images in the [SageMaker Studio Classic Custom Image Samples](https://github.com/aws-samples/sagemaker-studio-custom-image-samples/) repository.
The following topics explain how to bring your own image using the SageMaker AI console or AWS CLI, then launch the image in Studio Classic. For a similar blog article, see [Bringing your own R environment to Amazon SageMaker Studio Classic](https://aws.amazon.com/blogs/machine-learning/bringing-your-own-r-environment-to-amazon-sagemaker-studio/). For notebooks that show how to bring your own image for use in training and inference, see [Amazon SageMaker Studio Classic Container Build CLI](https://github.com/aws/amazon-sagemaker-examples/tree/main/aws_sagemaker_studio/sagemaker_studio_image_build).
## Key terminology
The following section defines key terms for bringing your own image to use with Studio Classic.
+ **Dockerfile:** A Dockerfile is a file that identifies the language packages and other dependencies for your Docker image.
+ **Docker image:** The Docker image is a built Dockerfile. This image is checked into Amazon ECR and serves as the basis of the SageMaker AI image.
+ **SageMaker image:** A SageMaker image is a holder for a set of SageMaker AI image versions based on Docker images. Each image version is immutable.
+ **Image version:** An image version of a SageMaker image represents a Docker image and is stored in an Amazon ECR repository. Each image version is immutable. These image versions can be attached to a domain or shared space and used with Studio Classic.
**Topics**
+ [
## Key terminology
](#studio-byoi-basics)
+ [
# Custom SageMaker Image Specifications for Amazon SageMaker Studio Classic
](studio-byoi-specs.md)
+ [
# Prerequisites for Custom Images in Amazon SageMaker Studio Classic
](studio-byoi-prereq.md)
+ [
# Add a Docker Image Compatible with Amazon SageMaker Studio Classic to Amazon ECR
](studio-byoi-sdk-add-container-image.md)
+ [
# Create a Custom SageMaker Image for Amazon SageMaker Studio Classic
](studio-byoi-create.md)
+ [
# Attach a Custom SageMaker Image in Amazon SageMaker Studio Classic
](studio-byoi-attach.md)
+ [
# Launch a Custom SageMaker Image in Amazon SageMaker Studio Classic
](studio-byoi-launch.md)
+ [
# Clean Up Resources for Custom Images in Amazon SageMaker Studio Classic
](studio-byoi-cleanup.md)
# Custom SageMaker Image Specifications for Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following specifications apply to the container image that is represented by a SageMaker AI image version.
**Running the image**
`ENTRYPOINT` and `CMD` instructions are overridden to enable the image to run as a KernelGateway app.
Port 8888 in the image is reserved for running the KernelGateway web server.
**Stopping the image**
The `DeleteApp` API issues the equivalent of a `docker stop` command. Other processes in the container won’t get the SIGKILL/SIGTERM signals.
**Kernel discovery**
SageMaker AI recognizes kernels as defined by Jupyter [kernel specs](https://jupyter-client.readthedocs.io/en/latest/kernels.html#kernelspecs).
You can specify a list of kernels to display before running the image. If not specified, python3 is displayed. Use the [DescribeAppImageConfig](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeAppImageConfig.html) API to view the list of kernels.
Conda environments are recognized as kernel specs by default.
**File system**
The `/opt/.sagemakerinternal` and `/opt/ml` directories are reserved. Any data in these directories might not be visible at runtime.
**User data**
Each user in a domain gets a user directory on a shared Amazon Elastic File System volume in the image. The location of the current user's directory on the Amazon EFS volume is configurable. By default, the location of the directory is `/home/sagemaker-user`.
SageMaker AI configures POSIX UID/GID mappings between the image and the host. This defaults to mapping the root user's UID/GID (0/0) to the UID/GID on the host.
You can specify these values using the [CreateAppImageConfig](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateAppImageConfig.html) API.
**GID/UID limits**
Amazon SageMaker Studio Classic only supports the following `DefaultUID` and `DefaultGID` combinations:
+ DefaultUID: 1000 and DefaultGID: 100, which corresponds to a non-priveleged user.
+ DefaultUID: 0 and DefaultGID: 0, which corresponds to root access.
**Metadata**
A metadata file is located at `/opt/ml/metadata/resource-metadata.json`. No additional environment variables are added to the variables defined in the image. For more information, see [Get App Metadata](notebooks-run-and-manage-metadata.md#notebooks-run-and-manage-metadata-app).
**GPU**
On a GPU instance, the image is run with the `--gpus` option. Only the CUDA toolkit should be included in the image not the NVIDIA drivers. For more information, see [NVIDIA User Guide](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/user-guide.html).
**Metrics and logging**
Logs from the KernelGateway process are sent to Amazon CloudWatch in the customer’s account. The name of the log group is `/aws/sagemaker/studio`. The name of the log stream is `$domainID/$userProfileName/KernelGateway/$appName`.
**Image size**
Limited to 35 GB. To view the size of your image, run `docker image ls`.
## Sample Dockerfile
The following sample Dockerfile creates an image based Amazon Linux 2, installs third party packages and the `python3` kernel, and sets the scope to the non-privileged user.
```
FROM public.ecr.aws/amazonlinux/amazonlinux:2
ARG NB_USER="sagemaker-user"
ARG NB_UID="1000"
ARG NB_GID="100"
RUN \
yum install --assumeyes python3 shadow-utils && \
useradd --create-home --shell /bin/bash --gid "${NB_GID}" --uid ${NB_UID} ${NB_USER} && \
yum clean all && \
jupyter-activity-monitor-extension \
python3 -m pip install ipykernel && \
python3 -m ipykernel install
USER ${NB_UID}
```
# Prerequisites for Custom Images in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You must satisfy the following prerequisites to bring your own container for use with Amazon SageMaker Studio Classic.
+ The Docker application. For information about setting up Docker, see [Orientation and setup](https://docs.docker.com/get-started/).
+ Install the AWS CLI by following the steps in [Getting started with the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html).
+ A local copy of any Dockerfile for creating a Studio Classic compatible image. For sample custom images, see the [SageMaker AI Studio Classic custom image samples](https://github.com/aws-samples/sagemaker-studio-custom-image-samples/) repository.
+ Permissions to access the Amazon Elastic Container Registry (Amazon ECR) service. For more information, see [Amazon ECR Managed Policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html).
+ An AWS Identity and Access Management execution role that has the [AmazonSageMakerFullAccess](https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/AmazonSageMakerFullAccess) policy attached. If you have onboarded to Amazon SageMaker AI domain, you can get the role from the **Domain Summary** section of the SageMaker AI control panel.
+ Install the Studio Classic image build CLI by following the steps in [SageMaker Docker Build](https://github.com/aws-samples/sagemaker-studio-image-build-cli). This CLI enables you to build a Dockerfile using AWS CodeBuild.
# Add a Docker Image Compatible with Amazon SageMaker Studio Classic to Amazon ECR
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You perform the following steps to add a container image to Amazon ECR:
+ Create an Amazon ECR repository.
+ Authenticate to Amazon ECR.
+ Build a Docker image compatible with Studio Classic.
+ Push the image to the Amazon ECR repository.
**Note**
The Amazon ECR repository must be in the same AWS Region as Studio Classic.
**To build and add a container image to Amazon ECR**
1. Create an Amazon ECR repository using the AWS CLI. To create the repository using the Amazon ECR console, see [Creating a repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html).
```
aws ecr create-repository \
--repository-name smstudio-custom \
--image-scanning-configuration scanOnPush=true
```
The response should look similar to the following.
```
{
"repository": {
"repositoryArn": "arn:aws:ecr:us-east-2:acct-id:repository/smstudio-custom",
"registryId": "acct-id",
"repositoryName": "smstudio-custom",
"repositoryUri": "acct-id.dkr.ecr.us-east-2.amazonaws.com/smstudio-custom",
...
}
}
```
1. Build the `Dockerfile` using the Studio Classic image build CLI. The period (.) specifies that the Dockerfile should be in the context of the build command. This command builds the image and uploads the built image to the ECR repo. It then outputs the image URI.
```
sm-docker build . --repository smstudio-custom:custom
```
The response should look similar to the following.
```
Image URI: .dkr.ecr..amazonaws.com/
```
# Create a Custom SageMaker Image for Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
This topic describes how you can create a custom SageMaker image using the SageMaker AI console or AWS CLI.
When you create an image from the console, SageMaker AI also creates an initial image version. The image version represents a container image in [Amazon Elastic Container Registry (ECR)](https://console.aws.amazon.com/ecr/). The container image must satisfy the requirements to be used in Amazon SageMaker Studio Classic. For more information, see [Custom SageMaker Image Specifications for Amazon SageMaker Studio Classic](studio-byoi-specs.md). For information on testing your image locally and resolving common issues, see the [SageMaker Studio Classic Custom Image Samples repo](https://github.com/aws-samples/sagemaker-studio-custom-image-samples/blob/main/DEVELOPMENT.md).
After you have created your custom SageMaker image, you must attach it to your domain or shared space to use it with Studio Classic. For more information, see [Attach a Custom SageMaker Image in Amazon SageMaker Studio Classic](studio-byoi-attach.md).
## Create a SageMaker image from the console
The following section demonstrates how to create a custom SageMaker image from the SageMaker AI console.
**To create an image**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Images**.
1. On the **Custom images** page, choose **Create image**.
1. For **Image source**, enter the registry path to the container image in Amazon ECR. The path is in the following format:
` acct-id.dkr.ecr.region.amazonaws.com/repo-name[:tag] or [@digest] `
1. Choose **Next**.
1. Under **Image properties**, enter the following:
+ Image name – The name must be unique to your account in the current AWS Region.
+ (Optional) Display name – The name displayed in the Studio Classic user interface. When not provided, `Image name` is displayed.
+ (Optional) Description – A description of the image.
+ IAM role – The role must have the [AmazonSageMakerFullAccess](https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/AmazonSageMakerFullAccess) policy attached. Use the dropdown menu to choose one of the following options:
+ Create a new role – Specify any additional Amazon Simple Storage Service (Amazon S3) buckets that you want users of your notebooks to have access to. If you don't want to allow access to additional buckets, choose **None**.
SageMaker AI attaches the `AmazonSageMakerFullAccess` policy to the role. The role allows users of your notebooks access to the S3 buckets listed next to the checkmarks.
+ Enter a custom IAM role ARN – Enter the Amazon Resource Name (ARN) of your IAM role.
+ Use existing role – Choose one of your existing roles from the list.
+ (Optional) Image tags – Choose **Add new tag**. You can add up to 50 tags. Tags are searchable using the Studio Classic user interface, the SageMaker AI console, or the SageMaker AI `Search` API.
1. Choose **Submit**.
The new image is displayed in the **Custom images** list and briefly highlighted. After the image has been successfully created, you can choose the image name to view its properties or choose **Create version** to create another version.
**To create another image version**
1. Choose **Create version** on the same row as the image.
1. For **Image source**, enter the registry path to the Amazon ECR container image. The container image shouldn't be the same image as used in a previous version of the SageMaker image.
## Create a SageMaker image from the AWS CLI
You perform the following steps to create a SageMaker image from the container image using the AWS CLI.
+ Create an `Image`.
+ Create an `ImageVersion`.
+ Create a configuration file.
+ Create an `AppImageConfig`.
**To create the SageMaker image entities**
1. Create a SageMaker image.
```
aws sagemaker create-image \
--image-name custom-image \
--role-arn arn:aws:iam:::role/service-role/
```
The response should look similar to the following.
```
{
"ImageArn": "arn:aws:sagemaker:us-east-2:acct-id:image/custom-image"
}
```
1. Create a SageMaker image version from the container image.
```
aws sagemaker create-image-version \
--image-name custom-image \
--base-image .dkr.ecr..amazonaws.com/smstudio-custom:custom-image
```
The response should look similar to the following.
```
{
"ImageVersionArn": "arn:aws:sagemaker:us-east-2:acct-id:image-version/custom-image/1"
}
```
1. Check that the image version was successfully created.
```
aws sagemaker describe-image-version \
--image-name custom-image \
--version-number 1
```
The response should look similar to the following.
```
{
"ImageVersionArn": "arn:aws:sagemaker:us-east-2:acct-id:image-version/custom-image/1",
"ImageVersionStatus": "CREATED"
}
```
**Note**
If the response is `"ImageVersionStatus": "CREATED_FAILED"`, the response also includes the failure reason. A permissions issue is a common cause of failure. You also can check your Amazon CloudWatch logs if you experience a failure when starting or running the KernelGateway app for a custom image. The name of the log group is `/aws/sagemaker/studio`. The name of the log stream is `$domainID/$userProfileName/KernelGateway/$appName`.
1. Create a configuration file, named `app-image-config-input.json`. The `Name` value of `KernelSpecs` must match the name of the kernelSpec available in the Image associated with this `AppImageConfig`. This value is case sensitive. You can find the available kernelSpecs in an image by running `jupyter-kernelspec list` from a shell inside the container. `MountPath` is the path within the image to mount your Amazon Elastic File System (Amazon EFS) home directory. It needs to be different from the path you use inside the container because that path will be overridden when your Amazon EFS home directory is mounted.
**Note**
The following `DefaultUID` and `DefaultGID` combinations are the only accepted values:
DefaultUID: 1000 and DefaultGID: 100
DefaultUID: 0 and DefaultGID: 0
```
{
"AppImageConfigName": "custom-image-config",
"KernelGatewayImageConfig": {
"KernelSpecs": [
{
"Name": "python3",
"DisplayName": "Python 3 (ipykernel)"
}
],
"FileSystemConfig": {
"MountPath": "/home/sagemaker-user",
"DefaultUid": 1000,
"DefaultGid": 100
}
}
}
```
1. Create the AppImageConfig using the file created in the previous step.
```
aws sagemaker create-app-image-config \
--cli-input-json file://app-image-config-input.json
```
The response should look similar to the following.
```
{
"AppImageConfigArn": "arn:aws:sagemaker:us-east-2:acct-id:app-image-config/custom-image-config"
}
```
# Attach a Custom SageMaker Image in Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
To use a custom SageMaker image, you must attach a version of the image to your domain or shared space. When you attach an image version, it appears in the SageMaker Studio Classic Launcher and is available in the **Select image** dropdown list, which users use to launch an activity or change the image used by a notebook.
To make a custom SageMaker image available to all users within a domain, you attach the image to the domain. To make an image available to all users within a shared space, you can attach the image to the shared space. To make an image available to a single user, you attach the image to the user's profile. When you attach an image, SageMaker AI uses the latest image version by default. You can also attach a specific image version. After you attach the version, you can choose the version from the SageMaker AI Launcher or the image selector when you launch a notebook.
There is a limit to the number of image versions that can be attached at any given time. After you reach the limit, you must detach a version in order to attach another version of the image.
The following sections demonstrate how to attach a custom SageMaker image to your domain using either the SageMaker AI console or the AWS CLI. You can only attach a custom image to a share space using the AWS CLI.
## Attach the SageMaker image to a domain
### Attach the SageMaker image using the Console
This topic describes how you can attach an existing custom SageMaker image version to your domain using the SageMaker AI control panel. You can also create a custom SageMaker image and image version, and then attach that version to your domain. For the procedure to create an image and image version, see [Create a Custom SageMaker Image for Amazon SageMaker Studio Classic](studio-byoi-create.md).
**To attach an existing image**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the **Domains** page, select the domain to attach the image to.
1. From the **Domain details** page, select the **Environment** tab.
1. On the **Environment** tab, under **Custom SageMaker Studio Classic images attached to domain**, choose **Attach image**.
1. For **Image source**, choose **Existing image**.
1. Choose an existing image from the list.
1. Choose a version of the image from the list.
1. Choose **Next**.
1. Verify the values for **Image name**, **Image display name**, and **Description**.
1. Choose the IAM role. For more information, see [Create a Custom SageMaker Image for Amazon SageMaker Studio Classic](studio-byoi-create.md).
1. (Optional) Add tags for the image.
1. Specify the EFS mount path. This is the path within the image to mount the user's Amazon Elastic File System (EFS) home directory.
1. For **Image type**, select **SageMaker Studio image**
1. For **Kernel name**, enter the name of an existing kernel in the image. For information on how to get the kernel information from the image, see [DEVELOPMENT](https://github.com/aws-samples/sagemaker-studio-custom-image-samples/blob/main/DEVELOPMENT.md) in the SageMaker Studio Classic Custom Image Samples repository. For more information, see the **Kernel discovery** and **User data** sections of [Custom SageMaker Image Specifications for Amazon SageMaker Studio Classic](studio-byoi-specs.md).
1. (Optional) For **Kernel display name**, enter the display name for the kernel.
1. Choose **Add kernel**.
1. Choose **Submit**.
1. Wait for the image version to be attached to the domain. When attached, the version is displayed in the **Custom images** list and briefly highlighted.
### Attach the SageMaker image using the AWS CLI
The following sections demonstrate how to attach a custom SageMaker image when creating a new domain or updating your existing domain using the AWS CLI.
#### Attach the SageMaker image to a new domain
The following section demonstrates how to create a new domain with the version attached. These steps require that you specify the Amazon Virtual Private Cloud (VPC) information and execution role required to create the domain. You perform the following steps to create the domain and attach the custom SageMaker image:
+ Get your default VPC ID and subnet IDs.
+ Create the configuration file for the domain, which specifies the image.
+ Create the domain with the configuration file.
**To add the custom SageMaker image to your domain**
1. Get your default VPC ID.
```
aws ec2 describe-vpcs \
--filters Name=isDefault,Values=true \
--query "Vpcs[0].VpcId" --output text
```
The response should look similar to the following.
```
vpc-xxxxxxxx
```
1. Get your default subnet IDs using the VPC ID from the previous step.
```
aws ec2 describe-subnets \
--filters Name=vpc-id,Values= \
--query "Subnets[*].SubnetId" --output json
```
The response should look similar to the following.
```
[
"subnet-b55171dd",
"subnet-8a5f99c6",
"subnet-e88d1392"
]
```
1. Create a configuration file named `create-domain-input.json`. Insert the VPC ID, subnet IDs, `ImageName`, and `AppImageConfigName` from the previous steps. Because `ImageVersionNumber` isn't specified, the latest version of the image is used, which is the only version in this case.
```
{
"DomainName": "domain-with-custom-image",
"VpcId": "",
"SubnetIds": [
""
],
"DefaultUserSettings": {
"ExecutionRole": "",
"KernelGatewayAppSettings": {
"CustomImages": [
{
"ImageName": "custom-image",
"AppImageConfigName": "custom-image-config"
}
]
}
},
"AuthMode": "IAM"
}
```
1. Create the domain with the attached custom SageMaker image.
```
aws sagemaker create-domain \
--cli-input-json file://create-domain-input.json
```
The response should look similar to the following.
```
{
"DomainArn": "arn:aws:sagemaker:us-east-2:acct-id:domain/d-xxxxxxxxxxxx",
"Url": "https://d-xxxxxxxxxxxx.studio.us-east-2.sagemaker.aws/..."
}
```
#### Attach the SageMaker image to your current domain
If you have onboarded to a SageMaker AI domain, you can attach the custom image to your current domain. For more information about onboarding to a SageMaker AI domain, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md). You don't need to specify the VPC information and execution role when attaching a custom image to your current domain. After you attach the version, you must delete all the apps in your domain and reopen Studio Classic. For information about deleting the apps, see [Delete an Amazon SageMaker AI domain](gs-studio-delete-domain.md).
You perform the following steps to add the SageMaker image to your current domain.
+ Get your `DomainID` from SageMaker AI control panel.
+ Use the `DomainID` to get the `DefaultUserSettings` for the domain.
+ Add the `ImageName` and `AppImageConfig` as a `CustomImage` to the `DefaultUserSettings`.
+ Update your domain to include the custom image.
**To add the custom SageMaker image to your domain**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the **Domains** page, select the domain to attach the image to.
1. From the **Domain details** page, select the **Domain settings** tab.
1. From the **Domain settings** tab, under **General settings**, find the `DomainId`. The ID is in the following format: `d-xxxxxxxxxxxx`.
1. Use the domain ID to get the description of the domain.
```
aws sagemaker describe-domain \
--domain-id
```
The response should look similar to the following.
```
{
"DomainId": "d-xxxxxxxxxxxx",
"DefaultUserSettings": {
"KernelGatewayAppSettings": {
"CustomImages": [
],
...
}
}
}
```
1. Save the default user settings section of the response to a file named `default-user-settings.json`.
1. Insert the `ImageName` and `AppImageConfigName` from the previous steps as a custom image. Because `ImageVersionNumber` isn't specified, the latest version of the image is used, which is the only version in this case.
```
{
"DefaultUserSettings": {
"KernelGatewayAppSettings": {
"CustomImages": [
{
"ImageName": "string",
"AppImageConfigName": "string"
}
],
...
}
}
}
```
1. Use the domain ID and default user settings file to update your domain.
```
aws sagemaker update-domain \
--domain-id \
--cli-input-json file://default-user-settings.json
```
The response should look similar to the following.
```
{
"DomainArn": "arn:aws:sagemaker:us-east-2:acct-id:domain/d-xxxxxxxxxxxx"
}
```
## Attach the SageMaker image to a shared space
You can only attach the SageMaker image to a shared space using the AWS CLI. After you attach the version, you must delete all of the applications in your shared space and reopen Studio Classic. For information about deleting the apps, see [Delete an Amazon SageMaker AI domain](gs-studio-delete-domain.md).
You perform the following steps to add the SageMaker image to a shared space.
+ Get your `DomainID` from SageMaker AI control panel.
+ Use the `DomainID` to get the `DefaultSpaceSettings` for the domain.
+ Add the `ImageName` and `AppImageConfig` as a `CustomImage` to the `DefaultSpaceSettings`.
+ Update your domain to include the custom image for the shared space.
**To add the custom SageMaker image to your shared space**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the **Domains** page, select the domain to attach the image to.
1. From the **Domain details** page, select the **Domain settings** tab.
1. From the **Domain settings** tab, under **General settings**, find the `DomainId`. The ID is in the following format: `d-xxxxxxxxxxxx`.
1. Use the domain ID to get the description of the domain.
```
aws sagemaker describe-domain \
--domain-id
```
The response should look similar to the following.
```
{
"DomainId": "d-xxxxxxxxxxxx",
...
"DefaultSpaceSettings": {
"KernelGatewayAppSettings": {
"CustomImages": [
],
...
}
}
}
```
1. Save the default space settings section of the response to a file named `default-space-settings.json`.
1. Insert the `ImageName` and `AppImageConfigName` from the previous steps as a custom image. Because `ImageVersionNumber` isn't specified, the latest version of the image is used, which is the only version in this case.
```
{
"DefaultSpaceSettings": {
"KernelGatewayAppSettings": {
"CustomImages": [
{
"ImageName": "string",
"AppImageConfigName": "string"
}
],
...
}
}
}
```
1. Use the domain ID and default space settings file to update your domain.
```
aws sagemaker update-domain \
--domain-id \
--cli-input-json file://default-space-settings.json
```
The response should look similar to the following.
```
{
"DomainArn": "arn:aws:sagemaker:us-east-2:acct-id:domain/d-xxxxxxxxxxxx"
}
```
## View the attached image in SageMaker AI
After you create the custom SageMaker image and attach it to your domain, the image appears in the **Environment** tab of the domain. You can only view the attached images for shared spaces using the AWS CLI by using the following command.
```
aws sagemaker describe-domain \
--domain-id
```
# Launch a Custom SageMaker Image in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
After you create your custom SageMaker image and attach it to your domain or shared space, the custom image and kernel appear in selectors in the **Change environment** dialog box of the Studio Classic Launcher.
**To launch and select your custom image and kernel**
1. In Amazon SageMaker Studio Classic, open the Launcher. To open the Launcher, choose **Amazon SageMaker Studio Classic** at the top left of the Studio Classic interface or use the keyboard shortcut `Ctrl + Shift + L`.
To learn about all the available ways to open the Launcher, see [Use the Amazon SageMaker Studio Classic Launcher](studio-launcher.md)
![\[SageMaker Studio Classic launcher.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-new-launcher.png)
1. In the Launcher, in the **Notebooks and compute resources** section, choose **Change environment**.
1. In the **Change environment** dialog, use the dropdown menus to select your **Image** from the **Custom Image** section, and your **Kernel**, then choose **Select**.
1. In the Launcher, choose **Create notebook** or **Open image terminal**. Your notebook or terminal launches in the selected custom image and kernel.
To change your image or kernel in an open notebook, see [Change the Image or a Kernel for an Amazon SageMaker Studio Classic Notebook](notebooks-run-and-manage-change-image.md).
**Note**
If you encounter an error when launching the image, check your Amazon CloudWatch logs. The name of the log group is `/aws/sagemaker/studio`. The name of the log stream is `$domainID/$userProfileName/KernelGateway/$appName`.
# Clean Up Resources for Custom Images in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following sections show how to clean up the resources you created in the previous sections from the SageMaker AI console or AWS CLI. You perform the following steps to clean up the resources:
+ Detach the image and image versions from your domain.
+ Delete the image, image version, and app image config.
+ Delete the container image and repository from Amazon ECR. For more information, see [Deleting a repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-delete.html).
## Clean up resources from the SageMaker AI console
The following section shows how to clean up resources from the SageMaker AI console.
When you detach an image from a domain, all versions of the image are detached. When an image is detached, all users of the domain lose access to the image versions. A running notebook that has a kernel session on an image version when the version is detached, continues to run. When the notebook is stopped or the kernel is shut down, the image version becomes unavailable.
**To detach an image**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Images**.
1. Under **Custom SageMaker Studio Classic images attached to domain**, choose the image and then choose **Detach**.
1. (Optional) To delete the image and all versions from SageMaker AI, select **Also delete the selected images ...**. This does not delete the associated container images from Amazon ECR.
1. Choose **Detach**.
## Clean up resources from the AWS CLI
The following section shows how to clean up resources from the AWS CLI.
**To clean up resources**
1. Detach the image and image versions from your domain by passing an empty custom image list to the domain. Open the `default-user-settings.json` file you created in [Attach the SageMaker image to your current domain](studio-byoi-attach.md#studio-byoi-sdk-attach-current-domain). To detach the image and image version from a shared space, open the `default-space-settings.json` file.
1. Delete the custom images and then save the file.
```
"DefaultUserSettings": {
"KernelGatewayAppSettings": {
"CustomImages": [
],
...
},
...
}
```
1. Use the domain ID and default user settings file to update your domain. To update your shared space, use the default space settings file.
```
aws sagemaker update-domain \
--domain-id \
--cli-input-json file://default-user-settings.json
```
The response should look similar to the following.
```
{
"DomainArn": "arn:aws:sagemaker:us-east-2:acct-id:domain/d-xxxxxxxxxxxx"
}
```
1. Delete the app image config.
```
aws sagemaker delete-app-image-config \
--app-image-config-name custom-image-config
```
1. Delete the SageMaker image, which also deletes all image versions. The container images in ECR that are represented by the image versions are not deleted.
```
aws sagemaker delete-image \
--image-name custom-image
```
# Use Lifecycle Configurations to Customize Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic triggers lifecycle configurations shell scripts during important lifecycle events, such as starting a new Studio Classic notebook. You can use lifecycle configurations to automate customization for your Studio Classic environment. This customization includes installing custom packages, configuring notebook extensions, preloading datasets, and setting up source code repositories.
Using lifecycle configurations gives you flexibility and control to configure Studio Classic to meet your specific needs. For example, you can use customized container images with lifecycle configuration scripts to modify your environment. First, create a minimal set of base container images, then install the most commonly used packages and libraries in those images. After you have completed your images, use lifecycle configurations to install additional packages for specific use cases. This gives you the flexibility to modify your environment across your data science and machine learning teams based on need.
Users can only select lifecycle configuration scripts that they are given access to. While you can give access to multiple lifecycle configuration scripts, you can also set default lifecycle configuration scripts for resources. Based on the resource that the default lifecycle configuration is set for, the default either runs automatically or is the first option shown.
For example lifecycle configuration scripts, see the [Studio Classic Lifecycle Configuration examples GitHub repository](https://github.com/aws-samples/sagemaker-studio-lifecycle-config-examples). For a blog on implementing lifecycle configuration, see [Customize Amazon SageMaker Studio Classic using Lifecycle Configurations](https://aws.amazon.com/blogs/machine-learning/customize-amazon-sagemaker-studio-using-lifecycle-configurations/).
**Note**
Each script has a limit of **16384 characters**.
**Topics**
+ [
# Create and Associate a Lifecycle Configuration with Amazon SageMaker Studio Classic
](studio-lcc-create.md)
+ [
# Set Default Lifecycle Configurations for Amazon SageMaker Studio Classic
](studio-lcc-defaults.md)
+ [
# Debug Lifecycle Configurations in Amazon SageMaker Studio Classic
](studio-lcc-debug.md)
+ [
# Update and Detach Lifecycle Configurations in Amazon SageMaker Studio Classic
](studio-lcc-delete.md)
# Create and Associate a Lifecycle Configuration with Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker AI provides interactive applications that enable Studio Classic's visual interface, code authoring, and run experience. This series shows how to create a lifecycle configuration and associate it with a SageMaker AI domain.
Application types can be either `JupyterServer` or `KernelGateway`.
+ **`JupyterServer` applications:** This application type enables access to the visual interface for Studio Classic. Every user and shared space in Studio Classic gets its own JupyterServer application.
+ **`KernelGateway` applications:** This application type enables access to the code run environment and kernels for your Studio Classic notebooks and terminals. For more information, see [Jupyter Kernel Gateway](https://jupyter-kernel-gateway.readthedocs.io/en/latest/).
For more information about Studio Classic's architecture and Studio Classic applications, see [Use Amazon SageMaker Studio Classic Notebooks](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks.html).
**Topics**
+ [
# Create a Lifecycle Configuration from the AWS CLI for Amazon SageMaker Studio Classic
](studio-lcc-create-cli.md)
+ [
# Create a Lifecycle Configuration from the SageMaker AI Console for Amazon SageMaker Studio Classic
](studio-lcc-create-console.md)
# Create a Lifecycle Configuration from the AWS CLI for Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following topic shows how to create a lifecycle configuration using the AWS CLI to automate customization for your Studio Classic environment.
## Prerequisites
Before you begin, complete the following prerequisites:
+ Update the AWS CLI by following the steps in [Installing the current AWS CLI Version](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html#install-tool-bundled).
+ From your local machine, run `aws configure` and provide your AWS credentials. For information about AWS credentials, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html).
+ Onboard to SageMaker AI domain by following the steps in [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
## Step 1: Create a lifecycle configuration
The following procedure shows how to create a lifecycle configuration script that prints `Hello World`.
**Note**
Each script can have up to **16,384 characters**.
1. From your local machine, create a file named `my-script.sh` with the following content.
```
#!/bin/bash
set -eux
echo 'Hello World!'
```
1. Convert your `my-script.sh` file into base64 format. This requirement prevents errors that occur from spacing and line break encoding.
```
LCC_CONTENT=`openssl base64 -A -in my-script.sh`
```
1. Create a lifecycle configuration for use with Studio Classic. The following command creates a lifecycle configuration that runs when you launch an associated `KernelGateway` application.
```
aws sagemaker create-studio-lifecycle-config \
--region region \
--studio-lifecycle-config-name my-studio-lcc \
--studio-lifecycle-config-content $LCC_CONTENT \
--studio-lifecycle-config-app-type KernelGateway
```
Note the ARN of the newly created lifecycle configuration that is returned. This ARN is required to attach the lifecycle configuration to your application.
## Step 2: Attach the lifecycle configuration to your domain, user profile, or shared space
To attach the lifecycle configuration, you must update the `UserSettings` for your domain or user profile, or the `SpaceSettings` for a shared space. Lifecycle configuration scripts that are associated at the domain level are inherited by all users. However, scripts that are associated at the user profile level are scoped to a specific user, while scripts that are associated at the shared space level are scoped to the shared space.
The following example shows how to create a new user profile with the lifecycle configuration attached. You can also create a new domain or space with a lifecycle configuration attached by using the [create-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-domain.html) and [create-space](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-space.html) commands, respectively.
Add the lifecycle configuration ARN from the previous step to the settings for the appropriate app type. For example, place it in the `JupyterServerAppSettings` of the user. You can add multiple lifecycle configurations at the same time by passing a list of lifecycle configurations. When a user launches a JupyterServer application with the AWS CLI, they can pass a lifecycle configuration to use instead of the default. The lifecycle configuration that the user passes must belong to the list of lifecycle configurations in `JupyterServerAppSettings`.
```
# Create a new UserProfile
aws sagemaker create-user-profile --domain-id domain-id \
--user-profile-name user-profile-name \
--region region \
--user-settings '{
"JupyterServerAppSettings": {
"LifecycleConfigArns":
[lifecycle-configuration-arn-list]
}
}'
```
The following example shows how to update an existing shared space to attach the lifecycle configuration. You can also update an existing domain or user profile with a lifecycle configuration attached by using the [update-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-domain.html) or [update-user-profile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-user-profile.html) command. When you update the list of lifecycle configurations attached, you must pass all lifecycle configurations as part of the list. If a lifecycle configuration is not part of this list, it will not be attached to the application.
```
aws sagemaker update-space --domain-id domain-id \
--space-name space-name \
--region region \
--space-settings '{
"JupyterServerAppSettings": {
"LifecycleConfigArns":
[lifecycle-configuration-arn-list]
}
}'
```
For information about setting a default lifecycle configuration for a resource, see [Set Default Lifecycle Configurations for Amazon SageMaker Studio Classic](studio-lcc-defaults.md).
## Step 3: Launch application with lifecycle configuration
After you attach a lifecycle configuration to a domain, user profile, or space, the user can select it when launching an application with the AWS CLI. This section describes how to launch an application with an attached lifecycle configuration. For information about changing the default lifecycle configuration after launching a JupyterServer application, see [Set Default Lifecycle Configurations for Amazon SageMaker Studio Classic](studio-lcc-defaults.md).
Launch the desired application type using the `create-app` command and specify the lifecycle configuration ARN in the `resource-spec` argument.
+ The following example shows how to create a `JupyterServer` application with an associated lifecycle configuration. When creating the `JupyterServer`, the `app-name` must be `default`. The lifecycle configuration ARN passed as part of the `resource-spec` parameter must be part of the list of lifecycle configuration ARNs specified in `UserSettings` for your domain or user profile, or `SpaceSettings` for a shared space.
```
aws sagemaker create-app --domain-id domain-id \
--region region \
--user-profile-name user-profile-name \
--app-type JupyterServer \
--resource-spec LifecycleConfigArn=lifecycle-configuration-arn \
--app-name default
```
+ The following example shows how to create a `KernelGateway` application with an associated lifecycle configuration.
```
aws sagemaker create-app --domain-id domain-id \
--region region \
--user-profile-name user-profile-name \
--app-type KernelGateway \
--resource-spec LifecycleConfigArn=lifecycle-configuration-arn,SageMakerImageArn=sagemaker-image-arn,InstanceType=instance-type \
--app-name app-name
```
# Create a Lifecycle Configuration from the SageMaker AI Console for Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following topic shows how to create a lifecycle configuration from the Amazon SageMaker AI console to automate customization for your Studio Classic environment.
## Prerequisites
Before you can begin this tutorial, complete the following prerequisite:
+ Onboard to Amazon SageMaker Studio Classic. For more information, see [Onboard to Amazon SageMaker Studio Classic](https://docs.aws.amazon.com/sagemaker/latest/dg/gs-studio-onboard.html).
## Step 1: Create a new lifecycle configuration
You can create a lifecycle configuration by entering a script from the Amazon SageMaker AI console.
**Note**
Each script can have up to **16,384 characters**.
The following procedure shows how to create a lifecycle configuration script that prints `Hello World`.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Lifecycle configurations**.
1. Choose the **Studio** tab.
1. Choose **Create configuration**.
1. Under **Select configuration type**, select the type of application that the lifecycle configuration should be attached to. For more information about selecting which application to attach the lifecycle configuration to, see [Set Default Lifecycle Configurations for Amazon SageMaker Studio Classic](studio-lcc-defaults.md).
1. Choose **Next**.
1. In the section called **Configuration settings**, enter a name for your lifecycle configuration.
1. In the **Scripts** section, enter the following content.
```
#!/bin/bash
set -eux
echo 'Hello World!'
```
1. (Optional) Create a tag for your lifecycle configuration.
1. Choose **Submit**.
## Step 2: Attach the lifecycle configuration to a domain or user profile
Lifecycle configuration scripts associated at the domain level are inherited by all users. However, scripts that are associated at the user profile level are scoped to a specific user.
You can attach multiple lifecycle configurations to a domain or user profile for both JupyterServer and KernelGateway applications.
**Note**
To attach a lifecycle configuration to a shared space, you must use the AWS CLI. For more information, see [Create a Lifecycle Configuration from the AWS CLI for Amazon SageMaker Studio Classic](studio-lcc-create-cli.md).
The following sections show how to attach a lifecycle configuration to your domain or user profile.
### Attach to a domain
The following shows how to attach a lifecycle configuration to your existing domain from the SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain to attach the lifecycle configuration to.
1. From the **Domain details**, choose the **Environment** tab.
1. Under **Lifecycle configurations for personal Studio apps**, choose **Attach**.
1. Under **Source**, choose **Existing configuration**.
1. Under **Studio lifecycle configurations**, select the lifecycle configuration that you created in the previous step.
1. Select **Attach to domain**.
### Attach to your user profile
The following shows how to attach a lifecycle configuration to your existing user profile.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain that contains the user profile to attach the lifecycle configuration to.
1. Under **User profiles**, select the user profile.
1. From the **User Details** page, choose **Edit**.
1. On the left navigation, choose **Studio settings**.
1. Under **Lifecycle configurations attached to user**, choose **Attach**.
1. Under **Source**, choose **Existing configuration**.
1. Under **Studio lifecycle configurations**, select the lifecycle configuration that you created in the previous step.
1. Choose **Attach to user profile**.
## Step 3: Launch an application with the lifecycle configuration
After you attach a lifecycle configuration to a domain or user profile, you can launch an application with that attached lifecycle configuration. Choosing which lifecycle configuration to launch with depends on the application type.
+ **JupyterServer**: When launching a JupyterServer application from the console, SageMaker AI always uses the default lifecycle configuration. You can't use a different lifecycle configuration when launching from the console. For information about changing the default lifecycle configuration after launching a JupyterServer application, see [Set Default Lifecycle Configurations for Amazon SageMaker Studio Classic](studio-lcc-defaults.md).
To select a different attached lifecycle configuration, you must launch with the AWS CLI. For more information about launching a JupyterServer application with an attached lifecycle configuration from the AWS CLI, see [Create a Lifecycle Configuration from the AWS CLI for Amazon SageMaker Studio Classic](studio-lcc-create-cli.md).
+ **KernelGateway**: You can select any of the attached lifecycle configurations when launching a KernelGateway application using the Studio Classic Launcher.
The following procedure describes how to launch a KernelGateway application with an attached lifecycle configuration from the SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. Launch Studio Classic. For more information, see [Launch Amazon SageMaker Studio Classic](studio-launch.md).
1. In the Studio Classic UI, open the Studio Classic Launcher. For more information, see [Use the Amazon SageMaker Studio Classic Launcher](studio-launcher.md).
1. In the Studio Classic Launcher, navigate to the **Notebooks and compute resources** section.
1. Click the **Change environment** button.
1. On the **Change environment** dialog, use the dropdown menus to select your **Image**, **Kernel**, **Instance type**, and a **Start-up script**. If there is no default lifecycle configuration, the **Start-up script** value defaults to `No script`. Otherwise, the **Start-up script** value is your default lifecycle configuration. After you select a lifecycle configuration, you can view the entire script.
1. Click **Select**.
1. Back to the Launcher, click the **Create notebook** to launch a new notebook kernel with your selected image and lifecycle configuration.
## Step 4: View logs for a lifecycle configuration
You can view the logs for your lifecycle configuration after it has been attached to a domain or user profile.
1. First, provide access to CloudWatch for your AWS Identity and Access Management (IAM) role. Add read permissions for the following log group and log stream.
+ **Log group:**`/aws/sagemaker/studio`
+ **Log stream:**`domain/user-profile/app-type/app-name/LifecycleConfigOnStart`
For information about adding permissions, see [Enabling logging from certain AWS services](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html).
1. From within Studio Classic, navigate to the **Running Terminals and Kernels** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/running-terminals-kernels.png)) to monitor your lifecycle configuration.
1. Select an application from the list of running applications. Applications with attached lifecycle configurations have an attached indicator icon ![\[Code brackets symbol representing programming or markup languages.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/studio-lcc-indicator-icon.png).
1. Select the indicator icon for your application. This opens a new panel that lists the lifecycle configuration.
1. From the new panel, select `View logs`. This opens a new tab that displays the logs.
# Set Default Lifecycle Configurations for Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Although you can attach multiple lifecycle configuration scripts to a single resource, you can only set one default lifecycle configuration for each JupyterServer or KernelGateway application. The behavior of the default lifecycle configuration depends on whether it is set for JupyterServer or KernelGateway apps.
+ **JupyterServer apps:** When set as the default lifecycle configuration script for JupyterServer apps, the lifecycle configuration script runs automatically when the user signs in to Studio Classic for the first time or restarts Studio Classic. Use this default lifecycle configuration to automate one-time setup actions for the Studio Classic developer environment, such as installing notebook extensions or setting up a GitHub repo. For an example of this, see [Customize Amazon SageMaker Studio using Lifecycle Configurations](https://aws.amazon.com/blogs/machine-learning/customize-amazon-sagemaker-studio-using-lifecycle-configurations/).
+ **KernelGateway apps:** When set as the default lifecycle configuration script for KernelGateway apps, the lifecycle configuration is selected by default in the Studio Classic launcher. Users can launch a notebook or terminal with the default script selected, or they can select a different one from the list of lifecycle configurations.
SageMaker AI supports setting a default lifecycle configuration for the following resources:
+ Domains
+ User profiles
+ Shared spaces
While domains and user profiles support setting a default lifecycle configuration from both the Amazon SageMaker AI console and AWS Command Line Interface, shared spaces only support setting a default lifecycle configuration from the AWS CLI.
You can set a lifecycle configuration as the default when creating a new resource or updating an existing resource. The following topics demonstrate how to set a default lifecycle configuration using the SageMaker AI console and AWS CLI.
## Default lifecycle configuration inheritance
Default lifecycle configurations set at the *domain* level are inherited by all users and shared spaces. Default lifecycle configurations set at the *user* and *shared space* level are scoped to only that user or shared space. User and space defaults override defaults set at the domain level.
A default KernelGateway lifecycle configuration set for a domain applies to all KernelGateway applications launched in the domain. Unless the user selects a different lifecycle configuration from the list presented in the Studio Classic launcher, the default lifecycle configuration is used. The default script also runs if `No Script` is selected by the user. For more information about selecting a script, see [Step 3: Launch an application with the lifecycle configuration](studio-lcc-create-console.md#studio-lcc-create-console-step3).
**Topics**
+ [
## Default lifecycle configuration inheritance
](#studio-lcc-defaults-inheritance)
+ [
# Set Defaults from the AWS CLI for Amazon SageMaker Studio Classic
](studio-lcc-defaults-cli.md)
+ [
# Set Defaults from the SageMaker AI Console for Amazon SageMaker Studio Classic
](studio-lcc-defaults-console.md)
# Set Defaults from the AWS CLI for Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You can set default lifecycle configuration scripts from the AWS CLI for the following resources:
+ Domains
+ User profiles
+ Shared spaces
The following sections outline how to set default lifecycle configuration scripts from the AWS CLI.
**Topics**
+ [
## Prerequisites
](#studio-lcc-defaults-cli-prereq)
+ [
## Set a default lifecycle configuration when creating a new resource
](#studio-lcc-defaults-cli-new)
+ [
## Set a default lifecycle configuration for an existing resource
](#studio-lcc-defaults-cli-existing)
## Prerequisites
Before you begin, complete the following prerequisites:
+ Update the AWS CLI by following the steps in [Installing the current AWS CLI version](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html#install-tool-bundled).
+ From your local machine, run `aws configure` and provide your AWS credentials. For information about AWS credentials, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html).
+ Onboard to SageMaker AI domain by following the steps in [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
+ Create a lifecycle configuration following the steps in [Create and Associate a Lifecycle Configuration with Amazon SageMaker Studio Classic](studio-lcc-create.md).
## Set a default lifecycle configuration when creating a new resource
To set a default lifecycle configuration when creating a new domain, user profile, or space, pass the ARN of your previously created lifecycle configuration as part of one of the following AWS CLI commands:
+ [create-user-profile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-user-profile.html)
+ [create-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/opensearch/create-domain.html)
+ [create-space](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-space.html)
You must pass the lifecycle configuration ARN for the following values in the KernelGateway or JupyterServer default settings:
+ `DefaultResourceSpec`:`LifecycleConfigArn` - This specifies the default lifecycle configuration for the application type.
+ `LifecycleConfigArns` - This is the list of all lifecycle configurations attached to the application type. The default lifecycle configuration must also be part of this list.
For example, the following API call creates a new user profile with a default lifecycle configuration.
```
aws sagemaker create-user-profile --domain-id domain-id \
--user-profile-name user-profile-name \
--region region \
--user-settings '{
"KernelGatewayAppSettings": {
"DefaultResourceSpec": {
"InstanceType": "ml.t3.medium",
"LifecycleConfigArn": "lifecycle-configuration-arn"
},
"LifecycleConfigArns": [lifecycle-configuration-arn-list]
}
}'
```
## Set a default lifecycle configuration for an existing resource
To set or update the default lifecycle configuration for an existing resource, pass the ARN of your previously created lifecycle configuration as part of one of the following AWS CLI commands:
+ [update-user-profile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-user-profile.html)
+ [update-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-domain.html)
+ [update-space](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-space.html)
You must pass the lifecycle configuration ARN for the following values in the KernelGateway or JupyterServer default settings:
+ `DefaultResourceSpec`:`LifecycleConfigArn` - This specifies the default lifecycle configuration for the application type.
+ `LifecycleConfigArns` - This is the list of all lifecycle configurations attached to the application type. The default lifecycle configuration must also be part of this list.
For example, the following API call updates a user profile with a default lifecycle configuration.
```
aws sagemaker update-user-profile --domain-id domain-id \
--user-profile-name user-profile-name \
--region region \
--user-settings '{
"KernelGatewayAppSettings": {
"DefaultResourceSpec": {
"InstanceType": "ml.t3.medium",
"LifecycleConfigArn": "lifecycle-configuration-arn"
},
"LifecycleConfigArns": [lifecycle-configuration-arn-list]
}
}'
```
The following API call updates a domain to set a new default lifecycle configuration.
```
aws sagemaker update-domain --domain-id domain-id \
--region region \
--default-user-settings '{
"JupyterServerAppSettings": {
"DefaultResourceSpec": {
"InstanceType": "system",
"LifecycleConfigArn": "lifecycle-configuration-arn"
},
"LifecycleConfigArns": [lifecycle-configuration-arn-list]
}
}'
```
# Set Defaults from the SageMaker AI Console for Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You can set default lifecycle configuration scripts from the SageMaker AI console for the following resources.
+ Domains
+ User profiles
You cannot set default lifecycle configuration scripts for shared spaces from the SageMaker AI console. For information about setting defaults for shared spaces, see [Set Defaults from the AWS CLI for Amazon SageMaker Studio Classic](studio-lcc-defaults-cli.md).
The following sections outline how to set default lifecycle configuration scripts from the SageMaker AI console.
**Topics**
+ [
## Prerequisites
](#studio-lcc-defaults-cli-prerequisites)
+ [
## Set a default lifecycle configuration for a domain
](#studio-lcc-defaults-cli-domain)
+ [
## Set a default lifecycle configuration for a user profile
](#studio-lcc-defaults-cli-user-profile)
## Prerequisites
Before you begin, complete the following prerequisites:
+ Onboard to SageMaker AI domain by following the steps in [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
+ Create a lifecycle configuration following the steps in [Create and Associate a Lifecycle Configuration with Amazon SageMaker Studio Classic](studio-lcc-create.md).
## Set a default lifecycle configuration for a domain
The following procedure shows how to set a default lifecycle configuration for a domain from the SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the list of domains, select the name of the domain to set the default lifecycle configuration for.
1. From the **Domain details** page, choose the **Environment** tab.
1. Under **Lifecycle configurations for personal Studio apps**, select the lifecycle configuration that you want to set as the default for the domain. You can set distinct defaults for JupyterServer and KernelGateway applications.
1. Choose **Set as default**. This opens a pop up window that lists the current defaults for JupyterServer and KernelGateway applications.
1. Choose **Set as default** to set the lifecycle configuration as the default for its respective application type.
## Set a default lifecycle configuration for a user profile
The following procedure shows how to set a default lifecycle configuration for a user profile from the SageMaker AI console.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the list of domains, select the name of the domain that contains the user profile that you want to set the default lifecycle configuration for.
1. From the **Domain details** page, choose the **User profiles** tab.
1. Select the name of the user profile to set the default lifecycle configuration for. This opens a **User Details** page.
1. From the **User Details** page, choose **Edit**. This opens an **Edit user profile** page.
1. From the **Edit user profile** page, choose **Step 2 Studio settings**.
1. Under **Lifecycle configurations attached to user**, select the lifecycle configuration that you want to set as the default for the user profile. You can set distinct defaults for JupyterServer and KernelGateway applications.
1. Choose **Set as default**. This opens a pop up window that lists the current defaults for JupyterServer and KernelGateway applications.
1. Choose **Set as default** to set the lifecycle configuration as the default for its respective application type.
# Debug Lifecycle Configurations in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following topics show how to get information about and debug your lifecycle configurations.
**Topics**
+ [
## Verify lifecycle configuration process from CloudWatch Logs
](#studio-lcc-debug-logs)
+ [
## JupyterServer app failure
](#studio-lcc-debug-jupyterserver)
+ [
## KernelGateway app failure
](#studio-lcc-debug-kernel)
+ [
## Lifecycle configuration timeout
](#studio-lcc-debug-timeout)
## Verify lifecycle configuration process from CloudWatch Logs
Lifecycle configurations only log `STDOUT` and `STDERR`.
`STDOUT` is the default output for bash scripts. You can write to `STDERR` by appending `>&2` to the end of a bash command. For example, `echo 'hello'>&2`.
Logs for your lifecycle configurations are published to your AWS account using Amazon CloudWatch. These logs can be found in the `/aws/sagemaker/studio` log stream in the CloudWatch console.
1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. Choose **Logs** from the left side. From the dropdown menu, select **Log groups**.
1. On the **Log groups** page, search for `aws/sagemaker/studio`.
1. Select the log group.
1. On the **Log group details** page, choose the **Log streams** tab.
1. To find the logs for a specific app, search the log streams using the following format:
```
domain-id/space-name/app-type/default/LifecycleConfigOnStart
```
For example, to find the lifecycle configuration logs for domain `d-m85lcu8vbqmz`, space name `i-sonic-js`, and application type `JupyterLab`, use the following search string:
```
d-m85lcu8vbqmz/i-sonic-js/JupyterLab/default/LifecycleConfigOnStart
```
## JupyterServer app failure
If your JupyterServer app crashes because of an issue with the attached lifecycle configuration, Studio Classic displays the following error message on the Studio Classic startup screen.
```
Failed to create SageMaker Studio due to start-up script failure
```
Select the `View script logs` link to view the CloudWatch logs for your JupyterServer app.
In the case where the faulty lifecycle configuration is specified in the `DefaultResourceSpec` of your domain, user profile, or shared space, Studio Classic continues to use the lifecycle configuration even after restarting Studio Classic.
To resolve this error, follow the steps in [Set Default Lifecycle Configurations for Amazon SageMaker Studio Classic](studio-lcc-defaults.md) to remove the lifecycle configuration script from the `DefaultResourceSpec` or select another script as the default. Then launch a new JupyterServer app.
## KernelGateway app failure
If your KernelGateway app crashes because of an issue with the attached lifecycle configuration, Studio Classic displays the error message in your Studio Classic Notebook.
Choose `View script logs` to view the CloudWatch logs for your KernelGateway app.
In this case, your lifecycle configuration is specified in the Studio Classic Launcher when launching a new Studio Classic Notebook.
To resolve this error, use the Studio Classic launcher to select a different lifecycle configuration or select `No script`.
**Note**
A default KernelGateway lifecycle configuration specified in `DefaultResourceSpec` applies to all KernelGateway images in the domain, user profile, or shared space unless the user selects a different script from the list presented in the Studio Classic launcher. The default script also runs if `No Script` is selected by the user. For more information on selecting a script, see [Step 3: Launch an application with the lifecycle configuration](studio-lcc-create-console.md#studio-lcc-create-console-step3).
## Lifecycle configuration timeout
There is a lifecycle configuration timeout limitation of 5 minutes. If a lifecycle configuration script takes longer than 5 minutes to run, Studio Classic throws an error.
To resolve this error, ensure that your lifecycle configuration script completes in less than 5 minutes.
To help decrease the run time of scripts, try the following:
+ Cut down on necessary steps. For example, limit which conda environments to install large packages in.
+ Run tasks in parallel processes.
+ Use the `nohup` command in your script to ensure that hangup signals are ignored and do not stop the execution of the script.
# Update and Detach Lifecycle Configurations in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
A lifecycle configuration script can't be changed after it's created. To update your script, you must create a new lifecycle configuration script and attach it to the respective domain, user profile, or shared space. For more information about creating and attaching the lifecycle configuration, see [Create and Associate a Lifecycle Configuration with Amazon SageMaker Studio Classic](studio-lcc-create.md).
The following topic shows how to detach a lifecycle configuration using the AWS CLI and SageMaker AI console.
**Topics**
+ [
## Prerequisites
](#studio-lcc-delete-pre)
+ [
## Detach using the AWS CLI
](#studio-lcc-delete-cli)
## Prerequisites
Before detaching a lifecycle configuration, you must complete the following prerequisite.
+ To successfully detach a lifecycle configuration, no running application can be using the lifecycle configuration. You must first shut down the running applications as shown in [Shut Down and Update Amazon SageMaker Studio Classic and Apps](studio-tasks-update.md).
## Detach using the AWS CLI
To detach a lifecycle configuration using the AWS CLI, remove the desired lifecycle configuration from the list of lifecycle configurations attached to the resource and pass the list as part of the respective command:
+ [update-user-profile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-user-profile.html)
+ [update-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-domain.html)
+ [update-space](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-space.html)
For example, the following command removes all lifecycle configurations for KernelGateways attached to the domain.
```
aws sagemaker update-domain --domain-id domain-id \
--region region \
--default-user-settings '{
"KernelGatewayAppSettings": {
"LifecycleConfigArns":
[]
}
}'
```
# Attach Suggested Git Repos to Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic offers a Git extension for you to enter the URL of a Git repository (repo), clone it into your environment, push changes, and view commit history. In addition to this Git extension, you can also attach suggested Git repository URLs at the Amazon SageMaker AI domain or user profile level. Then, you can select the repo URL from the list of suggestions and clone that into your environment using the Git extension in Studio Classic.
The following topics show how to attach Git repo URLs to a domain or user profile from the AWS CLI and SageMaker AI console. You'll also learn how to detach these repository URLs.
**Topics**
+ [
# Attach a Git Repository from the AWS CLI for Amazon SageMaker Studio Classic
](studio-git-attach-cli.md)
+ [
# Attach a Git Repository from the SageMaker AI Console for Amazon SageMaker Studio Classic
](studio-git-attach-console.md)
+ [
# Detach Git Repos from Amazon SageMaker Studio Classic
](studio-git-detach.md)
# Attach a Git Repository from the AWS CLI for Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following topic shows how to attach a Git repository URL using the AWS CLI, so that Amazon SageMaker Studio Classic automatically suggests it for cloning. After you attach the Git repository URL, you can clone it by following the steps in [Clone a Git Repository in Amazon SageMaker Studio Classic](studio-tasks-git.md).
## Prerequisites
Before you begin, complete the following prerequisites:
+ Update the AWS CLI by following the steps in [Installing the current AWS CLI Version](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html#install-tool-bundled).
+ From your local machine, run `aws configure` and provide your AWS credentials. For information about AWS credentials, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html).
+ Onboard to Amazon SageMaker AI domain. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
## Attach the Git repo to a domain or user profile
Git repo URLs associated at the domain level are inherited by all users. However, Git repo URLs that are associated at the user profile level are scoped to a specific user. You can attach multiple Git repo URLs to a domain or user profile by passing a list of repository URLs.
The following sections show how to attach a Git repo URL to your domain and user profile.
### Attach to a domain
The following command attaches a Git repo URL to an existing domain.
```
aws sagemaker update-domain --region region --domain-id domain-id \
--default-user-settings JupyterServerAppSettings={CodeRepositories=[{RepositoryUrl="repository"}]}
```
### Attach to a user profile
The following shows how to attach a Git repo URL to an existing user profile.
```
aws sagemaker update-user-profile --domain-id domain-id --user-profile-name user-name\
--user-settings JupyterServerAppSettings={CodeRepositories=[{RepositoryUrl="repository"}]}
```
# Attach a Git Repository from the SageMaker AI Console for Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following topic shows how to associate a Git repository URL from the Amazon SageMaker AI console to clone it in your Studio Classic environment. After you associate the Git repository URL, you can clone it by following the steps in [Clone a Git Repository in Amazon SageMaker Studio Classic](studio-tasks-git.md).
## Prerequisites
Before you can begin this tutorial, you must onboard to Amazon SageMaker AI domain. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
## Attach the Git repo to a domain or user profile
Git repo URLs associated at the domain level are inherited by all users. However, Git repo URL that are associated at the user profile level are scoped to a specific user.
The following sections show how to attach a Git repo URL to a domain and user profile.
### Attach to a domain
**To attach a Git repo URL to an existing domain**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Select the domain to attach the Git repo to.
1. On the **domain details** page, choose the **Environment** tab.
1. On the **Suggested code repositories for the domain** tab, choose **Attach**.
1. Under **Source**, enter the Git repository URL.
1. Select **Attach to domain**.
### Attach to a user profile
The following shows how to attach a Git repository URL to an existing user profile.
**To attach a Git repository URL to a user profile**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Select the domain that includes the user profile to attach the Git repo to.
1. On the **domain details** page, choose the **User profiles** tab.
1. Select the user profile to attach the Git repo URL to.
1. On the **User details** page, choose **Edit**.
1. On the **Studio settings** page, choose **Attach** from the **Suggested code repositories for the user** section.
1. Under **Source**, enter the Git repository URL.
1. Choose **Attach to user**.
# Detach Git Repos from Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
This guide shows how to detach Git repository URLs from an Amazon SageMaker AI domain or user profile using the AWS CLI or Amazon SageMaker AI console.
**Topics**
+ [
## Detach a Git repo using the AWS CLI
](#studio-git-detach-cli)
+ [
## Detach the Git repo using the SageMaker AI console
](#studio-git-detach-console)
## Detach a Git repo using the AWS CLI
To detach all Git repo URLs from a domain or user profile, you must pass an empty list of code repositories. This list is passed as part of the `JupyterServerAppSettings` parameter in an `update-domain` or `update-user-profile` command. To detach only one Git repo URL, pass the code repositories list without the desired Git repo URL. This section shows how to detach all Git repo URLs from your domain or user profile using the AWS Command Line Interface (AWS CLI).
### Detach from a domain
The following command detaches all Git repo URLs from a domain.
```
aws sagemaker update-domain --region region --domain-name domain-name \
--domain-settings JupyterServerAppSettings={CodeRepositories=[]}
```
### Detach from a user profile
The following command detaches all Git repo URLs from a user profile.
```
aws sagemaker update-user-profile --domain-name domain-name --user-profile-name user-name\
--user-settings JupyterServerAppSettings={CodeRepositories=[]}
```
## Detach the Git repo using the SageMaker AI console
The following sections show how to detach a Git repo URL from a domain or user profile using the SageMaker AI console.
### Detach from a domain
Use the following steps to detach a Git repo URL from an existing domain.
**To detach a Git repo URL from an existing domain**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Select the domain with the Git repo URL that you want to detach.
1. On the **domain details** page, choose the **Environment** tab.
1. On the **Suggested code repositories for the domain** tab, select the Git repository URL to detach.
1. Choose **Detach**.
1. From the new window, choose **Detach**.
### Detach from a user profile
Use the following steps to detach a Git repo URL from a user profile.
**To detach a Git repo URL from a user profile**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Select the domain that includes the user profile with the Git repo URL that you want to detach.
1. On the **domain details** page, choose the **User profiles** tab.
1. Select the user profile with the Git repo URL that you want to detach.
1. On the **User details** page, choose **Edit**.
1. On the **Studio settings** page, select the Git repo URL to detach from the **Suggested code repositories for the user** tab.
1. Choose **Detach**.
1. From the new window, choose **Detach**.
# Perform Common Tasks in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following sections describe how to perform common tasks in Amazon SageMaker Studio Classic. For an overview of the Studio Classic interface, see [Amazon SageMaker Studio Classic UI Overview](studio-ui.md).
**Topics**
+ [
# Upload Files to Amazon SageMaker Studio Classic
](studio-tasks-files.md)
+ [
# Clone a Git Repository in Amazon SageMaker Studio Classic
](studio-tasks-git.md)
+ [
# Stop a Training Job in Amazon SageMaker Studio Classic
](studio-tasks-stop-training-job.md)
+ [
# Use TensorBoard in Amazon SageMaker Studio Classic
](studio-tensorboard.md)
+ [
# Use Amazon Q Developer with Amazon SageMaker Studio Classic
](sm-q.md)
+ [
# Manage Your Amazon EFS Storage Volume in Amazon SageMaker Studio Classic
](studio-tasks-manage-storage.md)
+ [
# Provide Feedback on Amazon SageMaker Studio Classic
](studio-tasks-provide-feedback.md)
+ [
# Shut Down and Update Amazon SageMaker Studio Classic and Apps
](studio-tasks-update.md)
# Upload Files to Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
When you onboard to Amazon SageMaker Studio Classic, a home directory is created for you in the Amazon Elastic File System (Amazon EFS) volume that was created for your team. Studio Classic can only open files that have been uploaded to your directory. The Studio Classic file browser maps to your home directory.
**Note**
Studio Classic does not support uploading folders. While you can only upload individual files, you can upload multiple files at the same time.
**To upload files to your home directory**
1. In the left sidebar, choose the **File Browser** icon ( ![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)).
1. In the file browser, choose the **Upload Files** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/File_upload_squid.png)).
1. Select the files you want to upload and then choose **Open**.
1. Double-click a file to open the file in a new tab in Studio Classic.
# Clone a Git Repository in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic can only connect only to a local Git repository (repo). This means that you must clone the Git repo from within Studio Classic to access the files in the repo. Studio Classic offers a Git extension for you to enter the URL of a Git repo, clone it into your environment, push changes, and view commit history. If the repo is private and requires credentials to access, then you are prompted to enter your user credentials. This includes your username and personal access token. For more information about personal access tokens, see [Managing your personal access tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens).
Admins can also attach suggested Git repository URLs at the Amazon SageMaker AI domain or user profile level. Users can then select the repo URL from the list of suggestions and clone that into Studio Classic. For more information about attaching suggested repos, see [Attach Suggested Git Repos to Amazon SageMaker Studio Classic](studio-git-attach.md).
The following procedure shows how to clone a GitHub repo from Studio Classic.
**To clone the repo**
1. In the left sidebar, choose the **Git** icon ( ![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/git.png)).
1. Choose **Clone a Repository**. This opens a new window.
1. In the **Clone Git Repository** window, enter the URL in the following format for the Git repo that you want to clone or select a repository from the list of **Suggested repositories**.
```
https://github.com/path-to-git-repo/repo.git
```
1. If you entered the URL of the Git repo manually, select **Clone "*git-url*"** from the dropdown menu.
1. Under **Project directory to clone into**, enter the path to the local directory that you want to clone the Git repo into. If this value is left empty, Studio Classic clones the repo into JupyterLab's root directory.
1. Choose **Clone**. This opens a new terminal window.
1. If the repo requires credentials, you are prompted to enter your username and personal access token. This prompt does not accept passwords, you must use a personal access token. For more information about personal access tokens, see [Managing your personal access tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens).
1. Wait for the download to finish. After the repo has been cloned, the **File Browser** opens to display the cloned repo.
1. Double click the repo to open it.
1. Choose the **Git** icon to view the Git user interface which now tracks the repo.
1. To track a different repo, open the repo in the file browser and then choose the **Git** icon.
# Stop a Training Job in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
You can stop a training job with the Amazon SageMaker Studio Classic UI. When you stop a training job, its status changes to `Stopping` at which time billing ceases. An algorithm can delay termination in order to save model artifacts after which the job status changes to `Stopped`. For more information, see the [stop\$1training\$1job](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sagemaker.html#SageMaker.Client.stop_training_job) method in the AWS SDK for Python (Boto3).
**To stop a training job**
1. Follow the [View experiments and runs](experiments-view-compare.md) procedure on this page until you open the **Describe Trial Component** tab.
1. At the upper-right side of the tab, choose **Stop training job**. The **Status** at the top left of the tab changes to **Stopped**.
1. To view the training time and billing time, choose **AWS Settings**.
# Use TensorBoard in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following doc outlines how to install and run TensorBoard in Amazon SageMaker Studio Classic.
**Note**
This guide shows how to open the TensorBoard application through a SageMaker Studio Classic notebook server of an individual SageMaker AI domain user profile. For a more comprehensive TensorBoard experience integrated with SageMaker Training and the access control functionalities of SageMaker AI domain, see [TensorBoard in Amazon SageMaker AI](tensorboard-on-sagemaker.md).
## Prerequisites
This tutorial requires a SageMaker AI domain. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md)
## Set Up `TensorBoardCallback`
1. Launch Studio Classic, and open the Launcher. For more information, see [Use the Amazon SageMaker Studio Classic Launcher](studio-launcher.md)
1. In the Amazon SageMaker Studio Classic Launcher, under `Notebooks and compute resources`, choose the **Change environment** button.
1. On the **Change environment** dialog, use the dropdown menus to select the `TensorFlow 2.6 Python 3.8 CPU Optimized` Studio Classic **Image**.
1. Back to the Launcher, click the **Create notebook** tile. Your notebook launches and opens in a new Studio Classic tab.
1. Run this code from within your notebook cells.
1. Import the required packages.
```
import os
import datetime
import tensorflow as tf
```
1. Create a Keras model.
```
mnist = tf.keras.datasets.mnist
(x_train, y_train),(x_test, y_test) = mnist.load_data()
x_train, x_test = x_train / 255.0, x_test / 255.0
def create_model():
return tf.keras.models.Sequential([
tf.keras.layers.Flatten(input_shape=(28, 28)),
tf.keras.layers.Dense(512, activation='relu'),
tf.keras.layers.Dropout(0.2),
tf.keras.layers.Dense(10, activation='softmax')
])
```
1. Create a directory for your TensorBoard logs
```
LOG_DIR = os.path.join(os.getcwd(), "logs/fit/" + datetime.datetime.now().strftime("%Y%m%d-%H%M%S"))
```
1. Run training with TensorBoard.
```
model = create_model()
model.compile(optimizer='adam',
loss='sparse_categorical_crossentropy',
metrics=['accuracy'])
tensorboard_callback = tf.keras.callbacks.TensorBoard(log_dir=LOG_DIR, histogram_freq=1)
model.fit(x=x_train,
y=y_train,
epochs=5,
validation_data=(x_test, y_test),
callbacks=[tensorboard_callback])
```
1. Generate the EFS path for the TensorBoard logs. You use this path to set up your logs from the terminal.
```
EFS_PATH_LOG_DIR = "/".join(LOG_DIR.strip("/").split('/')[1:-1])
print (EFS_PATH_LOG_DIR)
```
Retrieve the `EFS_PATH_LOG_DIR`. You will need it in the TensorBoard installation section.
## Install TensorBoard
1. Click on the `Amazon SageMaker Studio Classic` button on the top left corner of Studio Classic to open the Amazon SageMaker Studio Classic Launcher. This launcher must be opened from your root directory. For more information, see [Use the Amazon SageMaker Studio Classic Launcher](studio-launcher.md)
1. In the Launcher, under `Utilities and files`, click `System terminal`.
1. From the terminal, run the following commands. Copy `EFS_PATH_LOG_DIR` from the Jupyter notebook. You must run this from the `/home/sagemaker-user` root directory.
```
pip install tensorboard
tensorboard --logdir
```
## Launch TensorBoard
1. To launch TensorBoard, copy your Studio Classic URL and replace `lab?` with `proxy/6006/` as follows. You must include the trailing `/` character.
```
https://.studio.region.sagemaker.aws/jupyter/default/proxy/6006/
```
1. Navigate to the URL to examine your results.
# Use Amazon Q Developer with Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker Studio Classic is an integrated machine learning environment where you can build, train, deploy, and analyze your models all in the same application. You can generate code recommendations and suggest improvements related to code issues by using Amazon Q Developer with Amazon SageMaker AI.
Amazon Q Developer is a generative artificial intelligence (AI) powered conversational assistant that can help you understand, build, extend, and operate AWS applications. In the context of an integrated AWS coding environment, Amazon Q can generate code recommendations based on developers' code, as well as their comments in natural language.
Amazon Q has the most support for Java, Python, JavaScript, TypeScript, C\$1, Go, PHP, Rust, Kotlin, and SQL, as well as the Infrastructure as Code (IaC) languages JSON (CloudFormation), YAML (CloudFormation), HCL (Terraform), and CDK (Typescript, Python). It also supports code generation for Ruby, C\$1\$1, C, Shell, and Scala. For examples of how Amazon Q integrates with Amazon SageMaker AI and displays code suggestions in the Amazon SageMaker Studio Classic IDE, see [Code Examples](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/inline-suggestions-code-examples.html) in the *Amazon Q Developer User Guide*.
For more information on using Amazon Q with Amazon SageMaker Studio Classic, see the [Amazon Q Developer User Guide](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/sagemaker-setup.html).
# Manage Your Amazon EFS Storage Volume in Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The first time a user on your team onboards to Amazon SageMaker Studio Classic, Amazon SageMaker AI creates an Amazon Elastic File System (Amazon EFS) volume for the team. A home directory is created in the volume for each user who onboards to Studio Classic as part of your team. Notebook files and data files are stored in these directories. Users don't have access to other team member's home directories. Amazon SageMaker AI domain does not support mounting custom or additional Amazon EFS volumes.
**Important**
Don't delete the Amazon EFS volume. If you delete it, the domain will no longer function and all of your users will lose their work.
**To find your Amazon EFS volume**
1. Open the [SageMaker AI console](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the **Domains** page, select the domain to find the ID for.
1. From the **Domain details** page, select the **Domain settings** tab.
1. Under **General settings**, find the **Domain ID**. The ID will be in the following format: `d-xxxxxxxxxxxx`.
1. Pass the `Domain ID`, as `DomainId`, to the [describe\$1domain](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sagemaker.html#SageMaker.Client.describe_domain) method.
1. In the response from `describe_domain`, note the value for the `HomeEfsFileSystemId` key. This is the Amazon EFS file system ID.
1. Open the [Amazon EFS console](https://console.aws.amazon.com/efs#/file-systems/). Make sure the AWS Region is the same Region that's used by Studio Classic.
1. Under **File systems**, choose the file system ID from the previous step.
1. To verify that you've chosen the correct file system, select the **Tags** heading. The value corresponding to the `ManagedByAmazonSageMakerResource` key should match the `Studio Classic ID`.
For information on how to access the Amazon EFS volume, see [Using file systems in Amazon EFS](https://docs.aws.amazon.com/efs/latest/ug/using-fs.html).
To delete the Amazon EFS volume, see [Deleting an Amazon EFS file system](https://docs.aws.amazon.com/efs/latest/ug/delete-efs-fs.html).
# Provide Feedback on Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
Amazon SageMaker AI takes your feedback seriously. We encourage you to provide feedback.
**To provide feedback**
1. At the right of SageMaker Studio Classic, find the **Feedback** icon (![\[Speech bubble icon representing messaging or communication functionality.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/feedback.png)).
1. Choose a smiley emoji to let us know how satisfied you are with SageMaker Studio Classic and add any feedback you'd care to share with us.
1. Decide whether to share your identity with us, then choose **Submit**.
# Shut Down and Update Amazon SageMaker Studio Classic and Apps
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
The following topics show how to shut down and update SageMaker Studio Classic and Studio Classic Apps.
Studio Classic provides a notification icon (![\[Red circle icon with white exclamation mark, indicating an alert or warning.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/Notification.png)) in the upper-right corner of the Studio Classic UI. This notification icon displays the number of unread notices. To read the notices, select the icon.
Studio Classic provides two types of notifications:
+ Upgrade – Displayed when Studio Classic or one of the Studio Classic apps have released a new version. To update Studio Classic, see [Shut Down and Update Amazon SageMaker Studio Classic](studio-tasks-update-studio.md). To update Studio Classic apps, see [Shut Down and Update Amazon SageMaker Studio Classic Apps](studio-tasks-update-apps.md).
+ Information – Displayed for new features and other information.
To reset the notification icon, you must select the link in each notice. Read notifications may still display in the icon. This does not indicate that updates are still needed after you have updated Studio Classic and Studio Classic Apps.
To learn how to update [Amazon SageMaker Data Wrangler](https://docs.aws.amazon.com/sagemaker/latest/dg/data-wrangler.html), see [Shut Down and Update Amazon SageMaker Studio Classic Apps](studio-tasks-update-apps.md).
To ensure that you have the most recent software updates, update Amazon SageMaker Studio Classic and your Studio Classic apps using the methods outlined in the following topics.
**Topics**
+ [
# Shut Down and Update Amazon SageMaker Studio Classic
](studio-tasks-update-studio.md)
+ [
# Shut Down and Update Amazon SageMaker Studio Classic Apps
](studio-tasks-update-apps.md)
# Shut Down and Update Amazon SageMaker Studio Classic
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
To update Amazon SageMaker Studio Classic to the latest release, you must shut down the JupyterServer app. You can shut down the JupyterServer app from the SageMaker AI console, from Amazon SageMaker Studio or from within Studio Classic. After the JupyterServer app is shut down, you must reopen Studio Classic through the SageMaker AI console or from Studio which creates a new version of the JupyterServer app.
You cannot delete the JupyterServer application while the Studio Classic UI is still open in the browser. If you delete the JupyterServer application while the Studio Classic UI is still open in the browser, SageMaker AI automatically re-creates the JupyterServer application.
Any unsaved notebook information is lost in the process. The user data in the Amazon EFS volume isn't impacted.
Some of the services within Studio Classic, like Data Wrangler, run on their own app. To update these services you must delete the app for that service. To learn more, see [Shut Down and Update Amazon SageMaker Studio Classic Apps](studio-tasks-update-apps.md).
**Note**
A JupyterServer app is associated with a single Studio Classic user. When you update the app for one user it doesn't affect other users.
The following page shows how to update the JupyterServer App from the SageMaker AI console, from Studio, or from inside Studio Classic.
## Shut down and update from the SageMaker AI console
1. Navigate to [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Select the domain that includes the Studio Classic application that you want to update.
1. Under **User profiles**, select your user name.
1. Under **Apps**, in the row displaying **JupyterServer**, choose **Action**, then choose **Delete**.
1. Choose **Yes, delete app**.
1. Type **delete** in the confirmation box.
1. Choose **Delete**.
1. After the app has been deleted, launch a new Studio Classic app to get the latest version.
## Shut down and update from Studio
1. Navigate to Studio following the steps in [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. From the Studio UI, find the applications pane on the left side.
1. From the applications pane, select **Studio Classic**.
1. From the Studio Classic landing page, select the Studio Classic instance to stop.
1. Choose **Stop**.
1. After the app has been stopped, select **Run** to use the latest version.
## Shut down and update from inside Studio Classic
1. Launch Studio Classic.
1. On the top menu, choose **File** then **Shut Down**.
1. Choose one of the following options:
+ **Shutdown Server** – Shuts down the JupyterServer app. Terminal sessions, kernel sessions, SageMaker images, and instances aren't shut down. These resources continue to accrue charges.
+ **Shutdown All** – Shuts down all apps, terminal sessions, kernel sessions, SageMaker images, and instances. These resources no longer accrue charges.
1. Close the window.
1. After the app has been deleted, launch a new Studio Classic app to use the latest version.
# Shut Down and Update Amazon SageMaker Studio Classic Apps
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
To update an Amazon SageMaker Studio Classic app to the latest release, you must first shut down the corresponding KernelGateway app from the SageMaker AI console. After the KernelGateway app is shut down, you must reopen it through SageMaker Studio Classic by running a new kernel. The kernel automatically updates. Any unsaved notebook information is lost in the process. The user data in the Amazon EFS volume isn't impacted.
After an application has been shut down for 24 hours, SageMaker AI deletes all metadata for the application. To be considered an update and retain application metadata, applications must be restarted within 24 hours after the previous application has been shut down. After this time window, creation of an application is considered a new application rather than an update of the previous application.
**Note**
A KernelGateway app is associated with a single Studio Classic user. When you update the app for one user it doesn't effect other users.
**To update the KernelGateway app**
1. Navigate to [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Select the domain that includes the application that you want to update.
1. Under **User profiles**, select your user name.
1. Under **Apps**, in the row displaying the **App name**, choose **Action**, then choose **Delete**
To update Data Wrangler, delete the app that starts with **sagemaker-data-wrang**.
1. Choose **Yes, delete app**.
1. Type **delete** in the confirmation box.
1. Choose **Delete**.
1. After the app has been deleted, launch a new kernel from within Studio Classic to use the latest version.
# Amazon SageMaker Studio Classic Pricing
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
When the first member of your team onboards to Amazon SageMaker Studio Classic, Amazon SageMaker AI creates an Amazon Elastic File System (Amazon EFS) volume for the team. When this member, or any member of the team, opens Studio Classic, a home directory is created in the volume for the member. A storage charge is incurred for this directory. Subsequently, additional storage charges are incurred for the notebooks and data files stored in the member's home directory. For pricing information on Amazon EFS, see [Amazon EFS Pricing](https://aws.amazon.com/efs/pricing/).
Additional costs are incurred when other operations are run inside Studio Classic, for example, running a notebook, running training jobs, and hosting a model.
For information on the costs associated with using Studio Classic notebooks, see [Usage Metering for Amazon SageMaker Studio Classic Notebooks](notebooks-usage-metering.md).
For information about billing along with pricing examples, see [Amazon SageMaker Pricing](https://aws.amazon.com/sagemaker/pricing/).
If Amazon SageMaker Studio is your default experience, see [Amazon SageMaker Studio pricing](studio-updated-cost.md) for more pricing information.
# Troubleshooting Amazon SageMaker Studio Classic
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
This topic describes how to troubleshoot common Amazon SageMaker Studio Classic issues during setup and use. The following are common errors that might occur while using Amazon SageMaker Studio Classic. Each error is followed by its solution.
## Studio Classic application issues
The following issues occur when launching and using the Studio Classic application.
+ **Screen not loading: Clearing workspace and waiting doesn't help**
When launching the Studio Classic application, a pop-up displays the following message. No matter which option is selected, Studio Classic does not load.
```
Loading...
The loading screen is taking a long time. Would you like to clear the workspace or keep waiting?
```
The Studio Classic application can have a launch delay if multiple tabs are open in the Studio Classic workspace or several files are on Amazon EFS. This pop-up should disappear in a few seconds after the Studio Classic workspace is ready.
If you continue to see a loading screen with a spinner after selecting either of the options, there could be connectivity issues with the Amazon Virtual Private Cloud used by Studio Classic.
To resolve connectivity issues with the Amazon Virtual Private Cloud (Amazon VPC) used by Studio Classic, verify the following networking configurations:
+ If your domain is set up in `VpcOnly` mode: Verify that there is an Amazon VPC endpoint for AWS STS, or a NAT Gateway for outbound traffic, including traffic over the internet. To do this, follow the steps in [Connect Studio notebooks in a VPC to external resources](studio-notebooks-and-internet-access.md).
+ If your Amazon VPC is set up with a custom DNS instead of the DNS provided by Amazon: Verify that the routes are configured using Dynamic Host Configuration Protocol (DHCP) for each Amazon VPC endpoint added to the Amazon VPC used by Studio Classic. For more information about setting default and custom DHCP option sets, see [DHCP option sets in Amazon VPC](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html).
+ ****Internal Failure** when launching Studio Classic**
When launching Studio Classic, you are unable to view the Studio Classic UI. You also see an error similar to the following, with **Internal Failure** as the error detail.
```
Amazon SageMaker Studio
The JupyterServer app default encountered a problem and was stopped.
```
This error can be caused by multiple factors. If completion of these steps does not resolve your issue, create an issue with https://aws.amazon.com/premiumsupport/.
+ **Missing Amazon EFS mount target**: Studio Classic uses Amazon EFS for storage. The Amazon EFS volume needs a mount target for each subnet that the Amazon SageMaker AI domain is created in. If this Amazon EFS mount target is deleted accidentally, the Studio Classic application cannot load because it cannot mount the user’s file directory. To resolve this issue, complete the following steps.
**To verify or create mount targets.**
1. Find the Amazon EFS volume that is associated with the domain by using the [DescribeDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeDomain.html) API call.
1. Sign in to the AWS Management Console and open the Amazon EFS console at [ https://console.aws.amazon.com/efs/](https://console.aws.amazon.com/efs/).
1. From the list of Amazon EFS volumes, select the Amazon EFS volume that is associated with the domain.
1. On the Amazon EFS details page, select the **Network** tab. Verify that there are mount targets for all of the subnets that the domain is set up in.
1. If mount targets are missing, add the missing Amazon EFS mount targets. For instructions, see [Creating and managing mount targets and security groups](https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html).
1. After the missing mount targets are created, launch the Studio Classic application.
+ **Conflicting files in the user’s `.local` folder**: If you're using JupyterLab version 1 on Studio Classic, conflicting libraries in your `.local` folder can cause issues when launching the Studio Classic application. To resolve this, update your user profile's default JupyterLab version to JupyterLab 3.0. For more information about viewing and updating the JupyterLab version, see [JupyterLab Versioning in Amazon SageMaker Studio Classic](studio-jl.md).
+ ****ConfigurationError: LifecycleConfig** when launching Studio Classic**
You can't view the Studio Classic UI when launching Studio Classic. This is caused by issues with the default lifecycle configuration script attached to the domain.
**To resolve lifecycle configuration issues**
1. View the Amazon CloudWatch Logs for the lifecycle configuration to trace the command that caused the failure. To view the log, follow the steps in [Verify lifecycle configuration process from CloudWatch Logs](studio-lcc-debug.md#studio-lcc-debug-logs).
1. Detach the default script from the user profile or domain. For more information, see [Update and Detach Lifecycle Configurations in Amazon SageMaker Studio Classic](studio-lcc-delete.md).
1. Launch the Studio Classic application.
1. Debug your lifecycle configuration script. You can run the lifecycle configuration script from the system terminal to troubleshoot. When the script runs successfully from the terminal, you can attach the script to the user profile or the domain.
+ **SageMaker Studio Classic core functionalities are not available.**
If you get this error message when opening Studio Classic, it may be due to Python package version conflicts. This occurs if you used the following commands in a notebook or terminal to install Python packages that have version conflicts with SageMaker AI package dependencies.
```
!pip install
```
```
pip install --user
```
To resolve this issue, complete the following steps:
1. Uninstall recently installed Python packages. If you’re not sure which package to uninstall, create an issue with https://aws.amazon.com/premiumsupport/.
1. Restart Studio Classic:
1. Shut down Studio Classic from the **File** menu.
1. Wait for one minute.
1. Reopen Studio Classic by refreshing the page or opening it from the AWS Management Console.
The problem should be resolved if you have uninstalled the package which caused the conflict. To install packages without causing this issue again, use `%pip install` without the `--user` flag.
If the issue persists, create a new user profile and set up your environment with that user profile.
If these solutions don't fix the issue, create an issue with https://aws.amazon.com/premiumsupport/.
+ **Unable to open Studio Classic from the AWS Management Console.**
If you are unable to open Studio Classic and cannot make a new running instance with all default settings, create an issue with https://aws.amazon.com/premiumsupport/.
## KernelGateway application issues
The following issues are specific to KernelGateway applications that are launched in Studio Classic.
+ **Cannot access the Kernel session**
When the user launches a new notebook, they are unable to connect to the notebook session. If the KernelGateway application's status is `In Service`, you can verify the following to resolve the issue.
+ **Check Security Group configurations**
If the domain is set up in `VPCOnly` mode, the security group associated with the domain must allow traffic between the ports in the range `8192-65535` for connectivity between the JupyterServer and KernelGateway apps.
**To verify the security group rules**
1. Get the security groups associated with the domain using the [DescribeDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeDomain.html) API call.
1. Sign in to the AWS Management Console and open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).
1. From the left navigation, under **Security**, choose **Security Groups**.
1. Filter by the IDs of the security groups that are associated with the domain.
1. For each security group:
1. Select the security group.
1. From the security group details page, view the **Inbound rules**. Verify that traffic is allowed between ports in the range `8192-65535`.
For more information about security group rules, see [Control traffic to resources using security groups](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#working-with-security-group-rules). For more information about requirements to use Studio Classic in `VPCOnly` mode, see [Connect Studio notebooks in a VPC to external resources](studio-notebooks-and-internet-access.md).
+ **Verify firewall and WebSocket connections**
If the KernelGateway apps have an `InService` status and the user is unable to connect to the Studio Classic notebook session, verify the firewall and WebSocket settings.
1. Launch the Studio Classic application. For more information, see [Launch Amazon SageMaker Studio Classic](studio-launch.md).
1. Open your web browser’s developer tools.
1. Choose the **Network** tab.
1. Search for an entry that matches the following format.
```
wss://.studio..sagemaker.aws/jupyter/default/api/kernels//channels?session_id=
```
If the status or response code for the entry is anything other than `101`, then your network settings are preventing the connection between the Studio Classic application and the KernelGateway apps.
To resolve this issue, contact the team that manages your networking settings to allow list the Studio Classic URL and enable WebSocket connections.
+ **Unable to launch an app caused by exceeded resource quotas**
When a user tries to launch a new notebook, the notebook creation fails with either of the following errors. This is caused by exceeding resource quotas.
+
```
Unable to start more Apps of AppType [KernelGateway] and ResourceSpec(instanceType=[]) for UserProfile []. Please delete an App with a matching AppType and ResourceSpec, then try again
```
Studio Classic supports up to four running KernelGateway apps on the same instance. To resolve this issue, you can do either of the following:
+ Delete an existing KernelGateway application running on the instance, then restart the new notebook.
+ Start the new notebook on a different instance type
For more information, see [Change the Instance Type for an Amazon SageMaker Studio Classic Notebook](notebooks-run-and-manage-switch-instance-type.md).
+
```
An error occurred (ResourceLimitExceeded) when calling the CreateApp operation
```
In this case, the account does not have sufficient limits to create a Studio Classic application on the specified instance type. To resolve this, navigate to the Service Quotas console at [https://console.aws.amazon.com/servicequotas/](https://console.aws.amazon.com/servicequotas/). In that console, request to increase the `Studio KernelGateway Apps running on instance-type instance` limit. For more information, see [AWS service quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html).
# SageMaker JupyterLab
Create a JupyterLab space within Amazon SageMaker Studio to launch the JupyterLab application. A JupyterLab space is a private or shared space within Studio that manages the storage and compute resources needed to run the JupyterLab application. The JupyterLab application is a web-based interactive development environment (IDE) for notebooks, code, and data. Use the JupyterLab application's flexible and extensive interface to configure and arrange machine learning (ML) workflows.
By default, the JupyterLab application comes with the SageMaker Distribution image. The distribution image has popular packages, such as the following:
+ PyTorch
+ TensorFlow
+ Keras
+ NumPy
+ Pandas
+ Scikit-learn
You can use shared spaces to collaborate on your Jupyter notebooks with other users in real time. For more information about shared spaces, see [Collaboration with shared spaces](domain-space.md).
Within the JupyterLab application, you can use Amazon Q Developer, a generative AI powered code companion to generate, debug, and explain your code. For information about using Amazon Q Developer, see [JupyterLab user guide](studio-updated-jl-user-guide.md). For information about setting up Amazon Q Developer, see [JupyterLab administrator guide](studio-updated-jl-admin-guide.md).
Build unified analytics and ML workflows in same Jupyter notebook. Run interactive Spark jobs on Amazon EMR and AWS Glue serverless infrastructure, right from your notebook. Monitor and debug jobs faster using the inline Spark UI. In a few steps, you can automate your data prep by scheduling the notebook as a job.
The JupyterLab application helps you work collaboratively with your peers. Use the built-in Git integration within the JupyterLab IDE to share and version code. Bring your own file storage system if you have an Amazon EFS volume.
The JupyterLab application runs on a single Amazon Elastic Compute Cloud (Amazon EC2) instance and uses a single Amazon Elastic Block Store (Amazon EBS) volume for storage. You can switch faster instances or increase the Amazon EBS volume size for your needs.
The JupyterLab 4 application runs in a JupyterLab space within Studio. Studio Classic uses the JupyterLab 3 application. JupyterLab 4 provides the following benefits:
+ A faster IDE than Amazon SageMaker Studio Classic, especially with large notebooks
+ Improved document search
+ A more performant and accessible text editor
For more information about JupyterLab, see [JupyterLab Documentation](https://jupyterlab.readthedocs.io/en/stable/#).
**Topics**
+ [
# JupyterLab user guide
](studio-updated-jl-user-guide.md)
+ [
# JupyterLab administrator guide
](studio-updated-jl-admin-guide.md)
# JupyterLab user guide
This guide shows JupyterLab users how to run analytics and machine learning workflows within SageMaker Studio. You can get fast storage and scale your compute up or down, depending on your needs.
JupyterLab supports both private and shared spaces. Private spaces are scoped to a single user in a domain. Shared spaces let other users in your domain collaborate with you in real time. For information about Studio spaces, see [Amazon SageMaker Studio spaces](studio-updated-spaces.md).
To get started using JupyterLab, create a space and launch your JupyterLab application. The space running your JupyterLab application is a JupyterLab space. The JupyterLab space uses a single Amazon EC2 instance for your compute and a single Amazon EBS volume for your storage. Everything in your space such as your code, git profile, and environment variables are stored on the same Amazon EBS volume. The volume has 3000 IOPS and a throughput of 125 megabytes per second (MBps). You can use the fast storage to open and run multiple Jupyter notebooks on the same instance. You can also switch kernels in a notebook very quickly.
Your administrator has configured the default Amazon EBS storage settings for your space. The default storage size is 5 GB, but you can increase the amount of space that you get. You can talk to your administrator to provide you with guidelines.
You can switch the Amazon EC2 instance type that you’re using to run JupyterLab, scaling your compute up or down depending on your needs. The **Fast launch** instances start up much faster than the other instances.
Your administrator might provide you with a lifecycle configuration that customizes your environment. You can specify the lifecycle configuration when you create the space.
If your administrator gives you access to an Amazon EFS, you can configure your JupyterLab space to access it.
By default, the JupyterLab application uses the SageMaker distribution image. This includes support for many machine learning, analytics, and deep learning packages. However, if you need a custom image, your administrator can help provide access to the custom images.
The Amazon EBS volume persists independently from the life of an instance. You won’t lose your data when you change instances. Use the conda and pip package management libraries to create reproducible custom environments that persist even when you switch instance types.
After you open JupyterLab, you can configure your environment using the terminal. To open the terminal, navigate to the **Launcher** and choose **Terminal**.
The following are examples of different ways that you can configure an environment in JupyterLab.
**Note**
Within Studio, you can use lifecycle configurations to customize your environment, but we recommend using a package manager instead. Using lifecycle configurations is a more error-prone method. It’s easier to add or remove dependencies than it is to debug a lifecycle configuration script. It can also increase the JupyterLab startup time.
For information about lifecycle configurations, see [Lifecycle configurations with JupyterLab](jl-lcc.md).
**Topics**
+ [
# Create a space
](studio-updated-jl-user-guide-create-space.md)
+ [
# Configure a space
](studio-updated-jl-user-guide-configure-space.md)
+ [
# Customize your environment using a package manager
](studio-updated-jl-user-guide-customize-package-manager.md)
+ [
# Clean up a conda environment
](studio-updated-jl-clean-up-conda.md)
+ [
# Share conda environments between instance types
](studio-updated-jl-create-conda-share-environment.md)
+ [
# Use Amazon Q to Expedite Your Machine Learning Workflows
](studio-updated-jl-user-guide-use-amazon-q.md)
# Create a space
To get started using JupyterLab, create a space or choose the space that your administrator created for you and open JupyterLab.
Use the following procedure to create a space and open JupyterLab.
**To create a space and open JupyterLab**
1. Open Studio. For information about opening Studio, see [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. Choose **JupyterLab**.
1. Choose **Create JupyterLab space**.
1. For **Name**, specify the name of the space.
1. (Optional) Select **Share with my domain** to create a shared space.
1. Choose **Create space**.
1. (Optional) For **Instance**, specify the Amazon EC2 instance that runs the space.
1. (Optional) For **Image**, specify an image that your administrator provided to customize your environment.
**Important**
Custom IAM policies that allow Studio users to create spaces must also grant permissions to list images (`sagemaker: ListImage`) to view custom images. To add the permission, see [ Add or remove identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) in the *AWS Identity and Access Management* User Guide.
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker AI resources already include permissions to list images while creating those resources.
1. (Optional) For **Space Settings**, specify the following:
+ **Storage (GB)** – Up to 100 GB or the amount that your administrator specifies.
+ **Lifecycle Configuration** – A lifecycle configuration that your administrator specifies.
+ **Attach custom EFS filesystem** – An Amazon EFS to which your administrator provides access.
1. Choose **Run space**.
1. Choose **Open JupyterLab**.
# Configure a space
After you create a JupyterLab space, you can configure it to do the following:
+ Change the instance type.
+ Change the storage volume.
+ (Admin set up required) Use a custom image.
+ (Admin set up required) Use a lifecycle configuration.
+ (Admin set up required) Attach a custom Amazon EFS.
**Important**
You must stop the JupyterLab space every time you configure it. Use the following procedure to configure the space.
**To configure a space**
1. Within Studio, navigate to the JupyterLab application page.
1. Choose the name of the space.
1. (Optional) For **Image**, specify an image that your administrator provided to customize your environment.
**Important**
Custom IAM policies that allow Studio users to create spaces must also grant permissions to list images (`sagemaker: ListImage`) to view custom images. To add the permission, see [ Add or remove identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) in the *AWS Identity and Access Management* User Guide.
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker AI resources already include permissions to list images while creating those resources.
1. (Optional) For **Space Settings**, specify the following:
+ **Storage (GB)** – Up to 100 GB or the amount that your administrator configured for the space.
+ **Lifecycle Configuration** – A lifecycle configuration that your administrator provides.
+ **Attach custom EFS filesystem** – An Amazon EFS to which your administrator provides access.
1. Choose **Run space**.
When you open the JupyterLab application, your space has the updated configuration.
# Customize your environment using a package manager
Use pip or conda to customize your environment. We recommend using package managers instead of lifecycle configuration scripts.
## Create and activate your custom environment
This section provides examples of different ways that you can configure an environment in JupyterLab.
A basic conda environment has the minimum number of packages that are required for your workflows in SageMaker AI. Use the following template to a create a basic conda environment:
```
# initialize conda for shell interaction
conda init
# create a new fresh environment
conda create --name test-env
# check if your new environment is created successfully
conda info --envs
# activate the new environment
conda activate test-env
# install packages in your new conda environment
conda install pip boto3 pandas ipykernel
# list all packages install in your new environment
conda list
# parse env name information from your new environment
export CURRENT_ENV_NAME=$(conda info | grep "active environment" | cut -d : -f 2 | tr -d ' ')
# register your new environment as Jupyter Kernel for execution
python3 -m ipykernel install --user --name $CURRENT_ENV_NAME --display-name "user-env:($CURRENT_ENV_NAME)"
# to exit your new environment
conda deactivate
```
The following image shows the location of the environment that you've created.
![\[The test-env environment is displayed in the top right corner of the screen.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/juptyer-notebook-environment-location.png)
To change your environment, choose it and select an option from the dropdown menu.
![\[The checkmark and its corresponding text shows an example environment that you previously created.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/jupyter-notebook-select-env.png)
Choose **Select** to select a kernel for the environment.
## Create a conda environment with a specific Python version
Cleaning up conda environments that you’re not using can help free up disk space and improve performance. Use the following template to clean up a conda environment:
```
# create a conda environment with a specific python version
conda create --name py38-test-env python=3.8.10
# activate and test your new python version
conda activate py38-test-env & python3 --version
# Install ipykernel to facilicate env registration
conda install ipykernel
# parse env name information from your new environment
export CURRENT_ENV_NAME=$(conda info | grep "active environment" | cut -d : -f 2 | tr -d ' ')
# register your new environment as Jupyter Kernel for execution
python3 -m ipykernel install --user --name $CURRENT_ENV_NAME --display-name "user-env:($CURRENT_ENV_NAME)"
# deactivate your py38 test environment
conda deactivate
```
## Create a conda environment with a specific set of packages
Use the following template to create a conda environment with a specific version of Python and set of packages:
```
# prefill your conda environment with a set of packages,
conda create --name py38-test-env python=3.8.10 pandas matplotlib=3.7 scipy ipykernel
# activate your conda environment and ensure these packages exist
conda activate py38-test-env
# check if these packages exist
conda list | grep -E 'pandas|matplotlib|scipy'
# parse env name information from your new environment
export CURRENT_ENV_NAME=$(conda info | grep "active environment" | cut -d : -f 2 | tr -d ' ')
# register your new environment as Jupyter Kernel for execution
python3 -m ipykernel install --user --name $CURRENT_ENV_NAME --display-name "user-env:($CURRENT_ENV_NAME)"
# deactivate your conda environment
conda deactivate
```
## Clone conda from an existing environment
Clone your conda environment to preserve its working state. You experiment in the cloned environment without having to worry about introducing breaking changes in your test environment.
Use the following command to clone an environment.
```
# create a fresh env from a base environment
conda create --name py310-base-ext --clone base # replace 'base' with another env
# activate your conda environment and ensure these packages exist
conda activate py310-base-ext
# install ipykernel to register your env
conda install ipykernel
# parse env name information from your new environment
export CURRENT_ENV_NAME=$(conda info | grep "active environment" | cut -d : -f 2 | tr -d ' ')
# register your new environment as Jupyter Kernel for execution
python3 -m ipykernel install --user --name $CURRENT_ENV_NAME --display-name "user-env:($CURRENT_ENV_NAME)"
# deactivate your conda environment
conda deactivate
```
## Clone conda from a reference YAML file
Create a conda environment from a reference YAML file. The following is an example of a YAML file that you can use.
```
# anatomy of a reference environment.yml
name: py311-new-env
channels:
- conda-forge
dependencies:
- python=3.11
- numpy
- pandas
- scipy
- matplotlib
- pip
- ipykernel
- pip:
- git+https://github.com/huggingface/transformers
```
Under `pip`, we recommend specifying only the dependencies that aren't available with conda.
Use the following commands to create a conda environment from a YAML file.
```
# create your conda environment
conda env create -f environment.yml
# activate your env
conda activate py311-new-env
```
# Clean up a conda environment
Cleaning up conda environments that you’re not using can help free up disk space and improve performance. Use the following template to clean up a conda environment:
```
# list your environments to select an environment to clean
conda info --envs # or conda info -e
# once you've selected your environment to purge
conda remove --name test-env --all
# run conda environment list to ensure the target environment is purged
conda info --envs # or conda info -e
```
# Share conda environments between instance types
You can share conda environments by saving them to an Amazon EFS directory outside of your Amazon EBS volume. Another user can access the environment in the directory where you saved it.
**Important**
There are limitations with sharing your environments. For example, we don't recommend an environment meant to run on a GPU Amazon EC2 instance over an environment running on a CPU instance.
Use the following commands as a template to specify the target directory where you’re creating a custom environment. You’re creating a conda within a particular path. You create it within the Amazon EFS directory. You can spin up a new instance and do conda activate path and do it within the Amazon EFS.
```
# if you know your environment path for your conda environment
conda create --prefix /home/sagemaker-user/my-project/py39-test python=3.9
# activate the env with full path from prefix
conda activate home/sagemaker-user/my-project/py39-test
# parse env name information from your new environment
export CURRENT_ENV_NAME=$(conda info | grep "active environment" | awk -F' : ' '{print $2}' | awk -F'/' '{print $NF}')
# register your new environment as Jupyter Kernel for execution
python3 -m ipykernel install --user --name $CURRENT_ENV_NAME --display-name "user-env-prefix:($CURRENT_ENV_NAME)"
# deactivate your conda environment
conda deactivate
```
# Use Amazon Q to Expedite Your Machine Learning Workflows
Amazon Q Developer is your AI-powered companion for machine learning development. With Amazon Q Developer, you can:
+ Receive step-by-step guidance on using SageMaker AI features independently or in combination with other AWS services.
+ Get sample code to get started on your ML tasks such as data preparation, training, inference, and MLOps.
+ Receive troubleshooting assistance to debug and resolve errors encountered while running code.
Amazon Q Developer seamlessly integrates into your JupyterLab environment. To use Amazon Q Developer, choose the **Q** from the left-hand navigation of your JupyterLab environment or Code Editor environment.
If you don't see the **Q** icon, your administrator needs to set it up for you. For more information about setting up Amazon Q Developer, see [Set up Amazon Q Developer for your users](studio-updated-amazon-q-admin-guide-set-up.md).
Amazon Q automatically provides suggestions to help you write your code. You can also ask for suggestions through the chat interface.
# JupyterLab administrator guide
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
This guide for administrators describes SageMaker AI JupyterLab resources, such as those from Amazon Elastic Block Store (Amazon EBS) and Amazon Elastic Compute Cloud (Amazon EC2). The topics also show how to provide user access and change storage size.
A SageMaker AI JupyterLab space is composed of the following resources:
+ A distinct Amazon EBS volume that stores all of the data, such as the code and the environment variables.
+ The Amazon EC2 instance used to run the space.
+ The image used to run JupyterLab.
**Note**
Applications do not have access to the EBS volume of other applications. For example, Code Editor, based on Code-OSS, Visual Studio Code - Open Source doesn't have access to the EBS volume for JupyterLab. For more information about EBS volumes, see [Amazon Elastic Block Store (Amazon EBS)](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html).
You can use the Amazon SageMaker API to do the following:
+ Change the default storage size of the EBS volume for your users.
+ Change the maximum size of the EBS storage
+ Specify the user settings for the application. For example, you can specify whether the user is using a custom image or a code repository.
+ Specify the support application type.
The default size of the Amazon EBS volume is 5 GB. You can increase the volume size to a maximum of 16,384 GB. If you don't do anything, your users can increase their volume size to 100 GB. The volume size can be changed only once within a six hour period.
The kernels associated with the JupyterLab application run on the same Amazon EC2 instance that runs JupyterLab. When you create a space, the latest version of the SageMaker Distribution Image is used by default. For more information about SageMaker Distribution Images, see [SageMaker Studio image support policy](sagemaker-distribution.md).
**Important**
For information about updating the space to use the latest version of the SageMaker AI Distribution Image, see [Update the SageMaker Distribution Image](studio-updated-jl-update-distribution-image.md).
The working directory of your users within the storage volume is `/home/sagemaker-user`. If you specify your own AWS KMS key to encrypt the volume, everything in the working directory is encrypted using your customer managed key. If you don't specify an AWS KMS key, the data inside `/home/sagemaker-user` is encrypted with an AWS managed key. Regardless of whether you specify an AWS KMS key, all of the data outside of the working directory is encrypted with an AWS Managed Key.
The following sections walk you through the configurations that you need to perform as an administrator.
**Topics**
+ [
# Give your users access to spaces
](studio-updated-jl-admin-guide-permissions.md)
+ [
# Change the default storage size for your JupyterLab users
](studio-updated-jl-admin-guide-storage-size.md)
+ [
# Lifecycle configurations with JupyterLab
](jl-lcc.md)
+ [
# Git repos in JupyterLab
](studio-updated-jl-admin-guide-git-attach.md)
+ [
# Custom images
](studio-updated-jl-admin-guide-custom-images.md)
+ [
# Update the SageMaker Distribution Image
](studio-updated-jl-update-distribution-image.md)
+ [
# Delete unused resources
](studio-updated-jl-admin-guide-clean-up.md)
+ [
# Quotas
](studio-updated-jl-admin-guide-quotas.md)
# Give your users access to spaces
To give users access to private or shared spaces, you must attach a permissions policy to their IAM roles. You can also use the permissions policy to restrict private spaces and their associated applications to a specific user profile.
The following permissions policy grants access to private and shared spaces. This allows users to create their own space and list other spaces within their domain. A user with this policy can't access the private space of a different user. For information about Studio spaces, see [Amazon SageMaker Studio spaces](studio-updated-spaces.md).
The policy provides users with permissions to the following:
+ Private spaces or shared spaces.
+ A user profile for accessing those spaces.
To provide permissions, you can scope down the permissions of the following policy and add it to the IAM roles of your users. You can also use this policy to restrict your spaces, and their associated applications, to a specific user profile.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:us-east-2:111122223333:app/*",
"Condition": {
"Null": {
"sagemaker:OwnerUserProfileArn": "true"
}
}
},
{
"Sid": "SMStudioCreatePresignedDomainUrlForUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl"
],
"Resource": "arn:aws:sagemaker:us-east-2:111122223333:user-profile/sagemaker:DomainId/sagemaker:UserProfileName"
},
{
"Sid": "SMStudioAppPermissionsListAndDescribe",
"Effect": "Allow",
"Action": [
"sagemaker:ListApps",
"sagemaker:ListDomains",
"sagemaker:ListUserProfiles",
"sagemaker:ListSpaces",
"sagemaker:DescribeApp",
"sagemaker:DescribeDomain",
"sagemaker:DescribeUserProfile",
"sagemaker:DescribeSpace"
],
"Resource": "*"
},
{
"Sid": "SMStudioAppPermissionsTagOnCreate",
"Effect": "Allow",
"Action": [
"sagemaker:AddTags"
],
"Resource": "arn:aws:sagemaker:us-east-2:111122223333:*/*",
"Condition": {
"Null": {
"sagemaker:TaggingAction": "false"
}
}
},
{
"Sid": "SMStudioRestrictSharedSpacesWithoutOwners",
"Effect": "Allow",
"Action": [
"sagemaker:CreateSpace",
"sagemaker:UpdateSpace",
"sagemaker:DeleteSpace"
],
"Resource": "arn:aws:sagemaker:us-east-2:111122223333:space/sagemaker:DomainId/*",
"Condition": {
"Null": {
"sagemaker:OwnerUserProfileArn": "true"
}
}
},
{
"Sid": "SMStudioRestrictSpacesToOwnerUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreateSpace",
"sagemaker:UpdateSpace",
"sagemaker:DeleteSpace"
],
"Resource": "arn:aws:sagemaker:us-east-2:111122223333:space/sagemaker:DomainId/*",
"Condition": {
"ArnLike": {
"sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:us-east-2:111122223333:user-profile/sagemaker:DomainId/sagemaker:UserProfileName"
},
"StringEquals": {
"sagemaker:SpaceSharingType": [
"Private",
"Shared"
]
}
}
},
{
"Sid": "SMStudioRestrictCreatePrivateSpaceAppsToOwnerUserProfile",
"Effect": "Allow",
"Action": [
"sagemaker:CreateApp",
"sagemaker:DeleteApp"
],
"Resource": "arn:aws:sagemaker:us-east-2:111122223333:app/sagemaker:DomainId/*",
"Condition": {
"ArnLike": {
"sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:us-east-2:111122223333:user-profile/sagemaker:DomainId/sagemaker:UserProfileName"
},
"StringEquals": {
"sagemaker:SpaceSharingType": [
"Private"
]
}
}
}
]
}
```
------
# Change the default storage size for your JupyterLab users
You can change the default storage settings for your users. You can also change the default storage settings based on your organizational requirements and the needs of your users.
To change the storage size, this section provides commands to do the following:
1. Update the Amazon EBS storage settings in the Amazon SageMaker AI domain (domain).
1. Create a user profile and specify the storage settings within it.
Use the following AWS Command Line Interface (AWS CLI) commands to change the default storage size.
Use the following AWS CLI command to update the domain:
```
aws --region AWS Region sagemaker update-domain \
--domain-id domain-id \
--default-user-settings '{
"SpaceStorageSettings": {
"DefaultEbsStorageSettings":{
"DefaultEbsVolumeSizeInGb":5,
"MaximumEbsVolumeSizeInGb":100
}
}
}'
```
Use the following AWS CLI command to create the user profile and specify the default storage settings:
```
aws --region AWS Region sagemaker create-user-profile \
--domain-id domain-id \
--user-profile-name user-profile-name \
--user-settings '{
"SpaceStorageSettings": {
"DefaultEbsStorageSettings":{
"DefaultEbsVolumeSizeInGb":5,
"MaximumEbsVolumeSizeInGb":100
}
}
}'
```
Use the following AWS CLI commands to update the default storage settings in the user profile:
```
aws --region AWS Region sagemaker update-user-profile \
--domain-id domain-id \
--user-profile-name user-profile-name \
--user-settings '{
"SpaceStorageSettings": {
"DefaultEbsStorageSettings":{
"DefaultEbsVolumeSizeInGb":25,
"MaximumEbsVolumeSizeInGb":200
}
}
}'
```
# Lifecycle configurations with JupyterLab
Lifecycle configurations are shell scripts that are triggered by JupyterLab lifecycle events, such as starting a new JupyterLab notebook. You can use lifecycle configurations to automate customization for your JupyterLab environment. This customization includes installing custom packages, configuring notebook extensions, preloading datasets, and setting up source code repositories.
Using lifecycle configurations gives you flexibility and control to configure JupyterLab to meet your specific needs. For example, you can create a minimal set of base container images with the most commonly used packages and libraries. Then you can use lifecycle configurations to install additional packages for specific use cases across your data science and machine learning teams.
**Note**
Each script has a limit of **16,384 characters**.
**Topics**
+ [
# Lifecycle configuration creation
](jl-lcc-create.md)
+ [
# Debug lifecycle configurations
](jl-lcc-debug.md)
+ [
# Detach lifecycle configurations
](jl-lcc-delete.md)
# Lifecycle configuration creation
This topic includes instructions for creating and associating a lifecycle configuration with JupyterLab. You use the AWS Command Line Interface (AWS CLI) or the AWS Management Console to automate customization for your JupyterLab environment.
Lifecycle configurations are shell scripts triggered by JupyterLab lifecycle events, such as starting a new JupyterLab notebook. For more information about lifecycle configurations, see [Lifecycle configurations with JupyterLab](jl-lcc.md).
## Create a lifecycle configuration (AWS CLI)
Learn how to create a lifecycle configuration using the AWS Command Line Interface (AWS CLI) to automate customization for your Studio environment.
### Prerequisites
Before you begin, complete the following prerequisites:
+ Update the AWS CLI by following the steps in [Installing the current AWS CLI Version](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html#install-tool-bundled).
+ From your local machine, run `aws configure` and provide your AWS credentials. For information about AWS credentials, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html).
+ Onboard to Amazon SageMaker AI domain. For conceptual information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md). For a quickstart guide, see [Use quick setup for Amazon SageMaker AI](onboard-quick-start.md).
### Step 1: Create a lifecycle configuration
The following procedure shows how to create a lifecycle configuration script that prints `Hello World`.
**Note**
Each script can have up to **16,384 characters**.
1. From your local machine, create a file named `my-script.sh` with the following content:
```
#!/bin/bash
set -eux
echo 'Hello World!'
```
1. Use the following to convert your `my-script.sh` file into base64 format. This requirement prevents errors that occur from spacing and line break encoding.
```
LCC_CONTENT=`openssl base64 -A -in my-script.sh`
```
1. Create a lifecycle configuration for use with Studio. The following command creates a lifecycle configuration that runs when you launch an associated `JupyterLab` application:
```
aws sagemaker create-studio-lifecycle-config \
--region region \
--studio-lifecycle-config-name my-jl-lcc \
--studio-lifecycle-config-content $LCC_CONTENT \
--studio-lifecycle-config-app-type JupyterLab
```
Note the ARN of the newly created lifecycle configuration that is returned. This ARN is required to attach the lifecycle configuration to your application.
### Step 2: Attach the lifecycle configuration to your Amazon SageMaker AI domain (domain) and user profile
To attach the lifecycle configuration, you must update the `UserSettings` for your domain or user profile. Lifecycle configuration scripts that are associated at the domain level are inherited by all users. However, scripts that are associated at the user profile level are scoped to a specific user.
You can create a new user profile, domain, or space with a lifecycle configuration attached by using the following commands:
+ [create-user-profile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-user-profile.html)
+ [create-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-domain.html)
+ [create-space](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-space.html)
The following command creates a user profile with a lifecycle configuration. Add the lifecycle configuration ARN from the preceding step to the `JupyterLabAppSettings` of the user. You can add multiple lifecycle configurations at the same time by passing a list of them. When a user launches a JupyterLab application with the AWS CLI, they can specify a lifecycle configuration instead of using the default one. The lifecycle configuration that the user passes must belong to the list of lifecycle configurations in `JupyterLabAppSettings`.
```
# Create a new UserProfile
aws sagemaker create-user-profile --domain-id domain-id \
--user-profile-name user-profile-name \
--region region \
--user-settings '{
"JupyterLabAppSettings": {
"LifecycleConfigArns":
[lifecycle-configuration-arn-list]
}
}'
```
## Create a lifecycle configuration (Console)
Learn how to create a lifecycle configuration using the AWS Management Console to automate customization for your Studio environment.
### Step 1: Create a lifecycle configuration
Use the following procedure to create a lifecycle configuration script that prints `Hello World`.
**To create a lifecycle configuration**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Lifecycle configurations**.
1. Choose the **JupyterLab** tab.
1. Choose **Create configuration**.
1. For **Name**, specify the name of the lifecycle configuration.
1. For the text box under **Scripts**, specify the following lifecycle configuration:
```
#!/bin/bash
set -eux
echo 'Hello World!'
```
1. Choose **Create configuration**.
### Step 2: Attach the lifecycle configuration to your Amazon SageMaker AI domain (domain) and user profile
Lifecycle configuration scripts associated at the domain level are inherited by all users. However, scripts that are associated at the user profile level are scoped to a specific user.
You can attach multiple lifecycle configurations to a domain or user profile for JupyterLab.
Use the following procedure to attach a lifecycle configuration to a domain.
**To attach a lifecycle configuration to a domain**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain to attach the lifecycle configuration to.
1. From the **Domain details**, choose the **Environment** tab.
1. Under **Lifecycle configurations for personal Studio apps**, choose **Attach**.
1. Under **Source**, choose **Existing configuration**.
1. Under **Studio lifecycle configurations**, select the lifecycle configuration that you created in the previous step.
1. Select **Attach to domain**.
Use the following procedure to attach a lifecycle configuration to a user profile.
**To attach a lifecycle configuration to a user profile**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain that contains the user profile to attach the lifecycle configuration to.
1. Under **User profiles**, select the user profile.
1. From the **User Details** page, choose **Edit**.
1. On the left navigation, choose **Studio settings**.
1. Under **Lifecycle configurations attached to user**, choose **Attach**.
1. Under **Source**, choose **Existing configuration**.
1. Under **Studio lifecycle configurations**, select the lifecycle configuration that you created in the previous step.
1. Choose **Attach to user profile**.
# Debug lifecycle configurations
The following topics show how to get information about and debug your lifecycle configurations.
**Topics**
+ [
## Verify lifecycle configuration process from CloudWatch Logs
](#jl-lcc-debug-logs)
+ [
## Lifecycle configuration timeout
](#jl-lcc-debug-timeout)
## Verify lifecycle configuration process from CloudWatch Logs
Lifecycle configurations only log `STDOUT` and `STDERR`.
`STDOUT` is the default output for bash scripts. You can write to `STDERR` by appending `>&2` to the end of a bash command. For example, `echo 'hello'>&2`.
Logs for your lifecycle configurations are published to your AWS account using Amazon CloudWatch. These logs can be found in the `/aws/sagemaker/studio` log stream in the CloudWatch console.
1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. Choose **Logs** from the left navigation pane. From the dropdown menu, select **Log groups**.
1. On the **Log groups** page, search for `aws/sagemaker/studio`.
1. Select the log group.
1. On the **Log group details** page, choose the **Log streams** tab.
1. To find the logs for a specific space, search the log streams using the following format:
```
domain-id/space-name/app-type/default/LifecycleConfigOnStart
```
For example, to find the lifecycle configuration logs for domain ID `d-m85lcu8vbqmz`, space name `i-sonic-js`, and application type `JupyterLab`, use the following search string:
```
d-m85lcu8vbqmz/i-sonic-js/JupyterLab/default/LifecycleConfigOnStart
```
## Lifecycle configuration timeout
There is a lifecycle configuration timeout limitation of 5 minutes. If a lifecycle configuration script takes longer than 5 minutes to run, you get an error.
To resolve this error, make sure that your lifecycle configuration script completes in less than 5 minutes.
To help decrease the runtime of scripts, try the following:
+ Reduce unnecessary steps. For example, limit which conda environments to install large packages in.
+ Run tasks in parallel processes.
+ Use the nohup command in your script to make sure that hangup signals are ignored so that the script runs without stopping.
# Detach lifecycle configurations
To update your script, you must create a new lifecycle configuration script and attach it to the respective Amazon SageMaker AI domain (domain), user profile, or shared space. A lifecycle configuration script can't be changed after it's created. For more information about creating and attaching the lifecycle configuration, see [Lifecycle configuration creation](jl-lcc-create.md).
The following section shows how to detach a lifecycle configuration using the AWS Command Line Interface (AWS CLI).
## Detach using the AWS CLI
To detach a lifecycle configuration using the (AWS CLI), remove the desired lifecycle configuration from the list of lifecycle configurations attached to the resource. You then pass the list as part of the respective command:
+ [update-user-profile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-user-profile.html)
+ [update-domain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-domain.html)
+ [update-space](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/update-space.html)
For example, the following command removes all lifecycle configurations for the JupyterLab application that's attached to the domain.
```
aws sagemaker update-domain --domain-id domain-id \
--region region \
--default-user-settings '{
"JupyterLabAppSettings": {
"LifecycleConfigArns":
[]
}
}'
```
# Git repos in JupyterLab
JupyterLab offers a Git extension to enter the URL of a Git repository (repo), clone it into an environment, push changes, and view the commit history. You can also attach suggested Git repo URLs to a Amazon SageMaker AI domain (domain) or user profile.
The following sections show how to attach or detach Git repo URLs.
**Topics**
+ [
# Attach a Git repository (AWS CLI)
](studio-updated-git-attach-cli.md)
+ [
# Detach Git repo URLs
](studio-updated-git-detach.md)
# Attach a Git repository (AWS CLI)
This section shows how to attach a Git repository (repo) URL using the AWS CLI. After you attach the Git repo URL, you can clone it by following the steps in [Clone a Git repo in Amazon SageMaker Studio](#studio-updated-tasks-git).
## Prerequisites
Before you begin, complete the following prerequisites:
+ Update the AWS CLI by following the steps in [Installing the current AWS Command Line Interface Version](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html#install-tool-bundled).
+ From your local machine, run `aws configure` and provide your AWS credentials. For information about AWS credentials, see [Understanding and getting your AWS credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html).
+ Onboard to Amazon SageMaker AI domain. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
## Attach the Git repo to a Amazon SageMaker AI domain (domain) or user profile
Git repo URLs that are associated at the domain level are inherited by all users. However, Git repo URLs that are associated at the user profile level are scoped to a specific user. You can attach multiple Git repo URLs to a Amazon SageMaker AI domain or to a user profile by passing a list of repository URLs.
The following sections show how to attach a Git repo URL to your domain and your user profile.
### Attach to a Amazon SageMaker AI domain
The following command attaches a Git repo URL to an existing domain:
```
aws sagemaker update-domain --region region --domain-id domain-id \
--default-user-settings JupyterLabAppSettings={CodeRepositories=[{RepositoryUrl="repository"}]}
```
### Attach to a user profile
The following command attaches a Git repo URL to an existing user profile:
```
aws sagemaker update-user-profile --domain-id domain-id --user-profile-name user-name\
--user-settings JupyterLabAppSettings={CodeRepositories=[{RepositoryUrl="repository"}]}
```
## Clone a Git repo in Amazon SageMaker Studio
Amazon SageMaker Studio connects to a local Git repo only. To access the files in the repo, clone the Git repo from within Studio. To do so, Studio offers a Git extension for you to enter the URL of a Git repo, clone it into your environment, push changes, and view commit history.
If the repo is private and requires credentials to access, you receive a prompt to enter your user credentials. Your credentials include your username and personal access token. For more information about personal access tokens, see [Managing your personal access tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens).
Admins can also attach suggested Git repository URLs at the Amazon SageMaker AI domain or user profile level. Users can then select the repo URL from the list of suggestions and clone that into Studio. For more information about attaching suggested repos, see [Attach Suggested Git Repos to Amazon SageMaker Studio Classic](studio-git-attach.md).
# Detach Git repo URLs
This section shows how to detach Git repository URLs from an Amazon SageMaker AI domain (domain) or a user profile. You can detach repo URLs by using the AWS Command Line Interface (AWS CLI) or the Amazon SageMaker AI console.
## Detach a Git repo using the AWS CLI
To detach all Git repo URLs from a domain or user profile, you must pass an empty list of code repositories. This list is passed as part of the `JupyterLabAppSettings` parameter in an `update-domain` or `update-user-profile` command. To detach only one Git repo URL, pass the code repositories list without the desired Git repo URL.
### Detach from an Amazon SageMaker AI domain
The following command detaches all Git repo URLs from a domain:
```
aws sagemaker update-domain --region region --domain-name domain-name \
--domain-settings JupyterLabAppSettings={CodeRepositories=[]}
```
### Detach from a user profile
The following command detaches all Git repo URLs from a user profile:
```
aws sagemaker update-user-profile --domain-name domain-name --user-profile-name user-name\
--user-settings JupyterLabAppSettings={CodeRepositories=[]}
```
# Custom images
If you need functionality that is different than what's provided by SageMaker distribution, you can bring your own image with your custom extensions and packages. You can also use it to personalize the JupyterLab UI for your own branding or compliance needs.
The following page will provide JupyterLab-specific information and templates to create your own custom SageMaker AI images. This is meant to supplement the Amazon SageMaker Studio information and instructions on creating your own SageMaker AI image and bringing your own image to Studio. To learn about custom Amazon SageMaker AI images and how to bring your own image to Studio, see [Bring your own image (BYOI)](studio-updated-byoi.md).
**Topics**
+ [
## Health check and URL for applications
](#studio-updated-jl-admin-guide-custom-images-app-healthcheck)
+ [
## Dockerfile examples
](#studio-updated-jl-custom-images-dockerfile-templates)
## Health check and URL for applications
+ `Base URL` – The base URL for the BYOI application must be `jupyterlab/default`. You can only have one application and it must always be named `default`.
+ `HealthCheck API` – SageMaker AI uses the health check endpoint at port `8888` to check the health of the JupyterLab application. `jupyterlab/default/api/status` is the endpoint for the health check.
+ `Home/Default URL` – The `/opt/.sagemakerinternal` and `/opt/ml` directories that are used by AWS. The metadata file in `/opt/ml` contains metadata about resources such as `DomainId`.
+ Authentication – To enable authentication for your users, turn off the Jupyter notebooks token or password based authentication and allow all origins.
## Dockerfile examples
The following examples are `Dockerfile`s that meets the above information and [Custom image specifications](studio-updated-byoi-specs.md).
**Note**
If you are bringing your own image to SageMaker Unified Studio, you will need to follow the [Dockerfile specifications](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/byoi-specifications.html) in the *Amazon SageMaker Unified Studio User Guide*.
`Dockerfile` examples for SageMaker Unified Studio can be found in [Dockerfile example](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/byoi-specifications.html#byoi-specifications-example) in the *Amazon SageMaker Unified Studio User Guide*.
------
#### [ Example AL2023 Dockerfile ]
The following is an example AL2023 Dockerfile that meets the above information and [Custom image specifications](studio-updated-byoi-specs.md).
```
FROM public.ecr.aws/amazonlinux/amazonlinux:2023
ARG NB_USER="sagemaker-user"
ARG NB_UID=1000
ARG NB_GID=100
# Install Python3, pip, and other dependencies
RUN yum install -y \
python3 \
python3-pip \
python3-devel \
gcc \
shadow-utils && \
useradd --create-home --shell /bin/bash --gid "${NB_GID}" --uid ${NB_UID} ${NB_USER} && \
yum clean all
RUN python3 -m pip install --no-cache-dir \
'jupyterlab>=4.0.0,<5.0.0' \
urllib3 \
jupyter-activity-monitor-extension \
--ignore-installed
# Verify versions
RUN python3 --version && \
jupyter lab --version
USER ${NB_UID}
CMD jupyter lab --ip 0.0.0.0 --port 8888 \
--ServerApp.base_url="/jupyterlab/default" \
--ServerApp.token='' \
--ServerApp.allow_origin='*'
```
------
#### [ Example Amazon SageMaker Distribution Dockerfile ]
The following is a example Amazon SageMaker Distribution Dockerfile that meets the above information and [Custom image specifications](studio-updated-byoi-specs.md).
```
FROM public.ecr.aws/sagemaker/sagemaker-distribution:latest-cpu
ARG NB_USER="sagemaker-user"
ARG NB_UID=1000
ARG NB_GID=100
ENV MAMBA_USER=$NB_USER
USER root
RUN apt-get update
RUN micromamba install sagemaker-inference --freeze-installed --yes --channel conda-forge --name base
USER $MAMBA_USER
ENTRYPOINT ["entrypoint-jupyter-server"]
```
------
# Update the SageMaker Distribution Image
**Important**
This topic assumes that you've created a space and given the user access to it. For more information, see [Give your users access to spaces](studio-updated-jl-admin-guide-permissions.md).
Update the JupyterLab spaces that you've already created to use the latest version of the SageMaker Distribution Image to access the latest features. You can use either the Studio UI or the AWS Command Line Interface (AWS CLI) to update the image.
The following sections provide information about updating an image.
## Update the image (UI)
Updating the image involves restarting the JupyterLab space of your user. Use the following procedure to update your user's JupyterLab space with the latest image.
**To update the image (UI)**
1. Open Studio. For information about opening Studio, see [Launch Amazon SageMaker Studio](studio-updated-launch.md).
1. Choose **JupyterLab**.
1. Select the JupyterLab space of your user.
1. Choose **Stop space**.
1. For **Image**, select an updated version of the SageMaker AI Distribution Image. For the latest image, choose **Latest**.
1. Choose **Run space**.
## Update the image (AWS CLI)
This section assumes that you have the AWS Command Line Interface (AWS CLI) installed. For information about installing the AWS CLI, see [Install or update to the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
To update the image, you must the do the following for your user's space:
1. Delete the JupyterLab application
1. Update the space
1. Create the application
**Important**
You must have the following information ready before you start updating the image:
domain ID – The ID of your user's Amazon SageMaker AI domain.
Application type – JupyterLab.
Application name – default.
Space name – The name specified for the space.
Instance type – The Amazon EC2 instance type that you're using to run the application. For example, `ml.t3.medium`.
SageMaker Image ARN – The Amazon Resource Name (ARN) of the SageMaker AI Distribution Image. You can provide the latest version of the SageMaker AI Distribution Image by specifying either `sagemaker-distribution-cpu` or `sagemaker-distribution-gpu` as the resource identifier.
To delete the JupyterLab application, run the following command:
```
aws sagemaker delete-app \
--domain-id your-user's-domain-id
--app-type JupyterLab \
--app-name default \
--space-name name-of-your-user's-space
```
To update your user's space, run the following command:
```
aws sagemaker update-space \
--space-name name-of-your-user's-space \
--domain-id your-user's-domain-id
```
If you've updated the space successfully, you'll see the space ARN in the response:
```
{
"SpaceArn": "arn:aws:sagemaker:AWS Region:111122223333:space/your-user's-domain-id/name-of-your-user's-space"
}
```
To create the application, run the following command:
```
aws sagemaker create-app \
--domain-id your-user's-domain-id \
--app-type JupyterLab \
--app-name default \
--space-name name-of-your-user's-space \
--resource-spec "InstanceType=instance-type,SageMakerImageArn=arn:aws:sagemaker:AWS Region:555555555555:image/sagemaker-distribution-resource-identifier"
```
# Delete unused resources
To avoid incurring additional costs running JupyterLab, we recommend deleting unused resources in the following order:
1. JupyterLab applications
1. Spaces
1. User profiles
1. domains
Use the following AWS Command Line Interface (AWS CLI) commands to delete resources within a domain:
------
#### [ Delete a JupyterLab application ]
```
aws --region AWS Region sagemaker delete-app --domain-id example-domain-id --app-name default --app-type JupyterLab --space-name example-space-name
```
------
#### [ Delete a space ]
**Important**
If you delete a space, you delete the Amazon EBS volume associated with it. We recommend backing up any valuable data before you delete your space.
```
aws --region AWS Region sagemaker delete-space --domain-id example-domain-id --space-name example-space-name
```
------
#### [ Delete a user profile ]
```
aws --region AWS Region sagemaker delete-user-profile --domain-id example-domain-id --user-profile example-user-profile
```
------
# Quotas
JupyterLab, has quotas for the following:
+ The sum of all Amazon EBS volumes within an AWS account.
+ The instance types that are available for your users.
+ The number of instances for a particular that your users can launch.
To get more storage and compute for your users, request an increase to your AWS quotas. For more information about requesting a quota increase, see [Amazon SageMaker AI endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/sagemaker.html).
# Amazon SageMaker notebook instances
An Amazon SageMaker notebook instance is a machine learning (ML) compute instance running the Jupyter Notebook application. One of the best ways for machine learning (ML) practitioners to use Amazon SageMaker AI is to train and deploy ML models using SageMaker notebook instances. The SageMaker notebook instances help create the environment by initiating Jupyter servers on Amazon Elastic Compute Cloud (Amazon EC2) and providing preconfigured kernels with the following packages: the Amazon SageMaker Python SDK, AWS SDK for Python (Boto3), AWS Command Line Interface (AWS CLI), Conda, Pandas, deep learning framework libraries, and other libraries for data science and machine learning.
Use Jupyter notebooks in your notebook instance to:
+ prepare and process data
+ write code to train models
+ deploy models to SageMaker hosting
+ test or validate your models
For information about pricing with Amazon SageMaker notebook instance, see [Amazon SageMaker Pricing](https://aws.amazon.com/sagemaker/pricing/).
## Maintenance
SageMaker AI updates the underlying software for Amazon SageMaker Notebook Instances at least once every 90 days. Some maintenance updates, such as operating system upgrades, may require your application to be taken offline for a short period of time. It is not possible to perform any operations during this period while the underlying software is being updated. We recommend that you restart your notebooks at least once every 30 days to automatically consume patches.
If the notebook instance isn't updated and is running unsecure software, SageMaker AI might periodically update the instance as part of regular maintenance. During these updates, data outside of the folder `/home/ec2-user/SageMaker` is not persisted.
For more information, contact [AWS Support](https://aws.amazon.com/premiumsupport/).
## Machine Learning with the SageMaker Python SDK
To train, validate, deploy, and evaluate an ML model in a SageMaker notebook instance, use the SageMaker Python SDK. The SageMaker Python SDK abstracts AWS SDK for Python (Boto3) and SageMaker API operations. It enables you to integrate with and orchestrate other AWS services, such as Amazon Simple Storage Service (Amazon S3) for saving data and model artifacts, Amazon Elastic Container Registry (ECR) for importing and servicing the ML models, Amazon Elastic Compute Cloud (Amazon EC2) for training and inference.
You can also take advantage of SageMaker AI features that help you deal with every stage of a complete ML cycle: data labeling, data preprocessing, model training, model deployment, evaluation on prediction performance, and monitoring the quality of model in production.
If you're a first-time SageMaker AI user, we recommend you to use the SageMaker Python SDK, following the end-to-end ML tutorial. To find the open source documentation, see the [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable).
**Topics**
+ [
## Maintenance
](#nbi-maintenance)
+ [
## Machine Learning with the SageMaker Python SDK
](#gs-ml-with-sagemaker-pysdk)
+ [
# Tutorial for building models with Notebook Instances
](gs-console.md)
+ [
# AL2023 notebook instances
](nbi-al2023.md)
+ [
# Amazon Linux 2 notebook instances
](nbi-al2.md)
+ [
# JupyterLab versioning
](nbi-jl.md)
+ [
# Create an Amazon SageMaker notebook instance
](howitworks-create-ws.md)
+ [
# Access Notebook Instances
](howitworks-access-ws.md)
+ [
# Update a Notebook Instance
](nbi-update.md)
+ [
# Customization of a SageMaker notebook instance using an LCC script
](notebook-lifecycle-config.md)
+ [
# Set the Notebook Kernel
](howitworks-set-kernel.md)
+ [
# Git repositories with SageMaker AI Notebook Instances
](nbi-git-repo.md)
+ [
# Notebook Instance Metadata
](nbi-metadata.md)
+ [
# Monitor Jupyter Logs in Amazon CloudWatch Logs
](jupyter-logs.md)
# Tutorial for building models with Notebook Instances
This Get Started tutorial walks you through how to create a SageMaker notebook instance, open a Jupyter notebook with a preconfigured kernel with the Conda environment for machine learning, and start a SageMaker AI session to run an end-to-end ML cycle. You'll learn how to save a dataset to a default Amazon S3 bucket automatically paired with the SageMaker AI session, submit a training job of an ML model to Amazon EC2, and deploy the trained model for prediction by hosting or batch inferencing through Amazon EC2.
This tutorial explicitly shows a complete ML flow of training the XGBoost model from the SageMaker AI built-in model pool. You use the [US Adult Census dataset](https://archive.ics.uci.edu/ml/datasets/adult), and you evaluate the performance of the trained SageMaker AI XGBoost model on predicting individuals' income.
+ [SageMaker AI XGBoost](https://docs.aws.amazon.com/sagemaker/latest/dg/xgboost.html) – The [XGBoost](https://xgboost.readthedocs.io/en/latest/) model is adapted to the SageMaker AI environment and preconfigured as Docker containers. SageMaker AI provides a suite of [built-in algorithms](https://docs.aws.amazon.com/sagemaker/latest/dg/algos.html) that are prepared for using SageMaker AI features. To learn more about what ML algorithms are adapted to SageMaker AI, see [Choose an Algorithm](https://docs.aws.amazon.com/sagemaker/latest/dg/algorithms-choose.html) and [Use Amazon SageMaker Built-in Algorithms](https://docs.aws.amazon.com/sagemaker/latest/dg/algos.html). For the SageMaker AI built-in algorithm API operations, see [First-Party Algorithms](https://sagemaker.readthedocs.io/en/stable/algorithms/index.html) in the [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable).
+ [Adult Census dataset](https://archive.ics.uci.edu/ml/datasets/adult) – The dataset from the [1994 Census bureau database](http://www.census.gov/en.html) by Ronny Kohavi and Barry Becker (Data Mining and Visualization, Silicon Graphics). The SageMaker AI XGBoost model is trained using this dataset to predict if an individual makes over \$150,000 a year or less.
**Topics**
+ [
# Create an Amazon SageMaker Notebook Instance for the tutorial
](gs-setup-working-env.md)
+ [
# Create a Jupyter notebook in the SageMaker notebook instance
](ex1-prepare.md)
+ [
# Prepare a dataset
](ex1-preprocess-data.md)
+ [
# Train a Model
](ex1-train-model.md)
+ [
# Deploy the model to Amazon EC2
](ex1-model-deployment.md)
+ [
# Evaluate the model
](ex1-test-model.md)
+ [
# Clean up Amazon SageMaker notebook instance resources
](ex1-cleanup.md)
# Create an Amazon SageMaker Notebook Instance for the tutorial
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
An Amazon SageMaker notebook instance is a fully-managed machine learning (ML) Amazon Elastic Compute Cloud (Amazon EC2) compute instance. An Amazon SageMaker notebook instance runs the Jupyter Notebook application. Use the notebook instance to create and manage Jupyter notebooks for preprocessing data, train ML models, and deploy ML models.
**To create a SageMaker notebook instance**
![\[Animated screenshot that shows how to create a SageMaker notebook instance.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-create-instance.gif)
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. Choose **Notebook instances**, and then choose **Create notebook instance**.
1. On the **Create notebook instance** page, provide the following information (if a field is not mentioned, leave the default values):
1. For **Notebook instance name**, type a name for your notebook instance.
1. For **Notebook Instance type**, choose `ml.t2.medium`. This is the least expensive instance type that notebook instances support, and is enough for this exercise. If a `ml.t2.medium` instance type isn't available in your current AWS Region, choose `ml.t3.medium`.
1. For **Platform Identifier**, choose a platform type to create the notebook instance on. This platform type defines the Operating System and the JupyterLab version that your notebook instance is created with. The latest and recommended version is `notebook-al2023-v1`, for an Amazon Linux 2023 notebook instance. For information about platform identifier types, see [AL2023 notebook instances](nbi-al2023.md) and [Amazon Linux 2 notebook instances](nbi-al2.md). For information about JupyterLab versions, see [JupyterLab versioning](nbi-jl.md).
1. For **IAM role**, choose **Create a new role**, and then choose **Create role**. This IAM role automatically gets permissions to access any S3 bucket that has `sagemaker` in the name. It gets these permissions through the `AmazonSageMakerFullAccess` policy, which SageMaker AI attaches to the role.
**Note**
If you want to grant the IAM role permission to access S3 buckets without `sagemaker` in the name, you need to attach the `S3FullAccess` policy. You can also limit the permissions to specific S3 buckets to the IAM role. For more information and examples of adding bucket policies to the IAM role, see [Bucket Policy Examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).
1. Choose **Create notebook instance**.
In a few minutes, SageMaker AI launches a notebook instance and attaches a 5 GB of Amazon EBS storage volume to it. The notebook instance has a preconfigured Jupyter notebook server, SageMaker AI and AWS SDK libraries, and a set of Anaconda libraries.
For more information about creating a SageMaker notebook instance, see [Create a Notebook Instance](https://docs.aws.amazon.com/sagemaker/latest/dg/howitworks-create-ws.html).
## (Optional) Change SageMaker Notebook Instance Settings
To change the ML compute instance type or the size of the Amazon EBS storage of a SageMaker AI notebook instance, edit the notebook instance settings.
**To change and update the SageMaker Notebook instance type and the EBS volume**
1. On the **Notebook instances** page in the SageMaker AI console, choose your notebook instance.
1. Choose **Actions**, choose **Stop**, and then wait until the notebook instance fully stops.
1. After the notebook instance status changes to **Stopped**, choose **Actions**, and then choose **Update settings**.
![\[Animated screenshot that shows how to update SageMaker notebook instance settings.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-update-instance.gif)
1. For **Notebook instance type**, choose a different ML instance type.
1. For **Volume size in GB**, type a different integer to specify a new EBS volume size.
**Note**
EBS storage volumes are encrypted, so SageMaker AI can't determine the amount of available free space on the volume. Because of this, you can increase the volume size when you update a notebook instance, but you can't decrease the volume size. If you want to decrease the size of the ML storage volume in use, create a new notebook instance with the desired size.
1. At the bottom of the page, choose **Update notebook instance**.
1. When the update is complete, **Start** the notebook instance with the new settings.
For more information about updating SageMaker notebook instance settings, see [Update a Notebook Instance](https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-update.html).
## (Optional) Advanced Settings for SageMaker Notebook Instances
The following tutorial video shows how to set up and use SageMaker notebook instances through the SageMaker AI console. It includes advanced options, such as SageMaker AI lifecycle configuration and importing GitHub repositories. (Length: 26:04)
[](http://www.youtube.com/watch?v=https://www.youtube.com/embed/X5CLunIzj3U)
For complete documentation about SageMaker notebook instance, see [Use Amazon SageMaker notebook Instances](https://docs.aws.amazon.com/sagemaker/latest/dg/nbi.html).
# Create a Jupyter notebook in the SageMaker notebook instance
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
To start scripting for training and deploying your model, create a Jupyter notebook in the SageMaker notebook instance. Using the Jupyter notebook, you can run machine learning (ML) experiments for training and inference while using SageMaker AI features and the AWS infrastructure.
**To create a Jupyter notebook**
![\[Animated screenshot that shows how to create a Jupyter notebook in the SageMaker AI notebook instance.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-create-notebook.gif)
1. Open the notebook instance as follows:
1. Sign in to the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the **Notebook instances** page, open your notebook instance by choosing either:
+ **Open JupyterLab** for the JupyterLab interface
+ **Open Jupyter** for the classic Jupyter view
**Note**
If the notebook instance status shows **Pending** in the **Status** column, your notebook instance is still being created. The status will change to **InService** when the notebook instance is ready to use.
1. Create a notebook as follows:
+ If you opened the notebook in the JupyterLab view, on the **File** menu, choose **New**, and then choose **Notebook**. For **Select Kernel**, choose **conda\$1python3**. This preinstalled environment includes the default Anaconda installation and Python 3.
+ If you opened the notebook in the classic Jupyter view, on the **Files** tab, choose **New**, and then choose **conda\$1python3**. This preinstalled environment includes the default Anaconda installation and Python 3.
1. Save the notebooks as follows:
+ In the JupyterLab view, choose **File**, choose **Save Notebook As...**, and then rename the notebook.
+ In the Jupyter classic view, choose **File**, choose **Save as...**, and then rename the notebook.
# Prepare a dataset
In this step, you load the [Adult Census dataset](https://archive.ics.uci.edu/ml/datasets/adult) to your notebook instance using the SHAP (SHapley Additive exPlanations) Library, review the dataset, transform it, and upload it to Amazon S3. SHAP is a game theoretic approach to explain the output of any machine learning model. For more information about SHAP, see [Welcome to the SHAP documentation](https://shap.readthedocs.io/en/latest/).
To run the following example, paste the sample code into a cell in your notebook instance.
## Load Adult Census Dataset Using SHAP
Using the SHAP library, import the Adult Census dataset as shown following:
```
import shap
X, y = shap.datasets.adult()
X_display, y_display = shap.datasets.adult(display=True)
feature_names = list(X.columns)
feature_names
```
**Note**
If the current Jupyter kernel does not have the SHAP library, install it by running the following `conda` command:
```
%conda install -c conda-forge shap
```
If you're using JupyterLab, you must manually refresh the kernel after the installation and updates have completed. Run the following IPython script to shut down the kernel (the kernel will restart automatically):
```
import IPython
IPython.Application.instance().kernel.do_shutdown(True)
```
The `feature_names` list object should return the following list of features:
```
['Age',
'Workclass',
'Education-Num',
'Marital Status',
'Occupation',
'Relationship',
'Race',
'Sex',
'Capital Gain',
'Capital Loss',
'Hours per week',
'Country']
```
**Tip**
If you're starting with unlabeled data, you can use Amazon SageMaker Ground Truth to create a data labeling workflow in minutes. To learn more, see [Label Data](https://docs.aws.amazon.com/sagemaker/latest/dg/data-label.html).
## Overview the Dataset
Run the following script to display the statistical overview of the dataset and histograms of the numeric features.
```
display(X.describe())
hist = X.hist(bins=30, sharey=True, figsize=(20, 10))
```
![\[Overview of the Adult Census dataset.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-prepare-data-1.png)
**Tip**
If you want to use a dataset that needs to be cleaned and transformed, you can simplify and streamline data preprocessing and feature engineering using Amazon SageMaker Data Wrangler. To learn more, see [Prepare ML Data with Amazon SageMaker Data Wrangler](https://docs.aws.amazon.com/sagemaker/latest/dg/data-wrangler.html).
## Split the Dataset into Train, Validation, and Test Datasets
Using Sklearn, split the dataset into a training set and a test set. The training set is used to train the model, while the test set is used to evaluate the performance of the final trained model. The dataset is randomly sorted with the fixed random seed: 80 percent of the dataset for training set and 20 percent of it for a test set.
```
from sklearn.model_selection import train_test_split
X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=1)
X_train_display = X_display.loc[X_train.index]
```
Split the training set to separate out a validation set. The validation set is used to evaluate the performance of the trained model while tuning the model's hyperparameters. 75 percent of the training set becomes the final training set, and the rest is the validation set.
```
X_train, X_val, y_train, y_val = train_test_split(X_train, y_train, test_size=0.25, random_state=1)
X_train_display = X_display.loc[X_train.index]
X_val_display = X_display.loc[X_val.index]
```
Using the pandas package, explicitly align each dataset by concatenating the numeric features with the true labels.
```
import pandas as pd
train = pd.concat([pd.Series(y_train, index=X_train.index,
name='Income>50K', dtype=int), X_train], axis=1)
validation = pd.concat([pd.Series(y_val, index=X_val.index,
name='Income>50K', dtype=int), X_val], axis=1)
test = pd.concat([pd.Series(y_test, index=X_test.index,
name='Income>50K', dtype=int), X_test], axis=1)
```
Check if the dataset is split and structured as expected:
```
train
```
![\[The example training dataset.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-prepare-data-2-train.png)
```
validation
```
![\[The example validation dataset.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-prepare-data-2-validation.png)
```
test
```
![\[The example test dataset.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-prepare-data-2-test.png)
## Convert the Train and Validation Datasets to CSV Files
Convert the `train` and `validation` dataframe objects to CSV files to match the input file format for the XGBoost algorithm.
```
# Use 'csv' format to store the data
# The first column is expected to be the output column
train.to_csv('train.csv', index=False, header=False)
validation.to_csv('validation.csv', index=False, header=False)
```
## Upload the Datasets to Amazon S3
Using the SageMaker AI and Boto3, upload the training and validation datasets to the default Amazon S3 bucket. The datasets in the S3 bucket will be used by a compute-optimized SageMaker instance on Amazon EC2 for training.
The following code sets up the default S3 bucket URI for your current SageMaker AI session, creates a new `demo-sagemaker-xgboost-adult-income-prediction` folder, and uploads the training and validation datasets to the `data` subfolder.
```
import sagemaker, boto3, os
bucket = sagemaker.Session().default_bucket()
prefix = "demo-sagemaker-xgboost-adult-income-prediction"
boto3.Session().resource('s3').Bucket(bucket).Object(
os.path.join(prefix, 'data/train.csv')).upload_file('train.csv')
boto3.Session().resource('s3').Bucket(bucket).Object(
os.path.join(prefix, 'data/validation.csv')).upload_file('validation.csv')
```
Run the following AWS CLI to check if the CSV files are successfully uploaded to the S3 bucket.
```
! aws s3 ls {bucket}/{prefix}/data --recursive
```
This should return the following output:
![\[Output of the CLI command to check the datasets in the S3 bucket.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-prepare-data-3.png)
# Train a Model
In this step, you choose a training algorithm and run a training job for the model. The [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable) provides framework estimators and generic estimators to train your model while orchestrating the machine learning (ML) lifecycle accessing the SageMaker AI features for training and the AWS infrastructures, such as Amazon Elastic Container Registry (Amazon ECR), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3). For more information about SageMaker AI built-in framework estimators, see [Frameworks](https://sagemaker.readthedocs.io/en/stable/frameworks/index.html)in the [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable) documentation. For more information about built-in algorithms, see [Built-in algorithms and pretrained models in Amazon SageMaker](algos.md).
**Topics**
+ [
## Choose the Training Algorithm
](#ex1-train-model-select-algorithm)
+ [
## Create and Run a Training Job
](#ex1-train-model-sdk)
## Choose the Training Algorithm
To choose the right algorithm for your dataset, you typically need to evaluate different models to find the most suitable models to your data. For simplicity, the SageMaker AI [XGBoost algorithm with Amazon SageMaker AI](xgboost.md) built-in algorithm is used throughout this tutorial without the pre-evaluation of models.
**Tip**
If you want SageMaker AI to find an appropriate model for your tabular dataset, use Amazon SageMaker Autopilot that automates a machine learning solution. For more information, see [SageMaker Autopilot](autopilot-automate-model-development.md).
## Create and Run a Training Job
After you figured out which model to use, start constructing a SageMaker AI estimator for training. This tutorial uses the XGBoost built-in algorithm for the SageMaker AI generic estimator.
**To run a model training job**
1. Import the [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable) and start by retrieving the basic information from your current SageMaker AI session.
```
import sagemaker
region = sagemaker.Session().boto_region_name
print("AWS Region: {}".format(region))
role = sagemaker.get_execution_role()
print("RoleArn: {}".format(role))
```
This returns the following information:
+ `region` – The current AWS Region where the SageMaker AI notebook instance is running.
+ `role` – The IAM role used by the notebook instance.
**Note**
Check the SageMaker Python SDK version by running `sagemaker.__version__`. This tutorial is based on `sagemaker>=2.20`. If the SDK is outdated, install the latest version by running the following command:
```
! pip install -qU sagemaker
```
If you run this installation in your exiting SageMaker Studio or notebook instances, you need to manually refresh the kernel to finish applying the version update.
1. Create an XGBoost estimator using the `sagemaker.estimator.Estimator` class. In the following example code, the XGBoost estimator is named `xgb_model`.
```
from sagemaker.debugger import Rule, ProfilerRule, rule_configs
from sagemaker.session import TrainingInput
s3_output_location='s3://{}/{}/{}'.format(bucket, prefix, 'xgboost_model')
container=sagemaker.image_uris.retrieve("xgboost", region, "1.2-1")
print(container)
xgb_model=sagemaker.estimator.Estimator(
image_uri=container,
role=role,
instance_count=1,
instance_type='ml.m4.xlarge',
volume_size=5,
output_path=s3_output_location,
sagemaker_session=sagemaker.Session(),
rules=[
Rule.sagemaker(rule_configs.create_xgboost_report()),
ProfilerRule.sagemaker(rule_configs.ProfilerReport())
]
)
```
To construct the SageMaker AI estimator, specify the following parameters:
+ `image_uri` – Specify the training container image URI. In this example, the SageMaker AI XGBoost training container URI is specified using `sagemaker.image_uris.retrieve`.
+ `role` – The AWS Identity and Access Management (IAM) role that SageMaker AI uses to perform tasks on your behalf (for example, reading training results, call model artifacts from Amazon S3, and writing training results to Amazon S3).
+ `instance_count` and `instance_type` – The type and number of Amazon EC2 ML compute instances to use for model training. For this training exercise, you use a single `ml.m4.xlarge` instance, which has 4 CPUs, 16 GB of memory, an Amazon Elastic Block Store (Amazon EBS) storage, and a high network performance. For more information about EC2 compute instance types, see [Amazon EC2 Instance Types](https://aws.amazon.com/ec2/instance-types/). For more information about billing, see [Amazon SageMaker pricing](https://aws.amazon.com/sagemaker/pricing/).
+ `volume_size` – The size, in GB, of the EBS storage volume to attach to the training instance. This must be large enough to store training data if you use `File` mode (`File` mode is on by default). If you don't specify this parameter, its value defaults to 30.
+ `output_path` – The path to the S3 bucket where SageMaker AI stores the model artifact and training results.
+ `sagemaker_session` – The session object that manages interactions with SageMaker API operations and other AWS service that the training job uses.
+ `rules` – Specify a list of SageMaker Debugger built-in rules. In this example, the `create_xgboost_report()` rule creates an XGBoost report that provides insights into the training progress and results, and the `ProfilerReport()` rule creates a report regarding the EC2 compute resource utilization. For more information, see [SageMaker Debugger interactive report for XGBoost](debugger-report-xgboost.md).
**Tip**
If you want to run distributed training of large sized deep learning models, such as convolutional neural networks (CNN) and natural language processing (NLP) models, use SageMaker AI Distributed for data parallelism or model parallelism. For more information, see [Distributed training in Amazon SageMaker AI](distributed-training.md).
1. Set the hyperparameters for the XGBoost algorithm by calling the `set_hyperparameters` method of the estimator. For a complete list of XGBoost hyperparameters, see [XGBoost hyperparameters](xgboost_hyperparameters.md).
```
xgb_model.set_hyperparameters(
max_depth = 5,
eta = 0.2,
gamma = 4,
min_child_weight = 6,
subsample = 0.7,
objective = "binary:logistic",
num_round = 1000
)
```
**Tip**
You can also tune the hyperparameters using the SageMaker AI hyperparameter optimization feature. For more information, see [Automatic model tuning with SageMaker AI](automatic-model-tuning.md).
1. Use the `TrainingInput` class to configure a data input flow for training. The following example code shows how to configure `TrainingInput` objects to use the training and validation datasets you uploaded to Amazon S3 in the [Split the Dataset into Train, Validation, and Test Datasets](ex1-preprocess-data.md#ex1-preprocess-data-transform) section.
```
from sagemaker.session import TrainingInput
train_input = TrainingInput(
"s3://{}/{}/{}".format(bucket, prefix, "data/train.csv"), content_type="csv"
)
validation_input = TrainingInput(
"s3://{}/{}/{}".format(bucket, prefix, "data/validation.csv"), content_type="csv"
)
```
1. To start model training, call the estimator's `fit` method with the training and validation datasets. By setting `wait=True`, the `fit` method displays progress logs and waits until training is complete.
```
xgb_model.fit({"train": train_input, "validation": validation_input}, wait=True)
```
For more information about model training, see [Train a Model with Amazon SageMaker](how-it-works-training.md). This tutorial training job might take up to 10 minutes.
After the training job has done, you can download an XGBoost training report and a profiling report generated by SageMaker Debugger. The XGBoost training report offers you insights into the training progress and results, such as the loss function with respect to iteration, feature importance, confusion matrix, accuracy curves, and other statistical results of training. For example, you can find the following loss curve from the XGBoost training report which clearly indicates that there is an overfitting problem.
![\[The chart in the XGBoost training report.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-train-loss-curve-validation-overfitting.png)
Run the following code to specify the S3 bucket URI where the Debugger training reports are generated and check if the reports exist.
```
rule_output_path = xgb_model.output_path + "/" + xgb_model.latest_training_job.job_name + "/rule-output"
! aws s3 ls {rule_output_path} --recursive
```
Download the Debugger XGBoost training and profiling reports to the current workspace:
```
! aws s3 cp {rule_output_path} ./ --recursive
```
Run the following IPython script to get the file link of the XGBoost training report:
```
from IPython.display import FileLink, FileLinks
display("Click link below to view the XGBoost Training report", FileLink("CreateXgboostReport/xgboost_report.html"))
```
The following IPython script returns the file link of the Debugger profiling report that shows summaries and details of the EC2 instance resource utilization, system bottleneck detection results, and python operation profiling results:
```
profiler_report_name = [rule["RuleConfigurationName"]
for rule in xgb_model.latest_training_job.rule_job_summary()
if "Profiler" in rule["RuleConfigurationName"]][0]
profiler_report_name
display("Click link below to view the profiler report", FileLink(profiler_report_name+"/profiler-output/profiler-report.html"))
```
**Tip**
If the HTML reports do not render plots in the JupyterLab view, you must choose **Trust HTML** at the top of the reports.
To identify training issues, such as overfitting, vanishing gradients, and other problems that prevents your model from converging, use SageMaker Debugger and take automated actions while prototyping and training your ML models. For more information, see [Amazon SageMaker Debugger](train-debugger.md). To find a complete analysis of model parameters, see the [Explainability with Amazon SageMaker Debugger](https://sagemaker-examples.readthedocs.io/en/latest/sagemaker-debugger/xgboost_census_explanations/xgboost-census-debugger-rules.html#Explainability-with-Amazon-SageMaker-Debugger) example notebook.
You now have a trained XGBoost model. SageMaker AI stores the model artifact in your S3 bucket. To find the location of the model artifact, run the following code to print the model\$1data attribute of the `xgb_model` estimator:
```
xgb_model.model_data
```
**Tip**
To measure biases that can occur during each stage of the ML lifecycle (data collection, model training and tuning, and monitoring of ML models deployed for prediction), use SageMaker Clarify. For more information, see [Model Explainability](clarify-model-explainability.md). For an end-to-end example, see the [Fairness and Explainability with SageMaker Clarify](https://sagemaker-examples.readthedocs.io/en/latest/sagemaker-clarify/fairness_and_explainability/fairness_and_explainability.html) example notebook.
# Deploy the model to Amazon EC2
To get predictions, deploy your model to Amazon EC2 using Amazon SageMaker AI.
**Topics**
+ [
## Deploy the Model to SageMaker AI Hosting Services
](#ex1-deploy-model)
+ [
## (Optional) Use SageMaker AI Predictor to Reuse the Hosted Endpoint
](#ex1-deploy-model-sdk-use-endpoint)
+ [
## (Optional) Make Prediction with Batch Transform
](#ex1-batch-transform)
## Deploy the Model to SageMaker AI Hosting Services
To host a model through Amazon EC2 using Amazon SageMaker AI, deploy the model that you trained in [Create and Run a Training Job](ex1-train-model.md#ex1-train-model-sdk) by calling the `deploy` method of the `xgb_model` estimator. When you call the `deploy` method, you must specify the number and type of EC2 ML instances that you want to use for hosting an endpoint.
```
import sagemaker
from sagemaker.serializers import CSVSerializer
xgb_predictor=xgb_model.deploy(
initial_instance_count=1,
instance_type='ml.t2.medium',
serializer=CSVSerializer()
)
```
+ `initial_instance_count` (int) – The number of instances to deploy the model.
+ `instance_type` (str) – The type of instances that you want to operate your deployed model.
+ `serializer` (int) – Serialize input data of various formats (a NumPy array, list, file, or buffer) to a CSV-formatted string. We use this because the XGBoost algorithm accepts input files in CSV format.
The `deploy` method creates a deployable model, configures the SageMaker AI hosting services endpoint, and launches the endpoint to host the model. For more information, see the [SageMaker AI generic Estimator's deploy class method](https://sagemaker.readthedocs.io/en/stable/estimators.html#sagemaker.estimator.Estimator.deploy) in the [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable). To retrieve the name of endpoint that's generated by the `deploy` method, run the following code:
```
xgb_predictor.endpoint_name
```
This should return the endpoint name of the `xgb_predictor`. The format of the endpoint name is `"sagemaker-xgboost-YYYY-MM-DD-HH-MM-SS-SSS"`. This endpoint stays active in the ML instance, and you can make instantaneous predictions at any time unless you shut it down later. Copy this endpoint name and save it to reuse and make real-time predictions elsewhere in SageMaker Studio or SageMaker AI notebook instances.
**Tip**
To learn more about compiling and optimizing your model for deployment to Amazon EC2 instances or edge devices, see [Compile and Deploy Models with Neo](https://docs.aws.amazon.com/sagemaker/latest/dg/neo.html).
## (Optional) Use SageMaker AI Predictor to Reuse the Hosted Endpoint
After you deploy the model to an endpoint, you can set up a new SageMaker AI predictor by pairing the endpoint and continuously make real-time predictions in any other notebooks. The following example code shows how to use the SageMaker AI Predictor class to set up a new predictor object using the same endpoint. Re-use the endpoint name that you used for the `xgb_predictor`.
```
import sagemaker
xgb_predictor_reuse=sagemaker.predictor.Predictor(
endpoint_name="sagemaker-xgboost-YYYY-MM-DD-HH-MM-SS-SSS",
sagemaker_session=sagemaker.Session(),
serializer=sagemaker.serializers.CSVSerializer()
)
```
The `xgb_predictor_reuse` Predictor behaves exactly the same as the original `xgb_predictor`. For more information, see the [SageMaker AI Predictor](https://sagemaker.readthedocs.io/en/stable/predictors.html#sagemaker.predictor.RealTimePredictor) class in the [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable).
## (Optional) Make Prediction with Batch Transform
Instead of hosting an endpoint in production, you can run a one-time batch inference job to make predictions on a test dataset using the SageMaker AI batch transform. After your model training has completed, you can extend the estimator to a `transformer` object, which is based on the [SageMaker AI Transformer](https://sagemaker.readthedocs.io/en/stable/api/inference/transformer.html) class. The batch transformer reads in input data from a specified S3 bucket and makes predictions.
**To run a batch transform job**
1. Run the following code to convert the feature columns of the test dataset to a CSV file and uploads to the S3 bucket:
```
X_test.to_csv('test.csv', index=False, header=False)
boto3.Session().resource('s3').Bucket(bucket).Object(
os.path.join(prefix, 'test/test.csv')).upload_file('test.csv')
```
1. Specify S3 bucket URIs of input and output for the batch transform job as shown following:
```
# The location of the test dataset
batch_input = 's3://{}/{}/test'.format(bucket, prefix)
# The location to store the results of the batch transform job
batch_output = 's3://{}/{}/batch-prediction'.format(bucket, prefix)
```
1. Create a transformer object specifying the minimal number of parameters: the `instance_count` and `instance_type` parameters to run the batch transform job, and the `output_path` to save prediction data as shown following:
```
transformer = xgb_model.transformer(
instance_count=1,
instance_type='ml.m4.xlarge',
output_path=batch_output
)
```
1. Initiate the batch transform job by executing the `transform()` method of the `transformer` object as shown following:
```
transformer.transform(
data=batch_input,
data_type='S3Prefix',
content_type='text/csv',
split_type='Line'
)
transformer.wait()
```
1. When the batch transform job is complete, SageMaker AI creates the `test.csv.out` prediction data saved in the `batch_output` path, which should be in the following format: `s3://sagemaker--111122223333/demo-sagemaker-xgboost-adult-income-prediction/batch-prediction`. Run the following AWS CLI to download the output data of the batch transform job:
```
! aws s3 cp {batch_output} ./ --recursive
```
This should create the `test.csv.out` file under the current working directory. You'll be able to see the float values that are predicted based on the logistic regression of the XGBoost training job.
# Evaluate the model
Now that you have trained and deployed a model using Amazon SageMaker AI, evaluate the model to ensure that it generates accurate predictions on new data. For model evaluation, use the test dataset that you created in [Prepare a dataset](ex1-preprocess-data.md).
## Evaluate the Model Deployed to SageMaker AI Hosting Services
To evaluate the model and use it in production, invoke the endpoint with the test dataset and check whether the inferences you get returns a target accuracy you want to achieve.
**To evaluate the model**
1. Set up the following function to predict each line of the test set. In the following example code, the `rows` argument is to specify the number of lines to predict at a time. You can change the value of it to perform a batch inference that fully utilizes the instance's hardware resource.
```
import numpy as np
def predict(data, rows=1000):
split_array = np.array_split(data, int(data.shape[0] / float(rows) + 1))
predictions = ''
for array in split_array:
predictions = ','.join([predictions, xgb_predictor.predict(array).decode('utf-8')])
return np.fromstring(predictions[1:], sep=',')
```
1. Run the following code to make predictions of the test dataset and plot a histogram. You need to take only the feature columns of the test dataset, excluding the 0th column for the actual values.
```
import matplotlib.pyplot as plt
predictions=predict(test.to_numpy()[:,1:])
plt.hist(predictions)
plt.show()
```
![\[A histogram of predicted values.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-eval-predicted-values-histogram.png)
1. The predicted values are float type. To determine `True` or `False` based on the float values, you need to set a cutoff value. As shown in the following example code, use the Scikit-learn library to return the output confusion metrics and classification report with a cutoff of 0.5.
```
import sklearn
cutoff=0.5
print(sklearn.metrics.confusion_matrix(test.iloc[:, 0], np.where(predictions > cutoff, 1, 0)))
print(sklearn.metrics.classification_report(test.iloc[:, 0], np.where(predictions > cutoff, 1, 0)))
```
This should return the following confusion matrix:
![\[An example of confusion matrix and statistics after getting the inference of the deployed model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-evaluate-confusion-matrix.png)
1. To find the best cutoff with the given test set, compute the log loss function of the logistic regression. The log loss function is defined as the negative log-likelihood of a logistic model that returns prediction probabilities for its ground truth labels. The following example code numerically and iteratively calculates the log loss values (`-(y*log(p)+(1-y)log(1-p)`), where `y` is the true label and `p` is a probability estimate of the corresponding test sample. It returns a log loss versus cutoff graph.
```
import matplotlib.pyplot as plt
cutoffs = np.arange(0.01, 1, 0.01)
log_loss = []
for c in cutoffs:
log_loss.append(
sklearn.metrics.log_loss(test.iloc[:, 0], np.where(predictions > c, 1, 0))
)
plt.figure(figsize=(15,10))
plt.plot(cutoffs, log_loss)
plt.xlabel("Cutoff")
plt.ylabel("Log loss")
plt.show()
```
This should return the following log loss curve.
![\[Example following log loss curve.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/get-started-ni/gs-ni-evaluate-logloss-vs-cutoff.png)
1. Find the minimum points of the error curve using the NumPy `argmin` and `min` functions:
```
print(
'Log loss is minimized at a cutoff of ', cutoffs[np.argmin(log_loss)],
', and the log loss value at the minimum is ', np.min(log_loss)
)
```
This should return: `Log loss is minimized at a cutoff of 0.53, and the log loss value at the minimum is 4.348539186773897`.
Instead of computing and minimizing the log loss function, you can estimate a cost function as an alternative. For example, if you want to train a model to perform a binary classification for a business problem such as a customer churn prediction problem, you can set weights to the elements of confusion matrix and calculate the cost function accordingly.
You have now trained, deployed, and evaluated your first model in SageMaker AI.
**Tip**
To monitor model quality, data quality, and bias drift, use Amazon SageMaker Model Monitor and SageMaker AI Clarify. To learn more, see [Amazon SageMaker Model Monitor](https://docs.aws.amazon.com/sagemaker/latest/dg/model-monitor.html), [Monitor Data Quality](https://docs.aws.amazon.com/sagemaker/latest/dg/model-monitor-data-quality.html), [Monitor Model Quality](https://docs.aws.amazon.com/sagemaker/latest/dg/model-monitor-model-quality.html), [Monitor Bias Drift](https://docs.aws.amazon.com/sagemaker/latest/dg/clarify-model-monitor-bias-drift.html), and [Monitor Feature Attribution Drift](https://docs.aws.amazon.com/sagemaker/latest/dg/clarify-model-monitor-feature-attribution-drift.html).
**Tip**
To get human review of low confidence ML predictions or a random sample of predictions, use Amazon Augmented AI human review workflows. For more information, see [Using Amazon Augmented AI for Human Review](https://docs.aws.amazon.com/sagemaker/latest/dg/a2i-use-augmented-ai-a2i-human-review-loops.html).
# Clean up Amazon SageMaker notebook instance resources
To avoid incurring unnecessary charges, use the AWS Management Console to delete the endpoints and resources that you created while running the exercises.
**Note**
Training jobs and logs cannot be deleted and are retained indefinitely.
**Note**
If you plan to explore other exercises in this guide, you might want to keep some of these resources, such as your notebook instance, S3 bucket, and IAM role.
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/) and delete the following resources:
+ The endpoint. Deleting the endpoint also deletes the ML compute instance or instances that support it.
1. Under **Inference**, choose **Endpoints**.
1. Choose the endpoint that you created in the example, choose **Actions**, and then choose **Delete**.
+ The endpoint configuration.
1. Under **Inference**, choose **Endpoint configurations**.
1. Choose the endpoint configuration that you created in the example, choose **Actions**, and then choose **Delete**.
+ The model.
1. Under **Inference**, choose **Models**.
1. Choose the model that you created in the example, choose **Actions**, and then choose **Delete**.
+ The notebook instance. Before deleting the notebook instance, stop it.
1. Under **Notebook**, choose **Notebook instances**.
1. Choose the notebook instance that you created in the example, choose **Actions**, and then choose **Stop**. The notebook instance takes several minutes to stop. When the **Status** changes to **Stopped**, move on to the next step.
1. Choose **Actions**, and then choose **Delete**.
1. Open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/), and then delete the bucket that you created for storing model artifacts and the training dataset.
1. Open the Amazon CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/), and then delete all of the log groups that have names starting with `/aws/sagemaker/`.
# AL2023 notebook instances
Amazon SageMaker notebook instances currently support AL2023 operating systems. AL2023 is now the latest and recommended operating system for notebook instances. You can select the operating system that your notebook instance is based on when you create the notebook instance.
SageMaker AI supports notebook instances based on the following AL2023 operating systems.
+ **notebook-al2023-v1**: These notebook instances support JupyterLab version 4. For information about JupyterLab versions, see [JupyterLab versioning](nbi-jl.md).
**Topics**
+ [
## Supported instance types
](#nbi-al2023-instances)
+ [
## Available kernels
](#nbi-al2023-kernel)
## Supported instance types
AL2023 supports instance types listed under **Notebook Instances** in [SageMaker AI Pricing](https://aws.amazon.com/sagemaker/pricing/), with the exception that AL2023 does not support `ml.p2`, `ml.p3`, `ml.g3` instances.
## Available kernels
The following table gives information about the available kernels for SageMaker notebook instances. All of these images are supported on notebook instances based on the `notebook-al2023-v1` operating system.
| Kernel name | Description |
| --- | --- |
| R | A kernel used to perform data analysis and visualization using R code from a Jupyter notebook. |
| Sparkmagic (PySpark) | A kernel used to do data science with remote Spark clusters from Jupyter notebooks using the Python programming language. This kernel comes with Python 3.10. |
| Sparkmagic (Spark) | A kernel used to do data science with remote Spark clusters from Jupyter notebooks using the Scala programming language. This kernel comes with Python 3.10. |
| Sparkmagic (SparkR) | A kernel used to do data science with remote Spark clusters from Jupyter notebooks using the R programming language. This kernel comes with Python 3.10. |
| conda\$1python3 | A conda environment that comes pre-installed with popular packages for data science and machine learning. This kernel comes with Python 3.10. |
| conda\$1pytorch | A conda environment that comes pre-installed with PyTorch version 2.7.0, as well as popular data science and machine learning packages. This kernel comes with Python 3.10. |
# Amazon Linux 2 notebook instances
**Important**
JupyterLab 1 and JupyterLab 3 are no longer supported as of June 30, 2025. You can no longer create new or restart stopped notebook instances using these versions. Existing in-service instances may continue to function but will not receive security updates or bug fixes. Migrate to JupyterLab 4 notebook instances for continued support. For more information, see [JupyterLab version maintenance](nbi-jl.md#nbi-jl-version-maintenance).
**Note**
AL2023 is the latest and recommended operating system available for notebook instances. To learn more, see [AL2023 notebook instances](nbi-al2023.md).
Amazon SageMaker notebook instances currently support Amazon Linux 2 (AL2) operating systems. You can select the operating system that your notebook instance is based on when you create the notebook instance.
SageMaker AI supports notebook instances based on the following Amazon Linux 2 operating systems.
+ **notebook-al2-v1** (deprecated): These notebook instances supported JupyterLab version 1. As of June 30, 2025, you can no longer create new instances with this platform identifier. For information about JupyterLab versions, see [JupyterLab versioning](nbi-jl.md).
+ **notebook-al2-v2** (deprecated): These notebook instances supported JupyterLab version 3. As of June 30, 2025, you can no longer create new instances with this platform identifier. For information about JupyterLab versions, see [JupyterLab versioning](nbi-jl.md).
+ **notebook-al2-v3**: These notebook instances support JupyterLab version 4. For information about JupyterLab versions, see [JupyterLab versioning](nbi-jl.md).
Notebook instances created before 08/18/2021 automatically run on Amazon Linux (AL1). Notebook instances based on AL1 entered a maintenance phase as of 12/01/2022 and are no longer available for new notebook instance creation as of 02/01/2023. To replace AL1, you now have the option to create Amazon SageMaker notebook instances with AL2. For more information, see [AL1 Maintenance Phase Plan](#nbi-al2-deprecation).
**Topics**
+ [
## Supported instance types
](#nbi-al2-instances)
+ [
## Available Kernels
](#nbi-al2-kernel)
+ [
## AL1 Maintenance Phase Plan
](#nbi-al2-deprecation)
## Supported instance types
Amazon Linux 2 supports instance types listed under **Notebook Instances** in [Amazon SageMaker Pricing](https://aws.amazon.com/sagemaker/pricing/) with the exception that Amazon Linux 2 does not support `ml.p2` instances.
## Available Kernels
The following table gives information about the available kernels for SageMaker notebook instances. All of these images are supported on notebook instances based on the `notebook-al2-v1`, `notebook-al2-v2`, and `notebook-al2-v3` operating systems.
SageMaker notebook instance kernels
| Kernel name | Description |
| --- | --- |
| R | A kernel used to perform data analysis and visualization using R code from a Jupyter notebook. |
| Sparkmagic (PySpark) | A kernel used to do data science with remote Spark clusters from Jupyter notebooks using the Python programming language. This kernel comes with Python 3.10. |
| Sparkmagic (Spark) | A kernel used to do data science with remote Spark clusters from Jupyter notebooks using the Scala programming language. This kernel comes with Python 3.10. |
| Sparkmagic (SparkR) | A kernel used to do data science with remote Spark clusters from Jupyter notebooks using the R programming language. This kernel comes with Python 3.10. |
| conda\$1python3 | A conda environment that comes pre-installed with popular packages for data science and machine learning. This kernel comes with Python 3.10. |
| conda\$1pytorch\$1p310 | A conda environment that comes pre-installed with PyTorch version 2.2.0, as well as popular data science and machine learning packages. This kernel comes with Python 3.10. |
| conda\$1tensorflow2\$1p310 | A conda environment that comes pre-installed with TensorFlow version 2.16.0, as well as popular data science and machine learning packages. This kernel comes with Python 3.10. |
## AL1 Maintenance Phase Plan
The following table is a timeline for when AL1 entered its extended maintenance phase. The AL1 maintenance phase also coincides with the deprecation of Python 2 and Chainer. Notebooks based on AL2 do not have managed Python 2 and Chainer kernels.
| Date | Description |
| --- | --- |
| 08/18/2021 | Notebook instances based on AL2 are launched. Newly launched notebook instances still default to AL1. AL1 is supported with security patches and updates, but no new features. You can choose between the two operating systems when launching a new notebook instance. |
| 10/31/2022 | The default platform identifier for SageMaker notebook instances changes from Amazon Linux (al1-v1) to Amazon Linux 2 (al2-v2). You can choose between the two operating systems when launching a new notebook instance. |
| 12/01/2022 | AL1 is no longer supported with non-critical security patches and updates. AL1 still receives fixes for [critical](https://nvd.nist.gov/vuln-metrics/cvss#) security-related issues. You can still launch instances on AL1, but assume the risks associated with using an unsupported operating system. |
| 02/01/2023 | AL1 is no longer an available option for new notebook instance creation. After this date, customers can create notebook instances with the AL2 platform identifiers. Existing notebooks with an `INSERVICE` status should be migrated to the latest platform since continuous availability of AL1 notebook instances cannot be guaranteed. |
| 03/31/2024 | AL1 reaches its end of life on notebook instances on March 31, 2024. After this date, AL1 will no longer receive any security updates, bug fixes, or be available for new notebook instance creation. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/nbi-al2.html) |
### Migrating to Amazon Linux 2
Your existing AL1 notebook instance is not automatically migrated to Amazon Linux 2. To upgrade your AL1 notebook instance to Amazon Linux 2, you must create a new notebook instance, replicate your code and environment, and delete your old notebook instance. For more information, see the [Amazon Linux 2 migration blog](https://aws.amazon.com/blogs/machine-learning/migrate-your-work-to-amazon-sagemaker-notebook-instance-with-amazon-linux-2/ ).
# JupyterLab versioning
**Important**
JupyterLab 1 and JupyterLab 3 are no longer supported as of June 30, 2025. You can no longer create new or restart stopped notebook instances using these versions. Existing in-service instances may continue to function but will not receive security updates or bug fixes. Migrate to JupyterLab 4 notebook instances for continued support. For more information, see [JupyterLab version maintenance](#nbi-jl-version-maintenance).
The Amazon SageMaker notebook instance interface is based on JupyterLab, which is a web-based interactive development environment for notebooks, code, and data. Notebooks now support using either JupyterLab 1, JupyterLab 3, or JupyterLab 4. A single notebook instance can run a single instance of JupyterLab (at most). You can have multiple notebook instances with different JupyterLab versions.
You can configure your notebook to run your preferred JupyterLab version by selecting the appropriate platform identifier. Use either the AWS CLI or the SageMaker AI console when creating your notebook instance. For more information about platform identifiers, see [AL2023 notebook instances](nbi-al2023.md) and [Amazon Linux 2 notebook instances](nbi-al2.md). If you don’t explicitly configure a platform identifier, your notebook instance defaults to running JupyterLab 1.
**Topics**
+ [
## JupyterLab version maintenance
](#nbi-jl-version-maintenance)
+ [
## JupyterLab 4
](#nbi-jl-4)
+ [
## JupyterLab 3
](#nbi-jl-3)
+ [
# Create a notebook with your JupyterLab version
](nbi-jl-create.md)
+ [
# View the JupyterLab version of a notebook from the console
](nbi-jl-view.md)
## JupyterLab version maintenance
JupyterLab 1 and JupyterLab 3 platforms reached end of standard support on June 30, 2025. As of this date:
+ You can no longer create new or restart stopped JupyterLab 1 and JupyterLab 3 notebook instances.
+ Existing in-service JupyterLab 1 and JupyterLab 3 notebook instances may continue to function, but no longer receive SageMaker AI security updates or critical bug fixes.
+ You are responsible for managing the security of these deprecated instances.
+ If issues arise with existing JupyterLab 1 or JupyterLab 3 notebook instances, SageMaker AI cannot guarantee their continued availability. You must migrate your workload to a JupyterLab 4 notebook instance.
Migrate your work to JupyterLab 4 notebook instances (the latest version's platform identifier is [notebook-al2023-v1](nbi-al2023.md)) to ensure you have a secure and supported environment. This allows you to leverage the latest versions of Jupyter notebooks, JupyterLab, and other ML libraries. For instructions, see [ migrate your work to an SageMaker AI notebook instance with Amazon Linux 2](https://aws.amazon.com/blogs//machine-learning/migrate-your-work-to-amazon-sagemaker-notebook-instance-with-amazon-linux-2/).
## JupyterLab 4
JupyterLab 4 support is available only on the Amazon Linux 2 operating system platform. JupyterLab 4 includes the following features that are not available in JupyterLab 3:
+ Optimized rendering for a faster experience
+ Opt-in settings for faster tab switching and better performance with long notebooks. For more information, see the blog post [ JupyterLab 4.0 is Here](https://blog.jupyter.org/jupyterlab-4-0-is-here-388d05e03442).
+ Upgraded text editor
+ New extension manager installing from pypi
+ Added improvements to the UI, including document search and accessibility improvements
You can run JupyterLab 4 by specifying [notebook-al2023-v1](nbi-al2023.md) (the latest and recommended version) or [notebook-al2-v3](nbi-al2.md) as the platform identifier when creating your notebook instance.
**Note**
If you attempt to migrate to a JupyterLab 4 Notebook Instance from another JupyterLab version, the package version changes between JupyterLab 3 and JupyterLab 4 might break any existing lifecycle configurations or Jupyter/JupyterLab extensions.
**Package version changes**
JupyterLab 4 has the following package version changes from JupyterLab 3:
+ JupyterLab has been upgraded from 3.x to 4.x.
+ Jupyter notebook has been upgraded from 6.x to 7.x.
+ jupyterlab-git has been updated to version 0.50.0.
## JupyterLab 3
**Important**
JupyterLab 1 and JupyterLab 3 are no longer supported as of June 30, 2025. You can no longer create new or restart stopped notebook instances using these versions. Existing in-service instances may continue to function but will not receive security updates or bug fixes. Migrate to JupyterLab 4 notebook instances for continued support. For more information, see [JupyterLab version maintenance](#nbi-jl-version-maintenance).
JupyterLab 3 support is available only on the Amazon Linux 2 operating system platform. JupyterLab 3 includes the following features that are not available in JupyterLab 1. For more information about these features, see [JupyterLab 3.0 is released\$1](https://blog.jupyter.org/jupyterlab-3-0-is-out-4f58385e25bb).
+ Visual debugger when using the following kernels:
+ conda\$1pytorch\$1p38
+ conda\$1tensorflow2\$1p38
+ conda\$1amazonei\$1pytorch\$1latest\$1p37
+ File browser filter
+ Table of Contents (TOC)
+ Multi-language support
+ Simple mode
+ Single interface mode
+ Live editing SVG files with updated rendering
+ User interface for notebook cell tags
### Important changes to JupyterLab 3
For information about important changes when using JupyterLab 3, see the following JupyterLab change logs:
+ [v2.0.0](https://github.com/jupyterlab/jupyterlab/releases)
+ [v3.0.0](https://jupyterlab.readthedocs.io/en/stable/getting_started/changelog.html#for-developers)
**Package version changes**
JupyterLab 3 has the following package version changes from JupyterLab 1:
+ JupyterLab has been upgraded from 1.x to 3.x.
+ Jupyter notebook has been upgraded from 5.x to 6.x.
+ jupyterlab-git has been updated to version 0.37.1.
+ nbserverproxy 0.x (0.3.2) has been replaced with jupyter-server-proxy 3.x (3.2.1).
# Create a notebook with your JupyterLab version
**Important**
JupyterLab 1 and JupyterLab 3 are no longer supported as of June 30, 2025. You can no longer create new or restart stopped notebook instances using these versions. Existing in-service instances may continue to function but will not receive security updates or bug fixes. Migrate to JupyterLab 4 notebook instances for continued support. For more information, see [JupyterLab version maintenance](nbi-jl.md#nbi-jl-version-maintenance).
You can select the JupyterLab version when creating your notebook instance from the console following the steps in [Create an Amazon SageMaker notebook instance](howitworks-create-ws.md).
You can also select the JupyterLab version by passing the `platform-identifier` parameter when creating your notebook instance using the AWS CLI as follows:
```
create-notebook-instance --notebook-instance-name \
--instance-type \
--role-arn \
--platform-identifier notebook-al2-v3
```
# View the JupyterLab version of a notebook from the console
**Important**
JupyterLab 1 and JupyterLab 3 are no longer supported as of June 30, 2025. You can no longer create new or restart stopped notebook instances using these versions. Existing in-service instances may continue to function but will not receive security updates or bug fixes. Migrate to JupyterLab 4 notebook instances for continued support. For more information, see [JupyterLab version maintenance](nbi-jl.md#nbi-jl-version-maintenance).
You can view the JupyterLab version of a notebook using the following procedure:
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. From the left navigation, select **Notebook**.
1. From the dropdown menu, select **Notebook instances** to navigate to the **Notebook instances** page.
1. From the list of notebook instances, select your notebook instance name.
1. On the **Notebook instance settings** page, view the **Platform Identifier** to see the JupyterLab version of the notebook.
# Create an Amazon SageMaker notebook instance
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
An Amazon SageMaker notebook instance is a ML compute instance running the Jupyter Notebook application. SageMaker AI manages creating the instance and related resources. Use Jupyter notebooks in your notebook instance to:
+ prepare and process data
+ write code to train models
+ deploy models to SageMaker AI hosting
+ test or validate your models
To create a notebook instance, use either the SageMaker AI console or the [
`CreateNotebookInstance`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html) API.
The notebook instance type you choose depends on how you use your notebook instance. Ensure that your notebook instance is not bound by memory, CPU, or IO. To load a dataset into memory on the notebook instance for exploration or preprocessing, choose an instance type with enough RAM memory for your dataset. This requires an instance with at least 16 GB of memory (.xlarge or larger). If you plan to use the notebook for compute intensive preprocessing, we recommend you choose a compute-optimized instance such as a c4 or c5.
A best practice when using a SageMaker notebook is to use the notebook instance to orchestrate other AWS services. For example, you can use the notebook instance to manage large dataset processing. To do this, make calls to AWS Glue for ETL (extract, transform, and load) services or Amazon EMR for mapping and data reduction using Hadoop. You can use AWS services as temporary forms of computation or storage for your data.
You can store and retrieve your training and test data using an Amazon Simple Storage Service bucket. You can then use SageMaker AI to train and build your model. As a result, the instance type of your notebook would have no bearing on the speed of your model training and testing.
After receiving the request, SageMaker AI does the following:
+ **Creates a network interface**—If you choose the optional VPC configuration, SageMaker AI creates the network interface in your VPC. It uses the subnet ID that you provide in the request to determine which Availability Zone to create the subnet in. SageMaker AI associates the security group that you provide in the request with the subnet. For more information, see [Connect a Notebook Instance in a VPC to External Resources](appendix-notebook-and-internet-access.md).
+ **Launches an ML compute instance**—SageMaker AI launches an ML compute instance in a SageMaker AI VPC. SageMaker AI performs the configuration tasks that allow it to manage your notebook instance. If you specified your VPC, SageMaker AI enables traffic between your VPC and the notebook instance.
+ **Installs Anaconda packages and libraries for common deep learning platforms**—SageMaker AI installs all of the Anaconda packages that are included in the installer. For more information, see [Anaconda package list](https://docs.anaconda.com/free/anaconda/pkg-docs/). SageMaker AI also installs the TensorFlow and Apache MXNet deep learning libraries.
+ **Attaches an ML storage volume**—SageMaker AI attaches an ML storage volume to the ML compute instance. You can use the volume as a working area to clean up the training dataset or to temporarily store validation, test, or other data. Choose any size between 5 GB and 16384 GB, in 1 GB increments, for the volume. The default is 5 GB. ML storage volumes are encrypted, so SageMaker AI can't determine the amount of available free space on the volume. Because of this, you can increase the volume size when you update a notebook instance, but you can't decrease the volume size. If you want to decrease the size of the ML storage volume in use, create a new notebook instance with the desired size.
Only files and data saved within the `/home/ec2-user/SageMaker` folder persist between notebook instance sessions. Files and data that are saved outside this directory are overwritten when the notebook instance stops and restarts. Each notebook instance's `/tmp` directory provides a minimum of 10 GB of storage in an instance store. An instance store is temporary, block-level storage that isn't persistent. When the instance is stopped or restarted, SageMaker AI deletes the directory's contents and any operating system customizations. This temporary storage is part of the root volume of the notebook instance.
If the notebook instance isn't updated and is running unsecure software, SageMaker AI might periodically update the instance as part of regular maintenance. During these updates, data outside of the folder `/home/ec2-user/SageMaker` is not persisted. For more information about maintenance and security patches, see [Maintenance](nbi.md#nbi-maintenance).
If the instance type used by the notebook instance has NVMe support, customers can use the NVMe instance store volumes available for that instance type. For instances with NVMe store volumes, all instance store volumes are automatically attached to the instance at launch. For more information about instance types and their associated NVMe store volumes, see the [Amazon Elastic Compute Cloud Instance Type Details](https://aws.amazon.com/ec2/instance-types/).
To make the attached NVMe store volume available for your notebook instance, complete the steps in [Make instance store volumes available on your instance ](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/add-instance-store-volumes.html#making-instance-stores-available-on-your-instances). Complete the steps with root access or by using a lifecycle configuration script.
**Note**
NVMe instance store volumes are not persistent storage. This storage is short-lived with the instance and must be reconfigured every time an instance with this storage is launched.
**To create a SageMaker AI notebook instance:**
1. Open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. Choose **Notebook instances**, then choose **Create notebook instance**.
1. On the **Create notebook instance** page, provide the following information:
1. For **Notebook instance name**, type a name for your notebook instance.
1. For **Notebook instance type**, choose an instance size suitable for your use case. For a list of supported instance types and quotas, see [Amazon SageMaker AI Service Quotas](https://docs.aws.amazon.com/general/latest/gr/sagemaker.html#limits_sagemaker).
1. For **Platform Identifier**, choose a platform type to create the notebook instance on. This platform type dictates the Operating System and the JupyterLab version that your notebook instance is created with. The latest and recommended version is `notebook-al2023-v1`, for an Amazon Linux 2023 notebook instance. As of June 30, 2025, only JupyterLab 4 is supported for new instances. For information about platform identifier types, see [AL2023 notebook instances](nbi-al2023.md) and [Amazon Linux 2 notebook instances](nbi-al2.md). For information about JupyterLab versions, see [JupyterLab versioning](nbi-jl.md).
**Important**
JupyterLab 1 and JupyterLab 3 are no longer supported as of June 30, 2025. You can no longer create new or restart stopped notebook instances using these versions. Existing in-service instances may continue to function but will not receive security updates or bug fixes. Migrate to JupyterLab 4 notebook instances for continued support. For more information, see [JupyterLab version maintenance](nbi-jl.md#nbi-jl-version-maintenance).
1. (Optional) **Additional configuration** lets advanced users create a shell script that can run when you create or start the instance. This script, called a lifecycle configuration script, can be used to set the environment for the notebook or to perform other functions. For information, see [Customization of a SageMaker notebook instance using an LCC script](notebook-lifecycle-config.md).
1. (Optional) **Additional configuration** also lets you specify the size, in GB, of the ML storage volume that is attached to the notebook instance. You can choose a size between 5 GB and 16,384 GB, in 1 GB increments. You can use the volume to clean up the training dataset or to temporarily store validation or other data.
1. (Optional) For **Minimum IMDS Version**, select a version from the dropdown list. If this value is set to v1, both versions can be used with the notebook instance. If v2 is selected, then only IMDSv2 can be used with the notebook instance. For information about IMDSv2, see [Use IMDSv2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html).
**Note**
Starting October 31, 2022, the default minimum IMDS Version for SageMaker notebook instances changes from IMDSv1 to IMDSv2.
Starting February 1, 2023, IMDSv1 is no longer be available for new notebook instance creation. After this date, you can create notebook instances with a minimum IMDS version of 2.
1. For **IAM role**, choose either an existing IAM role in your account with the necessary permissions to access SageMaker AI resources or **Create a new role**. If you choose **Create a new role**, SageMaker AI creates an IAM role named `AmazonSageMaker-ExecutionRole-YYYYMMDDTHHmmSS`. The AWS managed policy `AmazonSageMakerFullAccess` is attached to the role. The role provides permissions that allow the notebook instance to call SageMaker AI and Amazon S3.
1. For **Root access**, to give root access for all notebook instance users, choose **Enable**. To remove root access for users, choose **Disable**.If you give root access, all notebook instance users have administrator privileges and can access and edit all files on it.
1. (Optional) **Encryption key** lets you encrypt data on the ML storage volume attached to the notebook instance using an AWS Key Management Service (AWS KMS) key. If you plan to store sensitive information on the ML storage volume, consider encrypting the information.
1. (Optional) **Network** lets you put your notebook instance inside a Virtual Private Cloud (VPC). A VPC provides additional security and limits access to resources in the VPC from sources outside the VPC. For more information on VPCs, see [Amazon VPC User Guide](https://docs.aws.amazon.com/vpc/latest/userguide/).
**To add your notebook instance to a VPC:**
1. Choose the **VPC** and a **SubnetId**.
1. For **Security Group**, choose your VPC's default security group.
1. If you need your notebook instance to have internet access, enable direct internet access. For **Direct internet access**, choose **Enable**. Internet access can make your notebook instance less secure. For more information, see [Connect a Notebook Instance in a VPC to External Resources](appendix-notebook-and-internet-access.md).
1. (Optional) To associate Git repositories with the notebook instance, choose a default repository and up to three additional repositories. For more information, see [Git repositories with SageMaker AI Notebook Instances](nbi-git-repo.md).
1. Choose **Create notebook instance**.
In a few minutes, Amazon SageMaker AI launches an ML compute instance—in this case, a notebook instance—and attaches an ML storage volume to it. The notebook instance has a preconfigured Jupyter notebook server and a set of Anaconda libraries. For more information, see the [
`CreateNotebookInstance`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateNotebookInstance.html) API.
1. When the status of the notebook instance is `InService`, in the console, the notebook instance is ready to use. Choose **Open Jupyter** next to the notebook name to open the classic Jupyter dashboard.
**Note**
To augment the security of your Amazon SageMaker notebook instance, all regional `notebook.region.sagemaker.aws` domains are registered in the internet [Public Suffix List (PSL)](https://publicsuffix.org/). For further security, we recommend that you use cookies with a `__Host-` prefix to set sensitive cookies for the domains of your SageMaker notebook instances. This helps to defend your domain against cross-site request forgery attempts (CSRF). For more information, see the [Set-Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#cookie_prefixes) page in the [mozilla.org](https://www.mozilla.org/en-GB/?v=1) developer documentation website.
You can choose **Open JupyterLab** to open the JupyterLab dashboard. The dashboard provides access to your notebook instance.
For more information about Jupyter notebooks, see [The Jupyter notebook](https://jupyter-notebook.readthedocs.io/en/stable/).
# Access Notebook Instances
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
To access your Amazon SageMaker notebook instances, choose one of the following options:
+ Use the console.
Choose **Notebook instances**. The console displays a list of notebook instances in your account. To open a notebook instance with a standard Jupyter interface, choose **Open Jupyter** for that instance. To open a notebook instance with a JupyterLab interface, choose **Open JupyterLab** for that instance.
![\[Example Notebook instances section in the console.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/ws-notebook-10.png)
The console uses your sign-in credentials to send a [
`CreatePresignedNotebookInstanceUrl`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html) API request to SageMaker AI. SageMaker AI returns the URL for your notebook instance, and the console opens the URL in another browser tab and displays the Jupyter notebook dashboard.
**Note**
The URL that you get from a call to [
`CreatePresignedNotebookInstanceUrl`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html) is valid only for 5 minutes. If you try to use the URL after the 5-minute limit expires, you are directed to the AWS Management Console sign-in page.
+ Use the API.
To get the URL for the notebook instance, call the [
`CreatePresignedNotebookInstanceUrl`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreatePresignedNotebookInstanceUrl.html) API and use the URL that the API returns to open the notebook instance.
Use the Jupyter notebook dashboard to create and manage notebooks and to write code. For more information about Jupyter notebooks, see [http://jupyter.org/documentation.html](http://jupyter.org/documentation.html).
# Update a Notebook Instance
After you create a notebook instance, you can update it using the SageMaker AI console and [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateNotebookInstance.html) API operation.
You can update the tags of a notebook instance that is `InService`. To update any other attribute of a notebook instance, its status must be `Stopped`.
**To update a notebook instance in the SageMaker AI console:**
1. Open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. Choose **Notebook instances**.
1. Choose the notebook instance that you want to update by selecting the notebook instance **Name** from the list.
1. If your notebook **Status** is not `Stopped`, select the **Stop** button to stop the notebook instance.
When you do this, the notebook instance status changes to `Stopping`. Wait until the status changes to `Stopped` to complete the following steps.
1. Select the **Edit** button to open the **Edit notebook instance** page. For information about the notebook properties you can update, see [Create an Amazon SageMaker notebook instance](howitworks-create-ws.md).
1. Update your notebook instance and select the **Update notebook instance** button at the bottom of the page when you are done to return to the notebook instances page. Your notebook instance status changes to **Updating**.
When the notebook instance update is complete, the status changes to `Stopped`.
# Customization of a SageMaker notebook instance using an LCC script
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
A *lifecycle configuration* (LCC) provides shell scripts that run only when you create the notebook instance or whenever you start one. When you create a notebook instance, you can create a new LCC or attach an LCC that you already have. Lifecycle configuration scripts are useful for the following use cases:
+ Installing packages or sample notebooks on a notebook instance
+ Configuring networking and security for a notebook instance
+ Using a shell script to customize a notebook instance
You can also use a lifecycle configuration script to access AWS services from your notebook. For example, you can create a script that lets you use your notebook to control other AWS resources, such as an Amazon EMR instance.
We maintain a public repository of notebook lifecycle configuration scripts that address common use cases for customizing notebook instances at [https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples](https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples).
**Note**
Each script has a limit of 16384 characters.
The value of the `$PATH` environment variable that is available to both scripts is `/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin`. The working directory, which is the value of the `$PWD` environment variable, is `/`.
View CloudWatch Logs for notebook instance lifecycle configurations in log group `/aws/sagemaker/NotebookInstances` in log stream `[notebook-instance-name]/[LifecycleConfigHook]`.
Scripts cannot run for longer than 5 minutes. If a script runs for longer than 5 minutes, it fails and the notebook instance is not created or started. To help decrease the run time of scripts, try the following:
Cut down on necessary steps. For example, limit which conda environments in which to install large packages.
Run tasks in parallel processes.
Use the `nohup` command in your script.
You can see a list of notebook instance lifecycle configurations you previously created by choosing **Lifecycle configuration** in the SageMaker AI console. You can attach a notebook instance LCC when you create a new notebook instance. For more information about creating a notebook instance, see [Create an Amazon SageMaker notebook instance](howitworks-create-ws.md).
# Create a lifecycle configuration script
The following procedure shows how to create a lifecycle configuration script for use with an Amazon SageMaker notebook instance. For more information about creating a notebook instance, see [Create an Amazon SageMaker notebook instance](howitworks-create-ws.md).
**To create a lifecycle configuration**
1. Open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Lifecycle configurations**.
1. From the **Lifecycle configurations** page, choose the **Notebook Instance** tab.
1. Choose **Create configuration**.
1. For **Name**, type a name using alphanumeric characters and "-", but no spaces. The name can have a maximum of 63 characters.
1. (Optional) To create a script that runs when you create the notebook and every time you start it, choose **Start notebook**.
1. In the **Start notebook** editor, type the script.
1. (Optional) To create a script that runs only once, when you create the notebook, choose **Create notebook**.
1. In the **Create notebook** editor, type the script configure networking.
1. Choose **Create configuration**.
## Lifecycle Configuration Best Practices
The following are best practices for using lifecycle configurations:
**Important**
We do not recommend storing sensitive information in your lifecycle configuration script.
**Important**
Lifecycle configuration scripts run with root access and the notebook instance's IAM execution role privileges, regardless of the root access setting for notebook users. Principals with permissions to create or modify lifecycle configurations and update notebook instances can execute code with the execution role's credentials. See [Control root access to a SageMaker notebook instance](nbi-root-access.md) for more information.
+ Lifecycle configurations run as the `root` user. If your script makes any changes within the `/home/ec2-user/SageMaker` directory, (for example, installing a package with `pip`), use the command `sudo -u ec2-user` to run as the `ec2-user` user. This is the same user that Amazon SageMaker AI runs as.
+ SageMaker AI notebook instances use `conda` environments to implement different kernels for Jupyter notebooks. If you want to install packages that are available to one or more notebook kernels, enclose the commands to install the packages with `conda` environment commands that activate the conda environment that contains the kernel where you want to install the packages.
For example, if you want to install a package only for the `python3` environment, use the following code:
```
#!/bin/bash
sudo -u ec2-user -i <
**Important**
Currently, all packages in notebook instance environments are licensed for use with Amazon SageMaker AI and do not require additional commercial licenses. However, this might be subject to change in the future, and we recommend reviewing the licensing terms regularly for any updates.
Amazon SageMaker notebook instances come with multiple environments already installed. These environments contain Jupyter kernels and Python packages including: scikit, Pandas, NumPy, TensorFlow, and MXNet. These environments, along with all files in the `sample-notebooks` folder, are refreshed when you stop and start a notebook instance. You can also install your own environments that contain your choice of packages and kernels.
The different Jupyter kernels in Amazon SageMaker notebook instances are separate conda environments. For information about conda environments, see [Managing environments](https://conda.io/docs/user-guide/tasks/manage-environments.html) in the *Conda* documentation.
Install custom environments and kernels on the notebook instance's Amazon EBS volume. This ensures that they persist when you stop and restart the notebook instance, and that any external libraries you install are not updated by SageMaker AI. To do that, use a lifecycle configuration that includes both a script that runs when you create the notebook instance (`on-create)` and a script that runs each time you restart the notebook instance (`on-start`). For more information about using notebook instance lifecycle configurations, see [Customization of a SageMaker notebook instance using an LCC script](notebook-lifecycle-config.md). There is a GitHub repository that contains sample lifecycle configuration scripts at [SageMaker AI Notebook Instance Lifecycle Config Samples](https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples).
The examples at [https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples/blob/master/scripts/persistent-conda-ebs/on-create.sh](https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples/blob/master/scripts/persistent-conda-ebs/on-create.sh) and [https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples/blob/master/scripts/persistent-conda-ebs/on-start.sh](https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples/blob/master/scripts/persistent-conda-ebs/on-start.sh) show the best practice for installing environments and kernels on a notebook instance. The `on-create` script installs the `ipykernel` library to create custom environments as Jupyter kernels, then uses `pip install` and `conda install` to install libraries. You can adapt the script to create custom environments and install libraries that you want. SageMaker AI does not update these libraries when you stop and restart the notebook instance, so you can ensure that your custom environment has specific versions of libraries that you want. The `on-start` script installs any custom environments that you create as Jupyter kernels, so that they appear in the dropdown list in the Jupyter **New** menu.
## Package installation tools
SageMaker notebooks support the following package installation tools:
+ conda install
+ pip install
You can install packages using the following methods:
+ Lifecycle configuration scripts.
For example scripts, see [SageMaker AI Notebook Instance Lifecycle Config Samples](https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples). For more information on lifecycle configuration, see [Customize a Notebook Instance Using a Lifecycle Configuration Script](https://docs.aws.amazon.com/sagemaker/latest/dg/notebook-lifecycle-config.html).
+ Notebooks – The following commands are supported.
+ `%conda install`
+ `%pip install`
+ The Jupyter terminal – You can install packages using pip and conda directly.
From within a notebook you can use the system command syntax (lines starting with \$1) to install packages, for example, `!pip install` and `!conda install`. More recently, new commands have been added to IPython: `%pip` and `%conda`. These commands are the recommended way to install packages from a notebook as they correctly take into account the active environment or interpreter being used. For more information, see [Add %pip and %conda magic functions](https://github.com/ipython/ipython/pull/11524).
### Conda
Conda is an open source package management system and environment management system, which can install packages and their dependencies. SageMaker AI supports using Conda with either of the two main channels, the default channel, and the conda-forge channel. For more information, see [Conda channels](https://docs.conda.io/projects/conda/en/latest/user-guide/concepts/channels.html). The conda-forge channel is a community channel where contributors can upload packages.
**Note**
Due to how Conda resolves the dependency graph, installing packages from conda-forge can take significantly longer (in the worst cases, upwards of 10 minutes).
The Deep Learning AMI comes with many conda environments and many packages preinstalled. Due to the number of packages preinstalled, finding a set of packages that are guaranteed to be compatible is difficult. You may see a warning "The environment is inconsistent, please check the package plan carefully". Despite this warning, SageMaker AI ensures that all the SageMaker AI provided environments are correct. SageMaker AI cannot guarantee that any user installed packages will function correctly.
**Note**
Users of SageMaker AI, AWS Deep Learning AMIs and Amazon EMR can access the commercial Anaconda repository without taking a commercial license through February 1, 2024 when using Anaconda in those services. For any usage of the commercial Anaconda repository after February 1, 2024, customers are responsible for determining their own Anaconda license requirements.
Conda has two methods for activating environments: conda activate/deactivate, and source activate/deactivate. For more information, see [Should I use 'conda activate' or 'source activate' in Linux](https://stackoverflow.com/questions/49600611/python-anaconda-should-i-use-conda-activate-or-source-activate-in-linux).
SageMaker AI supports moving Conda environments onto the Amazon EBS volume, which is persisted when the instance is stopped. The environments aren't persisted when the environments are installed to the root volume, which is the default behavior. For an example lifecycle script, see [persistent-conda-ebs](https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples/tree/master/scripts/persistent-conda-ebs).
**Supported conda operations (see note at the bottom of this topic)**
+ conda install of a package in a single environment
+ conda install of a package in all environments
+ conda install of a R package in the R environment
+ Installing a package from the main conda repository
+ Installing a package from conda-forge
+ Changing the Conda install location to use EBS
+ Supporting both conda activate and source activate
### Pip
Pip is the de facto tool for installing and managing Python packages. Pip searches for packages on the Python Package Index (PyPI) by default. Unlike Conda, pip doesn't have built in environment support, and is not as thorough as Conda when it comes to packages with native/system library dependencies. Pip can be used to install packages in Conda environments.
You can use alternative package repositories with pip instead of the PyPI. For an example lifecycle script, see [on-start.sh](https://github.com/aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples/blob/master/scripts/add-pypi-repository/on-start.sh).
**Supported pip operations (see note at the bottom of this topic)**
+ Using pip to install a package without an active conda environment (install packages system wide)
+ Using pip to install a package in a conda environment
+ Using pip to install a package in all conda environments
+ Changing the pip install location to use EBS
+ Using an alternative repository to install packages with pip
### Unsupported
SageMaker AI aims to support as many package installation operations as possible. However, if the packages were installed by SageMaker AI or DLAMI, and you use the following operations on these packages, it might make your notebook instance unstable:
+ Uninstalling
+ Downgrading
+ Upgrading
We do not provide support for installing packages via yum install or installing R packages from CRAN.
Due to potential issues with network conditions or configurations, or the availability of Conda or PyPi, we cannot guarantee that packages will install in a fixed or deterministic amount of time.
**Note**
We cannot guarantee that a package installation will be successful. Attempting to install a package in an environment with incompatible dependencies can result in a failure. In such a case you should contact the library maintainer to see if it is possible to update the package dependencies. Alternatively you can attempt to modify the environment in such a way as to allow the installation. This modification however will likely mean removing or updating existing packages, which means we can no longer guarantee stability of this environment.
# Notebook Instance Software Updates
Amazon SageMaker AI periodically tests and releases software that is installed on notebook instances. This includes:
+ Kernel updates
+ Security patches
+ AWS SDK updates
+ [Amazon SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable) updates
+ Open source software updates
To ensure that you have the most recent software updates, stop and restart your notebook instance, either in the SageMaker AI console or by calling [
`StopNotebookInstance`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopNotebookInstance.html).
You can also manually update software installed on your notebook instance while it is running by using update commands in a terminal or in a notebook.
**Note**
Updating kernels and some packages might depend on whether root access is enabled for the notebook instance. For more information, see [Control root access to a SageMaker notebook instance](nbi-root-access.md).
You can check the [Personal Health Dashboard](https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/) or the security bulletin at [Security Bulletins](https://aws.amazon.com/security/security-bulletins/) for updates.
# Control an Amazon EMR Spark Instance Using a Notebook
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
You can use a notebook instance created with a custom lifecycle configuration script to access AWS services from your notebook. For example, you can create a script that lets you use your notebook with Sparkmagic to control other AWS resources, such as an Amazon EMR instance. You can then use the Amazon EMR instance to process your data instead of running the data analysis on your notebook. This allows you to create a smaller notebook instance because you won't use the instance to process data. This is helpful when you have large datasets that would require a large notebook instance to process the data.
The process requires three procedures using the Amazon SageMaker AI console:
+ Create the Amazon EMR Spark instance
+ Create the Jupyter Notebook
+ Test the notebook-to-Amazon EMR connection
**To create an Amazon EMR Spark instance that can be controlled from a notebook using Sparkmagic**
1. Open the Amazon EMR console at [https://console.aws.amazon.com/elasticmapreduce/](https://console.aws.amazon.com/elasticmapreduce/).
1. In the navigation pane, choose **Create cluster**.
1. On the **Create Cluster - Quick Options** page, under **Software configuration**, choose **Spark: Spark 2.4.4 on Hadoop 2.8.5 YARN with Ganglia 3.7.2 and Zeppelin 0.8.2**.
1. Set additional parameters on the page and then choose **Create cluster**.
1. On the **Cluster** page, choose the cluster name that you created. Note the **Master Public DNS**, the **EMR master's security group**, and the VPC name and subnet ID where the EMR cluster was created. You will use these values when you create a notebook.
**To create a notebook that uses Sparkmagic to control an Amazon EMR Spark instance**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. In the navigation pane, under **Notebook instances**, choose **Create notebook**.
1. Enter the notebook instance name and choose the instance type.
1. Choose **Additional configuration**, then, under **Lifecycle configuration**, choose **Create a new lifecycle configuration**.
1. Add the following code to the lifecycle configuration script:
```
# OVERVIEW
# This script connects an Amazon EMR cluster to an Amazon SageMaker notebook instance that uses Sparkmagic.
#
# Note that this script will fail if the Amazon EMR cluster's master node IP address is not reachable.
# 1. Ensure that the EMR master node IP is resolvable from the notebook instance.
# One way to accomplish this is to have the notebook instance and the Amazon EMR cluster in the same subnet.
# 2. Ensure the EMR master node security group provides inbound access from the notebook instance security group.
# Type - Protocol - Port - Source
# Custom TCP - TCP - 8998 - $NOTEBOOK_SECURITY_GROUP
# 3. Ensure the notebook instance has internet connectivity to fetch the SparkMagic example config.
#
# https://aws.amazon.com/blogs/machine-learning/build-amazon-sagemaker-notebooks-backed-by-spark-in-amazon-emr/
# PARAMETERS
EMR_MASTER_IP=your.emr.master.ip
cd /home/ec2-user/.sparkmagic
echo "Fetching Sparkmagic example config from GitHub..."
wget https://raw.githubusercontent.com/jupyter-incubator/sparkmagic/master/sparkmagic/example_config.json
echo "Replacing EMR master node IP in Sparkmagic config..."
sed -i -- "s/localhost/$EMR_MASTER_IP/g" example_config.json
mv example_config.json config.json
echo "Sending a sample request to Livy.."
curl "$EMR_MASTER_IP:8998/sessions"
```
1. In the `PARAMETERS` section of the script, replace `your.emr.master.ip` with the Master Public DNS name for the Amazon EMR instance.
1. Choose **Create configuration**.
1. On the **Create notebook** page, choose **Network - optional**.
1. Choose the VPC and subnet where the Amazon EMR instance is located.
1. Choose the security group used by the Amazon EMR master node.
1. Choose **Create notebook instance**.
While the notebook instance is being created, the status is **Pending**. After the instance has been created and the lifecycle configuration script has successfully run, the status is **InService**.
**Note**
If the notebook instance can't connect to the Amazon EMR instance, SageMaker AI can't create the notebook instance. The connection can fail if the Amazon EMR instance and notebook are not in the same VPC and subnet, if the Amazon EMR master security group is not used by the notebook, or if the Master Public DNS name in the script is incorrect.
**To test the connection between the Amazon EMR instance and the notebook**
1. When the status of the notebook is **InService**, choose **Open Jupyter** to open the notebook.
1. Choose **New**, then choose **Sparkmagic (PySpark)**.
1. In the code cell, enter **%%info** and then run the cell.
The output should be similar to the following
```
Current session configs: {'driverMemory': '1000M', 'executorCores': 2, 'kind': 'pyspark'}
No active sessions.
```
# Set the Notebook Kernel
Amazon SageMaker AI provides several kernels for Jupyter that provide support for Python 2 and 3, Apache MXNet, TensorFlow, and PySpark. To set a kernel for a new notebook in the Jupyter notebook dashboard, choose **New**, and then choose the kernel from the list. For more information about the available kernels, see [Available Kernels](nbi-al2.md#nbi-al2-kernel).
![\[Location of the New drop-down list in the Jupyter notebook dashboard.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/nbi-set-kernel.png)
You can also create a custom kernel that you can use in your notebook instance. For information, see [External library and kernel installation](nbi-add-external.md).
# Git repositories with SageMaker AI Notebook Instances
Associate Git repositories with your notebook instance to save your notebooks in a source control environment that persists even if you stop or delete your notebook instance. You can associate one default repository and up to three additional repositories with a notebook instance. The repositories can be hosted in AWS CodeCommit, GitHub, or on any other Git server. Associating Git repositories with your notebook instance can be useful for:
+ Persistence - Notebooks in a notebook instance are stored on durable Amazon EBS volumes, but they do not persist beyond the life of your notebook instance. Storing notebooks in a Git repository enables you to store and use notebooks even if you stop or delete your notebook instance.
+ Collaboration - Peers on a team often work on machine learning projects together. Storing your notebooks in Git repositories allows peers working in different notebook instances to share notebooks and collaborate on them in a source-control environment.
+ Learning - Many Jupyter notebooks that demonstrate machine learning techniques are available in publicly hosted Git repositories, such as on GitHub. You can associate your notebook instance with a repository to easily load Jupyter notebooks contained in that repository.
There are two ways to associate a Git repository with a notebook instance:
+ Add a Git repository as a resource in your Amazon SageMaker AI account. Then, to access the repository, you can specify an AWS Secrets Manager secret that contains credentials. That way, you can access repositories that require authentication.
+ Associate a public Git repository that is not a resource in your account. If you do this, you cannot specify credentials to access the repository.
**Topics**
+ [
# Add a Git repository to your Amazon SageMaker AI account
](nbi-git-resource.md)
+ [
# Create a Notebook Instance with an Associated Git Repository
](nbi-git-create.md)
+ [
# Associate a CodeCommit Repository in a Different AWS Account with a Notebook Instance
](nbi-git-cross.md)
+ [
# Use Git Repositories in a Notebook Instance
](git-nbi-use.md)
# Add a Git repository to your Amazon SageMaker AI account
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
To manage your GitHub repositories, easily associate them with your notebook instances, and associate credentials for repositories that require authentication, add the repositories as resources in your Amazon SageMaker AI account. You can view a list of repositories that are stored in your account and details about each repository in the SageMaker AI console and by using the API.
You can add Git repositories to your SageMaker AI account in the SageMaker AI console or by using the AWS CLI.
**Note**
You can use the SageMaker AI API [
`CreateCodeRepository`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateCodeRepository.html) to add Git repositories to your SageMaker AI account, but step-by-step instructions are not provided here.
## Add a Git repository to your SageMaker AI account (Console)
**To add a Git repository as a resource in your SageMaker AI account**
1. Open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. Under **Notebook**, choose **Git repositories**, then choose **Add repository**.
1. To add an CodeCommit repository, choose **AWS CodeCommit**. To add a GitHub or other Git-based repository, choose **GitHub/Other Git-based repo**.
**To add an existing CodeCommit repository**
1. Choose **Use existing repository**.
1. For **Repository**, choose a repository from the list.
1. Enter a name to use for the repository in SageMaker AI. The name must be 1 to 63 characters. Valid characters are a-z, A-Z, 0-9, and - (hyphen).
1. Choose **Add repository**.
**To create a new CodeCommit repository**
1. Choose **Create new repository**.
1. Enter a name for the repository that you can use in both CodeCommit and SageMaker AI. The name must be 1 to 63 characters. Valid characters are a-z, A-Z, 0-9, and - (hyphen).
1. Choose **Create repository**.
**To add a Git repository hosted somewhere other than CodeCommit**
1. Choose **GitHub/Other Git-based repo**.
1. Enter a name of up to 63 characters. Valid characters include alpha-numeric characters, a hyphen (-), and 0-9.
1. Enter the URL for the repository. Do not provide a username in the URL. Add the sign-in credentials in AWS Secrets Manager as described in the next step.
1. For **Git credentials**, choose the credentials to use to authenticate to the repository. This is necessary only if the Git repository is private.
**Note**
If you have two-factor authentication enabled for your Git repository, enter a personal access token generated by your Git service provider in the `password` field.
1. To use an existing AWS Secrets Manager secret, choose **Use existing secret**, and then choose a secret from the list. For information about creating and storing a secret, see [Creating a Basic Secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html) in the *AWS Secrets Manager User Guide*. The name of the secret you use must contain the string `sagemaker`.
**Note**
The secret must have a staging label of `AWSCURRENT` and must be in the following format:
`{"username": UserName, "password": Password}`
For GitHub repositories, we recommend using a personal access token in the `password` field. For information, see [https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/).
1. To create a new AWS Secrets Manager secret, choose **Create secret**, enter a name for the secret, and then enter the sign-in credentials to use to authenticate to the repository. The name for the secret must contain the string `sagemaker`.
**Note**
The IAM role you use to create the secret must have the `secretsmanager:GetSecretValue` permission in its IAM policy.
The secret must have a staging label of `AWSCURRENT` and must be in the following format:
`{"username": UserName, "password": Password}`
For GitHub repositories, we recommend using a personal access token.
1. To not use any credentials, choose **No secret**.
1. Choose **Create secret**.
# Add a Git repository to your Amazon SageMaker AI account (CLI)
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
Use the `create-code-repository` AWS CLI command to add a Git repository to Amazon SageMaker AI to give users access to external resources. Specify a name for the repository as the value of the `code-repository-name` argument. The name must be 1 to 63 characters. Valid characters are a-z, A-Z, 0-9, and - (hyphen). Also specify the following:
+ The default branch
+ The URL of the Git repository
**Note**
Do not provide a username in the URL. Add the sign-in credentials in AWS Secrets Manager as described in the next step.
+ The Amazon Resource Name (ARN) of an AWS Secrets Manager secret that contains the credentials to use to authenticate the repository as the value of the `git-config` argument
For information about creating and storing a secret, see [Creating a Basic Secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html) in the *AWS Secrets Manager User Guide*. The following command creates a new repository named `MyRespository` in your Amazon SageMaker AI account that points to a Git repository hosted at `https://github.com/myprofile/my-repo"`.
For Linux, OS X, or Unix:
```
aws sagemaker create-code-repository \
--code-repository-name "MyRepository" \
--git-config Branch=branch,RepositoryUrl=https://github.com/myprofile/my-repo,SecretArn=arn:aws:secretsmanager:us-east-2:012345678901:secret:my-secret-ABc0DE
```
For Windows:
```
aws sagemaker create-code-repository ^
--code-repository-name "MyRepository" ^
--git-config "{\"Branch\":\"master\", \"RepositoryUrl\" :
\"https://github.com/myprofile/my-repo\", \"SecretArn\" : \"arn:aws:secretsmanager:us-east-2:012345678901:secret:my-secret-ABc0DE\"}"
```
**Note**
The secret must have a staging label of `AWSCURRENT` and must be in the following format:
`{"username": UserName, "password": Password}`
For GitHub repositories, we recommend using a personal access token.
# Create a Notebook Instance with an Associated Git Repository
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
You can associate Git repositories with a notebook instance when you create the notebook instance by using the AWS Management Console, or the AWS CLI. If you want to use a CodeCommit repository that is in a different AWS account than the notebook instance, set up cross-account access for the repository. For information, see [Associate a CodeCommit Repository in a Different AWS Account with a Notebook Instance](nbi-git-cross.md).
**Topics**
+ [
## Create a Notebook Instance with an Associated Git Repository (Console)
](#nbi-git-create-console)
+ [
# Create a Notebook Instance with an Associated Git Repository (CLI)
](nbi-git-create-cli.md)
## Create a Notebook Instance with an Associated Git Repository (Console)
**To create a notebook instance and associate Git repositories in the Amazon SageMaker AI console**
1. Follow the instructions at [Create an Amazon SageMaker Notebook Instance for the tutorial](gs-setup-working-env.md).
1. For **Git repositories**, choose Git repositories to associate with the notebook instance.
1. For **Default repository**, choose a repository that you want to use as your default repository. SageMaker AI clones this repository as a subdirectory in the Jupyter startup directory at `/home/ec2-user/SageMaker`. When you open your notebook instance, it opens in this repository. To choose a repository that is stored as a resource in your account, choose its name from the list. To add a new repository as a resource in your account, choose **Add a repository to SageMaker AI (opens the Add repository flow in a new window)** and then follow the instructions at [Create a Notebook Instance with an Associated Git Repository (Console)](#nbi-git-create-console). To clone a public repository that is not stored in your account, choose **Clone a public Git repository to this notebook instance only**, and then specify the URL for that repository.
1. For **Additional repository 1**, choose a repository that you want to add as an additional directory. SageMaker AI clones this repository as a subdirectory in the Jupyter startup directory at `/home/ec2-user/SageMaker`. To choose a repository that is stored as a resource in your account, choose its name from the list. To add a new repository as a resource in your account, choose **Add a repository to SageMaker AI (opens the Add repository flow in a new window)** and then follow the instructions at [Create a Notebook Instance with an Associated Git Repository (Console)](#nbi-git-create-console). To clone a repository that is not stored in your account, choose **Clone a public Git repository to this notebook instance only**, and then specify the URL for that repository.
Repeat this step up to three times to add up to three additional repositories to your notebook instance.
# Create a Notebook Instance with an Associated Git Repository (CLI)
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
To create a notebook instance and associate Git repositories by using the AWS CLI, use the `create-notebook-instance` command as follows:
+ Specify the repository that you want to use as your default repository as the value of the `default-code-repository` argument. Amazon SageMaker AI clones this repository as a subdirectory in the Jupyter startup directory at `/home/ec2-user/SageMaker`. When you open your notebook instance, it opens in this repository. To use a repository that is stored as a resource in your SageMaker AI account, specify the name of the repository as the value of the `default-code-repository` argument. To use a repository that is not stored in your account, specify the URL of the repository as the value of the `default-code-repository` argument.
+ Specify up to three additional repositories as the value of the `additional-code-repositories` argument. SageMaker AI clones this repository as a subdirectory in the Jupyter startup directory at `/home/ec2-user/SageMaker`, and the repository is excluded from the default repository by adding it to the `.git/info/exclude` directory of the default repository. To use repositories that are stored as resources in your SageMaker AI account, specify the names of the repositories as the value of the `additional-code-repositories` argument. To use repositories that are not stored in your account, specify the URLs of the repositories as the value of the `additional-code-repositories` argument.
For example, the following command creates a notebook instance that has a repository named `MyGitRepo`, that is stored as a resource in your SageMaker AI account, as a default repository, and an additional repository that is hosted on GitHub:
```
aws sagemaker create-notebook-instance \
--notebook-instance-name "MyNotebookInstance" \
--instance-type "ml.t2.medium" \
--role-arn "arn:aws:iam::012345678901:role/service-role/AmazonSageMaker-ExecutionRole-20181129T121390" \
--default-code-repository "MyGitRepo" \
--additional-code-repositories "https://github.com/myprofile/my-other-repo"
```
**Note**
If you use an AWS CodeCommit repository that does not contain "SageMaker" in its name, add the `codecommit:GitPull` and `codecommit:GitPush` permissions to the role that you pass as the `role-arn` argument to the `create-notebook-instance` command. For information about how to add permissions to a role, see [Adding and Removing IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) in the *AWS Identity and Access Management User Guide*.
# Associate a CodeCommit Repository in a Different AWS Account with a Notebook Instance
To associate a CodeCommit repository in a different AWS account with your notebook instance, set up cross-account access for the CodeCommit repository.
**To set up cross-account access for a CodeCommit repository and associate it with a notebook instance:**
1. In the AWS account that contains the CodeCommit repository, create an IAM policy that allows access to the repository from users in the account that contains your notebook instance. For information, see [Step 1: Create a Policy for Repository Access in AccountA](https://docs.aws.amazon.com/codecommit/latest/userguide/cross-account-administrator-a.html#cross-account-create-policy-a) in the *CodeCommit User Guide*.
1. In the AWS account that contains the CodeCommit repository, create an IAM role, and attach the policy that you created in the previous step to that role. For information, see [Step 2: Create a Role for Repository Access in AccountA](https://docs.aws.amazon.com/codecommit/latest/userguide/cross-account-administrator-a.html#cross-account-create-role-a) in the *CodeCommit User Guide*.
1. Create a profile in the notebook instance that uses the role that you created in the previous step:
1. Open the notebook instance.
1. Open a terminal in the notebook instance.
1. Edit a new profile by typing the following in the terminal:
```
vi /home/ec2-user/.aws/config
```
1. Edit the file with the following profile information:
```
[profile CrossAccountAccessProfile]
region = us-west-2
role_arn = arn:aws:iam::CodeCommitAccount:role/CrossAccountRepositoryContributorRole
credential_source=Ec2InstanceMetadata
output = json
```
Where *CodeCommitAccount* is the account that contains the CodeCommit repository, *CrossAccountAccessProfile* is the name of the new profile, and *CrossAccountRepositoryContributorRole* is the name of the role you created in the previous step.
1. On the notebook instance, configure git to use the profile you created in the previous step:
1. Open the notebook instance.
1. Open a terminal in the notebook instance.
1. Edit the Git configuration file typing the following in the terminal:
```
vi /home/ec2-user/.gitconfig
```
1. Edit the file with the following profile information:
```
[credential]
helper = !aws codecommit credential-helper --profile CrossAccountAccessProfile $@
UseHttpPath = true
```
Where *CrossAccountAccessProfile* is the name of the profile that you created in the previous step.
# Use Git Repositories in a Notebook Instance
When you open a notebook instance that has Git repositories associated with it, it opens in the default repository, which is installed in your notebook instance directly under `/home/ec2-user/SageMaker`. You can open and create notebooks, and you can manually run Git commands in a notebook cell. For example:
```
!git pull origin master
```
To open any of the additional repositories, navigate up one folder. The additional repositories are also installed as directories under `/home/ec2-user/SageMaker`.
If you open the notebook instance with a JupyterLab interface, the jupyter-git extension is installed and available to use. For information about the jupyter-git extension for JupyterLab, see [https://github.com/jupyterlab/jupyterlab-git](https://github.com/jupyterlab/jupyterlab-git).
When you open a notebook instance in JupyterLab, you see the git repositories associated with it on the left menu:
![\[Example file browser in JupyterLab.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/git-notebook.png)
You can use the jupyter-git extension to manage git visually, instead of using the command line:
![\[Example of the jupyter-git extension in JupyterLab.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/jupyterlab-git.png)
# Notebook Instance Metadata
When you create a notebook instance, Amazon SageMaker AI creates a JSON file on the instance at the location `/opt/ml/metadata/resource-metadata.json` that contains the `ResourceName` and `ResourceArn` of the notebook instance. You can access this metadata from anywhere within the notebook instance, including in lifecycle configurations. For information about notebook instance lifecycle configurations, see [Customization of a SageMaker notebook instance using an LCC script](notebook-lifecycle-config.md).
**Note**
The `resource-metadata.json` file can be modified with root access.
The `resource-metadata.json` file has the following structure:
```
{
"ResourceArn": "NotebookInstanceArn",
"ResourceName": "NotebookInstanceName"
}
```
You can use this metadata from within the notebook instance to get other information about the notebook instance. For example, the following commands get the tags associated with the notebook instance:
```
NOTEBOOK_ARN=$(jq '.ResourceArn'
/opt/ml/metadata/resource-metadata.json --raw-output)
aws sagemaker list-tags --resource-arn $NOTEBOOK_ARN
```
The output looks like the following:
```
{
"Tags": [
{
"Key": "test",
"Value": "true"
}
]
}
```
# Monitor Jupyter Logs in Amazon CloudWatch Logs
Jupyter logs include important information such as events, metrics, and health information that provide actionable insights when running Amazon SageMaker notebooks. By importing Jupyter logs into CloudWatch Logs, customers can use CloudWatch Logs to detect anomalous behaviors, set alarms, and discover insights to keep the SageMaker AI notebooks running more smoothly. You can access the logs even when the Amazon EC2 instance that hosts the notebook is unresponsive, and use the logs to troubleshoot the unresponsive notebook. Sensitive information such as AWS account IDs, secret keys, and authentication tokens in presigned URLs are removed so that customers can share logs without leaking private information.
**To view Jupyter logs for a notebook instance:**
1. Sign in to the AWS Management Console and open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. Choose **Notebook instances**.
1. In the list of notebook instances, choose the notebook instance for which you want to view Jupyter logs by selecting the Notebook instance **Name**.
This will bring you to the details page for that notebook instance.
1. Under **Monitor** on the notebook instance details page, choose **View logs**.
1. In the CloudWatch console, choose the log stream for your notebook instance. Its name is in the form `NotebookInstanceName/jupyter.log`.
For more information about monitoring CloudWatch logs for SageMaker AI, see [CloudWatch Logs for Amazon SageMaker AI](logging-cloudwatch.md).
# Amazon SageMaker Studio Lab
**Note**
As of August 8, 2025, Amazon SageMaker Studio Lab uses JupyterLab 4 instead of JupyterLab 3. If you experience dependency issues, reinstall any extensions that you added to your environments.
Amazon SageMaker Studio Lab is a free service that gives customers access to AWS compute resources, in an environment based on open-source JupyterLab 4. It is based on the same architecture and user interface as Amazon SageMaker Studio Classic, but with a subset of Studio Classic capabilities.
With Studio Lab, you can use AWS compute resources to create and run your Jupyter notebooks without signing up for an AWS account. Because Studio Lab is based on open-source JupyterLab, you can take advantage of open-source Jupyter extensions to run your Jupyter notebooks.
**Studio Lab compared to Amazon SageMaker Studio Classic**
While Studio Lab provides free access to AWS compute resources, Amazon SageMaker Studio Classic provides the following advanced machine learning capabilities that Studio Lab does not support.
+ Continuous integration and continuous delivery (Pipelines)
+ Real-time predictions
+ Large-scale distributed training
+ Data preparation (Amazon SageMaker Data Wrangler)
+ Data labeling (Amazon SageMaker Ground Truth)
+ Feature Store
+ Bias analysis (Clarify)
+ Model deployment
+ Model monitoring
Studio Classic also supports fine-grained access control and security by using AWS Identity and Access Management (IAM), Amazon Virtual Private Cloud (Amazon VPC), and AWS Key Management Service (AWS KMS). Studio Lab does not support these Studio Classic features, nor does it support the use of estimators and built-in SageMaker AI algorithms.
To export your Studio Lab projects for use with Studio Classic, see [Export an Amazon SageMaker Studio Lab environment to Amazon SageMaker Studio Classic](studio-lab-use-migrate.md).
The following topics give information about Studio Lab and how to use it
**Topics**
+ [
# Amazon SageMaker Studio Lab components overview
](studio-lab-overview.md)
+ [
# Onboard to Amazon SageMaker Studio Lab
](studio-lab-onboard.md)
+ [
# Manage your account
](studio-lab-manage-account.md)
+ [
# Launch your Amazon SageMaker Studio Lab project runtime
](studio-lab-manage-runtime.md)
+ [
# Use Amazon SageMaker Studio Lab starter assets
](studio-lab-integrated-resources.md)
+ [
# Studio Lab pre-installed environments
](studio-lab-environments.md)
+ [
# Use the Amazon SageMaker Studio Lab project runtime
](studio-lab-use.md)
+ [
# Troubleshooting
](studio-lab-troubleshooting.md)
# Amazon SageMaker Studio Lab components overview
Amazon SageMaker Studio Lab consists of the following components. The following topics give more details about these components.
**Topics**
+ [
## Landing page
](#studio-lab-overview-landing)
+ [
## Studio Lab account
](#studio-lab-overview-account)
+ [
## Project overview page
](#studio-lab-overview-project-overview)
+ [
## Preview page
](#studio-lab-overview-preview)
+ [
## Project
](#studio-lab-overview-project)
+ [
## Compute instance type
](#studio-lab-overview-project-compute)
+ [
## Project runtime
](#studio-lab-overview-runtime)
+ [
## Session
](#studio-lab-overview-session)
## Landing page
You can request an account and sign in to an existing account on your landing page. To navigate to the landing page, see the [Amazon SageMaker Studio Lab website](https://studiolab.sagemaker.aws/). For more information about creating a Studio Lab account, see [Onboard to Amazon SageMaker Studio Lab](studio-lab-onboard.md).
The following screenshot shows the Studio Lab landing page interface for requesting a user account and signing in.
![\[The Amazon SageMaker Studio Lab landing page layout.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio-lab-landing.png)
## Studio Lab account
Your Studio Lab account gives you access to Studio Lab. For more information about creating a user account, see [Onboard to Amazon SageMaker Studio Lab](studio-lab-onboard.md).
## Project overview page
You can launch a compute instance and view information about your project on this page. To navigate to this page, you must sign in from the [Amazon SageMaker Studio Lab website](https://studiolab.sagemaker.aws/). The URL takes the following format.
```
https://studiolab.sagemaker.aws/users/
```
The following screenshot shows a project overview in the Studio Lab user interface.
![\[The layout of the project overview user interface.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio-lab-overview.png)
## Preview page
On this page, you can access a read-only preview of a Jupyter notebook. You can not execute the notebook from preview, but you can copy that notebook into your project. For many customers, this may be the first Studio Lab page that customers see, as they may be opening a notebook from GitHub notebook. For more information on how to use GitHub resources, see [Use GitHub resources](studio-lab-use-external.md#studio-lab-use-external-clone-github).
To copy the notebook preview to your Studio Lab project:
1. Sign in to your Studio Lab account. For more information about creating a Studio Lab account, see [Onboard to Amazon SageMaker Studio Lab](studio-lab-onboard.md).
1. Under **Notebook compute instance**, choose a compute instance type. For more information about compute instance types, see [Compute instance type](#studio-lab-overview-project-compute).
1. Choose **Start runtime**. You might be asked to solve a CAPTCHA puzzle. For more information on CAPTCHA, see [ What is a CAPTCHA puzzle?](https://docs.aws.amazon.com/waf/latest/developerguide/waf-captcha-puzzle.html)
1. One time setup, for first time starting runtime using your Studio Lab account:
1. Enter a mobile phone number to associate with your Amazon SageMaker Studio Lab account and choose **Continue**.
For information on supported countries and regions, see [ Supported countries and regions (SMS channel)](https://docs.aws.amazon.com/pinpoint/latest/userguide/channels-sms-countries.html).
1. Enter the 6-digit code sent to the associated mobile phone number and choose **Verify**.
1. Choose **Copy to project**.
## Project
Your project contains all of your files and folders, including your Jupyter notebooks. You have full control over the files in your project. Your project also includes the JupyterLab-based user interface. From this interface, you can interact with your Jupyter notebooks, edit your source code files, integrate with GitHub, and connect to Amazon S3. For more information, see [Use the Amazon SageMaker Studio Lab project runtime](studio-lab-use.md).
The following screenshot shows a Studio Lab project with the file browser open and the Studio Lab Launcher displayed.
![\[The layout of the project user interface.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio-lab-ui.png)
## Compute instance type
Your Amazon SageMaker Studio Lab project runtime is based on an EC2 instance. You are allotted 15 GB of storage and 16 GB of RAM. Availability of compute instances is not guaranteed and is subject to demand. If you require additional storage or compute resources, consider switching to Studio.
Amazon SageMaker Studio Lab offers the choice of a CPU (Central Processing Unit) and a GPU (Graphical Processing Unit). The following sections give information about these two options, including selection guidance.
**CPU**
A central processing unit (CPU) is designed to handle a wide range of tasks efficiently, but is limited in how many tasks it can run concurrently. For machine learning, a CPU is recommended for compute intensive algorithms, such as time series, forecasting, and tabular data.
The CPU compute type has up to 4 hours at a time with a limit of 8 hours in a 24-hour period.
**GPU**
A graphics processing unit (GPU) is designed to render high-resolution images and video concurrently. A GPU is recommended for deep learning tasks, especially for transformers and computer vision.
The GPU compute type has up to 4 hours at a time with a limit of 4 hours in a 24-hour period.
**Compute time**
When compute time for Studio Lab reaches its time limit, the instance stops all running computations. Studio Lab does not support time limit increases.
Studio Lab automatically saves your environment when you update your environment and every time you create a new file. Custom-installed extensions and packages persist even after your runtime has ended.
File edits are periodically saved, but are not saved when your runtime ends. To ensure that you do not lose your progress, save your work manually. If you have content in your Studio Lab project that you don’t want to lose, we recommend that you back up your content elsewhere. For more information about exporting your environment and files, see [Export an Amazon SageMaker Studio Lab environment to Amazon SageMaker Studio Classic](studio-lab-use-migrate.md).
During long computation, you do not need to keep your project open. For example, you can start training a model, then close your browser. The instance keeps running for up to the compute type limit in a 24-hour period. You can then sign in later to continue your work.
We recommend that you use checkpointing in your deep learning jobs. You can use saved checkpoints to restart a job from the previously saved checkpoint. For more information, see [File I/O](https://d2l.ai/chapter_deep-learning-computation/read-write.html?highlight=checkpointing).
## Project runtime
The project runtime is the period of time when your compute instance is running.
## Session
A user session begins every time you launch your project.
# Onboard to Amazon SageMaker Studio Lab
To onboard to Amazon SageMaker Studio Lab, follow the steps in this guide. In the following sections, you learn how to request a Studio Lab account, create your account, and sign in.
**Topics**
+ [
## Request a Studio Lab account
](#studio-lab-onboard-request)
+ [
## Create a Studio Lab account
](#studio-lab-onboard-register)
+ [
## Sign in to Studio Lab
](#studio-lab-onboard-signin)
## Request a Studio Lab account
To use Studio Lab, you must first request approval to create a Studio Lab account. An AWS account cannot be used for onboarding to Studio Lab.
The following steps show how to request a Studio Lab account.
1. Navigate to the [Studio Lab landing page](https://studiolab.sagemaker.aws).
1. Select **Request account**.
1. Enter the required information into the form.
1. Select **Submit request**.
1. If you receive an email to verify your email address, follow the instructions in the email to complete this step.
Your account request must be approved before you can register for a Studio Lab account. Your request will be reviewed within five business days. When your account request is approved, you receive an email with a link to the Studio Lab account registration page. This link expires seven days after your request is approved. If the link expires, you must submit a new account request.
Note: Your account request is denied if your email has been associated with activity that violates our [Terms of Service](https://aws.amazon.com/service-terms/) or other agreements.
### Referral codes
Studio Lab referral codes enable new account requests to be automatically approved to support machine learning events like workshops, hackathons, and classes. With a referral code, a trusted host can get their participants immediate access to Studio Lab. After an account has been created using a referral code, the account continues to exist after the expiration of the code.
To get a referral code, contact [Sales Support](https://aws.amazon.com/contact-us/sales-support/). To use a referral code, enter the code as part of the account request form.
## Create a Studio Lab account
After your request is approved, complete the following steps to create your Studio Lab account.
1. Select **Create account** in the account request approval email to open a new page.
1. From the new page, enter your **Email**, a **Password**, and a **Username**.
1. Select **Create account**.
You might be asked to solve a CAPTCHA puzzle. For more information on CAPTCHA, see [ What is a CAPTCHA puzzle?](https://docs.aws.amazon.com/waf/latest/developerguide/waf-captcha-puzzle.html)
## Sign in to Studio Lab
After you register for your account, you can sign in to Studio Lab.
1. Navigate to the [Studio Lab landing page](https://studiolab.sagemaker.aws).
1. Select **Sign in** to open a new page.
1. Enter your **Email** or **Username** and **Password**.
1. Select **Sign in** to open a new page to your project.
You might be asked to solve a CAPTCHA puzzle. For more information on CAPTCHA, see [ What is a CAPTCHA puzzle?](https://docs.aws.amazon.com/waf/latest/developerguide/waf-captcha-puzzle.html)
# Manage your account
The following topic gives information about managing your account, including changing your password, deleting your account, and getting information that we have collected. These topics require that you sign in to your Amazon SageMaker Studio Lab account. For more information, see [Sign in to Studio Lab](studio-lab-onboard.md#studio-lab-onboard-signin).
## Change your password
Follow these steps to change your Amazon SageMaker Studio Lab password.
1. Navigate to the Studio Lab project overview page. The URL takes the following format.
```
https://studiolab.sagemaker.aws/users/
```
1. From the top-right corner, select your user name to open a dropdown menu.
1. From the dropdown menu, select **Change password** to open a new page.
1. Enter your current password into the **Enter your current password** field.
1. Enter your new password into the **Create a new password** and **Confirm your new password** fields.
1. Select **Submit**.
## Delete your account
Follow these steps to delete your Studio Lab account.
1. Navigate to the Studio Lab project overview page. The URL takes the following format.
```
https://studiolab.sagemaker.aws/users/
```
1. From the top-right corner, select your user name to open a dropdown menu.
1. From the dropdown menu, select **Delete account** to open a new page.
1. Enter your password to confirm the deletion of your Studio Lab account.
1. Select **Delete**.
## Customer information
Studio Lab collects your email address, user name, encrypted password, project files, and metadata. When requesting an account, you can optionally choose to provide your first and last name, country, organization name, occupation, and the reason for your interest in this product. We protect all customer personal data with encryption. For more information about how your personal information is handled, see the [Privacy Notice](https://aws.amazon.com//privacy/).
When you delete your account, all of your information is deleted immediately. If you have an inquiry about this, submit the [Amazon SageMaker Studio Lab Form](https://pages.awscloud.com/GLOBAL_PM_PA_amazon-sagemaker_20211116_7014z000000rjq2-registration.html). For information and support related to AWS compliance, see [Compliance support](https://aws.amazon.com//contact-us/compliance-support/).
# Launch your Amazon SageMaker Studio Lab project runtime
The Amazon SageMaker Studio Lab project runtime lets you write and run code directly from your browser. It is based on JupyterLab and has an integrated terminal and console. For more information about JupyterLab, see the [JupyterLab Documentation](https://jupyterlab.readthedocs.io/en/stable/).
The following topic gives information about how to manage your project runtime. These topics require that you sign in to your Amazon SageMaker Studio Lab account. For more information about signing in, see [Sign in to Studio Lab](studio-lab-onboard.md#studio-lab-onboard-signin). For more information about your project, see [Amazon SageMaker Studio Lab components overview](studio-lab-overview.md).
**Topics**
+ [
## Start your project runtime
](#studio-lab-manage-runtime-start)
+ [
## Stop your project runtime
](#studio-lab-manage-runtime-stop)
+ [
## View remaining compute time
](#studio-lab-manage-runtime-view)
+ [
## Change your compute type
](#studio-lab-manage-runtime-change)
## Start your project runtime
To use Studio Lab, you must start your project runtime. This runtime gives you access to the JupyterLab environment.
1. Navigate to the Studio Lab project overview page. The URL takes the following format.
```
https://studiolab.sagemaker.aws/users/
```
1. Under **My Project**, select a compute type. For more information about compute types, see [Compute instance type](studio-lab-overview.md#studio-lab-overview-project-compute).
1. Select **Start runtime**.
You might be asked to solve a CAPTCHA puzzle. For more information on CAPTCHA, see [ What is a CAPTCHA puzzle?](https://docs.aws.amazon.com/waf/latest/developerguide/waf-captcha-puzzle.html)
1. One time setup, for first time starting runtime using your Studio Lab account:
1. Enter a mobile phone number to associate with your Amazon SageMaker Studio Lab account and choose **Continue**.
For information on supported countries and regions, see [ Supported countries and regions (SMS channel)](https://docs.aws.amazon.com/pinpoint/latest/userguide/channels-sms-countries.html).
1. Enter the 6-digit code sent to the associated mobile phone number and choose **Verify**.
1. After the runtime is running, select **Open project** to open the project runtime environment in a new browser tab.
## Stop your project runtime
When you stop your project runtime, your files are not automatically saved. To ensure that you don't lose your work, save all of your changes before stopping your project runtime.
+ Under **My Project**, select **Stop runtime**.
## View remaining compute time
Your project runtime has limited compute time based on the compute type that you select. For more information about compute time in Studio Lab, see [Compute instance type](studio-lab-overview.md#studio-lab-overview-project-compute).
+ Under **My Project**, view **Time remaining**.
## Change your compute type
You can switch your compute type based on your workflow. For more information about compute types, see [Compute instance type](studio-lab-overview.md#studio-lab-overview-project-compute).
1. Save any project files before changing the compute type.
1. Navigate to the Studio Lab project overview page. The URL takes the following format.
```
https://studiolab.sagemaker.aws/users/
```
1. Under **My Project**, select the desired compute type (CPU or GPU).
1. Confirm your choice by selecting **Restart** in the **Restart project runtime?** dialog box. Studio Lab stops your current project runtime, then starts a new project runtime with your updated compute type.
1. After your project runtime has started, select **Open project**. This opens your project runtime environment in a new browser tab. For information about using your project runtime environment, see [Use the Amazon SageMaker Studio Lab project runtime](studio-lab-use.md).
# Use Amazon SageMaker Studio Lab starter assets
Amazon SageMaker Studio Lab supports the following assets to help machine learning (ML) practitioners get started. This guide shows you how to clone notebooks for your project.
**Getting started notebook**
Studio Lab comes with a starter notebook that gives general information and guides you through key workflows. When you launch your project runtime for the first time, this notebook automatically opens.
**Dive into Deep Learning**
Dive into Deep Learning (D2L) is an interactive, open-source book that teaches the ideas, mathematical theory, and code that power machine learning. With over 150 Jupyter notebooks, D2L provides a comprehensive overview of deep learning principles. For more information about D2L, see the [D2L website](https://d2l.ai/).
The following procedure shows how to clone the D2L Jupyter notebooks to your instance.
1. Start and open the Studio Lab project runtime environment by following [Start your project runtime](studio-lab-manage-runtime.md#studio-lab-manage-runtime-start).
1. Once Studio Lab is open, choose the Git tab (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/git.png)) on the left sidebar.
1. Choose **Clone a Repository**.
If you do not see the **Clone a Repository** option, this may be because you are currently in a Git repository. Instead, use the following substeps.
1. Choose the Folder tab (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)) on the left sidebar.
1. Beneath the file search bar, choose the folder icon to the left of the currently selected repository. When you hover over the folder icon, you will see the user directory (`/home/studio-lab-user`).
1. Once you are in the user directory, choose the Git tab on the left sidebar.
1. Choose **Clone a Repository**.
1. Under **Git repository URL (.git)** you will be asked to provide a URL.
1. On a new browser tab, navigate to your Studio Lab project overview page. The URL takes the following format.
```
https://studiolab.sagemaker.aws/users/
```
1. Under **New to machine learning?**, choose **Dive into Deep Learning**.
1. From the new **Dive into Deep Learning** browser tab, choose **GitHub** to open a new page with the example notebooks.
1. Choose **Code** and copy the GitHub repository's URL in the **HTTPS** tab.
1. Return to the Studio Lab open project browser tab, paste the D2L repository URL, and clone the repository.
**AWS Machine Learning University**
The AWS Machine Learning University (MLU) provides access to the machine learning courses used to train Amazon’s own developers. With AWS MLU, any developer can learn how to use machine learning with the learn-at-your-own-pace MLU Accelerator learning series. The MLU Accelerator series is designed to help developers begin their ML journey. It offers three-day foundational courses on these three subjects: Natural Language Processing, Tabular Data, and Computer Vision. For more information, see [Machine Learning University](https://aws.amazon.com//machine-learning/mlu/).
The following procedure shows how to clone the AWS MLU Jupyter notebooks to your instance.
1. Start and open the Studio Lab project runtime environment by following [Start your project runtime](studio-lab-manage-runtime.md#studio-lab-manage-runtime-start).
1. Once Studio Lab is open, choose the Git tab (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/git.png)) on the left sidebar.
1. Choose **Clone a Repository**.
If you do not see the **Clone a Repository** option, this may be because you are currently in a Git repository. Instead, use the following substeps.
1. Choose the Folder tab (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)) on the left sidebar.
1. Beneath the file search bar, choose the folder icon to the left of the currently selected repository. When you hover over the folder icon, you will see the user directory (`/home/studio-lab-user`).
1. Once you are in the user directory, choose the Git tab on the left sidebar.
1. Choose **Clone a Repository**.
1. Under **Git repository URL (.git)** you will be asked to provide a URL.
1. On a new browser tab, navigate to your Studio Lab project overview page. The URL takes the following format.
```
https://studiolab.sagemaker.aws/users/
```
1. Under **New to machine learning?**, choose **AWS Machine Learning University**.
1. From the new **AWS Machine Learning University** browser tab, find a course that interests you by reading the **Course Summary** for each course.
1. Choose the corresponding GitHub repository of interest under **Course Content**, to open a new page with the example notebooks.
1. Choose **Code** and copy the GitHub repository's URL in the **HTTPS** tab.
1. Return to the Studio Lab open project browser tab, paste the MLU repository URL, and choose **Clone** to clone the repository.
** Roboflow**
Roboflow gives you the tools to train, fine-tune, and label objects for computer vision applications. For more information, see [https://roboflow.com/](https://roboflow.com/).
The following procedure shows how to clone the Roboflow Jupyter notebooks to your instance.
1. Navigate to the Studio Lab project overview page. The URL takes the following format.
```
https://studiolab.sagemaker.aws/users/
```
1. Under **Resources and community**, find **Make AI Generated Images**.
1. Under **Make AI Generated Images** choose **Open notebook**.
1. Follow the tutorial under the Notebook preview.
# Studio Lab pre-installed environments
Amazon SageMaker Studio Lab uses conda environments to manage packages (or libraries) for your projects. This guide explains what conda environments are, how to interact with them, and the different pre-installed environments available in Studio Lab.
A conda environment is a directory that contains a collection of packages you have installed. It allows you to create isolated environments with specific package versions, preventing conflicts between projects with different dependencies.
You can interact with conda environments in Studio Lab in two ways:
+ Terminal: Use the terminal to create, activate, and manage environments.
+ JupyterLab Notebook: When opening a JupyterLab notebook, select the kernel with the environment name you wish to use, to use the packages installed in that environment.
For a walkthrough on managing environments, see [Manage your environment](studio-lab-use-manage.md)
Studio Lab comes with several pre-installed environments that are either persistent or non-persistent memory environments. Any changes made to persistent memory environments will remain for your next session. Any changes to non-persistent memory environments will not remain for your next sessions, but the packages within will be updated and tested for compatability by Amazon SageMaker AI. Here's an overview of each environment and its use case:
+ `sagemaker-distribution`: A non-persistent environment managed by Amazon SageMaker AI. It contains popular packages for machine learning, data science, and visualization. This environment is regularly updated and tested for compatibility. Use this environment if you want a fully-managed setup with common packages pre-installed.
The `sagemaker-distribution` environment is closely related to the environment used in Amazon SageMaker Studio Classic, so after graduating from Studio Lab to Studio Classic the notebooks should run similarly. For information on exporting your environment from Studio Lab to Studio Classic, see [Export an Amazon SageMaker Studio Lab environment to Amazon SageMaker Studio Classic](studio-lab-use-migrate.md).
+ `default`: A persistent environment with minimal packages pre-installed. Use this environment if you want to customize it significantly by installing additional packages.
+ `studiolab`: A persistent environment where JupyterLab and related packages installed. Use this environment for configuring the JupyterLab user interface and installing Jupyter server extensions.
+ `studiolab-safemode`: A non-persistent environment activated automatically when there's an issue with your project runtime. Use this environment for troubleshooting purposes. For information on troubleshooting, see [Troubleshooting](studio-lab-troubleshooting.md).
+ `base`: A non-persistent environment used for system tooling. This environment is not intended for customer use.
To view the packages in an environment, run the command `conda list`.
For more information on installing packages within your environment, see [Customize your environment](studio-lab-use-manage.md#studio-lab-use-manage-conda-default-customize).
If you plan to graduate from Studio Lab to Amazon SageMaker Studio Classic, see [Export an Amazon SageMaker Studio Lab environment to Amazon SageMaker Studio Classic](studio-lab-use-migrate.md).
For information on SageMaker images and their versions, see [Amazon SageMaker Images Available for Use With Studio Classic Notebooks](notebooks-available-images.md).
# Use the Amazon SageMaker Studio Lab project runtime
The following topics give information about using the Amazon SageMaker Studio Lab project runtime. Before you can use the Studio Lab project runtime, you must onboard to Studio Lab by following the steps in [Onboard to Amazon SageMaker Studio Lab](studio-lab-onboard.md).
**Topics**
+ [
# Amazon SageMaker Studio Lab UI overview
](studio-lab-use-ui.md)
+ [
# Create or open an Amazon SageMaker Studio Lab notebook
](studio-lab-use-create.md)
+ [
# Use the Amazon SageMaker Studio Lab notebook toolbar
](studio-lab-use-menu.md)
+ [
# Manage your environment
](studio-lab-use-manage.md)
+ [
# Use external resources in Amazon SageMaker Studio Lab
](studio-lab-use-external.md)
+ [
# Get notebook differences
](studio-lab-use-diff.md)
+ [
# Export an Amazon SageMaker Studio Lab environment to Amazon SageMaker Studio Classic
](studio-lab-use-migrate.md)
+ [
# Shut down Studio Lab resources
](studio-lab-use-shutdown.md)
# Amazon SageMaker Studio Lab UI overview
Amazon SageMaker Studio Lab extends the JupyterLab interface. Previous users of JupyterLab will notice similarities between the JupyterLab and Studio Lab UI, including the workspace. For an overview of the basic JupyterLab interface, see [The JupyterLab Interface](https://jupyterlab.readthedocs.io/en/latest/user/interface.html).
The following image shows Studio Lab with the file browser open and the Studio Lab Launcher displayed.
![\[The layout of the project user interface.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio-lab-ui.png)
You will find the *menu bar* at the top of the screen. The *left sidebar* contains icons to open file browsers, resource browsers, and tools. The *status bar* is located at the bottom-left corner of Studio Lab.
The main work area is divided horizontally into two panes. The left pane is the *file and resource browser*. The right pane contains one or more tabs for resources, such as notebooks and terminals.
**Topics**
+ [
## Left sidebar
](#studio-lab-use-ui-nav-bar)
+ [
## File and resource browser
](#studio-lab-use-ui-browser)
+ [
## Main work area
](#studio-lab-use-ui-work)
## Left sidebar
The left sidebar includes the following icons. When you hover over an icon, a tooltip displays the icon name. When you choose an icon, the file and resource browser displays the described functionality. For hierarchical entries, a selectable breadcrumb at the top of the browser shows your location in the hierarchy.
| Icon | Description |
| --- | --- |
| ![\[The File Browser icon\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/File_browser_squid@2x.png) | **File Browser** Choose the **Upload Files** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/File_upload_squid.png)) to add files to Studio Lab. Double-click a file to open the file in a new tab. To have adjacent files open, choose a tab that contains a notebook, Python, or text file, and then choose **New View for File**. Choose the plus (**\$1**) sign on the menu at the top of the file browser to open the Studio Lab Launcher. |
| ![\[The Running Terminals and Kernels icon\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/Running_squid@2x.png) | **Running Terminals and Kernels** You can see a list of all of the running terminals and kernels in your project. For more information, see [Shut down Studio Lab resources](studio-lab-use-shutdown.md). |
| ![\[The Git icon\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/Git_squid@2x.png) | **Git** You can connect to a Git repository and then access a full range of Git tools and operations. For more information, see [Use external resources in Amazon SageMaker Studio Lab](studio-lab-use-external.md). |
| ![\[The Table of Contents icon\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-toc.png) | **Table of Contents** You can access the Table of Contents for your current Jupyter notebook. |
| ![\[The Extension Manager icon\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-extension.png) | **Extension Manager** You can enable and manage third-party JupyterLab extensions. |
## File and resource browser
The file and resource browser shows lists of your notebooks and files. On the menu at the top of the file browser, choose the plus (**\$1**) sign to open the Studio Lab Launcher. The Launcher allows you to create a notebook or open a terminal.
## Main work area
The main work area has multiple tabs that contain your open notebooks and terminals.
# Create or open an Amazon SageMaker Studio Lab notebook
When you create a notebook in Amazon SageMaker Studio Lab or open a notebook in Studio Lab, you must select a kernel for the notebook. The following topics describe how to create and open notebooks in Studio Lab.
For information about shutting down the notebook, see [Shut down Studio Lab resources](studio-lab-use-shutdown.md).
**Topics**
+ [
## Open a Studio Lab notebook
](#studio-lab-use-create-open)
+ [
## Create a notebook from the file menu
](#studio-lab-use-create-file)
+ [
## Create a notebook from the Launcher
](#studio-lab-use-create-launcher)
## Open a Studio Lab notebook
Studio Lab can only open notebooks listed in the Studio Lab file browser. To clone a notebook into your file browser from an external repository, see [Use external resources in Amazon SageMaker Studio Lab](studio-lab-use-external.md).
**To open a notebook**
1. In the left sidebar, choose the **File Browser** icon (![\[Dark blue square icon with a white outline of a cloud and an arrow pointing upward.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/File_browser_squid.png)) to display the file browser.
1. Browse to a notebook file and double-click it to open the notebook in a new tab.
## Create a notebook from the file menu
**To create a notebook from the File menu**
1. From the Studio Lab menu, choose **File**, choose **New**, and then choose **Notebook**.
1. To use the default kernel, in the **Select Kernel** dialog box, choose **Select**. Otherwise, to select a different kernel, use the dropdown menu.
## Create a notebook from the Launcher
**To create a notebook from the Launcher**
1. Open the Launcher by using the keyboard shortcut `Ctrl + Shift + L`.
Alternatively, you can open Launcher from the left sidebar: Choose the **File Browser** icon, and then choose the plus (**\$1**) icon.
1. To use the default kernel from the Launcher, under **Notebook**, choose **default:Python**. Otherwise, select a different kernel.
After you choose the kernel, your notebook launches and opens in a new Studio Lab tab.
To view the notebook's kernel session, in the left sidebar, choose the **Running Terminals and Kernels** icon (![\[Square icon with a white outline of a cloud on a dark blue background.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/Running_squid.png)). You can stop the notebook's kernel session from this view.
# Use the Amazon SageMaker Studio Lab notebook toolbar
Amazon SageMaker Studio Lab notebooks extend the JupyterLab interface. For an overview of the basic JupyterLab interface, see [The JupyterLab Interface](https://jupyterlab.readthedocs.io/en/latest/user/interface.html).
The following image shows the toolbar and an empty cell from a Studio Lab notebook.
![\[The layout of the notebook toolbar, including the toolbar icons.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio-lab-menu.png)
When you hover over a toolbar icon, a tooltip displays the icon function. You can find additional notebook commands in the Studio Lab main menu. The toolbar includes the following icons:
| Icon | Description |
| --- | --- |
| ![\[The Save and checkpoint icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-save-and-checkpoint.png) | **Save and checkpoint** Saves the notebook and updates the checkpoint file. |
| ![\[The Insert cell icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-insert-cell.png) | **Insert cell** Inserts a code cell below the current cell. The current cell is noted by the blue vertical marker in the left margin. |
| ![\[The Cut, copy, and paste cells icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab_cut_copy_paste.png) | **Cut, copy, and paste cells** Cuts, copies, and pastes the selected cells. |
| ![\[The Run cells icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-run.png) | **Run cells** Runs the selected cells. The cell that follows the last-selected cell becomes the new-selected cell. |
| ![\[The Interrupt kernel icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-interrupt-kernel.png) | **Interrupt kernel** Interrupts the kernel, which cancels the currently-running operation. The kernel remains active. |
| ![\[The Restart kernel icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-restart-kernel.png) | **Restart kernel** Restarts the kernel. Variables are reset. Unsaved information is not affected. |
| ![\[The Restart kernel and re-run notebook icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-restart-rerun-kernel.png) | **Restart kernel and re-run notebook** Restarts the kernel. Variables are reset. Unsaved information is not affected. Then re-runs the entire notebook. |
| ![\[The Cell type icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab_cell.png) | **Cell type** Displays or changes the current cell type. The cell types are: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/studio-lab-use-menu.html) |
| ![\[The Checkpoint diff icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-checkpoint-diff.png) | **Checkpoint diff** Opens a new tab that displays the difference between the notebook and the checkpoint file. For more information, see [Get notebook differences](studio-lab-use-diff.md). |
| ![\[The Git diff icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-git-diff.png) | **Git diff** Only enabled if the notebook is opened from a Git repository. Opens a new tab that displays the difference between the notebook and the last Git commit. For more information, see [Get notebook differences](studio-lab-use-diff.md). |
| **default** | **Kernel** Displays or changes the kernel that processes the cells in the notebook. `No Kernel` indicates that the notebook was opened without specifying a kernel. You can edit the notebook, but you can't run any cells. |
| ![\[The Kernel busy status icon.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/studio-lab-kernel.png) | **Kernel busy status** Displays a kernel's busy status by showing the circle's edge and its interior as the same color. The kernel is busy when it is starting and when it is processing cells. Additional kernel states are displayed in the status bar at the bottom-left corner of Studio Lab. |
# Manage your environment
Amazon SageMaker Studio Lab provides pre-installed environments for your Studio Lab notebook instances. Environments allow you to start up a Studio Lab notebook instance with the packages you want to use. This is done by installing packages in the environment and then selecting the environment as a Kernel.
Studio Lab has various environments pre-installed for you. You will typically want to use the `sagemaker-distribution` environment if you want to use a fully managed environment that already contains many popular packages used for machine learning (ML) engineers and data scientists. Otherwise you can use the `default` environment if you want persistent customization for your environment. For more information on the available pre-installed Studio Lab environments, see [Studio Lab pre-installed environments](studio-lab-environments.md).
You can customize your environment by adding new packages (or libraries) to it. You can also create new environments from Studio Lab, import compatible environments, reset your environment to create space, and more.
The following commands are for running in a Studio Lab terminal. However, while installing packages it is highly recommended to install them within your Studio Lab Jupyter notebook. This ensures that the packages are installed in the intended environment. To run the commands in a Jupyter notebook, prefix the command with a `%` before running the cell. For example, the code snippet `pip list` in a terminal is the same as `%pip list` in a Jupyter notebook.
The following sections give information about your `default` conda environment, how to customize it, and how to add and remove conda environments. For a list of sample environments that you can install into Studio Lab, see [Creating Custom conda Environments](https://github.com/aws/studio-lab-examples/tree/main/custom-environments). To use these sample environment YAML files with Studio Lab, see [Step 4: Install your Studio Lab conda environments in Studio Classic](studio-lab-use-migrate.md#studio-lab-use-migrate-step4).
**Topics**
+ [
## Your default environment
](#studio-lab-use-manage-conda-default)
+ [
## View environments
](#studio-lab-use-view-conda-envs)
+ [
## Create, activate, and use new conda environments
](#studio-lab-use-manage-conda-new-conda)
+ [
## Using sample Studio Lab environments
](#studio-lab-use-manage-conda-sample)
+ [
## Customize your environment
](#studio-lab-use-manage-conda-default-customize)
+ [
## Refresh Studio Lab
](#studio-lab-use-manage-conda-reset)
## Your default environment
Studio Lab uses conda environments to encapsulate the software packages that are needed to run notebooks. Your project contains a default conda environment, named `default`, with the [IPython kernel](https://ipython.readthedocs.io/en/stable/). This environment serves as the default kernel for your Jupyter notebooks.
## View environments
To view the environments in Studio Lab you can use a terminal or Jupyter notebook. The following command will be for a Studio Lab terminal. If you wish to run the corresponding commands in a Jupyter notebook, see [Manage your environment](#studio-lab-use-manage).
Open the Studio Lab terminal by opening the **File Browser** panel (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)), choose the plus (**\$1**) sign on the menu at the top of the file browser to open the **Launcher**, then choose **Terminal**. From the Studio Lab terminal, list the conda environments by running the following.
```
conda env list
```
This command outputs a list of the conda environments and their locations in the file system. When you onboard to Studio Lab, you automatically activate the `studiolab` conda environment. The following is an example of listed environments after you onboard.
```
# conda environments:
#
default /home/studio-lab-user/.conda/envs/default
studiolab * /home/studio-lab-user/.conda/envs/studiolab
studiolab-safemode /opt/amazon/sagemaker/safemode-home/.conda/envs/studiolab-safemode
base /opt/conda
sagemaker-distribution /opt/conda/envs/sagemaker-distribution
```
The `*` marks the activated environment.
## Create, activate, and use new conda environments
If you would like to maintain multiple environments for different use cases, you can create new conda environments in your project. The following sections show how to create and activate new conda environments. For a Jupyter notebook that shows how to create a custom environment, see [Setting up a Custom Environment in SageMaker Studio Lab](https://github.com/aws/studio-lab-examples/blob/main/custom-environments/custom_environment.ipynb).
**Note**
Maintaining multiple environments counts against your available Studio Lab memory.
**Create conda environment**
To create a conda environment, run the following conda command from your terminal. This example creates a new environment with Python 3.9.
```
conda create --name python=3.9
```
Once the conda environment is created, you can view the environment in your environment list. For more information on how to view your environment list, see [View environments](#studio-lab-use-view-conda-envs).
**Activate a conda environment**
To activate any conda environment, run the following command in the terminal.
```
conda activate
```
When you run this command, any packages installed using conda or pip are installed in the environment. For more information on installing packages, see [Customize your environment](#studio-lab-use-manage-conda-default-customize).
**Use a conda environment**
1. To use your new conda environments with notebooks, make sure the `ipykernel` package is installed in the environment.
```
conda install ipykernel
```
1. Once the `ipykernel` package is installed in the environment, you can select the environment as the kernel for your notebook.
You may need to restart JupyterLab to see the environment available as a kernel. This can be done by choosing **Amazon SageMaker Studio Lab** in the top menu of your Studio Lab open project, and choosing **Restart JupyterLab...**.
1. You can choose the kernel for an existing notebook or when you create a new one.
+ For an existing notebook: open the notebook and choose the current kernel from the right side of the top menu. You can choose the kernel you wish to use from the drop-down menu.
+ For a new notebook: open the Studio Lab launcher and choose the kernel under **Notebook**. This will open the notebook with the kernel you choose.
For an overview of the Studio Lab UI, see [Amazon SageMaker Studio Lab UI overview](studio-lab-use-ui.md).
## Using sample Studio Lab environments
Studio Lab provides sample custom environments through the [SageMaker Studio Lab Examples](https://github.com/aws/studio-lab-examples) repository. The following shows how to clone and build these environments.
1. Clone the SageMaker Studio Lab Examples GitHub repository by following the instructions in [Use GitHub resources](studio-lab-use-external.md#studio-lab-use-external-clone-github).
1. In Studio Lab choose the **File Browser** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)) on the left menu, so that the **File Browser** panel shows on the left.
1. Navigate to the `studio-lab-examples/custom-environments` directory in the File Browser.
1. Open the directory for the environment that you want to build.
1. Right click the `.yml` file in the folder, then select **Build conda Environment**.
1. You can now use the environment as a kernel after your conda environment has finished building. For instructions on how to use an existing environment as a kernel, see [Create, activate, and use new conda environments](#studio-lab-use-manage-conda-new-conda)
## Customize your environment
You can customize your environment by installing and removing extensions and packages as needed. Studio Lab comes with environments with packages pre-installed and using an existing environment may save you time and memory, as pre-installed packages do not count against your available Studio Lab memory. For more information on the available pre-installed Studio Lab environments, see [Studio Lab pre-installed environments](studio-lab-environments.md).
Any installed extensions and packages installed on your `default` environment will persist in your project. That is, you do not need to install your packages for every project runtime session. However, extensions and packages installed on your `sagemaker-distribution` environment will not persist, so you will need to install new packages during your next session. Thus, it is highly recommended to install packages within your notebook to ensure that the packages are installed in the intended environment.
To view your environments, run the command `conda env list`.
To activate your environment, run the command `conda activate `.
To view the packages in an environment, run the command `conda list`.
**Install packages**
It is highly recommended to install your packages within your Jupyter notebook to ensure that your packages are installed in the intended environment. To install additional packages to your environment from a Jupyter notebook, run one of the following commands in a cell within your Jupyter notebook. These commands install packages in the currently activated environment.
+ `%conda install `
+ `%pip install `
We don't recommend using the `!pip` or `!conda` commands because they can behave in unexpected ways when you have multiple environments.
After you install new packages to your environment, you may need to restart the kernel to ensure that the packages work in your notebook. This can be done by choosing **Amazon SageMaker Studio Lab** in the top menu of your Studio Lab open project and choosing **Restart JupyterLab...**.
**Remove packages**
To remove a package, run the command
```
%conda remove
```
This command will also remove any package that depends on ``, unless a replacement can be found without that dependency.
To remove all of the packages in an environment, run the command
```
conda deactivate
&& conda env remove --name
```
## Refresh Studio Lab
To refresh Studio Lab, remove all of your environments and files.
1. List all conda environments.
```
conda env list
```
1. Activate the base environment.
```
conda activate base
```
1. Remove each environment in the list of conda environments, besides base.
```
conda remove --name --all
```
1. Delete all of the files on your Studio Lab.
```
rm -rf *.*
```
# Use external resources in Amazon SageMaker Studio Lab
With Amazon SageMaker Studio Lab, you can integrate external resources, such as Jupyter notebooks and data, from Git repositories and Amazon S3. You can also add an **Open in Studio Lab** button to your GitHub repo and notebooks. This button lets you clone your notebooks directly from Studio Lab.
The following topics show how to integrate external resources.
**Topics**
+ [
## Use GitHub resources
](#studio-lab-use-external-clone-github)
+ [
## Add an **Open in Studio Lab** button to your notebook
](#studio-lab-use-external-add-button)
+ [
## Import files from your computer
](#studio-lab-use-external-import)
+ [
## Connect to Amazon S3
](#studio-lab-use-external-s3)
## Use GitHub resources
Studio Lab offers integration with GitHub. With this integration, you can clone notebooks and repositories directly to your Studio Lab project.
The following topics give information about how to use GitHub resources with Studio Lab.
### Studio Lab sample notebooks
To get started with a repository of sample notebooks tailored for Studio Lab, see [Studio Lab Sample Notebooks](https://github.com/aws/studio-lab-examples#sagemaker-studio-lab-sample-notebooks).
This repository provides notebooks for the following use cases and others.
+ Computer vision
+ Connecting to AWS
+ Creating custom environments
+ Geospatial data analysis
+ Natural language processing
+ Using R
### Clone a GitHub repo
To clone a GitHub repo to your Studio Lab project, follow these steps.
1. Start your Studio Lab project runtime. For more information on launching Studio Lab project runtime, see [Start your project runtime](studio-lab-manage-runtime.md#studio-lab-manage-runtime-start).
1. In Studio Lab, choose the **File Browser** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)) on the left menu, so that the **File Browser** panel shows on the left.
1. Navigate to your user directory by choosing the file icon beneath the file search bar.
1. Select the **Git** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/git.png)) from the left menu to open a new dropdown menu.
1. Choose **Clone a Repository**.
1. Paste the repository's URL under **Git repository URL (.git)**.
1. Select **Clone**.
### Clone individual notebooks from GitHub
To open a notebook in Studio Lab, you must have access to the repo that the notebook is in. The following examples describe Studio Lab permission-related behavior in various situations.
+ If a repo is public, you can automatically clone the notebook into your project from the Studio Lab preview page.
+ If a repo is private, you are prompted to sign in to GitHub from the Studio Lab preview page. If you have access to a private repo, you can clone the notebook into your project.
+ If you don't have access to a private repo, you cannot clone the notebook from the Studio Lab preview page.
The following sections show two options for you to copy a GitHub notebook in your Studio Lab project. These options depend on whether the notebook has an **Open in Studio Lab** button.
#### Option 1: Copy notebook with an **Open in Studio Lab** button
The following procedure shows how to copy a notebook that has an **Open in Studio Lab** button. If you want to add this button to your notebook, see [Add an **Open in Studio Lab** button to your notebook](#studio-lab-use-external-add-button).
1. Sign in to Studio Lab following the steps in [Sign in to Studio Lab](studio-lab-onboard.md#studio-lab-onboard-signin).
1. In a new browser tab, navigate to the GitHub notebook that you want to clone.
1. In the notebook, select the **Open in Studio Lab** button to open a new page in Studio Lab with a preview of the notebook.
1. If your project runtime is not already running, start it by choosing the **Start runtime** button at the top of the preview page. Wait for the runtime to start before proceeding to the next step.
1. After your project runtime has started, select **Copy to project** to open your project runtime in a new browser tab.
1. In the **Copy from GitHub?** dialog box, select **Copy notebook only**. This copies the notebook file to your project.
#### Option 2: Clone any GitHub notebook
The following procedure shows how to copy any notebook from GitHub.
1. Navigate to the notebook in GitHub.
1. In the browser’s address bar, modify the notebook URL, as follows.
```
# Original URL
https://github.com/
# Modified URL
https://studiolab.sagemaker.aws/import/github/
```
1. Navigate to the modified URL. This opens a preview of the notebook in Studio Lab.
1. If your project runtime is not already running, start it by choosing the **Start runtime** button at the top of the preview page. Wait for the runtime to start before proceeding to the next step.
1. After your project runtime has started, select **Copy to project** to open your project runtime in a new browser tab.
1. In the **Copy from GitHub?** dialog box, select **Copy notebook only** to copy the notebook file to your project.
## Add an **Open in Studio Lab** button to your notebook
When you add the **Open in Studio Lab** button to your notebooks, others can clone your notebooks or repositories directly to their Studio Lab projects. If you are sharing your notebook within a public GitHub repository, your content will be publicly readable. Do not share private content, such as AWS access keys or AWS Identity and Access Management credentials, in your notebook.
To add the functional **Open in Studio Lab** button to your Jupyter notebook or repository, add the following markdown to the top of your notebook or repository.
```
[](https://studiolab.sagemaker.aws/import/github/)
```
## Import files from your computer
The following steps show how to import files from your computer to your Studio Lab project.
1. Open the Studio Lab project runtime.
1. Open the **File Browser** panel.
1. In the actions bar of the **File Browser** panel, select the **Upload Files** button.
1. Select the files that you want to upload from your local machine.
1. Select **Open**.
Alternatively, you can drag and drop files from your computer into the **File Browser** panel.
## Connect to Amazon S3
The AWS CLI enables AWS integration in your Studio Lab project. With this integration, you can pull resources from Amazon S3 to use with your Jupyter notebooks.
To use AWS CLI with Studio Lab, complete the following steps. For a notebook that outlines this integration, see [Using Studio Lab with AWS Resources](https://github.com/aws/studio-lab-examples/blob/main/connect-to-aws/Access_AWS_from_Studio_Lab.ipynb).
1. Install the AWS CLI following the steps in [Installing or updating the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
1. Configure your AWS credentials by following the steps in [Quick setup](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-quickstart.html). The role for your AWS account must have permissions to access the Amazon S3 bucket that you are copying data from.
1. From your Jupyter notebook, clone resources from the Amazon S3 bucket, as needed. The following command shows how to clone all resources from an Amazon S3 path to your project. For more information, see the [AWS CLI Command Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3/cp.html).
```
!aws s3 cp s3://// / --recursive
```
# Get notebook differences
You can display the difference between the current notebook and the last checkpoint, or the last Git commit, using the Amazon SageMaker Studio Lab project UI.
**Topics**
+ [
## Get the difference between the last checkpoint
](#studio-lab-use-diff-checkpoint)
+ [
## Get the difference between the last commit
](#studio-lab-use-diff-git)
## Get the difference between the last checkpoint
When you create a notebook, a hidden checkpoint file that matches the notebook is created. You can view changes between the notebook and the checkpoint file, or revert the notebook to match the checkpoint file.
To save the Studio Lab notebook and update the checkpoint file to match: Choose the **Save notebook and create checkpoint** icon (![\[Icon of a cloud with an arrow pointing upward, representing cloud upload functionality.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/Notebook_save.png)). This is located on the Studio Lab menu's left side. The keyboard shortcut for **Save notebook and create checkpoint** is `Ctrl + s`.
To view changes between the Studio Lab notebook and the checkpoint file: Choose the **Checkpoint diff** icon (![\[Camera icon representing image capture or photo functionality.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/Checkpoint_diff.png)), located in the center of the Studio Lab menu.
To revert the Studio Lab notebook to the checkpoint file: On the main Studio Lab menu, choose **File**, and then **Revert Notebook to Checkpoint**.
## Get the difference between the last commit
If a notebook is opened from a Git repository, you can view the difference between the notebook and the last Git commit.
To view the changes in the notebook from the last Git commit: Choose the **Git diff** icon (![\[GitHub icon representing version control and source code management.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/Git_diff.png)) in the center of the notebook menu.
# Export an Amazon SageMaker Studio Lab environment to Amazon SageMaker Studio Classic
Amazon SageMaker Studio Classic offers many features for machine learning and deep learning work flows that are unavailable in Amazon SageMaker Studio Lab. This page shows how to migrate a Studio Lab environment to Studio Classic to take advantage of more compute capacity, storage, and features. However, you may want to familiarize yourself with Studio Classic's prebuilt containers, which are optimized for the full MLOP pipeline. For more information, see [Amazon SageMaker Studio Lab](studio-lab.md)
To migrate your Studio Lab environment to Studio Classic, you must first onboard to Studio Classic following the steps in [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
**Topics**
+ [
## Step 1: Export your Studio Lab conda environment
](#studio-lab-use-migrate-step1)
+ [
## Step 2: Save your Studio Lab artifacts
](#studio-lab-use-migrate-step2)
+ [
## Step 3: Import your Studio Lab artifacts to Studio Classic
](#studio-lab-use-migrate-step3)
+ [
## Step 4: Install your Studio Lab conda environments in Studio Classic
](#studio-lab-use-migrate-step4)
## Step 1: Export your Studio Lab conda environment
You can export a conda environment and add libraries or packages to the environment by following the steps in [Manage your environment](studio-lab-use-manage.md). The following example demonstrates using the `default` environment to be exported to Studio Classic.
1. Open the Studio Lab terminal by opening the **File Browser** panel (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)), choose the plus (**\$1**) sign on the menu at the top of the file browser to open the **Launcher**, then choose **Terminal**. From the Studio Lab terminal, list the conda environments by running the following.
```
conda env list
```
This command outputs a list of the conda environments and their locations in the file system. When you onboard to Studio Lab, you automatically activate the `studiolab` conda environment.
```
# conda environments: #
default /home/studio-lab-user/.conda/envs/default
studiolab * /home/studio-lab-user/.conda/envs/studiolab
studiolab-safemode /opt/amazon/sagemaker/safemode-home/.conda/envs/studiolab-safemode
base /opt/conda
```
We recommend that you do not export the `studiolab`, `studiolab-safemode`, and `base` environments. These environments are not usable in Studio Classic for the following reasons:
+ `studiolab`: This sets up the JupyterLab environment for Studio Lab. Studio Lab runs a different major version of JupyterLab than Studio Classic, so it is not usable in Studio Classic.
+ `studiolab-safemode`: This also sets up the JupyterLab environment for Studio Lab. Studio Lab runs a different major version of JupyterLab than Studio Classic, so it is not usable in Studio Classic.
+ `base`: This environment comes with conda by default. The `base` environment in Studio Lab and the `base` environment in Studio Classic have incompatible versions of many packages.
1. For the conda environment that you want to migrate to Studio Classic, first activate the conda environment. The `default` environment is then changed when new libraries are installed or removed from it. To get the exact state of the environment, export it into a YAML file using the command line. The following command lines export the default environment into a YAML file, creating a file called `myenv.yml`.
```
conda activate default
conda env export > ~/myenv.yml
```
## Step 2: Save your Studio Lab artifacts
Now that you have saved your environment to a YAML file, you can move the environment file to any platform.
------
#### [ Save to a local machine using Studio Lab GUI ]
**Note**
Downloading a directory from the Studio Lab GUI by right-clicking on the directory is currently unavailable. If you wish to export a directory, please follow the steps using the **Save to Git repository** tab.
One option is to save the environment onto your local machine. To do this, use the following procedure.
1. In Studio Lab, choose the **File Browser** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)) on the left menu, so that the **File Browser** panel shows on the left.
1. Navigate to your user directory by choosing the file icon beneath the file search bar.
1. Choose (right-click) the `myenv.yml` file and then choose **Download**. You can repeat this process for other files you want to import to Studio Classic.
------
#### [ Save to a Git repository ]
Another option is to save your environment to a Git repository. This option uses GitHub as an example. These steps require a GitHub account and repository. For more information, visit [GitHub](https://github.com/). The following procedure shows how to synchronize your content with GitHub using the Studio Lab terminal.
1. From the Studio Lab terminal, navigate to your user directory and make a new directory to contain the files you want to export.
```
cd ~
mkdir
```
1. After you create a new directory, copy any file or directory you want to export to ``.
Copy a file using the following code format:
```
cp
```
For example, replace `` with `myenv.yml`.
Copy any directory using the following code format:
```
cp -r
```
For example, replace `` with any directory name in your user directory.
1. Navigate to the new directory and initialize the directory as a Git repository using the following command. For more information, see the [git-init documentation](https://git-scm.com/docs/git-init).
```
cd
git init
```
1. Using Git, add all relevant files and then commit your changes.
```
git add .
git commit -m ""
```
For example, replace `` with `Add Amazon SageMaker Studio Lab artifacts to GitHub repository to migrate to Amazon SageMaker Studio Classic `.
1. Push the commit to your remote repository. This repository has the format `https://github.com// .git` where `` is your GitHub user name and the `` is your remote repository name. Create a branch `` to push the content to the GitHub repository.
```
git branch -M
git remote add origin https://github.com//.git
git push -u origin
```
------
## Step 3: Import your Studio Lab artifacts to Studio Classic
The following procedure shows how to import artifacts to Studio Classic. The instructions on using Feature Store through the console depends on if you have enabled Studio or Studio Classic as your default experience. For information on accessing Studio Classic through the console, see [Launch Studio Classic if Studio is your default experience](studio-launch.md#studio-launch-console-updated).
From Studio Classic, you can import files from your local machine or from a Git repository. You can do this using the Studio Classic GUI or terminal. The following procedure uses the examples from [Step 2: Save your Studio Lab artifacts](#studio-lab-use-migrate-step2).
------
#### [ Import using the Studio Classic GUI ]
If you saved the files to your local machine, you can import the files to Studio Classic using the following steps.
1. Open the **File Browser** panel (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/folder.png)) at the top left of Studio Classic.
1. Choose the **Upload Files** icon (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/File_upload_squid.png)) on the menu at the top of the **File Browser** panel.
1. Navigate to the file that you want to import, then choose **Open**.
**Note**
To import a directory into Studio Classic, first compress the directory on your local machine to a file. On a Mac, right-click the directory and choose **Compress "**"**. In Windows, right-click the directory and choose **Send to**, and then choose **Compressed (zipped) folder**. After the directory is compressed, import the compressed file using the preceding steps. Unzip the compressed file by navigating to the Studio Classic terminal and running the command `.zip`.
------
#### [ Import using a Git repository ]
This example provides two options for how to clone a GitHub repository into Studio Classic. You can use the Studio Classic GUI by choosing the **Git** (![\[Black square icon representing a placeholder or empty image.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/icons/git.png)) tab on the left side of Studio Classic. Choose **Clone a Repository**, then paste your GitHub repository URL from [Step 2: Save your Studio Lab artifacts](#studio-lab-use-migrate-step2). Another option is to use the Studio Classic terminal by using the following procedure.
1. Open the Studio Classic **Launcher**. For more information on opening the **Launcher**, see [Amazon SageMaker Studio Classic Launcher](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-launcher.html).
1. In the **Launcher**, in the **Notebooks and compute resources** section, choose **Change environment**.
1. In Studio Classic, open the **Launcher**. To open the **Launcher**, choose **Amazon SageMaker Studio Classic** at the top-left corner of Studio Classic.
To learn about all the available ways to open the **Launcher**, see [Use the Amazon SageMaker Studio Classic Launcher](studio-launcher.md).
1. In the **Change environment** dialog, use the **Image** dropdown list to select the **Data Science** image and choose **Select**. This image comes with conda pre-installed.
1. In the Studio Classic **Launcher**, choose **Open image terminal**.
1. From the image terminal, run the following command to clone your repository. This command creates a directory named after `` in your Studio Classic instance and clones your artifacts in that repository.
```
git clone https://github.com//.git
```
------
## Step 4: Install your Studio Lab conda environments in Studio Classic
You can now recreate your conda environment by using your YAML file in your Studio Classic instance. Open the Studio Classic **Launcher**. For more information on opening the **Launcher**, see [Amazon SageMaker Studio Classic Launcher](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-launcher.html). From the **Launcher**, choose **Open image terminal**. In the terminal navigate to the directory that contains the YAML file, then run the following commands.
```
conda env create --file .yml
conda activate
```
After these commands are complete, you can select your environment as the kernel for your Studio Classic notebook instances. To view the available environment, run `conda env list`. To activate your environment, run `conda activate `.
# Shut down Studio Lab resources
You can view and shut down your running Amazon SageMaker Studio Lab resources from one location in your Studio Lab environment. The running resource types include terminals, and kernels. You can also shut down all resources of one resource type at the same time.
When you shut down all resources belonging to a resource type, the following occurs:
+ **KERNELS** – All kernels, notebooks, and consoles are shut down.
+ **TERMINALS** – All terminals are shut down.
**Shut down Studio Lab resources**
1. Start your Studio Lab project runtime. For more information on launching Studio Lab project runtime, see [Start your project runtime](studio-lab-manage-runtime.md#studio-lab-manage-runtime-start).
1. Choose the **Running Terminals and Kernels** icon (![\[Square icon with a white outline of a cloud on a dark blue background.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/icons/Running_squid.png)) on the left navigation pane.
1. Choose the **X** symbol to the right of the resource you wish to shut down. You can view the **X** symbol by hovering your cursor over a resource.
1. (Optional) You can shut down all the resources of a given resource type by choosing **Shut Down All** to the right of the resource type name.
# Troubleshooting
The guide shows common errors that might occur when using Amazon SageMaker Studio Lab (Studio Lab). Each error contains a description, as well as a solution to the error.
**Note**
You cannot share your password with multiple users or use Studio Lab to mine cryptocurrency. We don’t recommend using Studio Lab for production tasks because of runtime limits.
**Dependency issues**
On August 8, 2025, Studio Lab migrated from JupyterLab 3 to JupyterLab 4. For information about JupyterLab 4, see the [4.0.0 - Highlights](https://jupyterlab.readthedocs.io/en/4.0.x/getting_started/changelog.html#highlights) in the JupyterLab Changelog. If you installed JupyterLab extensions in your Studio Lab environment before August 8, 2025, you might need to reinstall them in the JupyterLab 4 environment.
**Can’t access account**
If you can’t access your account, verify that you are using the correct email and password. If you have forgotten your password, use the following steps to reset your password. If you still cannot access your account, you must request and register for a new account using the instructions in [Onboard to Amazon SageMaker Studio Lab](studio-lab-onboard.md).
**Forgot password**
If you forget your password, you must reset it using the following steps.
1. Navigate to the [Studio Lab landing page](https://studiolab.sagemaker.aws).
1. Select **Sign in**.
1. Select **Forgot password?** to open a new page.
1. Enter the email address that you used to sign up for an account.
1. Select **Send reset link** to send an email with a password reset link.
1. From the password reset email, select **Reset your password**.
1. Enter your new password.
1. Select **Submit**.
**Can't launch project runtime**
If the Studio Lab project runtime does not launch, try launching it again. If this doesn't work, switch the instance type from CPU to GPU (or in reverse). For more information, see [Change your compute type](studio-lab-manage-runtime.md#studio-lab-manage-runtime-change).
**Runtime stopped running unexpectedly**
If there is an issue with the environment used to run JupyterLab, then Studio Lab will automatically recreate the environment. Studio Lab does not support manual activation of this process.
**Conflicting versions**
Because you can add packages and modify your environment as needed, you may run into conflicts between packages in your environment. If there are conflicts between packages in your environment, you must remove the conflicting package.
**Environment build fails**
When you build an environment from a YAML file, a package-version conflict or file issue might cause a build to fail. To resolve this, remove the environment by running the following command. Do this before attempting to build it again.
```
conda remove --name --all
```
**Error message about allowing to download script from domain \$1.awswaf.com**
Studio Classic uses the web application firewall service AWS WAF to protect your resources, which uses JavaScript. If you are using a browser security plugin that prevents JavaScript from downloading, this error may pop up. To use Studio Classic, allow the JavaScript download from \$1.awswaf.com as a trusted domain. For more information on AWS WAF, see [AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) from the AWS WAF, AWS Firewall Manager, and AWS Shield Advanced. Developer Guide.
**Disk space is full**
If you run into a notification saying mentioning that your disk space is full or **File Load Error for **** while attempting to open a file, you can remove files, directories, libraries, or environments to increase space. For more information on managing your libraries and environments, see [Manage your environment](studio-lab-use-manage.md).
****Project runtime is in safe mode** notification**
If you run into a notification that **Project runtime is in safe mode**, you must free up some disk space to resume using the Studio Lab project runtime. Follow the instructions in the preceding troubleshoot item, **Disk space is full**. Once up to at least 500 MB of space has been cleared, you may restart the project runtime to use Studio Lab. This can be done by choosing **Amazon SageMaker Studio Lab** in the top menu of Studio Lab and choosing **Restart JupyterLab...**.
git **Cannot import `cv2`**
If you run into an error when importing `cv2` after installing `opencv-python`, you must uninstall `opencv-python` and install `opencv-python-headless` as follows.
```
%pip uninstall opencv-python --yes
%pip install opencv-python-headless
```
You can then import `cv2` as expected.
**Studio Lab becomes unresponsive when opening large files**
The Studio Lab IDE may fail to render when large files are opened, resulting in blocked access to Studio Lab resources. To resolve this, reset the Studio Lab workspace using the following procedure.
1. After you open the IDE, copy the URL in your browser's address bar. This URL should be in the `https://xxxxxx.studio.us-east-2.sagemaker.aws/studiolab/default/jupyter/lab` format. Close the tab.
1. In a new tab, paste the URL and remove anything after `https://xxxxxx.studio.us-east-2.sagemaker.aws/studiolab/default/jupyter/lab`.
1. Add `?reset` to the end of the URL, so it is in the `https://xxxxxx.studio.us-east-2.sagemaker.aws/studiolab/default/jupyter/lab?reset` format.
1. Navigate to the updated URL. This resets the saved UI state and makes the Studio Lab IDE responsive.
# Amazon SageMaker Canvas
Amazon SageMaker Canvas gives you the ability to use machine learning to generate predictions without needing to write any code. The following are some use cases where you can use SageMaker Canvas:
+ Predict customer churn
+ Plan inventory efficiently
+ Optimize price and revenue
+ Improve on-time deliveries
+ Classify text or images based on custom categories
+ Identify objects and text in images
+ Extract information from documents
With Canvas, you can chat with popular large language models (LLMs), access Ready-to-use models, or build a custom model trained on your data.
Canvas chat is a functionality that leverages open-source and Amazon LLMs to help you boost your productivity. You can prompt the models to get assistance with tasks such as generating content, summarizing or categorizing documents, and answering questions. To learn more, see [Generative AI foundation models in SageMaker Canvas](canvas-fm-chat.md).
The [Ready-to-use models](canvas-ready-to-use-models.md) in Canvas can extract insights from your data for a variety of use cases. You don’t have to build a model to use Ready-to-use models because they are powered by Amazon AI services, including [Amazon Rekognition](https://docs.aws.amazon.com/rekognition/latest/dg/what-is.html), [Amazon Textract](https://docs.aws.amazon.com/textract/latest/dg/what-is.html), and [Amazon Comprehend](https://docs.aws.amazon.com/comprehend/latest/dg/what-is.html). You only have to import your data and start using a solution to generate predictions.
If you want a model that is customized to your use case and trained with your data, you can [build a model](canvas-custom-models.md). You can get predictions customized to your data by doing the following:
1. Import your data from one or more data sources.
1. Build a predictive model.
1. Evaluate the model's performance.
1. Generate predictions with the model.
Canvas supports the following types of custom models:
+ Numeric prediction (also known as *regression*)
+ Categorical prediction for 2 and 3\$1 categories (also known as *binary* and *multi-class classification*)
+ Time series forecasting
+ Single-label image prediction (also known as *image classification*)
+ Multi-category text prediction (also known as *multi-class text classification*)
To learn more about pricing, see the [SageMaker Canvas pricing page](https://aws.amazon.com/sagemaker/canvas/pricing/). You can also see [Billing and cost in SageMaker Canvas](canvas-manage-cost.md) for more information.
SageMaker Canvas is currently available in the following Regions:
+ US East (Ohio)
+ US East (N. Virginia)
+ US West (N. California)
+ US West (Oregon)
+ Asia Pacific (Mumbai)
+ Asia Pacific (Seoul)
+ Asia Pacific (Singapore)
+ Asia Pacific (Sydney)
+ Asia Pacific (Tokyo)
+ Canada (Central)
+ Europe (Frankfurt)
+ Europe (Ireland)
+ Europe (London)
+ Europe (Paris)
+ Europe (Stockholm)
+ South America (São Paulo)
**Topics**
+ [
## Are you a first-time SageMaker Canvas user?
](#canvas-first-time-user)
+ [
# Getting started with using Amazon SageMaker Canvas
](canvas-getting-started.md)
+ [
# Tutorial: Build an end-to-end machine learning workflow in SageMaker Canvas
](canvas-end-to-end-machine-learning-workflow.md)
+ [
# Amazon SageMaker Canvas setup and permissions management (for IT administrators)
](canvas-setting-up.md)
+ [
# Generative AI assistance for solving ML problems in Canvas using Amazon Q Developer
](canvas-q.md)
+ [
# Data import
](canvas-importing-data.md)
+ [
# Data preparation
](canvas-data-prep.md)
+ [
# Generative AI foundation models in SageMaker Canvas
](canvas-fm-chat.md)
+ [
# Ready-to-use models
](canvas-ready-to-use-models.md)
+ [
# Custom models
](canvas-custom-models.md)
+ [
# Logging out of Amazon SageMaker Canvas
](canvas-log-out.md)
+ [
# Limitations and troubleshooting
](canvas-limits.md)
+ [
# Billing and cost in SageMaker Canvas
](canvas-manage-cost.md)
## Are you a first-time SageMaker Canvas user?
If you are a first-time user of SageMaker Canvas, we recommend that you begin by reading the following sections:
+ For IT administrators – [Amazon SageMaker Canvas setup and permissions management (for IT administrators)](canvas-setting-up.md)
+ For analysts and individual users – [Getting started with using Amazon SageMaker Canvas](canvas-getting-started.md)
+ For an example of an end to end workflow – [Tutorial: Build an end-to-end machine learning workflow in SageMaker Canvas](canvas-end-to-end-machine-learning-workflow.md)
# Getting started with using Amazon SageMaker Canvas
This guide tells you how to get started with using SageMaker Canvas. If you're an IT administrator and would like more in-depth details, see [Amazon SageMaker Canvas setup and permissions management (for IT administrators)](canvas-setting-up.md) to set up SageMaker Canvas for your users.
**Topics**
+ [
## Prerequisites for setting up Amazon SageMaker Canvas
](#canvas-prerequisites)
+ [
## Step 1: Log in to SageMaker Canvas
](#canvas-getting-started-step1)
+ [
## Step 2: Use SageMaker Canvas to get predictions
](#canvas-getting-started-step2)
## Prerequisites for setting up Amazon SageMaker Canvas
To set up a SageMaker Canvas application, onboard using one of the following setup methods:
1. **Onboard with the AWS console.** To onboard through the AWS console, you first create an Amazon SageMaker AI domain. SageMaker AI domains support the various machine learning (ML) environments such as Canvas and [SageMaker Studio](https://docs.aws.amazon.com/sagemaker/latest/dg/studio.html). For more information about domains, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
1. (Quick) [Use quick setup for Amazon SageMaker AI](onboard-quick-start.md) – Choose this option if you’d like to quickly set up a domain. This grants your user all of the default Canvas permissions and basic functionality. Any additional features such as [document querying](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-fm-chat.html#canvas-fm-chat-query) can be enabled later by an admin. If you want to configure more granular permissions, we recommend that you choose the Advanced option instead.
1. (Standard) [Use custom setup for Amazon SageMaker AI](onboard-custom.md) – Choose this option if you’d like to complete a more advanced setup of your domain. Maintain granular control over user permissions such as access to data preparation features, generative AI functionality, and model deployments.
1. **Onboard with CloudFormation.** [CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) automates the provisioning of resources and configurations so that you can set up Canvas for one or more user profiles at the same time. Use this option if you want to automate the onboarding process at scale and make sure that your applications are configured the same way every time. The following [CloudFormation template](https://github.com/aws-samples/cloudformation-studio-domain) provides a streamlined way to onboard to Canvas, ensuring that all required components are properly set up and allowing you to focus on building and deploying your machine learning models.
The following section describes how to onboard to Canvas by using the AWS console to create a domain.
**Important**
For you to set up Amazon SageMaker Canvas, your version of Amazon SageMaker Studio must be 3.19.0 or later. For information about updating Amazon SageMaker Studio, see [Shut Down and Update Amazon SageMaker Studio Classic](studio-tasks-update-studio.md).
### Onboard with the AWS console
If you’re doing the quick domain setup, then you can follow the instructions in [Use quick setup for Amazon SageMaker AI](onboard-quick-start.md), skip the rest of this section, and move on to [Step 1: Log in to SageMaker Canvas](#canvas-getting-started-step1).
If you’re doing the standard domain setup, then you can specify the Canvas features to which you’d like to grant your users access. Use the rest of this section as you complete the standard domain setup to help you configure the permissions that are specific to Canvas.
In the [Use custom setup for Amazon SageMaker AI](onboard-custom.md) setup instructions, for **Step 2: Users and ML Activities**, you must select the Canvas permissions that you want to grant. In the **ML activities** section, you can select the following permissions policies to grant access to Canvas features. You can only select up to 8 **ML activities** total when setting up your domain. The first two permissions in the following list are required to use Canvas, while the rest are for additional features.
+ **Run Studio Applications** – These permissions are necessary to start up the Canvas application.
+ **[Canvas Core Access](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasFullAccess.html)** – These permissions grant you access to the Canvas application and the basic functionality of Canvas, such as creating datasets, using basic data transforms, and building and analyzing models.
+ (Optional) **[Canvas Data Preparation (powered by Data Wrangler)](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasDataPrepFullAccess.html)** – These permissions grant you access to create data flows and use advanced transforms to prepare your data in Canvas. These permissions are also necessary for creating data processing jobs and data preparation job schedules.
+ (Optional) **[Canvas AI Services](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasAIServicesAccess.html)** – These permissions grant you access to the Ready-to-use models, foundation models, and Chat with Data features in Canvas.
+ (Optional) **Kendra access** – This permission grants you access to the [document querying ](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-fm-chat.html#canvas-fm-chat-query) feature, where you can query documents stored in an Amazon Kendra index using foundation models in Canvas.
If you select this option, then in the **Canvas Kendra Access** section, enter the IDs for your Amazon Kendra indexes to which you want to grant access.
+ (Optional) **[Canvas MLOps](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasDirectDeployAccess.html)** – This permission grants you access to the [model deployment](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-deploy-model.html) feature in Canvas, where you can deploy models for use in production.
In the domain setup’s **Step 3: Applications** section, choose **Configure Canvas** and then do the following:
1. For the **Canvas storage configuration**, specify where you want Canvas to store the application data, such as model artifacts, batch predictions, datasets, and logs. SageMaker AI creates a `Canvas/` folder inside this bucket to store the data. For more information, see [Configure your Amazon S3 storage](canvas-storage-configuration.md). For this section, do the following:
1. Select **System managed** if you want to set the location to the default SageMaker AI-created bucket that follows the pattern `s3://sagemaker-{Region}-{your-account-id}`.
1. Select **Custom S3** to specify your own Amazon S3 bucket as the storage location. Then, enter the Amazon S3 URI.
1. (Optional) For **Encryption key**, specify a KMS key for encrypting Canvas artifacts stored at the specified location.
1. (Optional) For **Amazon Q Developer**, do the following:
1. Turn on **Enable Amazon Q Developer in SageMaker Canvas for natural language ML** to give your users permissions to leverage generative AI assistance during their ML workflow in Canvas. This option only grants permissions to query Amazon Q Developer for help with predetermined tasks that can be completed in the Canvas application.
1. Turn on **Enable Amazon Q Developer chat for general AWS questions** to give your users permissions to make generative AI queries related to AWS services.
1. (Optional) Configure the **Large data processing** section if your users plan to process datasets larger than 5 GB in Canvas. For more detailed information about how to configure these options, see [Grant Users Permissions to Use Large Data across the ML Lifecycle](canvas-large-data-permissions.md).
1. (Optional) For the **ML Ops permissions configuration** section, do the following:
1. Leave the **Enable direct deployment of Canvas models** option turned on to give your users permissions to deploy their models from Canvas to a SageMaker AI endpoint. For more information about model deployment in Canvas, see [Deploy your models to an endpoint](canvas-deploy-model.md).
1. Leave the **Enable Model Registry registration permissions for all users** option turned on to give your users permissions to register their model version to the SageMaker AI model registry (it is turned on by default). For more information, see [Register a model version in the SageMaker AI model registry](canvas-register-model.md).
1. If you left the **Enable Model Registry registration permissions for all users** option turned on, then select either **Register to Model Registry only** or **Register and approve model in Model Registry**.
1. (Optional) For the **Local file upload configuration** section, turn on the **Enable local file upload** option to give your users permissions to upload files to Canvas from their local machines. Turning this option on attaches a cross-origin resource sharing (CORS) policy to the Amazon S3 bucket specified in the **Canvas storage configuration** (and overrides any existing CORS policy). To learn more about local file upload permissions, see [Grant Your Users Permissions to Upload Local Files](canvas-set-up-local-upload.md).
1. (Optional) For the **OAuth settings** section, do the following:
1. Choose **Add OAuth configuration**.
1. For **Data source**, select your data source.
1. For **Secret setup**, select **Create a new secret** and enter the information you have from your identity provider. If you haven’t done the initial OAuth setup with your data source yet, see [Set up connections to data sources with OAuth](canvas-setting-up-oauth.md).
1. (Optional) For the **Canvas Ready-to-use models configuration**, do the following:
1. Leave the **Enable Canvas Ready-to-use models** option turned on to give your users permissions to generate predictions with Ready-to-use models in Canvas (it is turned on by default). This option also gives you permissions to chat with generative-AI powered models. For more information, see [Generative AI foundation models in SageMaker Canvas](canvas-fm-chat.md).
1. Leave the **Enable document query using Amazon Kendra** option turned on to give your users permissions to use foundation models for querying documents stored in an Amazon Kendra index. Then, from the dropdown menu, select the existing indexes to which you want to grant access. For more information, see [Generative AI foundation models in SageMaker Canvas](canvas-fm-chat.md).
1. For **Amazon Bedrock role**, select **Create and use a new execution role** to create a new IAM execution role that has a trust relationship with Amazon Bedrock. This IAM role is assumed by Amazon Bedrock to fine-tune large language models (LLMs) in Canvas. If you already have an execution role with a trust relationship, then select **Use an existing execution role** and choose your role from the dropdown. For more information about manually configuring permissions for your own execution role, see [Grant Users Permissions to Use Amazon Bedrock and Generative AI Features in Canvas](canvas-fine-tuning-permissions.md).
1. Finish configuring the rest of the domain settings using the [Use custom setup for Amazon SageMaker AI](onboard-custom.md) procedures.
**Note**
If you encounter any issues with granting permissions through the console, such as permissions for Ready-to-use models, see the topic [Troubleshooting issues with granting permissions through the SageMaker AI console](canvas-limits.md#canvas-troubleshoot-trusted-services).
You should now have a SageMaker AI domain set up and all of the Canvas permissions configured.
You can edit the Canvas permissions for a domain or a specific user after the initial domain setup. Individual user settings override the domain settings. To learn how to edit your Canvas permissions in the domain settings, see [Edit domain settings](domain-edit.md).
### Give yourself permissions to use specific features in Canvas
The following information outlines the various permissions that you can grant to a Canvas user to allow the use of various features and functionalities within Canvas. Some of these permissions can be granted during the domain setup, but some require additional permissions or configuration. Refer to the specific permissions information for each feature that you want to enable:
+ **Local file upload.** The permissions for local file upload are turned on by default in the Canvas base permissions when setting up your domain. If you can't upload local files from your machine to SageMaker Canvas, you can attach a CORS policy to the Amazon S3 bucket that you specified in the Canvas storage configuration. If you allowed SageMaker AI to use the default bucket, the bucket follows the naming pattern `s3://sagemaker-{Region}-{your-account-id}`. For more information, see [Grant Your Users Permissions to Upload Local Files](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-set-up-local-upload.html).
+ **Custom image and text prediction models.** The permissions for building custom image and text prediction models are turned on by default in the Canvas base permissions when setting up your domain. However, if you have a custom IAM configuration and don't want to attach the [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasFullAccess) policy to your user's IAM execution role, then you must explicitly grant your user the necessary permissions. For more information, see [Grant Your Users Permissions to Build Custom Image and Text Prediction Models](canvas-set-up-cv-nlp.md).
+ **Ready-to-use models and foundation models.** You might want to use the Canvas Ready-to-use models to make predictions for your data. With the Ready-to-use models permissions, you can also chat with generative AI-powered models. The permissions are turned on by default when setting up your domain, or you can edit the permissions for a domain that you’ve already created. The Canvas Ready-to-use models permissions option adds the [AmazonSageMakerCanvasAIServicesAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasAIServicesAccess) policy to your execution role. For more information, see the [Get started](canvas-ready-to-use-models.md#canvas-ready-to-use-get-started) section of the Ready-to-use models documentation.
For more information about getting started with generative AI foundation models, see [Generative AI foundation models in SageMaker Canvas](canvas-fm-chat.md).
+ **Fine-tune foundation models.** If you'd like to fine-tune foundation models in Canvas, you can either add the permissions when setting up your domain, or you can edit the permissions for the domain or user profile after creating your domain. You must add the [AmazonSageMakerCanvasAIServicesAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasAIServicesAccess) policy to the AWS IAM role you chose when setting up the user profile, and you must also add a trust relationship with Amazon Bedrock to the role. For instructions on how to add these permissions to your IAM role, see [Grant Users Permissions to Use Amazon Bedrock and Generative AI Features in Canvas](canvas-fine-tuning-permissions.md).
+ **Send batch predictions to Quick.** You might want to [send *batch predictions*](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-send-predictions.html), or datasets of predictions you generate from a custom model, to Quick for analysis. In [QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/welcome.html), you can build and publish predictive dashboards with your prediction results. For instructions on how to add these permissions to your Canvas user's IAM role, see [Grant Your Users Permissions to Send Predictions to Quick](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-quicksight-permissions.html).
+ **Deploy Canvas models to a SageMaker AI endpoint.** SageMaker AI Hosting offers *endpoints* which you can use to deploy your model for use in production. You can deploy models built in Canvas to a SageMaker AI endpoint and then make predictions programmatically in a production environment. For more information, see [Deploy your models to an endpoint](canvas-deploy-model.md).
+ **Register model versions to the model registry.** You might want to register *versions* of your model to the [SageMaker AI model registry](https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry.html), which is a repository for tracking the status of updated versions of your model. A data scientist or MLOps team working in the SageMaker Model Registry can view the versions of your model that you’ve built and approve or reject them. Then, they can deploy your model version to production or kick off an automated workflow. Model registration permissions are turned on by default for your domain. You can manage permissions at the user profile level and grant or remove permissions to specific users. For more information, see [Register a model version in the SageMaker AI model registry](canvas-register-model.md).
+ **Import data from Amazon Redshift.** If you want to import data from Amazon Redshift, you must give yourself additional permissions. You must add the `AmazonRedshiftFullAccess` managed policy to the AWS IAM role you chose when setting up the user profile. For instructions on how to add the policy to the role, see [Grant Users Permissions to Import Amazon Redshift Data](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-redshift-permissions.html).
**Note**
The necessary permissions to import through other data sources, such as Amazon Athena and SaaS platforms, are included in the [AmazonSageMakerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerFullAccess.html) and [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasFullAccess) policies. If you followed the standard setup instructions, these policies should already be attached to your execution role. For more information about these data sources and their permissions, see [Connect to data sources](canvas-connecting-external.md).
## Step 1: Log in to SageMaker Canvas
When the initial setup is complete, you can access SageMaker Canvas with any of the following methods, depending on your use case:
+ In the [SageMaker AI console](https://console.aws.amazon.com/sagemaker/), choose the **Canvas** in the left navigation pane. Then, on the **Canvas** page, select your user from the dropdown and launch the Canvas application.
+ Open [SageMaker Studio](https://docs.aws.amazon.com/sagemaker/latest/dg/studio.html), and in the Studio interface, go to the Canvas page and launch the Canvas application.
+ Use your organization’s SAML 2.0-based SSO methods, such as Okta or the IAM Identity Center.
When you log into SageMaker Canvas for the first time, SageMaker AI creates the application and a SageMaker AI *space* for you. The Canvas application’s data is stored in the space. To learn more about spaces, see [Collaboration with shared spaces](domain-space.md). The space consists of your user profile’s applications and a shared directory for all of your applications’ data. If you don’t want to use the default space created by SageMaker AI and would prefer to create your own space for storing application data, see the page [Store SageMaker Canvas application data in your own SageMaker AI space](canvas-spaces-setup.md).
## Step 2: Use SageMaker Canvas to get predictions
After you’ve logged in to Canvas, you can start building models and generating predictions for your data.
You can either use Canvas Ready-to-use models to make predictions without building a model, or you can build a custom model for your specific business problem. Review the following information to decide whether Ready-to-use models or custom models are best for your use case.
+ **Ready-to-use models.** With Ready-to-use models, you can use pre-built models to extract insights from your data. The Ready-to-use models cover a variety of use cases, such as language detection and document analysis. To get started making predictions with Ready-to-use models, see [Ready-to-use models](canvas-ready-to-use-models.md).
+ **Custom models.** With custom models, you can build a variety of model types that are customized to make predictions for your data. Use custom models if you’d like to build a model that is trained on your business-specific data and if you’d like to use features such as [evaluating your model’s performance](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-evaluate-model.html). To get started with building a custom model, see [Custom models](canvas-custom-models.md).
# Tutorial: Build an end-to-end machine learning workflow in SageMaker Canvas
This tutorial guides you through an end-to-end machine learning (ML) workflow using Amazon SageMaker Canvas. SageMaker Canvas is a visual no-code interface that you can use to prepare data and to train and deploy ML models. For the tutorial, you use a NYC taxi dataset to train a model that predicts the fare amount for a given trip. You get hands-on experience with key ML tasks such as assessing data quality and addressing data issues, splitting data into training and test sets, model training and evaluation, making predictions, and deploying your trained model–all within the SageMaker Canvas application.
**Important**
This tutorial assumes that you or your administrator have created an AWS account. For information about creating an AWS account, see [Getting started: Are you a first time AWS User?](https://docs.aws.amazon.com/accounts/latest/reference/welcome-first-time-user.html)
## Setting up
An Amazon SageMaker AI domain is a centralized place to manage all your Amazon SageMaker AI environments and resources. A domain acts as a virtual boundary for your work in SageMaker AI, providing isolation and access control for your machine learning (ML) resources.
To get started with Amazon SageMaker Canvas, you or your administrator must navigate to the SageMaker AI console and create a Amazon SageMaker AI domain. A domain has the storage and compute resources needed for you to run SageMaker Canvas. Within the domain, you configure SageMaker Canvas to access your Amazon S3 buckets and deploy models. Use the following procedure to set up a quick domain and create a SageMaker Canvas application.
**To set up SageMaker Canvas**
1. Navigate to the [SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. On the left-hand navigation, choose SageMaker Canvas.
1. Choose **Create a SageMaker AI domain**.
1. Choose **Set up**. The domain can take a few minutes to set up.
The preceding procedure used a quick domain set up. You can perform an advanced set up to control all aspects of the account configuration, including permissions, integrations, and encryption. For more information about a custom set up, see [Use custom setup for Amazon SageMaker AI](onboard-custom.md).
By default, doing the quick domain set up provides you with permissions to deploy models. If you have custom permissions set up through a standard domain and you need manually grant model deployment permissions, see [Permissions management](canvas-deploy-model.md#canvas-deploy-model-prereqs).
## Flow creation
Amazon SageMaker Canvas is a machine learning platform that enables users to build, train, and deploy machine learning models without extensive coding or machine learning expertise. One of the powerful features of Amazon SageMaker Canvas is the ability to import and work with large datasets from various sources, such as Amazon S3.
For this tutorial, we're using the NYC taxi dataset to predict the fare amount for each trip using a Amazon SageMaker Canvas Data Wrangler data flow. The following procedure outlines the steps for importing a modified version of the NYC taxi dataset into a data flow.
**Note**
For improved processing, SageMaker Canvas imports a sample of your data. By default, it randomly samples 50,000 rows.
**To import the NYC taxi dataset**
1. From the SageMaker Canvas home page, choose **Data Wrangler**.
1. Choose **Import data**.
1. Select **Tabular**.
1. Choose the toolbox next to data source.
1. Select **Amazon S3** from the dropdown.
1. For **Input S3 endpoint**, specify `s3://amazon-sagemaker-data-wrangler-documentation-artifacts/canvas-single-file-nyc-taxi-dataset.csv`
1. Choose **Go**.
1. Select the checkbox next to the dataset.
1. Choose **Preview data**.
1. Choose **Save**.
## Data Quality and Insights Report 1 (sample)
After importing a dataset into Amazon SageMaker Canvas, you can generate a Data Quality and Insights report on a sample of the data. Use it to provide valuable insights into the dataset. The report does the following:
+ Assesses the dataset's completeness
+ Identifies missing values and outliers
It can identify other potential issues that may impact model performance. It also evaluates the predictive power of each feature concerning the target variable, allowing you to identify the most relevant features for problem you're trying to solve.
We can use the insights from the report to predict the fare amount. By specifying the **Fare amount** column as the target variable and selecting **Regression** as the problem type, the report will analyze the dataset's suitability for predicting continuous values like fare prices. The report should reveal that features like **year** and **hour\$1of\$1day** have low predictive power for the chosen target variable, providing you with valuable insights.
Use the following procedure to get a Data Quality and Insights report on a 50,000 row sample from the dataset.
**To get a report on a sample**
1. Choose **Get data insights** from the pop up window next to the **Data types** node.
1. For **Analysis name**, specify a name for the report.
1. For **Problem type**, choose **Regression**.
1. For **Target column**, choose **Fare amount**.
1. Choose **Create**.
You can review the Data Quality and Insights report on a sample of your data. The report indicates that the **year** and **hour\$1of\$1day** features are not predictive of the target variable, **Fare amount**.
At the top of the navigation, choose the name of the data flow to navigate back to it.
## Drop year and hour of day
We're using insights from the report to drop the **year** and **hour\$1of\$1day** columns to streamline the feature space and potentially improve model performance.
Amazon SageMaker Canvas provides a user-friendly interface and tools to perform such data transformations.
Use the following procedure to drop the **year** and **hour\$1of\$1day** columns from the NYC taxi dataset using the Data Wrangler tool in Amazon SageMaker Canvas.
1. Choose the icon next to **Data types**.
1. Choose **Add step**.
1. In the search bar, write **Drop column**.
1. Choose **Manage columns**.
1. Choose **Drop column**.
1. For **Columns to drop**, select the **year** and **hour\$1of\$1day** columns.
1. Choose **Preview** to view how your transform changes your data.
1. Choose **Add**.
You can use the preceding procedure as the basis to add all of the other transforms in SageMaker Canvas.
## Data Quality and Insights Report 2 (full dataset)
For the previous insights report, we used a sample of the NYC taxi dataset. For our second report, we're running a comprehensive analysis on the entire dataset to identify potential issues impacting model performance.
Use the following procedure to create a Data Quality and Insights report on an entire dataset.
**To get a report on the entire dataset**
1. Choose the icon next to the **Drop columns** node.
1. Choose **Get data insights**.
1. For **Analysis name**, specify a name for the report.
1. For **Problem type**, choose **Regression**.
1. For **Target column**, choose **Fare amount**.
1. For **Data size**, choose **Full dataset**.
1. Choose **Create**.
The following is an image from the insights report:
![\[Duplicate rows, Skewed target, and Very low quick model score are listed as the insightsP\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/canvas-tutorial-dqi-insights.png)
It shows the following issues:
+ Duplicate rows
+ Skewed target
Duplicate rows can lead to data leakage, where the model is exposed to the same data during training and testing. They can lead to overly optimistic performance metrics. Removing duplicate rows ensures that the model is trained on unique instances, reducing the risk of data leakage and improving the model's ability to generalize.
A skewed target variable distribution, in this case, the **Fare amount** column, can cause imbalanced classes, where the model may become biased towards the majority class. This can lead to poor performance on minority classes, which is particularly problematic in scenarios where accurately predicting rare or underrepresented instances is important.
## Addressing data quality issues
To address these issues and prepare the dataset for modeling, you can search for the following transformations and apply them:
1. Drop duplicates using the **Manage rows** transform.
1. **Handle outliers** in the **Fare amount** column using the **Robust standard deviation numeric outliers**.
1. **Handle outliers** in the **Trip distance** and **Trip duration** columns using the **Standard deviation numeric outliers**.
1. Use the **Encode categorical** to encode the **Rate code id**, **Payment type**, **Extra flag**, and **Toll flag** columns as floats.
If you're not sure about how to apply a transform, see [Drop year and hour of day](#canvas-tutorial-drop-year-and-hour-of-day)
By addressing these data quality issues and applying appropriate transformations, you can improve the dataset's suitability for modeling.
## Verifying data quality and quick model accuracy
After applying the transforms to address data quality issues, such as removing duplicate rows, we create our final Data Quality and Insights report. This report helps verify that the applied transformations resolved the issues and that the dataset is now in a suitable state for modeling.
When reviewing the final Data Quality and Insights report, you should expect to see no major data quality issues flagged. The report should indicate that:
+ The target variable is no longer skewed
+ There are no outliers or duplicate rows
Additionally, the report should provide a quick model score based on a baseline model trained on the transformed dataset. This score serves as an initial indicator of the model's potential accuracy and performance.
Use the following procedure to create the Data Quality and Insights report.
**To create the Data Quality and Insights report**
1. Choose the icon next to the **Drop columns** node.
1. Choose **Get data insights**.
1. For **Analysis name**, specify a name for the report.
1. For **Problem type**, choose **Regression**.
1. For **Target column**, choose **Fare amount**.
1. For **Data size**, choose **Full dataset**.
1. Choose **Create**.
## Split the data into training and test sets
To train a model and evaluate its performance, we use the **Split data** transform to split the data into training and test sets.
By default, SageMaker Canvas uses a Randomized split, but you can also use the following types of splits:
+ Ordered
+ Stratified
+ Split by key
You can change the **Split percentage** or add splits.
For this tutorial, use all of the default settings in the split. You need to double click on the dataset to view its name. The training dataset has the name **Dataset (Train)**.
Next to the **Ordinal encode** node apply the **Split data** transform.
## Train model
After you split your data, you can train a model. This model learns from patterns in your data. You can use it to make predictions or uncover insights.
SageMaker Canvas has both quick builds and standard builds. Use a standard build to train best performing model on your data.
Before you start training a model, you must first export the training dataset as a SageMaker Canvas dataset.
**To export your dataset**
1. Next to the node for the training dataset, choose the icon and select **Export**.
1. Select **SageMaker Canvas dataset**.
1. Choose **Export** to export the dataset.
After you've created a dataset, you can train a model on the SageMaker Canvas dataset that you've created. For information about training a model, see [Build a custom numeric or categorical prediction model](canvas-build-model-how-to.md#canvas-build-model-numeric-categorical).
## Evaluate model and make predictions
After training your machine learning model, it's crucial to evaluate its performance to ensure it meets your requirements and performs well on unseen data. Amazon SageMaker Canvas provides a user-friendly interface to assess your model's accuracy, review its predictions, and gain insights into its strengths and weaknesses. You can use the insights to make informed decisions about its deployment and potential areas for improvement.
Use the following procedure to evaluate a model before you deploy it.
**To evaluate a model**
1. Choose **My Models**.
1. Choose the model you've created.
1. Under **Versions**, select the version corresponding to the model.
You can now view the model evaluation metrics.
After you evaluate the model, you can make predictions on new data. We're using the test dataset that we've created.
To use the test dataset for predictions we need to convert it into a SageMaker Canvas dataset. The SageMaker Canvas dataset is in a format that the model can interpret.
Use the following procedure to create a SageMaker Canvas dataset from the test dataset.
**To create a SageMaker Canvas dataset**
1. Next to the **Dataset (Test)** dataset, choose the radio icon.
1. Select **Export**.
1. Select **SageMaker Canvas dataset**.
1. For **Dataset name**, specify a name for the dataset.
1. Choose **Export**.
Use the following procedure to make predictions. It assumes that you're still on the **Analyze** page.
**To make predictions on test dataset**
1. Choose **Predict**.
1. Choose **Manual**.
1. Select the dataset that you've exported.
1. Choose **Generate predictions**.
1. When SageMaker Canvas has finished generating predictions, select the icon to the right of the dataset.
1. Choose **Preview** to view the predictions.
## Deploy a model
After you've evaluated your model, you can deploy it to an endpoint. You can submit requests to the endpoint to get predictions.
Use the following procedure to deploy a model. It assumes that you're still on the **Predict** page.
**To deploy a model**
1. Choose **Deploy**.
1. Choose **Create deployment**.
1. Choose **Deploy**.
## Cleaning up
You've successfully completed the tutorial. To avoid incurring additional charges, delete the resources that you're not using.
Use the following procedure to delete the endpoint that you created. It assumes that you're still on the **Deploy** page.
**To delete an endpoint**
1. Choose the radio button to the right of your deployment.
1. Select **Delete deployment**.
1. Choose **Delete**.
After deleting the deployment, delete the datasets that you've created within SageMaker Canvas. Use the following procedure to delete the datasets.
**To delete the datasets**
1. Choose **Datasets** on the left-hand navigation.
1. Select the dataset that you've analyzed and the synthetic dataset used for predictions.
1. Choose **Delete**.
To avoid incurring additional charges, you must log out of SageMaker Canvas. For more information, see [Logging out of Amazon SageMaker Canvas](canvas-log-out.md).
# Amazon SageMaker Canvas setup and permissions management (for IT administrators)
The following pages explain how IT administrators can configure Amazon SageMaker Canvas and grant permissions to users within their organizations. You learn how to set up the storage configuration, manage data encryption and VPCs, control access to specific capabilities like generative AI foundation models, integrate with other AWS services like Amazon Redshift, and more. By following these steps, you can tailor SageMaker Canvas for your users based on your organization's specific requirements.
You can also set up SageMaker Canvas for your users with AWS CloudFormation. For more information, see [AWS::SageMaker AI::App](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-app.html) in the *AWS CloudFormation User Guide*.
**Topics**
+ [
# Grant Your Users Permissions to Upload Local Files
](canvas-set-up-local-upload.md)
+ [
# Set Up SageMaker Canvas for Your Users
](setting-up-canvas-sso.md)
+ [
# Configure your Amazon S3 storage
](canvas-storage-configuration.md)
+ [
# Grant permissions for cross-account Amazon S3 storage
](canvas-permissions-cross-account.md)
+ [
# Grant Users Permissions to Use Large Data across the ML Lifecycle
](canvas-large-data-permissions.md)
+ [
# Encrypt Your SageMaker Canvas Data with AWS KMS
](canvas-kms.md)
+ [
# Store SageMaker Canvas application data in your own SageMaker AI space
](canvas-spaces-setup.md)
+ [
# Grant Your Users Permissions to Build Custom Image and Text Prediction Models
](canvas-set-up-cv-nlp.md)
+ [
# Grant Users Permissions to Use Amazon Bedrock and Generative AI Features in Canvas
](canvas-fine-tuning-permissions.md)
+ [
# Update SageMaker Canvas for Your Users
](canvas-update.md)
+ [
# Request a Quota Increase
](canvas-requesting-quota-increases.md)
+ [
# Grant Users Permissions to Import Amazon Redshift Data
](canvas-redshift-permissions.md)
+ [
# Grant Your Users Permissions to Send Predictions to Quick
](canvas-quicksight-permissions.md)
+ [
# Applications management
](canvas-manage-apps.md)
+ [
# Configure Amazon SageMaker Canvas in a VPC without internet access
](canvas-vpc.md)
+ [
# Set up connections to data sources with OAuth
](canvas-setting-up-oauth.md)
# Grant Your Users Permissions to Upload Local Files
If your users are uploading files from their local machines to SageMaker Canvas, you must attach a CORS (cross-origin resource sharing) configuration to the Amazon S3 bucket that they're using. When setting up or editing the SageMaker AI domain or user profile, you can specify either a custom Amazon S3 location or the default location, which is a SageMaker AI created Amazon S3 bucket with a name that uses the following pattern: `s3://sagemaker-{Region}-{your-account-id}`. SageMaker Canvas adds your users' data to the bucket whenever they upload a file.
To grant users permissions to upload local files to the bucket, you can attach a CORS configuration to it using either of the following procedures. You can use the first method when editing the settings of your domain, where you opt in to allow SageMaker AI to attach the CORS configuration to the bucket for you. You can also use the first method for editing a user profile within a domain. The second method is the manual method, where you can attach the CORS configuration to the bucket yourself.
## SageMaker AI domain settings method
To grant your users permissions to upload local files, you can edit the Canvas application configuration in the domain settings. This attaches a Cross-Origin Resource Sharing (CORS) configuration to the Canvas storage configuration's Amazon S3 bucket and grants all users in the domain permission to upload local files into SageMaker Canvas. By default, the permissions option is turned on when you set up a new domain, but you can turn this option on and off as needed.
**Note**
If you have an existing CORS configuration on the storage configuration Amazon S3 bucket, turning on the local file upload option overwrites the existing configuration with the new configuration.
The following procedure shows how you can turn on this option by editing the domain settings in the SageMaker AI console.
1. Go to the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. In the left navigation pane, choose **Domains**.
1. From the list of domains, choose your domain.
1. On the domain details page, select the **App Configurations** tab.
1. Go to the **Canvas** section and choose **Edit**.
1. Turn on the **Enable local file upload** toggle. This attaches the CORS configuration and grants local file upload permissions.
1. Choose **Submit**.
Users in the specified domain should now have local file upload permissions.
You can also grant permissions to specific user profiles in a domain by following the preceding procedure and going into the user profile settings instead of the overall domain settings.
## Amazon S3 bucket method
If you want to manually attach the CORS configuration to the SageMaker AI Amazon S3 bucket, use the following procedure.
1. Sign in to [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. Choose your bucket. If your domain uses the default SageMaker AI created bucket, the bucket’s name uses the following pattern: `s3://sagemaker-{Region}-{your-account-id}`.
1. Choose **Permissions**.
1. Navigate to **Cross-origins resource sharing (CORS)**.
1. Choose **Edit**.
1. Add the following CORS policy:
```
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"POST"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
```
1. Choose **Save changes**.
In the preceding procedure, the CORS policy must have `"POST"` listed under `AllowedMethods`.
After you've gone through the procedure, you should have:
+ An IAM role assigned to each of your users.
+ Amazon SageMaker Studio Classic runtime permissions for each of your users. SageMaker Canvas uses Studio Classic to run the commands from your users.
+ If the users are uploading files from their local machines, a CORS policy attached to their Amazon S3 bucket.
If your users still can't upload the local files after you update the CORS policy, the browser might be caching the CORS settings from a previous upload attempt. If they're running into issues, instruct them to clear their browser cache and try again.
# Set Up SageMaker Canvas for Your Users
To set up Amazon SageMaker Canvas, do the following:
+ Create an Amazon SageMaker AI domain.
+ Create user profiles for the domain
+ Set up Okta Single Sign On (Okta SSO) for your users.
+ Activate link sharing for models.
Use Okta Single-Sign On (Okta SSO) to grant your users access to Amazon SageMaker Canvas. SageMaker Canvas supports SAML 2.0 SSO methods. The following sections guide you through procedures to set up Okta SSO.
To set up a domain, see [Use custom setup for Amazon SageMaker AI](onboard-custom.md) and follow the instructions for setting up your domain using IAM authentication. You can use the following information to help you complete the procedure in the section:
+ You can ignore the step about creating projects.
+ You don't need to provide access to additional Amazon S3 buckets. Your users can use the default bucket that we provide when we create a role.
+ To grant your users access to share their notebooks with data scientists, turn on **Notebook Sharing Configuration**.
+ Use Amazon SageMaker Studio Classic version 3.19.0 or later. For information about updating Amazon SageMaker Studio Classic, see [Shut Down and Update Amazon SageMaker Studio Classic](studio-tasks-update-studio.md).
Use the following procedure to set up Okta. For all of the following procedures, you specify the same IAM role for `IAM-role` .
## Add the SageMaker Canvas application to Okta
Set up the sign-on method for Okta.
1. Sign in to the Okta Admin dashboard.
1. Choose **Add application**. Search for **AWS Account Federation**.
1. Choose **Add**.
1. Optional: Change the name to **Amazon SageMaker Canvas**.
1. Choose **Next**.
1. Choose **SAML 2.0** as the **Sign-On** method.
1. Choose **Identity Provider Metadata** to open the metadata XML file. Save the file locally.
1. Choose **Done**.
## Set up ID federation in IAM
AWS Identity and Access Management (IAM) is the AWS service that you use to gain access to your AWS account. You gain access to AWS through an IAM account.
1. Sign in to the AWS console.
1. Choose **AWS Identity and Access Management (IAM)**.
1. Choose **Identity Providers**.
1. Choose **Create Provider**.
1. For **Configure Provider**, specify the following:
+ **Provider Type** – From the dropdown list, choose **SAML**.
+ **Provider Name** – Specify **Okta**.
+ **Metadata Document** – Upload the XML document that you've saved locally from step 7 of [Add the SageMaker Canvas application to Okta](#canvas-set-up-okta).
1. Find your identity provider under **Identity Providers**. Copy its **Provider ARN** value.
1. For **Roles**, choose the IAM role that you're using for Okta SSO access.
1. Under **Trust Relationship** for the IAM role, choose **Edit Trust Relationship**.
1. Modify the IAM trust relationship policy by specifying the **Provider ARN** value that you've copied and add the following policy:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::111122223333:saml-provider/Okta"
},
"Action": [
"sts:AssumeRoleWithSAML",
"sts:TagSession"
],
"Condition": {
"StringEquals": {
"SAML:aud": "https://signin.aws.amazon.com/saml"
}
}
},
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::111122223333:saml-provider/Okta"
},
"Action": [
"sts:SetSourceIdentity"
]
}
]
}
```
------
1. For **Permissions**, add the following policy:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AmazonSageMakerPresignedUrlPolicy",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl"
],
"Resource": "*"
}
]
}
```
------
## Configure SageMaker Canvas in Okta
Configure Amazon SageMaker Canvas in Okta using the following procedure.
To configure Amazon SageMaker Canvas to use Okta, follow the steps in this section. You must specify unique user names for each **SageMakerStudioProfileName** field. For example, you can use `user.login` as a value. If the username is different from the SageMaker Canvas profile name, choose a different uniquely identifying attribute. For example, you can use an employee's ID number for the profile name.
For an example of values that you can set for **Attributes**, see the code following the procedure.
1. Under **Directory**, choose **Groups**.
1. Add a group with the following pattern: `sagemaker#canvas#IAM-role#AWS-account-id`.
1. In Okta, open the **AWS Account Federation** application integration configuration.
1. Select **Sign On** for the AWS Account Federation application.
1. Choose **Edit** and specify the following:
+ SAML 2.0
+ **Default Relay State** – https://*Region*.console.aws.amazon.com/sagemaker/home?region=*Region*\$1/studio/canvas/open/*StudioId*. You can find the Studio Classic ID in the console: [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/)
1. Choose **Attributes**.
1. In the **SageMakerStudioProfileName** fields, specify unique values for each username. The usernames must match the usernames that you've created in the AWS console.
```
Attribute 1:
Name: https://aws.amazon.com/SAML/Attributes/PrincipalTag:SageMakerStudioUserProfileName
Value: ${user.login}
Attribute 2:
Name: https://aws.amazon.com/SAML/Attributes/TransitiveTagKeys
Value: {"SageMakerStudioUserProfileName"}
```
1. Select **Environment Type**. Choose **Regular AWS**.
+ If your environment type isn't listed, you can set your ACS URL in the **ACS URL** field. If your environment type is listed, you don't need to enter your ACS URL
1. For **Identity Provider ARN**, specify the ARN you used in step 6 of the preceding procedure.
1. Specify a **Session Duration**.
1. Choose **Join all roles**.
1. Turn on **Use Group Mapping** by specifying the following fields:
+ **App Filter** – `okta`
+ **Group Filter** – `^aws\#\S+\#(?IAM-role[\w\-]+)\#(?accountid\d+)$`
+ **Role Value Pattern** – `arn:aws:iam::$accountid:saml-provider/Okta,arn:aws:iam::$accountid:role/IAM-role`
1. Choose **Save/Next**.
1. Under **Assignments**, assign the application to the group that you've created.
## Add optional policies on access control in IAM
In IAM, you can apply the following policy to the administrator user who creates the user profiles.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "CreateSageMakerStudioUserProfilePolicy",
"Effect": "Allow",
"Action": "sagemaker:CreateUserProfile",
"Resource": "*",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": [
"studiouserid"
]
}
}
}
]
}
```
------
If you choose to add the preceding policy to the admin user, you must use the following permissions from [Set up ID federation in IAM](#set-up-id-federation-IAM).
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AmazonSageMakerPresignedUrlPolicy",
"Effect": "Allow",
"Action": [
"sagemaker:CreatePresignedDomainUrl"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"sagemaker:ResourceTag/studiouserid": "${aws:PrincipalTag/SageMakerStudioUserProfileName}"
}
}
}
]
}
```
------
# Configure your Amazon S3 storage
When you set up your SageMaker Canvas application, the default storage location for model artifacts, datasets, and other application data is an Amazon S3 bucket that Canvas creates. This default Amazon S3 bucket follows the naming pattern `s3://sagemaker-{Region}-{your-account-id}` and exists in the same Region as your Canvas application. However, you can customize the storage location and specify your own Amazon S3 bucket for storing Canvas application data. You might want to use your own Amazon S3 bucket for storing application data for any of the following reasons:
+ Your organization has internal naming conventions for Amazon S3 buckets.
+ You want to enable cross-account access to model artifacts or other Canvas data.
+ You want to be compliant with internal security guidelines, such as restricting users to specific Amazon S3 buckets or model artifacts.
+ You want enhanced visibility and access to logs produced by Canvas, independent of the AWS console or SageMaker Studio Classic.
By specifying your own Amazon S3 bucket, you can have increased control over your own storage and be compliant with your organization.
To get started, you can either create a new SageMaker AI domain or user profile, or you can update an existing domain or user profile. Note that the user profile settings override the domain-level settings. For example, you can use the default bucket configuration at the domain level, but you can specify a custom Amazon S3 bucket for an individual user. After specifying your own Amazon S3 bucket for the domain or user profile, Canvas creates a subfolder called `Canvas/` under the input Amazon S3 URI and saves all artifacts generated in the Canvas application under this subfolder.
**Important**
If you update an existing domain or user profile, you no longer have access to your Canvas artifacts from the previous location. Your files are still in the old Amazon S3 location, but you can no longer view them from Canvas. The new configuration takes effect the next time you log into the application.
For more information about granting cross-account access to your Amazon S3 bucket, see [Granting cross-account object permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example4.html#access-policies-walkthrough-example4-overview) in the *Amazon S3 User Guide*.
The following sections describe how to specify a custom Amazon S3 bucket for your Canvas storage configuration. If you’re setting up a new SageMaker AI domain (or a new user in a domain), then use the [New domain setup method](#canvas-storage-configuration-new-domain) or the [New user profile setup method](#canvas-storage-configuration-new-user). If you have an existing Canvas user profile and would like to update the profile's storage configuration, use the [Existing user method](#canvas-storage-configuration-existing-user).
## Before you begin
If you’re specifying an Amazon S3 URI from a different AWS account, or if you’re using a bucket that is encrypted with AWS KMS, then you must configure permissions before proceeding. You must grant AWS IAM permissions to ensure that Canvas can download and upload objects to and from your bucket. For detailed information on how to grant the required permissions, see [Grant permissions for cross-account Amazon S3 storage](canvas-permissions-cross-account.md).
Additionally, the final Amazon S3 URI for the training folder in your Canvas storage location must be 128 characters or less. The final Amazon S3 URI consists of your bucket path `s3:////` plus the path that Canvas adds to your bucket: `Canvas//Training`. For example, an acceptable path that is less than 128 characters is `s3:////Canvas//Training`.
## New domain setup method
If you’re setting up a new domain and Canvas application, use this section to configure the storage location at the domain level. This configuration applies to all new users you create in the domain, unless you specify a different storage location for individual user profiles.
When doing a **Standard setup** for your domain, on the **Step 3: Configure Applications - Optional** page, use the following procedure for the **Canvas** section:
1. For the **Canvas storage configuration**, do the following:
1. Select **System managed** if you want to set the location to the default SageMaker AI bucket that follows the pattern `s3://sagemaker-{Region}-{your-account-id}`.
1. Select **Custom S3** to specify your own Amazon S3 bucket as the storage location. Then, enter the Amazon S3 URI.
1. (Optional) For **Encryption key**, specify a KMS key for encrypting Canvas artifacts stored at the specified location.
1. Finish setting up the domain and choose **Submit**.
Your domain is now configured to use the Amazon S3 location you specified for SageMaker Canvas application storage.
## New user profile setup method
If you’re setting up a new user profile in your domain, use this section to configure the storage location for the user. This configuration overrides the domain-level configuration.
When adding a user profile to your domain, for **Step 2: Configure Applications**, use the following procedure for the **Canvas** section:
1. For the **Canvas storage configuration**, do the following:
1. Select **System managed** if you want to set the location to the default SageMaker AI created bucket that follows the pattern `s3://sagemaker-{Region}-{your-account-id}`.
1. Select **Custom S3** to specify your own Amazon S3 bucket as the storage location. Then, enter the Amazon S3 URI.
1. (Optional) For **Encryption key**, specify a KMS key for encrypting Canvas artifacts stored at the specified location.
1. Finish setting up the user profile and choose **Submit**.
Your user profile is now configured to use the Amazon S3 location you specified for SageMaker Canvas application storage.
## Existing user method
If you have an existing Canvas user profile and would like to update the Amazon S3 storage location, you can edit the SageMaker AI domain or user profile settings. The change takes effect the next time you log into the Canvas application.
**Note**
When you change the storage location for an existing Canvas application, you lose access to your Canvas artifacts from the previous storage location. The artifacts are still stored in the old Amazon S3 location, but you can no longer view them from Canvas.
Remember that the user profile settings override the general domain settings, so you can update the Amazon S3 storage location for specific user profiles without changing it for all of the users. You can update the storage configuration for an existing domain or user by using the following procedures.
------
#### [ Update an existing domain ]
Use the following procedure to update the storage configuration for a domain.
1. Open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Domains**.
1. From the list of domains, choose your domain.
1. On the **Domain details** page, choose the **App Configurations** tab.
1. Scroll down to the **Canvas** section and choose **Edit**.
1. The **Edit Canvas settings** page opens. For the **Canvas storage configuration** section, do the following:
1. Select **System managed** if you want to set the location to the default SageMaker AI created bucket that follows the pattern `s3://sagemaker-{Region}-{your-account-id}`.
1. Select **Custom S3** to specify your own Amazon S3 bucket as the storage location. Then, enter the Amazon S3 URI.
1. (Optional) For **Encryption key**, specify a KMS key for encrypting Canvas artifacts stored at the specified location.
1. Finish any other modifications you want to make to the domain, and then choose **Submit** to save your changes.
------
#### [ Update an existing user profile ]
Use the following procedure to update the storage configuration for a user profile.
1. Open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of **domains**, choose your domain.
1. From the list of users in the domain, choose the user whose configuration you want to edit.
1. On the **User Details** page, choose **Edit**.
1. In the navigation pane, choose **Canvas settings**.
1. For the **Canvas storage configuration**, do the following:
1. Select **System managed** if you want to set the location to the default SageMaker AI bucket that follows the pattern `s3://sagemaker-{Region}-{your-account-id}`.
1. Select **Custom S3** to specify your own Amazon S3 bucket as the storage location. Then, enter the Amazon S3 URI.
1. (Optional) For **Encryption key**, specify a KMS key for encrypting Canvas artifacts stored at the specified location.
1. Finish any other modifications you want to make to the user profile, and then choose **Submit** to save your changes.
------
The storage location for your Canvas user profile should now be updated. The next time you log into the Canvas application, you receive a notification that the storage location has been updated. You lose access to any previous artifacts that you created in Canvas. You can still access the files in Amazon S3, but you can no longer view them in Canvas.
# Grant permissions for cross-account Amazon S3 storage
When setting up your SageMaker AI domain or user profile for users to access SageMaker Canvas, you specify an Amazon S3 storage location for Canvas artifacts. These artifacts include saved copies of your input datasets, model artifacts, predictions, and other application data. You can either use the default SageMaker AI created Amazon S3 bucket, or you can customize the storage location and specify your own bucket for storing Canvas application data.
You can specify an Amazon S3 bucket in another AWS account for storing your Canvas data, but first you must grant cross-account permissions so that Canvas can access the bucket.
The following sections describe how to grant permissions to Canvas for uploading and downloading objects to and from an Amazon S3 bucket in another account. There are additional permissions for when your bucket is encrypted with AWS KMS.
## Requirements
Before you begin, review the following requirements:
+ Cross-account Amazon S3 buckets (and any associated AWS KMS keys) must be in the same AWS Region as the Canvas user domain or user profile.
+ The final Amazon S3 URI for the training folder in your Canvas storage location must be 128 characters or less. The final S3 URI consists of your bucket path `s3:////` plus the path that Canvas adds to your bucket: `Canvas//Training`. For example, an acceptable path that is less than 128 characters is `s3:////Canvas//Training`.
## Permissions for cross-account Amazon S3 buckets
The following section outlines the basic steps for granting the necessary permissions so that Canvas can access your Amazon S3 bucket in another account. For more detailed instructions, see [Example 2: Bucket owner granting cross-account bucket permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example2.html) in the *Amazon S3 User Guide*.
1. Create an Amazon S3 bucket, `bucketA`, in Account A.
1. The Canvas user exists in another account called Account B. In the following steps, we refer to the Canvas user's IAM role as `roleB` in Account B.
Give the IAM role `roleB` in Account B permission to download (`GetObject`) and upload (`PutObject`) objects to and from `bucketA` in Account A by attaching an IAM policy.
To limit access to a specific bucket folder, define the folder name in the resource element, such as `arn:aws:s3:::/FolderName/*`. For more information, see [How can I use IAM policies to grant user-specific access to specific folders?](https://aws.amazon.com/premiumsupport/knowledge-center/iam-s3-user-specific-folder/)
**Note**
Bucket-level actions, such as `GetBucketCors` and `GetBucketLocation`, should be added on bucket-level resources, not folders.
The following example IAM policy grants the required permissions for `roleB` to access objects in `bucketA`:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucketA/FolderName/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketCors",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::bucketA"
]
}
]
}
```
------
1. Configure the bucket policy for `bucketA` in Account A to grant permissions to the IAM role `roleB` in Account B.
**Note**
Admins must also turn off **Block all public access** under the bucket **Permissions** section.
The following is an example bucket policy for `bucketA` to grant the necessary permissions to `roleB`:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:role/roleB"
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::bucketA/FolderName/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:role/roleB"
},
"Action": [
"s3:ListBucket",
"s3:GetBucketCors",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::bucketA"
}
]
}
```
------
After configuring the preceding permissions, your Canvas user profile in Account B can now use the Amazon S3 bucket in Account A as the storage location for Canvas artifacts.
## Permissions for cross-account Amazon S3 buckets encrypted with AWS KMS
The following procedure shows you how to grant the necessary permissions so that Canvas can access your Amazon S3 bucket in another account that is encrypted with AWS KMS. The steps are similar to the procedure above, but with additional permissions. For more information about granting cross-account KMS key access, see [Allowing users in other accounts to use a KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html) in the *AWS KMS Developer Guide*.
1. Create an Amazon S3 bucket, `bucketA`, and an Amazon S3 KMS key `s3KmsInAccountA` in Account A.
1. The Canvas user exists in another account called Account B. In the following steps, we refer to the Canvas user's IAM role as `roleB` in Account B.
Give the IAM role `roleB` in Account B permission to do the following:
+ Download (`GetObject`) and upload (`PutObject`) objects to and from `bucketA` in Account A.
+ Access the AWS KMS key `s3KmsInAccountA` in Account A.
The following example IAM policy grants the required permissions for `roleB` to access objects in `bucketA` and use the KMS key `s3KmsInAccountA`:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucketA/FolderName/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketCors",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::bucketA"
]
},
{
"Action": [
"kms:DescribeKey",
"kms:CreateGrant",
"kms:RetireGrant",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlainText",
"kms:Decrypt"
],
"Effect": "Allow",
"Resource": "arn:aws:kms:us-east-1:111122223333:key/s3KmsInAccountA"
}
]
}
```
------
1. Configure the bucket policy for `bucketA` and the key policy for `s3KmsInAccountA` in Account A to grant permissions to the IAM role `roleB` in Account B.
The following is an example bucket policy for `bucketA` to grant the necessary permissions to `roleB`:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:role/roleB"
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::bucketA/FolderName/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:role/roleB"
},
"Action": [
"s3:GetBucketCors",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::bucketA"
}
]
}
```
------
The following example is a key policy that you attach to the KMS key `s3KmsInAccountA` in Account A to grant `roleB` access. For more information about how to create and attach a key policy statement, see [Creating a key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html) in the *AWS KMS Developer Guide*.
```
{
"Sid": "Allow use of the key",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::accountB:role/roleB"
]
},
"Action": [
"kms:DescribeKey",
"kms:CreateGrant",
"kms:RetireGrant",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlainText",
"kms:Decrypt"
],
"Resource": "*"
}
```
After configuring the preceding permissions, your Canvas user profile in Account B can now use the encrypted Amazon S3 bucket in Account A as the storage location for Canvas artifacts.
# Grant Users Permissions to Use Large Data across the ML Lifecycle
Amazon SageMaker Canvas users working with datasets larger than 10 GB in CSV format or 2.5 GB in Parquet format require specific permissions for large data processing. These permissions are essential for managing large-scale data throughout the machine learning lifecycle. When datasets exceed the stated thresholds, or the application's local memory capacity, SageMaker Canvas uses Amazon EMR Serverless for efficient processing. This applies to:
+ Data Import: Importing large datasets with random or stratified sampling.
+ Data Preparation: Exporting processed data from Data Wrangler in Canvas to Amazon S3, to a new Canvas dataset, or to a Canvas model.
+ Model Building: Training models on large datasets.
+ Inference: Making predictions on large datasets.
By default, SageMaker Canvas uses EMR Serverless to run these remote jobs with the following app settings:
+ Pre-Initialized capacity: Not configured
+ Application limits: Maximum capacity of 400 vCPUs, max concurrent 16 vCPUs per account, 3000 GB memory, 20000 GB disk
+ Metastore configuration: AWS Glue Data Catalog
+ Application logs: AWS managed storage (enabled), using an AWS owned encryption key
+ Application behavior: Auto-starts on job submission and auto-stops after the application is idle for 15 minutes
To enable these large data processing capabilities, users need the necessary permissions, which can be granted through the Amazon SageMaker AI domain settings. The method for granting these permissions depends on how your Amazon SageMaker AI domain was set up initially. We'll cover three main scenarios:
+ Quick domain setup
+ Custom domain setup (with public internet access/without VPC)
+ Custom domain setup (with VPC and without public internet access)
Each scenario requires specific steps to ensure that users have the required permissions to leverage EMR Serverless for large data processing across the entire machine learning lifecycle in SageMaker Canvas.
## Scenario 1: Quick domain setup
If you used the **Quick setup** option when creating your SageMaker AI domain, follow these steps:
1. Navigate to the Amazon SageMaker AI domain settings:
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. In the left navigation pane, choose **Domains**.
1. Select your domain.
1. Choose the **App Configurations** tab.
1. Scroll to the **Canvas** section and choose **Edit**.
1. Enable large data processing:
1. In the **Large data processing configuration** section, turn on **Enable EMR Serverless for large data processing**.
1. Create or select an EMR Serverless role:
1. Choose **Create and use a new execution role** to create a new IAM role that has a trust relationship with EMR Serverless and the [AWS managed policy: AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy](security-iam-awsmanpol-canvas.md#security-iam-awsmanpol-AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy) policy attached. This IAM role is assumed by Canvas to create EMR Serverless jobs.
1. Alternatively, if you already have an execution role with a trust relationship for EMR Serverless, then select **Use an existing execution role** and choose your role from the dropdown.
+ The existing role must have a name that begins with the prefix `AmazonSageMakerCanvasEMRSExecutionAccess-`.
+ The role you select should also have at least the permissions described in the [AWS managed policy: AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy](security-iam-awsmanpol-canvas.md#security-iam-awsmanpol-AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy) policy.
+ The role should have an EMR Serverless trust policy, as shown below:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "EMRServerlessTrustPolicy",
"Effect": "Allow",
"Principal": {
"Service": "emr-serverless.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "111122223333"
}
}
}
]
}
```
------
1. (Optional) Add Amazon S3 permissions for custom Amazon S3 buckets:
1. The Canvas managed policy automatically grants read and write permissions for Amazon S3 buckets with `sagemaker` or `SageMaker AI` in their names. It also grants read permissions for objects in custom Amazon S3 buckets with the tag `"SageMaker": "true"`.
1. For custom Amazon S3 buckets without the required tag, add the following policy to your EMR Serverless role:
1.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
```
------
1. We recommend that you scope down the permissions to specific Amazon S3 buckets that you want Canvas to access.
1. Save your changes and restart your SageMaker Canvas application.
## Scenario 2: Custom domain setup (with public internet access/without VPC)
If you created or use a custom domain, follow steps 1-3 from Scenario 1, and then do these additional steps:
1. Add permissions for the Amazon ECR `DescribeImages` operation to your Amazon SageMaker AI execution role, as Canvas utilizes public Amazon ECR Docker images for data preparation and model training:
1. Sign in to the AWS console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Choose **Roles**.
1. In the search box, search for your SageMaker AI execution role by name and select it.
1. Add the following policy to your SageMaker AI execution role. This can be done either by adding it as a new inline policy or by appending the policy statement to an existing one. Note that an IAM role can have a maximum of 10 policies attached.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [{
"Sid": "ECRDescribeImagesOperation",
"Effect": "Allow",
"Action": "ecr:DescribeImages",
"Resource": [
"arn:aws:ecr:*:*:repository/sagemaker-data-wrangler-emr-container",
"arn:aws:ecr:*:*:repository/ap-dataprep-emr"
]
}]
}
```
------
1. Save your changes and restart your SageMaker Canvas application.
## Scenario 3: Custom domain setup (with VPC and without public internet access)
If you created or use a custom domain, follow all steps from Scenario 2, then follow these additional steps:
1. Ensure your VPC subnets are private:
1. Verify that the route table for your subnets doesn't have an entry mapping `0.0.0.0/0` to an Internet Gateway.
1. Add permissions for creating network interfaces:
1. When using SageMaker Canvas with EMR Serverless for large-scale data processing, EMR Serverless requires the ability to create Amazon EC2 ENIs to enable network communication between EMR Serverless applications and your VPC resources.
1. Add the following policy to your Amazon SageMaker AI execution role. This can be done either by adding it as a new inline policy or by appending the policy statement to an existing one. Note that an IAM role can have a maximum of 10 policies attached.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowEC2ENICreation",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface"
],
"Resource": [
"arn:aws:ec2:*:*:network-interface/*"
],
"Condition": {
"StringEquals": {
"aws:CalledViaLast": "ops.emr-serverless.amazonaws.com"
}
}
}
]
}
```
------
1. (Optional) Restrict ENI creation to specific subnets:
1. To further secure your setup by restricting the creation of ENIs to certain subnets within your VPC, you can tag each subnet with specific conditions.
1. Use the following IAM policy to ensure that EMR Serverless applications can only create Amazon EC2 ENIs within the allowed subnets and security groups:
```
{
"Sid": "AllowEC2ENICreationInSubnetAndSecurityGroupWithEMRTags",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface"
],
"Resource": [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:security-group/*"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KEY": "VALUE"
}
}
}
```
1. Follow the steps on the page [Configure Amazon SageMaker Canvas in a VPC without internet access](canvas-vpc.md) to set the VPC endpoint for Amazon S3, which is required by EMR Serverless and other AWS services that are used by SageMaker Canvas.
1. Save your changes and restart your SageMaker Canvas application.
By following these steps, you can enable large data processing in SageMaker Canvas for various domain setups, including those with custom VPC configurations. Remember to restart your SageMaker Canvas application after making these changes to apply the new permissions.
# Encrypt Your SageMaker Canvas Data with AWS KMS
You might have data that you want to encrypt while using Amazon SageMaker Canvas, such as your private company information or customer data. SageMaker Canvas uses AWS Key Management Service to protect your data. AWS KMS is a service that you can use to create and manage cryptographic keys for encrypting your data. For more information about AWS KMS, see [AWS Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the *AWS KMS Developer Guide*.
Amazon SageMaker Canvas provides you with several options for encrypting your data. SageMaker Canvas provides default encryption within the application for tasks such as building your model and generating insights. You can also choose to encrypt data stored in Amazon S3 to protect your data at rest. SageMaker Canvas supports importing encrypted datasets, so you can establish an encrypted workflow. The following sections describe how you can use AWS KMS encryption to protect your data while building models with SageMaker Canvas.
## Encrypt your data in SageMaker Canvas
With SageMaker Canvas, you can use two different AWS KMS encryption keys to encrypt your data in SageMaker Canvas, which you can specify when [setting up your domain](https://docs.aws.amazon.com/sagemaker/latest/dg/gs-studio-onboard.html) using the standard domain setup. These keys are specified in the following domain setup steps:
+ **Step 3: Configure Applications - (Optional)** – When configuring the **Canvas storage configuration** section, you can specify an **Encryption key**. This is a KMS key that SageMaker Canvas uses for long-term storage of model objects and datasets, which are stored in the provided Amazon S3 bucket for your domain. If creating a Canvas application with the [CreateApp](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateApp.html) API, use the `S3KMSKeyId` field to specify this key.
+ **Step 6: Configure storage** – SageMaker Canvas uses one key for encrypting the Amazon SageMaker Studio private space that is created for your Canvas application, which includes temporary application storage, visualizations, and compute jobs (such as building models). You can use either the default AWS managed key or specify your own. If you specify your AWS KMS key, the data stored in the `/home/sagemaker-user` directory is encrypted with your key. If you don't specify an AWS KMS key, the data inside `/home/sagemaker-user` is encrypted with an AWS managed key. Regardless of whether you specify an AWS KMS key, all of the data outside of the working directory is encrypted with an AWS Managed Key. To learn more about the Studio space and your Canvas application storage, see [Store SageMaker Canvas application data in your own SageMaker AI space](canvas-spaces-setup.md). If creating a Canvas application with the [CreateApp](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateApp.html) API, use the `KmsKeyID` field to specify this key.
The preceding keys can be the same or different KMS keys.
### Prerequisites
To use your own KMS key for either of the previously described purposes, you must first grant your user's IAM role permission to use the key. Then, you can specify the KMS key when setting up your domain.
The simplest way to grant your role permission to use the key is to modify the key policy. Use the following procedure to grant your role the necessary permissions.
1. Open the [AWS KMS console](https://console.aws.amazon.com/kms/).
1. In the **Key Policy** section, choose **Switch to policy view**.
1. Modify the key's policy to grant permissions for the `kms:GenerateDataKey` and `kms:Decrypt` actions to the IAM role. Additionally, if you're modifying the key policy that encrypts your Canvas application storage in the Studio space, grant the `kms:CreateGrant` action. You can add a statement that's similar to the following:
```
{
"Sid": "ExampleStmt",
"Action": [
"kms:CreateGrant", #this permission is only required for the key that encrypts your SageMaker Canvas application storage
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Effect": "Allow",
"Principal": {
"AWS": ""
},
"Resource": "*"
}
```
1. Choose **Save changes**.
The less preferred method is to modify the user’s IAM role to grant the user permissions to use or manage the KMS key. If you use this method, the KMS key policy must also allow access management through IAM. To learn how to grant permission to a KMS key through the user’s IAM role, see [Specifying KMS keys in IAM policy statements](https://docs.aws.amazon.com/kms/latest/developerguide/cmks-in-iam-policies.html) in the *AWS KMS Developer Guide*.
### Encrypt your data in the SageMaker Canvas application
The first KMS key you can use in SageMaker Canvas is used for encrypting application data stored on Amazon Elastic Block Store (Amazon EBS) volumes and in the Amazon Elastic File System that SageMaker AI creates in your domain. SageMaker Canvas encrypts your data with this key in the underlying application and temporary storage systems created when using compute instances for building models and generating insights. SageMaker Canvas passes the key to other AWS services, such as Autopilot, whenever SageMaker Canvas initiates jobs with them to process your data.
You can specify this key by setting the `KmsKeyID` in the `CreateDomain` API call or while doing the standard domain setup in the console. If you don’t specify your own KMS key, SageMaker AI uses a default AWS managed KMS key to encrypt your data in the SageMaker Canvas application.
To specify your own KMS key for use in the SageMaker Canvas application through the console, first set up your Amazon SageMaker AI domain using the **Standard setup**. Use the following procedure to complete the **Network and Storage Section** for the domain.
1. Fill out your desired Amazon VPC settings.
1. For **Encryption key**, choose **Enter a KMS key ARN**.
1. For **KMS ARN**, enter the ARN for your KMS key, which should have a format similar to the following: `arn:aws:kms:example-region-1:123456789098:key/111aa2bb-333c-4d44-5555-a111bb2c33dd`
### Encrypt your SageMaker Canvas data saved in Amazon S3
The second KMS key you can specify is used for data that SageMaker Canvas stores to Amazon S3. This KMS key is specified in the `S3KMSKeyId` field in the `CreateDomain` API call, or while doing the standard domain setup in the SageMaker AI console. SageMaker Canvas saves duplicates of your input datasets, application and model data, and output data to the Region’s default SageMaker AI S3 bucket for your account. The naming pattern for this bucket is `s3://sagemaker-{Region}-{your-account-id}`, and SageMaker Canvas stores data in the `Canvas/` folder.
1. Turn on **Enable notebook resource sharing**.
1. For **S3 location for shareable notebook resources**, leave the default Amazon S3 path. Note that SageMaker Canvas does not use this Amazon S3 path; this Amazon S3 path is used for Studio Classic notebooks.
1. For **Encryption key**, choose **Enter a KMS key ARN**.
1. For **KMS ARN**, enter the ARN for your KMS key, which should have a format similar to the following: `arn:aws:kms:us-east-1:111122223333:key/111aa2bb-333c-4d44-5555-a111bb2c33dd`
## Import encrypted datasets from Amazon S3
Your users might have datasets that have been encrypted with a KMS key. While the preceding section shows you how to encrypt data in SageMaker Canvas and data stored to Amazon S3, you must grant your user's IAM role additional permissions if you want to import data from Amazon S3 that is already encrypted with AWS KMS.
To grant your user permissions to import encrypted datasets from Amazon S3 into SageMaker Canvas, add the following permissions to the IAM execution role that you've used for the user profile.
```
"kms:Decrypt",
"kms:GenerateDataKey"
```
To learn how to edit the IAM permissions for a role, see [Adding and removing IAM identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) in the *IAM User Guide*. For more information about KMS keys, see [Key policies in AWS Key Management Service](https://docs.aws.amazon.com//kms/latest/developerguide/key-policies.html) in the *AWS KMS Developer Guide*.
## FAQs
Refer to the following FAQ items for answers to commonly asked questions about SageMaker Canvas AWS KMS support.
### Q: Does SageMaker Canvas retain my KMS key?
A: No. SageMaker Canvas may temporarily cache your key or pass it on to other AWS services (such as Autopilot), but SageMaker Canvas does not retain your KMS key.
### Q: I specified a KMS key when setting up my domain. Why did my dataset fail to import in SageMaker Canvas?
A: Your user’s IAM role may not have permissions to use that KMS key. To grant your user permissions, see the [Prerequisites](#canvas-kms-app-data-prereqs). Another possible error is that you have a bucket policy on your Amazon S3 bucket that requires the use of a specific KMS key that doesn’t match the KMS key you specified in your domain. Make sure that you specify the same KMS key for your Amazon S3 bucket and your domain.
### Q: How do I find the Region’s default SageMaker AI Amazon S3 bucket for my account?
A: The default Amazon S3 bucket follows the naming pattern `s3://sagemaker-{Region}-{your-account-id}`. The `Canvas/` folder in this bucket stores your SageMaker Canvas application data.
### Q: Can I change the default SageMaker AI Amazon S3 bucket used to store SageMaker Canvas data?
A: No, SageMaker AI creates this bucket for you.
### Q: What does SageMaker Canvas store in the default SageMaker AI Amazon S3 bucket?
A: SageMaker Canvas uses the default SageMaker AI Amazon S3 bucket to store duplicates of your input datasets, model artifacts, and model outputs.
### Q: What use cases are supported for using KMS keys with SageMaker Canvas?
A: With SageMaker Canvas, you can use your own encryption keys with AWS KMS for building regression, binary and multi-class classification, and time series forecasting models, as well as for batch inference with your model.
# Store SageMaker Canvas application data in your own SageMaker AI space
Your Amazon SageMaker Canvas application data, such as datasets that you import and your model artifacts, is stored in a *Amazon SageMaker Studio private space*. The space consists of a storage volume for your application data with 100 GB of storage per user profile, the type of the space (in this case, a Canvas application), and the image for your application's container. When you set up Canvas and launch your application for the first time, SageMaker AI creates a default private space that is assigned to your user profile and stores your Canvas data. You don't have to do any additional configuration to set up the space because SageMaker AI automatically creates the space on your behalf. However, if you don't want to use the default space, you have the option to specify a space that you created yourself. This can be useful if you want to isolate your data. The following page shows you how to create and configure your own Studio space for storing Canvas application data.
**Note**
You can only configure a custom Studio space for new Canvas applications. You can't modify the space configuration for existing Canvas applications.
## Before you begin
Your Amazon SageMaker AI domain or user profile must have at least 100 GB of storage in order to create and use the SageMaker Canvas application.
If you created your domain through the SageMaker AI console, enough storage is provisioned by default and you don't need to take any additional action. If you created your domain or user profile with the [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html) or [ CreateUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html) APIs, then make sure that you set the `MaximumEbsVolumeSizeInGb` value to 100 GB or greater. To set a greater storage value, you can either create a new domain or user profile, or you can update an existing domain or user profile using the [UpdateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateDomain.html) or [ UpdateUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateUserProfile.html) APIs.
## Create a new space
First, create a new Studio space that is configured to store Canvas application data. This is the space that you specify when creating a new Canvas application in the next step.
To create a space, you can use the AWS SDK for Python (Boto3) or the AWS CLI.
------
#### [ SDK for Python (Boto3) ]
The following example shows you how to use the AWS SDK for Python (Boto3) `create_space` method to create a space that you can use for Canvas applications. Make sure to specify these parameters:
+ `DomainId`: Specify the ID for your SageMaker AI domain. To find your ID, you can go to the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/) and locate your domain in the **Domains** section.
+ `SpaceName`: Specify a name for the new space.
+ `EbsVolumeSizeinGb`: Specify the storage volume size for your space (in GB). The minimum value is `5` and the maximum is `16384`.
+ `SharingType`: Specify this field as `Private`. For more information, see [Amazon SageMaker Studio spaces](studio-updated-spaces.md).
+ `OwnerUserProfileName`: Specify the user profile name. To find user profile names associated with a domain, you can go to the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/) and locate your domain in the **Domains** section. In the domain's settings, you can view the user profiles.
+ `AppType`: Specify this field as `Canvas`.
```
response = client.create_space(
DomainId='',
SpaceName='',
SpaceSettings={
'AppType': 'Canvas',
'SpaceStorageSettings': {
'EbsStorageSettings': {
'EbsVolumeSizeInGb':
}
},
},
OwnershipSettings={
'OwnerUserProfileName': ''
},
SpaceSharingSettings={
'SharingType': 'Private'
}
)
```
------
#### [ AWS CLI ]
The following example shows you how to use the AWS CLI `create-space` method to create a space that you can use for Canvas applications. Make sure to specify these parameters:
+ `domain-id`: Specify the ID for your domain. To find your ID, you can go to the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/) and locate your domain in the **Domains** section.
+ `space-name`: Specify a name for the new space.
+ `EbsVolumeSizeinGb`: Specify the storage volume size for your space (in GB). The minimum value is `5` and the maximum is `16384`.
+ `SharingType`: Specify this field as `Private`. For more information, see [Amazon SageMaker Studio spaces](studio-updated-spaces.md).
+ `OwnerUserProfileName`: Specify the user profile name. To find user profile names associated with a domain, you can go to the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/) and locate your domain in the **Domains** section. In the domain's settings, you can view the user profiles.
+ `AppType`: Specify this field as `Canvas`.
```
create-space
--domain-id
--space-name
--space-settings '{
"AppType": "Canvas",
"SpaceStorageSettings": {
"EbsStorageSettings": {"EbsVolumeSizeInGb": }
},
}'
--ownership-settings '{"OwnerUserProfileName": ""}'
--space-sharing-settings '{"SharingType": "Private"}'
```
------
You should now have a space. Keep track of your space's name for the next step.
## Create a new Canvas application
After creating a space, create a new Canvas application that specifies the space as its storage location.
To create a new Canvas application, you can use the AWS SDK for Python (Boto3) or the AWS CLI.
**Important**
You must use the AWS SDK for Python (Boto3) or the AWS CLI to create your Canvas application. Specifying a custom space when creating Canvas applications through the SageMaker AI console isn't supported.
------
#### [ SDK for Python (Boto3) ]
The following example shows you how to use the AWS SDK for Python (Boto3) `create_app` method to create a new Canvas application. Make sure to specify these parameters:
+ `DomainId`: Specify the ID for your SageMaker AI domain.
+ `SpaceName`: Specify the name of the space that you created in the previous step.
+ `AppType`: Specify this field as `Canvas`.
+ `AppName`: Specify `default` as the app name.
```
response = client.create_app(
DomainId='',
SpaceName='',
AppType='Canvas',
AppName='default'
)
```
------
#### [ AWS CLI ]
The following example shows you how to use the AWS CLI `create-app` method to create a new Canvas application. Make sure to specify these parameters:
+ `DomainId`: Specify the ID for your SageMaker AI domain.
+ `SpaceName`: Specify the name of the space that you created in the previous step.
+ `AppType`: Specify this field as `Canvas`.
+ `AppName`: Specify `default` as the app name.
```
create-app
--domain-id
--space-name
--app-type Canvas
--app-name default
```
------
You should now have a new Canvas application that uses a custom Studio space as the storage location for application data.
**Important**
Any time you delete the Canvas application (or log out) and have to re-create the application, you must provide your space in the `SpaceName` field to make sure that Canvas uses your space.
The space is attached to the user profile you specified in the space configuration. You can delete your Canvas application without deleting the space, and the data stored in the space remains. The data stored in your space is only deleted if you delete your user profile, or if you directly delete the space.
# Grant Your Users Permissions to Build Custom Image and Text Prediction Models
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
In Amazon SageMaker Canvas, you can build [custom models](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-build-model.html) to meet your specific business need. Two of these custom model types are single-label image predicion and multi-category text prediction. The permissions to build these model types are included in the AWS Identity and Access Management (IAM) policy called [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasFullAccess), which SageMaker AI attaches by default to your user's IAM execution role if you leave the [Canvas base permissions turned on](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-getting-started.html#canvas-prerequisites). If you are using a custom IAM configuration, then you must explicitly add permissions to your user's IAM execution role so that they can build custom image and text prediction model types. To grant the necessary permissions to build image and text prediction models, read the following section to learn how to attach a least-permissions policy to your role.
To add the permissions to the user's IAM role, do the following:
1. Go to the [IAM console](https://console.aws.amazon.com/iamv2).
1. Choose **Roles**.
1. In the search box, search for the user's IAM role by name and select it.
1. On the page for the user's role, under **Permissions**, choose **Add permissions**.
1. Choose **Create inline policy**.
1. Select the JSON tab, and then paste the following least-permissions policy into the editor.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sagemaker:CreateAutoMLJobV2",
"sagemaker:DescribeAutoMLJobV2"
],
"Resource": "*"
}
]
}
```
------
1. Choose **Review policy**.
1. Enter a **Name** for the policy.
1. Choose **Create policy**.
For more information about AWS managed policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) in the *IAM User Guide*.
# Grant Users Permissions to Use Amazon Bedrock and Generative AI Features in Canvas
Generative AI features in Amazon SageMaker Canvas are powered by Amazon Bedrock foundation models, which are large language models (LLMs) that have the capability to understand and generate human-like text. This page describes how to grant the permissions necessary for the following features in SageMaker Canvas:
+ [Chat with and compare Amazon Bedrock models](canvas-fm-chat.md): Access and start conversational chats with Amazon Bedrock models through SageMaker Canvas.
+ [Use the Chat for data prep feature in Data Wrangler ](canvas-chat-for-data-prep.md): Use natural language to explore, visualize, and transform your data. This feature is powered by Anthropic Claude 2.
+ [Fine-tune Amazon Bedrock foundation models](canvas-fm-chat-fine-tune.md): Fine-tune an Amazon Bedrock foundation model on your own data to receive customized responses.
In order to use these features, you must first request access to the specific Amazon Bedrock model that you want to use. Then, add the necessary AWS IAM permissions and a trust relationship with Amazon Bedrock to the user's execution role. To grant the permissions to the role, you can choose one of the following methods:
+ Create a new Amazon SageMaker AI domain or user profile and turn on Amazon Bedrock permissions. For more information, see [Getting started with using Amazon SageMaker Canvas](canvas-getting-started.md).
+ Edit the settings for an existing Amazon SageMaker AI domain or user profile.
+ Manually add permissions and a trust relationship to a domain's or user's IAM role.
## Step 1: Add Amazon Bedrock model access
Access to Amazon Bedrock models isn't granted by default, so you must go to the Amazon Bedrock console to request access to models for your AWS account.
To learn how to request access to a specific Amazon Bedrock model, following the procedure to **Add model access** on the page [Manage access to Amazon Bedrock foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html) in the *Amazon Bedrock User Guide*.
## Step 2: Grant permissions to the user's IAM role
When setting up your Amazon SageMaker AI domain or user profile, the user's IAM execution role must have the [ AmazonSageMakerCanvasBedrockAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasBedrockAccess.html) policy attached, as well as a trust relationship with Amazon Bedrock, so that your user can access Amazon Bedrock models from SageMaker Canvas.
You can modify the domain settings and either create a new execution role (to which SageMaker AI attaches the required permissions for you) or specify an existing role.
Alternatively, you can manually modify the permissions for an existing IAM role through the IAM console.
Both methods are described in the following sections.
### Grant permissions through the domain settings
You can edit your domain or user profile settings to turn on the **Canvas Ready-to-use models configuration** setting and specify an Amazon Bedrock role.
To edit your domain settings and grant access to Amazon Bedrock models for Canvas users in the domain, do the following:
1. Go to the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. In the left navigation pane, choose **Domains**.
1. From the list of domains, choose your domain.
1. Choose the **App Configurations** tab.
1. In the **Canvas** section, choose **Edit**.
1. The **Edit Canvas settings** page opens. For the **Canvas Ready-to-use models configuration** section, do the following:
1. Turn on the **Enable Canvas Ready-to-use models option**.
1. For **Amazon Bedrock role**, select **Create and use a new execution role** to create a new IAM execution role that has the [ AmazonSageMakerCanvasBedrockAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasBedrockAccess.html) policy attached and a trust relationship with Amazon Bedrock. This IAM role is assumed by Amazon Bedrock when you access Amazon Bedrock models, use the chat for data prep feature, or fine-tune Amazon Bedrock models in Canvas. If you already have an execution role with a trust relationship, then select **Use an existing execution role** and choose your role from the dropdown.
1. Choose **Submit ** to save your changes.
Your users should now have the necessary permissions to access Amazon Bedrock models, use the chat for data prep feature, and fine-tune Amazon Bedrock models in Canvas.
You can use the same procedure above for editing an individual user’s settings, except go into the individual user’s profile from the domain page and edit the user settings instead. Permissions granted to an individual user don’t apply to other users in the domain, while permissions granted through the domain settings apply to all user profiles in the domain.
For more information on editing your domain settings, see [View and Edit domains](https://docs.aws.amazon.com/sagemaker/latest/dg/domain-view-edit.html).
### Grant permissions manually through IAM
You can manually grant users permissions to access and fine-tune Amazon Bedrock models in Canvas by adding permissions to the IAM role specified for the domain or user’s profile. The IAM role must have the [ AmazonSageMakerCanvasBedrockAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasBedrockAccess.html) policy attached and a trust relationship with Amazon Bedrock.
The following section shows you how to attach the policy to your IAM role and create the trust relationship with Amazon Bedrock.
First, take note of your domain or user profile’s IAM role. Note that permissions granted to an individual user don’t apply to other users in the domain, while permissions granted through the domain apply to all user profiles in the domain.
To configure the IAM role and grant permissions to fine-tune foundation models in Canvas, do the following:
1. Go to the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. In the left navigation pane, choose **Roles**.
1. Search for the user's IAM role by name from the list of roles and select it.
1. On the **Permissions** tab, choose **Add permissions**. From the dropdown menu, choose **Attach policies**.
1. Search for the `AmazonSageMakerCanvasBedrockAccess` policy and select it.
1. Choose**Add permissions**.
1. Back on the IAM role’s page, choose the **Trust relationships** tab.
1. Choose **Edit trust policy**.
1. In the policy editor, find the **Add a principal option** in the right panel and choose **Add**.
1. In the dialog box, for **Principal type**, select **AWS services**.
1. For **ARN**, enter **bedrock.amazonaws.com**.
1. Choose **Add principal**.
1. Choose **Update policy**.
You should now have an IAM role that has the [ AmazonSageMakerCanvasBedrockAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasBedrockAccess.html) policy attached and a trust relationship with Amazon Bedrock. For information about AWS managed policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) in the *IAM User Guide*.
# Update SageMaker Canvas for Your Users
You can update to the latest version of Amazon SageMaker Canvas as either a user or an IT administrator. You can update Amazon SageMaker Canvas for a single user at a time.
To update the Amazon SageMaker Canvas application, you must delete the previous version.
**Important**
Deleting the previous version of Amazon SageMaker Canvas doesn't delete the data or models that the users have created.
Use the following procedure to log in to AWS, open Amazon SageMaker AI domain, and update Amazon SageMaker Canvas. The users can start using the SageMaker Canvas application when they log back in.
1. Sign in to the Amazon SageMaker AI console at [Amazon SageMaker Runtime](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. On the **Domains** page, choose your domain.
1. From the list of **User profiles**, choose a user profile.
1. For the list of **Apps**, find the Canvas application (the **App type** says **Canvas**) and choose **Delete app**.
1. Complete the dialog box and choose **Confirm action**.
The following image shows the user profile page and highlights the **Delete app** action from the preceding procedure.
![\[Screenshot of the user profile page with the Delete app action highlighted.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-update-app-1.png)
# Request a Quota Increase
Your users might use AWS resources in amounts that exceed those specified by their quotas. If your users are resource constrained and encounter errors in SageMaker Canvas, you can request a quota increase for them.
For more details about SageMaker AI quotas and how to request a quota increase, see [Quotas](https://docs.aws.amazon.com/sagemaker/latest/dg/regions-quotas.html#regions-quotas-quotas).
Amazon SageMaker Canvas uses the following services to process the requests of your users:
+ Amazon SageMaker Autopilot
+ Amazon SageMaker Studio Classic domain
For a list of the available quotas for SageMaker Canvas operations, see [Amazon SageMaker AI endpoints and quotas](https://docs.aws.amazon.com//general/latest/gr/sagemaker.html).
## Request an increase for instances to build custom models
When building a custom model, if you encounter an error during post-building analysis that tells you to increase your quota for `ml.m5.2xlarge` instances, use the following information to resolve the issue.
You must increase the SageMaker AI Hosting endpoint quota for the `ml.m5.2xlarge` instance type to a non-zero value in your AWS account. After building a model, SageMaker Canvas hosts the model on a SageMaker AI Hosting endpoint and uses the endpoint to generate the post-building analysis. If you don't increase the default account quota of 0 for `ml.m5.2xlarge` instances, SageMaker Canvas cannot complete this step and generates an error during post-building analysis.
For the procedure to increase the quota, see [ Requesting a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) in the *Service Quotas User Guide*.
# Grant Users Permissions to Import Amazon Redshift Data
Your users might have datasets stored in Amazon Redshift. Before users can import data from Amazon Redshift into SageMaker Canvas, you must add the `AmazonRedshiftFullAccess` managed policy to the IAM execution role that you've used for the user profile and add Amazon Redshift as a service principal to the role's trust policy. You must also associate the IAM execution role with your Amazon Redshift cluster. Complete the procedures in the following sections to give your users the required permissions to import Amazon Redshift data.
## Add Amazon Redshift permissions to your IAM role
You must grant Amazon Redshift permissions to the IAM role specified in your user profile.
To add the `AmazonRedshiftFullAccess` policy to the user's IAM role, do the following.
1. Sign in to the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Choose **Roles**.
1. In the search box, search for the user's IAM role by name and select it.
1. On the page for the user's role, under **Permissions**, choose **Add permissions**.
1. Choose **Attach policies**.
1. Search for the `AmazonRedshiftFullAccess` managed policy and select it.
1. Choose **Attach policies** to attach the policy to the role.
After attaching the policy, the role’s **Permissions** section should now include `AmazonRedshiftFullAccess`.
To add Amazon Redshift as a service principal to the IAM role, do the following.
1. On the same page for the IAM role, under **Trust relationships**, choose **Edit trust policy**.
1. In the **Edit trust policy** editor, update the trust policy to add Amazon Redshift as a service principal. An IAM role that allows Amazon Redshift to access other AWS services on your behalf has a trust relationship as follows:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "redshift.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
```
------
1. After editing the trust policy, choose **Update policy**.
You should now have an IAM role that has the policy `AmazonRedshiftFullAccess` attached to it and a trust relationship established with Amazon Redshift, giving users permission to import Amazon Redshift data into SageMaker Canvas. For more information about AWS managed policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html) in the *IAM User Guide*.
## Associate the IAM role with your Amazon Redshift cluster
In the settings for your Amazon Redshift cluster, you must associate the IAM role that you granted permissions to in the preceding section.
To associate an IAM role with your cluster, do the following.
1. Sign in to the Amazon Redshift console at [https://console.aws.amazon.com/redshiftv2/](https://console.aws.amazon.com/redshiftv2/).
1. On the navigation menu, choose **Clusters**, and then choose the name of the cluster that you want to update.
1. In the **Actions** dropdown menu, choose **Manage IAM roles**. The **Cluster permissions** page appears.
1. For **Available IAM roles**, enter either the ARN or the name of the IAM role, or choose the IAM role from the list.
1. Choose **Associate IAM role** to add it to the list of **Associated IAM roles**.
1. Choose **Save changes** to associate the IAM role with the cluster.
Amazon Redshift modifies the cluster to complete the change, and the IAM role to which you previously granted Amazon Redshift permissions is now associated with your Amazon Redshift cluster. Your users now have the required permissions to import Amazon Redshift data into SageMaker Canvas.
# Grant Your Users Permissions to Send Predictions to Quick
You must grant your SageMaker Canvas users permissions to send batch predictions to Quick. In Quick, users can create analyses and reports with a dataset and prepare dashboards to share their results. For more information about sending prediction to QuickSight for analysis, see [Send predictions to Quick](canvas-send-predictions.md).
To grant the necessary permissions to share batch predictions with users in QuickSight, you must add a permissions policy to the AWS Identity and Access Management (IAM) execution role that you’ve used for the user profile. The following section shows you how to attach a least-permissions policy to your role.
**Add the permissions policy to your IAM role**
**To add the permissions policy, use the following procedure:**
1. Sign in to the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Choose **Roles**.
1. In the search box, search for the user's IAM role by name and select it.
1. On the page for the user's role, under **Permissions**, choose **Add permissions**.
1. Choose **Create inline policy**.
1. Select the JSON tab, and then paste the following least-permissions policy into the editor. Replace the placeholders `` with your own AWS account number.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"quicksight:CreateDataSet",
"quicksight:ListUsers",
"quicksight:ListNamespaces",
"quicksight:CreateDataSource",
"quicksight:PassDataSet",
"quicksight:PassDataSource"
],
"Resource": [
"arn:aws:quicksight:*:111122223333:datasource/*",
"arn:aws:quicksight:*:111122223333:user/*",
"arn:aws:quicksight:*:111122223333:namespace/*",
"arn:aws:quicksight:*:111122223333:dataset/*"
]
}
]
}
```
------
1. Choose **Review policy**.
1. Enter a **Name** for the policy.
1. Choose **Create policy**.
You should now have a customer-managed IAM policy attached to your execution role that grants your Canvas users the necessary permissions to send batch predictions to users in QuickSight.
# Applications management
The following sections describe how you can manage your SageMaker Canvas applications. You can view, delete, or relaunch your applications from the **Domains** section of the SageMaker AI console.
**Topics**
+ [
# Check for active applications
](canvas-manage-apps-active.md)
+ [
# Delete an application
](canvas-manage-apps-delete.md)
+ [
# Relaunch an application
](canvas-manage-apps-relaunch.md)
# Check for active applications
To check if you have any actively running SageMaker Canvas applications, use the following procedure.
1. Open the [SageMaker AI console](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Dashboard**.
1. In the **LCNC** section, there is a row for Canvas that tells you how many active apps are running. Choose the number to view the list of apps.
The **Status** column displays the status of the application, such as **Ready**, **Pending**, or **Deleted**. If the application is **Ready**, then your SageMaker Canvas workspace instance is active. You can delete the application from the console, or you can reopen Canvas and log out.
# Delete an application
If you want to terminate your SageMaker Canvas workspace instance, you can either log out from the SageMaker Canvas application or delete your application from the SageMaker AI console. A *workspace instance* is dedicated for your use from when you start using SageMaker Canvas to the point when you stop using it. Deleting the application only terminates the workspace instance and stops workspace instance charges. Models and datasets aren’t affected, but Quick build tasks automatically restart when you relaunch the application.
To delete your Canvas application through the AWS console, first close the browser tab in which your Canvas application was open. Then, use the following procedure to delete your SageMaker Canvas application.
1. Open the [SageMaker AI console](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Domains**.
1. On the **Domains** page, choose your domain.
1. On the **Domain details** page, choose **Resources**.
1. Under **Applications**, find the application that says **Canvas** in the **App type** column.
1. Select the checkbox next to the Canvas application and choose **Stop**.
You have now successfully stopped the application and terminated the workspace instance.
You can also terminate the workspace instance by [logging out](canvas-log-out.md) from within the SageMaker Canvas application.
# Relaunch an application
If you delete or log out of your SageMaker Canvas application and want to relaunch the application, use the following procedure.
1. Navigate to the [SageMaker AI console](https://console.aws.amazon.com/sagemaker/).
1. In the navigation pane, choose **Canvas**.
1. On the SageMaker Canvas landing page, in the **Get Started** box, select your user profile from the dropdown.
1. Choose **Open Canvas** to open the application.
SageMaker Canvas begins launching the application.
You can also use the following secondary procedure if you encounter any issues with the previous procedure.
1. Open the [SageMaker AI console](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. On the **Domains** page, choose your domain.
1. On the **Domain details** page, under **User profiles**, select the user profile name for the SageMaker Canvas application you want to view.
1. Choose **Launch** and select **Canvas** from the dropdown list.
SageMaker Canvas begins launching the application.
# Configure Amazon SageMaker Canvas in a VPC without internet access
The Amazon SageMaker Canvas application runs in a container in an AWS managed Amazon Virtual Private Cloud (VPC). If you want to further control access to your resources or run SageMaker Canvas without public internet access, you can configure your Amazon SageMaker AI domain and VPC settings. Within your own VPC, you can configure settings such as security groups (virtual firewalls that control inbound and outbound traffic from Amazon EC2 instances) and subnets (ranges of IP addresses in your VPC). To learn more about VPCs, see [How Amazon VPC works](https://docs.aws.amazon.com/vpc/latest/userguide/how-it-works.html).
When the SageMaker Canvas application is running in the AWS managed VPC, it can interact with other AWS services using either an internet connection or through VPC endpoints created in a customer-managed VPC (without public internet access). SageMaker Canvas applications can access these VPC endpoints through a Studio Classic-created network interface that provides connectivity to the customer-managed VPC. The default behavior of the SageMaker Canvas application is to have internet access. When using an internet connection, the containers for the preceding jobs access AWS resources over the internet, such as the Amazon S3 buckets where you store training data and model artifacts.
However, if you have security requirements to control access to your data and job containers, we recommend that you configure SageMaker Canvas and your VPC so that your data and containers aren’t accessible over the internet. SageMaker AI uses the VPC configuration settings you specify when setting up your domain for SageMaker Canvas.
If you want to configure your SageMaker Canvas application without internet access, you must configure your VPC settings when you onboard to [Amazon SageMaker AI domain](gs-studio-onboard.md), set up VPC endpoints, and grant the necessary AWS Identity and Access Management permissions. For information about configuring a VPC in Amazon SageMaker AI, see [Choose an Amazon VPC](onboard-vpc.md). The following sections describe how to run SageMaker Canvas in a VPC without public internet access.
## Configure Amazon SageMaker Canvas in a VPC without internet access
You can send traffic from SageMaker Canvas to other AWS services through your own VPC. If your own VPC doesn't have public internet access and you've set up your domain in **VPC only** mode, then SageMaker Canvas won't have public internet access as well. This includes all requests, such as accessing datasets in Amazon S3 or training jobs for standard builds, and the requests go through VPC endpoints in your VPC instead of the public internet. When you onboard to domain and [Choose an Amazon VPC](onboard-vpc.md), you can specify your own VPC as the default VPC for the domain, along with your desired security group and subnet settings. Then, SageMaker AI creates a network interface in your VPC that SageMaker Canvas uses to access VPC endpoints in your VPC.
Make sure that you set up one or more security groups in your VPC with inbound and outbound rules that allow [ TCP traffic within the security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-other-instances). This is required for connectivity between the Jupyter Server application and the Kernel Gateway applications. You must allow access to at least ports in the range `8192-65535`. Also, make sure to create a distinct security group for each user profile and add inbound access from that same security group. We do not recommend reusing a domain level security group for user profiles. If the domain level security group allows inbound access to itself, all applications in the domain have access to all other applications in the domain. Note that the security group and subnet settings are set after you finish onboarding to domain.
When onboarding to domain, if you choose **Public internet only** as the network access type, the VPC is SageMaker AI managed and allows internet access.
You can change this behavior by choosing **VPC only** so that SageMaker AI sends all traffic to a network interface that SageMaker AI creates in your specified VPC. When you choose this option, you must provide the subnets, security groups, and VPC endpoints that are necessary to communicate with the SageMaker API and SageMaker AI Runtime, and various AWS services, such as Amazon S3 and Amazon CloudWatch, that are used by SageMaker Canvas. Note that you can only import data from Amazon S3 buckets located in the same Region as your VPC.
The following procedures show how you can configure these settings to use SageMaker Canvas without the internet.
### Step 1: Onboard to Amazon SageMaker AI domain
To send SageMaker Canvas traffic to a network interface in your own VPC instead of over the internet, specify the VPC you want to use when onboarding to [Amazon SageMaker AI domain](gs-studio-onboard.md). You must also specify at least two subnets in your VPC that SageMaker AI can use. Choose **Standard setup** and do the following procedure when configuring the **Network and Storage Section** for the domain.
1. Select your desired **VPC**.
1. Choose two or more **Subnets**. If you don’t specify the subnets, SageMaker AI uses all of the subnets in the VPC.
1. Choose one or more **Security group(s)**.
1. Choose **VPC Only** to turn off direct internet access in the AWS managed VPC where SageMaker Canvas is hosted.
After disabling internet access, finish the onboarding process to set up your domain. For more information about the VPC settings for Amazon SageMaker AI domain, see [Choose an Amazon VPC](onboard-vpc.md).
### Step 2: Configure VPC endpoints and access
**Note**
In order to configure Canvas in your own VPC, you must enable private DNS hostnames for your VPC endpoints. For more information, see [Connect to SageMaker AI Through a VPC Interface Endpoint](https://docs.aws.amazon.com/sagemaker/latest/dg/interface-vpc-endpoint.html).
SageMaker Canvas only accesses other AWS services to manage and store data for its functionality. For example, it connects to Amazon Redshift if your users access an Amazon Redshift database. It can connect to an AWS service such as Amazon Redshift using an internet connection or a VPC endpoint. Use VPC endpoints if you want to set up connections from your VPC to AWS services that don't use the public internet.
A VPC endpoint creates a private connection to an AWS service that uses a networking path that is isolated from the public internet. For example, if you set up access to Amazon S3 using a VPC endpoint from your own VPC, then the SageMaker Canvas application can access Amazon S3 by going through the network interface in your VPC and then through the VPC endpoint that connects to Amazon S3. The communication between SageMaker Canvas and Amazon S3 is private.
For more information about configuring VPC endpoints for your VPC, see [AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html). If you are using Amazon Bedrock models in Canvas with a VPC, for more information about controlling access to your data, see [ Protect jobs using a VPC](https://docs.aws.amazon.com/bedrock/latest/userguide/usingVPC.html#configureVPC) in the *Amazon Bedrock User Guide*.
The following are the VPC endpoints for each service you can use with SageMaker Canvas:
| Service | Endpoint | Endpoint type |
| --- | --- | --- |
| AWS Application Auto Scaling | com.amazonaws.*Region*.application-autoscaling | Interface |
| Amazon Athena | com.amazonaws.*Region*.athena | Interface |
| Amazon SageMaker AI | com.amazonaws.*Region*.sagemaker.api com.amazonaws.*Region*.sagemaker.runtime com.amazonaws.*Region*.notebook | Interface |
| Amazon SageMaker AI Data Science Assistant | com.amazonaws.*Region*.sagemaker-data-science-assistant | Interface |
| AWS Security Token Service | com.amazonaws.*Region*.sts | Interface |
| Amazon Elastic Container Registry (Amazon ECR) | com.amazonaws.*Region*.ecr.api com.amazonaws.*Region*.ecr.dkr | Interface |
| Amazon Elastic Compute Cloud (Amazon EC2) | com.amazonaws.*Region*.ec2 | Interface |
| Amazon Simple Storage Service (Amazon S3) | com.amazonaws.*Region*.s3 | Gateway |
| Amazon Redshift | com.amazonaws.*Region*.redshift-data | Interface |
| AWS Secrets Manager | com.amazonaws.*Region*.secretsmanager | Interface |
| AWS Systems Manager | com.amazonaws.*Region*.ssm | Interface |
| Amazon CloudWatch | com.amazonaws.*Region*.monitoring | Interface |
| Amazon CloudWatch Logs | com.amazonaws.*Region*.logs | Interface |
| Amazon Forecast | com.amazonaws.*Region*.forecast com.amazonaws.*Region*.forecastquery | Interface |
| Amazon Textract | com.amazonaws.*Region*.textract | Interface |
| Amazon Comprehend | com.amazonaws.*Region*.comprehend | Interface |
| Amazon Rekognition | com.amazonaws.*Region*.rekognition | Interface |
| AWS Glue | com.amazonaws.*Region*.glue | Interface |
| AWS Application Auto Scaling | com.amazonaws.*Region*.application-autoscaling | Interface |
| Amazon Relational Database Service (Amazon RDS) | com.amazonaws.*Region*.rds | Interface |
| Amazon Bedrock (see note after table) | com.amazonaws.*Region*.bedrock-runtime | Interface |
| Amazon Kendra | com.amazonaws.*Region*.kendra | Interface |
| Amazon EMR Serverless | com.amazonaws.*Region*.emr-serverless | Interface |
| Amazon Q Developer (see note after table) | com.amazonaws.*Region*.q | Interface |
**Note**
The Amazon Q Developer VPC endpoint is currently available only in the US East (N. Virginia) region. To connect to it from other regions, you can choose one of the following options based on your security and infrastructure preferences:
**Set up a NAT Gateway.** Configure a NAT Gateway in your VPC's private subnet to enable internet connectivity for the Q Developer endpoint. For more information, see [Setting up a NAT Gateway in a VPC Private Subnet](https://repost.aws/knowledge-center/nat-gateway-vpc-private-subnet).
**Enable cross-region VPC endpoint access.** Set up cross-region VPC endpoint access for Q Developer. Use this option to connect securely without requiring internet access. For more information, see [Configuring Cross-Region VPC Endpoint Access](https://repost.aws/knowledge-center/vpc-endpoints-cross-region-aws-services).
**Note**
For Amazon Bedrock, the interface endpoint service name `com.amazonaws.Region.bedrock` has been deprecated. Create a new VPC endpoint with the service name listed in the preceding table.
Additionally, you can't fine-tune foundation models from Canvas VPCs with no internet access. This is because Amazon Bedrock doesn't support VPC endpoints for model customization APIs. To learn more about fine-tuning foundation models in Canvas, see [Fine-tune foundation models](canvas-fm-chat-fine-tune.md).
You must also add an endpoint policy for Amazon S3 to control AWS principal access to your VPC endpoint. For information about how to update your VPC endpoint policy, see [Control access to VPC endpoints using endpoint policies](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html).
The following are two VPC endpoint policies that you can use. Use the first policy if you only want to grant access to the basic functionality of Canvas, such as importing data and creating models. Use the second policy if you want to grant access to the additional [ genenerative AI features](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-fm-chat.html) in Canvas.
------
#### [ Basic VPC endpoint policy ]
The following policy grants the necessary access to your VPC endpoint for basic operations in Canvas.
```
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:CreateBucket",
"s3:GetBucketCors",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Resource": "*"
}
```
------
#### [ Generative AI VPC endpoint policy ]
The following policy grants the necessary access to your VPC endpoint for basic operations in Canvas, as well as using generative AI foundation models.
```
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:CreateBucket",
"s3:GetBucketCors",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*",
"arn:aws:s3:::*fmeval/datasets*",
"arn:aws:s3:::*jumpstart-cache-prod*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Resource": "*"
}
```
------
### Step 3: Grant IAM permissions
The SageMaker Canvas user must have the necessary AWS Identity and Access Management permissions to allow connection to the VPC endpoints. The IAM role to which you give permissions must be the same one you used when onboarding to Amazon SageMaker AI domain. You can attach the SageMaker AI managed `AmazonSageMakerFullAccess` policy to the IAM role for the user to give the user the required permissions. If you require more restrictive IAM permissions and use custom policies instead, then give the user’s role the `ec2:DescribeVpcEndpointServices` permission. SageMaker Canvas requires these permissions to verify the existence of the required VPC endpoints for standard build jobs. If it detects these VPC endpoints, then standard build jobs run by default in your VPC. Otherwise, they will run in the default AWS managed VPC.
For instructions on how to attach the `AmazonSageMakerFullAccess` IAM policy to your user’s IAM role, see [Adding and removing IAM identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html).
To grant your user’s IAM role the granular `ec2:DescribeVpcEndpointServices` permission, use the following procedure.
1. Sign in to the AWS Management Console and open the [IAM console](https://console.aws.amazon.com/iam/).
1. In the navigation pane, choose **Roles**.
1. In the list, choose the name of the role to which you want to grant permissions.
1. Choose the **Permissions** tab.
1. Choose **Add permissions** and then choose **Create inline policy**.
1. Choose the **JSON** tab and enter the following policy, which grants the `ec2:DescribeVpcEndpointServices` permission:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:DescribeVpcEndpointServices",
"Resource": "*"
}
]
}
```
------
1. Choose **Review policy**, and then enter a **Name** for the policy (for example, `VPCEndpointPermissions`).
1. Choose **Create policy**.
The user’s IAM role should now have permissions to access the VPC endpoints configured in your VPC.
### (Optional) Step 4: Override security group settings for specific users
If you are an administrator, you might want different users to have different VPC settings, or user-specific VPC settings. When you override the default VPC’s security group settings for a specific user, these settings are passed on to the SageMaker Canvas application for that user.
You can override the security groups that a specific user has access to in your VPC when you set up a new user profile in Studio Classic. You can use the [CreateUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html) SageMaker API call (or [create\$1user\$1profile](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sagemaker.html#SageMaker.Client.create_user_profile) with the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html)), and then in the `UserSettings`, you can specify the `SecurityGroups` for the user.
# Set up connections to data sources with OAuth
The following section describes the steps you must take to set up OAuth connections to data sources from SageMaker Canvas. [OAuth](https://oauth.net/2/) is a common authentication platform for granting access to resources without sharing passwords. With OAuth, you can quickly connect to your data from Canvas and import it for building models. Canvas currently supports OAuth for Snowflake and Salesforce Data Cloud.
**Note**
You can only establish one OAuth connection for each data source.
## Set up OAuth for Salesforce Data Cloud
To set up OAuth for Salesforce Data Cloud, follow these general steps:
1. Sign in to Salesforce Data Cloud.
1. In Salesforce Data Cloud, create a new app connection and do the following:
1. Enable OAuth settings.
1. When prompted for a callback URL (or the URL of the resource accessing your data), specify the URL for your Canvas application. The Canvas application URL follows this format: `https://.studio..sagemaker.aws/canvas/default`
1. Copy the consumer key and secret.
1. Copy your authorization URL and token URL.
For more detailed instructions about performing the preceding tasks in Salesforce Data Cloud, see [Import data from Salesforce Data Cloud](data-wrangler-import.md#data-wrangler-import-salesforce-data-cloud) in the Data Wrangler documentation for importing data from Salesforce Data Cloud.
After enabling access from Salesforce Data Cloud and getting your connection information, you must create an [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html) secret to store the information and add it to your Amazon SageMaker AI domain or user profile. Note that you can add a secret to both a domain and user profile, but Canvas looks for secrets in the user profile first.
To add a secret to your domain or user profile, do the following:
1. Go to the [Amazon SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. Choose **domains** in the navigation pane.
1. From the list of **domains**, choose your domain.
1. If adding your secret to your domain, do the following:
1. Choose the domain.
1. On the **domain settings** page, choose the **domain settings** tab.
1. Choose **Edit**.
1. If adding the secret to your user profile, do the following:
1. Choose the user’s domain.
1. On the **domain settings** page, choose the user profile.
1. On the **User Details** page, choose **Edit**.
1. In the navigation pane, choose **Canvas settings**.
1. For **OAuth settings**, choose **Add OAuth configuration**.
1. For **Data source**, select **Salesforce Data Cloud**.
1. For **Secret Setup**, select **Create a new secret**. Alternatively, if you already created an AWS Secrets Manager secret with your credentials, enter the ARN for the secret. If creating a new secret, do the following:
1. For **Identity Provider**, select **SALESFORCE**.
1. For **Client ID**, **Client Secret**, **Authorization URL**, and **Token URL**, enter all of the information you gathered from Salesforce Data Cloud in the previous procedure.
1. Save your domain or user profile settings.
You should now be able to create a connection to your data in Salesforce Data Cloud from Canvas.
## Set up OAuth for Snowflake
To set up authentication for Snowflake, Canvas supports identity providers that you can use instead of having users directly enter their credentials into Canvas.
The following are links to the Snowflake documentation for the identity providers that Canvas supports:
+ [Azure AD](https://docs.snowflake.com/en/user-guide/oauth-azure.html)
+ [Okta](https://docs.snowflake.com/en/user-guide/oauth-okta.html)
+ [Ping Federate](https://docs.snowflake.com/en/user-guide/oauth-pingfed.html)
The following process describes the general steps you must take. For more detailed instructions about performing these steps, you can refer to the [Setting up Snowflake OAuth Access](data-wrangler-import.md#data-wrangler-snowflake-oauth-setup) section in the Data Wrangler documentation for importing data from Snowflake.
To set up OAuth for Snowflake, do the following:
1. Register Canvas as an application with the identity provider. This requires specifying a redirect URL to Canvas, which should follow this format: `https://.studio..sagemaker.aws/canvas/default`
1. Within the identity provider, create a server or API that sends OAuth tokens to Canvas so that Canvas can access Snowflake. When setting up the server, use the authorization code and refresh token grant types, specify the access token lifetime, and set a refresh token policy. Additionally, within the External OAuth Security Integration for Snowflake, enable `external_oauth_any_role_mode`.
1. Get the following information from the identity provider: token URL, authorization URL, client ID, client secret. For Azure AD, also retrieve the OAuth scope credentials.
1. Store the information retrieved in the previous step in an AWS Secrets Manager secret.
1. For Okta and Ping Federate, the secret should look like the following format:
```
{"token_url":"https://identityprovider.com/oauth2/example-portion-of-URL-path/v2/token",
"client_id":"example-client-id", "client_secret":"example-client-secret", "identity_provider":"OKTA"|"PING_FEDERATE",
"authorization_url":"https://identityprovider.com/oauth2/example-portion-of-URL-path/v2/authorize"}
```
1. For Azure AD, the secret should also include the OAuth scope credentials as the `datasource_oauth_scope` field.
After configuring the identity provider and the secret, you must create an [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html) secret to store the information and add it to your Amazon SageMaker AI domain or user profile. Note that you can add a secret to both a domain and user profile, but Canvas looks for secrets in the user profile first.
To add a secret to your domain or user profile, do the following:
1. Go to the [Amazon SageMaker AI console](https://console.aws.amazon.com/sagemaker).
1. Choose **domains** in the navigation pane.
1. From the list of **domains**, choose your domain.
1. If adding your secret to your domain, do the following:
1. Choose the domain.
1. On the **domain settings** page, choose the **domain settings** tab.
1. Choose **Edit**.
1. If adding the secret to your user profile, do the following:
1. Choose the user’s domain.
1. On the **domain settings** page, choose the user profile.
1. On the **User Details** page, choose **Edit**.
1. In the navigation pane, choose **Canvas settings**.
1. For **OAuth settings**, choose **Add OAuth configuration**.
1. For **Data source**, select **Snowflake**.
1. For **Secret Setup**, select **Create a new secret**. Alternatively, if you already created an AWS Secrets Manager secret with your credentials, enter the ARN for the secret. If creating a new secret, do the following:
1. For **Identity Provider**, select **SNOWFLAKE**.
1. For **Client ID**, **Client Secret**, **Authorization URL**, and **Token URL**, enter all of the information you gathered from the identity provider in the previous procedure.
1. Save your domain or user profile settings.
You should now be able to create a connection to your data in Snowflake from Canvas.
# Generative AI assistance for solving ML problems in Canvas using Amazon Q Developer
While using Amazon SageMaker Canvas, you can chat with Amazon Q Developer in natural language to leverage generative AI and solve problems. Q Developer is an assistant that helps you translate your goals into machine learning (ML) tasks and describes each step of the ML workflow. Q Developer helps Canvas users reduce the amount of time, effort, and data science expertise required to leverage ML and make data-driven decisions for their organizations.
Through a conversation with Q Developer, you can initiate actions in Canvas such as preparing data, building an ML model, making predictions, and deploying a model. Q Developer makes suggestions for next steps and provides you with context as you complete each step. It also informs you of results; for example, Canvas can transform your dataset according to best practices, and Q Developer can list the transforms that were used and why.
Amazon Q Developer is available in SageMaker Canvas at no additional cost to both Amazon Q Developer Pro Tier and Free Tier users. However, standard charges apply for resources such as the SageMaker Canvas workspace instance and any resources used for building or deploying models. For more information about pricing, see [Amazon SageMaker Canvas pricing](https://aws.amazon.com/sagemaker-ai/canvas/pricing/).
Use of Amazon Q is licensed to you under [MIT's 0 License](https://github.com/aws/mit-0) and subject to the [AWS Responsible AI Policy](https://aws.amazon.com/machine-learning/responsible-ai/policy/). When you use Q Developer from outside the US, Q Developer processes data across US regions. For more information, see [Cross region inference in Amazon Q Developer](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/cross-region-inference.html).
**Note**
Amazon Q Developer in SageMaker Canvas doesn't use user content to improve the service, regardless of whether you use the Free-tier or Pro-tier subscription. For service telemetry purposes, Q Developer might track your usage, such as the number of questions asked and whether recommendations were accepted or rejected. This telemetry data doesn't include personally identifiable information such as IP address.
## How it works
Amazon Q Developer is a generative AI powered assistant available in SageMaker Canvas that you can query using natural language. Q Developer makes suggestions for each step of the machine learning workflow, explaining concepts and providing you with options and more details as needed. You can use Q Developer for help with regression, binary classification, and multi-class classification use cases.
For example, to predict customer churn, upload a dataset of historical customer churn information to Canvas through Q Developer. Q Developer suggests an appropriate ML model type and steps to fix dataset issues, build a model, and make predictions.
**Important**
Amazon Q Developer is intended for conversations about machine learning problems within SageMaker Canvas. It guides users through Canvas actions and optionally answers questions about AWS services. Q Developer processes model inputs only in English. For more information about how you can use Q Developer, see [ Amazon Q Developer features](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/features.html) in the *Amazon Q Developer User Guide*.
## Supported regions
Amazon Q Developer is available within SageMaker Canvas in the following AWS Regions:
+ US East (N. Virginia)
+ US East (Ohio)
+ US West (Oregon)
+ Asia Pacific (Mumbai)
+ Asia Pacific (Seoul)
+ Asia Pacific (Singapore)
+ Asia Pacific (Sydney)
+ Asia Pacific (Tokyo)
+ Europe (Frankfurt)
+ Europe (Ireland)
+ Europe (Paris)
## Amazon Q Developer capabilities available in Canvas
The following list summarizes the Canvas tasks with which Q Developer can provide assistance:
+ **Describe your objective** – Q Developer can suggest an ML model type and general approach to solve your problem.
+ **Import and analyze datasets** – Tell Q Developer where your dataset is stored or upload a file to save it as a Canvas dataset. Prompt Q Developer to identify any issues in your dataset, such as outliers or missing values. Q Developer provides summary statistics about your dataset and lists any identified issues.
Q Developer supports queries about the following statistics for individual columns:
+ Numeric columns – `number of valid values`, `feature type`, `mean`, `median`, `minimum`, `maximum`, `standard deviation`, `25th percentile`, `75th percentile`, `number of outliers`
+ Categorical columns – `number of missing values`, `number of valid values`, `feature type`, `most frequent`, `most frequent category`, `most frequent category count`, `least frequent`, `least frequent category`, `least frequent category count`, `categories`
+ **Fix dataset issues** – Prompt Q Developer to use Canvas's data transformation capabilities to create a revised version of your dataset. Canvas creates a Data Wrangler data flow and applies transforms according to data science best practices. For more information, see [Data preparation](canvas-data-prep.md).
If you want to do more advanced data analysis or data preparation tasks than you can accomplish with Q Developer, then we recommend that you go to the Data Wrangler data flow interface.
+ **Train a model** – Q Developer tells you the recommended ML model type for your problem and a proposed model building configuration. You can use the suggested default settings to do a quick build, or you can modify the configuration and do a standard build. When ready, prompt Q Developer to build your Canvas model.
All of the custom model types are supported. For more information about model types and quick versus standard builds, see [How custom models work](canvas-build-model.md).
+ **Evaluate model accuracy** – After building a model, Q Developer provides a summary of how the model scores across various metrics. These metrics help you determine the usefulness and accuracy of your model. Q Developer can explain any concept or metric in detail.
To view full details and visualizations, open the model from the chat or the **My Models** page of Canvas. For more information, see [Model evaluation](canvas-evaluate-model.md).
+ **Get predictions for new data** – You can upload a new dataset and prompt Q Developer to help you open the prediction feature of Canvas.
Q Developer opens a new window in the application where you can either make a single prediction or make batch predictions with a new dataset. For more information, see [Predictions with custom models](canvas-make-predictions.md).
+ **Deploy a model** – To deploy your model for production, ask Q Developer to help you deploy your model through Canvas. Q Developer opens a new window in which you can configure your deployment.
After deploying, view your deployment details either 1) on the **My Models** page of Canvas in the model's **Deploy** tab, or 2) on the **ML Ops** page in the **Deployments** tab. For more information, see [Deploy your models to an endpoint](canvas-deploy-model.md).
## Prerequisites
To use Amazon Q Developer to build ML models in SageMaker Canvas, complete the following prerequisites:
**Set up a Canvas application**
Make sure that you have a Canvas application set up. For information about how to set up a Canvas application, see [Getting started with using Amazon SageMaker Canvas](canvas-getting-started.md).
**Grant Q Developer permissions**
To access Q Developer while using Canvas, you must attach the necessary permissions to the AWS IAM role used for your SageMaker AI domain or user profile. You can do this through the console described in this section. If you encounter any permissions issues due to using the console method, then manually attach the AWS managed policy [ AmazonSageMakerCanvasSMDataScienceAssistantAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasSMDataScienceAssistantAccess) to the IAM role.
Permissions attached at the domain level apply to all user profiles in the domain, unless individual permissions are granted or revoked at the user profile level.
------
#### [ SageMaker AI console method ]
You can grant permissions by editing the SageMaker AI domain or user profile settings.
To grant permissions through the domain settings in the SageMaker AI console, do the following:
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Domains**.
1. From the list of domains, select your domain.
1. On the **Domain details** page, select the **App configurations** tab.
1. In the **Canvas** section, choose **Edit**.
1. On the **Edit Canvas settings** page, go to the **Amazon Q Developer** section and do the following:
1. Turn on **Enable Amazon Q Developer in SageMaker Canvas for natural language ML** to add the permissions to chat with Q Developer in Canvas to your domain's execution role.
1. (Optional) Turn on **Enable Amazon Q Developer chat for general AWS questions** if you want to ask Q Developer questions about various AWS services (for example: Describe how Athena works).
**Note**
When making general AWS queries to Q Developer, your requests route through the US East (N. Virginia) AWS Region. To prevent your data from routing through US East (N. Virginia), turn off the **Enable Amazon Q Developer chat for general AWS questions** toggle.
------
#### [ Manual method ]
Attach the [ AmazonSageMakerCanvasSMDataScienceAssistantAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasSMDataScienceAssistantAccess) policy to the AWS IAM role used for your domain or user profile. For more information about how to do this, see [ Adding and removing IAM identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) in the *AWS IAM User Guide*.
------
**(Optional) Configure access to Q Developer from your VPC**
If you have a VPC that is configured without public internet access, you can add a VPC endpoint for Q Developer. For more information, see [Configure Amazon SageMaker Canvas in a VPC without internet access](canvas-vpc.md).
## Getting started
To use Amazon Q Developer to build ML models in SageMaker Canvas, do the following:
1. Open your SageMaker Canvas application.
1. In the left navigation pane, choose **Amazon Q**.
1. Choose **Start a new conversation** to open a new chat.
When you start a new chat, Q Developer prompts you to state your problem or provide a dataset.
![\[The greeting that Q Developer gives you upon starting a new chat.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/amazon-q-greeting.png)
After importing your data, you can ask Q Developer to provide you with summary statistics about your dataset, or you can ask questions about specific columns. For a list of the different statistics that Q Developer supports, see the preceding section [Amazon Q Developer capabilities available in Canvas](#canvas-q-capabilities). The following screenshot shows an example of asking for dataset statistics and the most frequent category in a product category column.
![\[Chat dialog asking Q Developer to provide dataset statistics and the most frequent category statistic.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/amazon-q-dataset-statistics.png)
Q Developer tracks any Canvas artifacts you import or create during the conversation, such as transformed datasets and models. You can access them from the chat or other Canvas application tabs. For example, if Q Developer fixes issues in your dataset, you can access the new, transformed dataset from the following places:
+ The artifacts sidebar in the Q Developer chat interface
+ The **Datasets** page of Canvas, where you can view both your original and transformed datasets. The transformed dataset has the **Built by Amazon Q** label added to it.
+ The **Data Wrangler** page of Canvas, where Q Developer creates a new data flow for your dataset
The following screenshot shows the original dataset and the transformed dataset in the sidebar of a chat.
![\[The artifacts, which are a dataset and a transformed dataset, shown in the sidebar of a Q Developer chat.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/amazon-q-artifacts.png)
When your data is ready, ask Q Developer to help build a Canvas model. Q Developer might prompt you to confirm a few fields and review the build configuration. If you use the default build configuration, then your model is built using a quick build. If you want to customize any part of your build configuration, such as selecting the algorithms used or changing the objective metric, then your model is built with a standard build.
The following screenshot shows how you can prompt Q Developer to initiate a Canvas model build with only a few prompts. This example uses the default configuration to start a quick build.
![\[A conversation with Q Developer where the user prompted to start a Canvas model build.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/amazon-q-training-chat.png)
After building your model, you can perform additional actions using either natural language in the chat or the artifacts sidebar menu. For example, you can view model details and metrics, make predictions, or deploy the model. The following screenshot shows the sidebar where you can choose these additional options.
![\[A Q Developer conversation ellipsis menu expanded, showing options for viewing models details, predictions, and deployment.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/amazon-q-ellipsis-menu.png)
You can also perform any of these actions by going to the **My Models** page of Canvas and selecting your model. From your model's page, you can navigate to the **Analyze**, **Predict**, and **Deploy** tabs to view model metrics and visualizations, make predictions, and manage deployments, respectively.
# Logging Q Developer conversations with AWS CloudTrail
AWS CloudTrail is a service that records actions taken by users, roles, or AWS services in Amazon SageMaker AI. CloudTrail captures API calls resulting from your interactions with Amazon Q Developer (a conversational AI assistant) while using SageMaker Canvas (a no-code ML interface). CloudTrail data shows request details, the IP address of the requester, who made the request, and when.
Your interactions with Q Developer are sent as `SendConversation` API calls to the SageMaker AI Data Science Assistant service, which is an internal service that Canvas leverages on the backend. The event source for `SendConversation` API calls is `sagemaker-data-science-assistant.amazonaws.com`.
**Note**
For privacy and security reasons, the content of your conversations is hidden in the logs, appearing as `HIDDEN_DUE_TO_SECURITY_REASONS` in the request and response elements.
To learn more about CloudTrail, see the [https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html). To learn more about CloudTrail in SageMaker AI, see [Logging Amazon SageMaker AI API calls using AWS CloudTrail](logging-using-cloudtrail.md).
The following is an example log file entry for the `SendConversation` API:
```
{
"eventVersion":"1.10",
"userIdentity": {
"type":"AssumedRole",
"principalId":"AROA123456789EXAMPLE:user-Isengard",
"arn":"arn:aws:sts::111122223333:assumed-role/Admin/user",
"accountId":"111122223333",
"accessKeyId":"ASIAIOSFODNN7EXAMPLE",
"sessionContext": {
"sessionIssuer": {
"type":"Role",
"principalId":"AROA123456789EXAMPLE",
"arn":"arn:aws:iam::111122223333:role/Admin",
"accountId":"111122223333",
"userName":"Admin"
},
"attributes": {
"creationDate":"2024-11-11T22:04:37Z",
"mfaAuthenticated":"false"
}
}
},
"eventTime":"2024-11-11T22:09:22Z",
"eventSource":"sagemaker-data-science-assistant.amazonaws.com",
"eventName":"SendConversation",
"awsRegion":"us-west-2",
"sourceIPAddress":"192.0.2.0",
"userAgent":"Boto3/1.33.13 md/Botocore#1.33.13 ua/2.0 os/linux#5.10.227-198.884.amzn2int.x86_64 md/arch#x86_64 lang/python#3.7.16 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.33.13",
"requestParameters": {
"conversation": [
{
"utteranceId":"a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"utterance":"HIDDEN_DUE_TO_SECURITY_REASONS",
"timestamp":"Feb 4, 2020, 7:46:29 AM",
"utteranceType":"User"
}
],
"utteranceId":"a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"responseElements": {
"responseCode":"CHAT_RESPONSE",
"conversationId":"1234567890abcdef0",
"response": {
"chat": {
"body":"HIDDEN_DUE_TO_SECURITY_REASONS"
}
}
},
"requestID":"a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"eventID":"a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"readOnly":false,
"eventType":"AwsApiCall",
"managementEvent":true,
"recipientAccountId":"123456789012",
"eventCategory":"Management",
"tlsDetails": {
"tlsVersion":"TLSv1.2",
"cipherSuite":"ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader":"gamma.us-west-2.data-science-assistant.sagemaker.aws.dev"
}
}
```
# Data import
Amazon SageMaker Canvas supports importing tabular, image, and document data. You can import datasets from your local machine, Amazon services such as Amazon S3 and Amazon Redshift, and external data sources. When importing datasets from Amazon S3, you can bring a dataset of any size. Use the datasets that you import to build models and make predictions for other datasets.
Each use case for which you can build a custom model accepts different types of input. For example, if you want to build a single-label image classification model, then you should import image data. For more information about the different model types and the data they accept, see [How custom models work](canvas-build-model.md). You can import data and build custom models in SageMaker Canvas for the following data types:
+ **Tabular** (CSV, Parquet, or tables)
+ Categorical – Use categorical data to build custom categorical prediction models for 2 and 3\$1 category prediction.
+ Numeric – Use numeric data to build custom numeric prediction models.
+ Text – Use text data to build custom multi-category text prediction models.
+ Timeseries – Use timeseries data to build custom time series forecasting models.
+ **Image** (JPG or PNG) – Use image data to build custom single-label image prediction models.
+ **Document** (PDF, JPG, PNG, TIFF) – Document data is only supported for SageMaker Canvas Ready-to-use models. To learn more about Ready-to-use models that can make predictions for document data, see [Ready-to-use models](canvas-ready-to-use-models.md).
You can import data into Canvas from the following data sources:
+ Local files on your computer
+ Amazon S3 buckets
+ Amazon Redshift provisioned clusters (not Amazon Redshift Serverless)
+ AWS Glue Data Catalog through Amazon Athena
+ Amazon Aurora
+ Amazon Relational Database Service (Amazon RDS)
+ Salesforce Data Cloud
+ Snowflake
+ Databricks, SQLServer, MariaDB, and other popular databases through JDBC connectors
+ Over 40 external SaaS platforms, such as SAP OData
For a full list of data sources from which you can import, see the following table:
| Source | Type | Supported data types |
| --- | --- | --- |
| Local file upload | Local | Tabular, Image, Document |
| Amazon Aurora | Amazon internal | Tabular |
| Amazon S3 bucket | Amazon internal | Tabular, Image, Document |
| Amazon RDS | Amazon internal | Tabular |
| Amazon Redshift provisioned clusters (not Redshift Serverless) | Amazon internal | Tabular |
| AWS Glue Data Catalog (through Amazon Athena) | Amazon internal | Tabular |
| [Databricks](https://www.databricks.com/) | External | Tabular |
| Snowflake | External | Tabular |
| [Salesforce Data Cloud](https://www.salesforce.com/products/genie/overview/) | External | Tabular |
| SQLServer | External | Tabular |
| MySQL | External | Tabular |
| PostgreSQL | External | Tabular |
| MariaDB | External | Tabular |
| [Amplitude](https://docs.aws.amazon.com/appflow/latest/userguide/amplitude.html) | External SaaS platform | Tabular |
| [CircleCI](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-circleci.html) | External SaaS platform | Tabular |
| [DocuSign Monitor](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-docusign-monitor.html) | External SaaS platform | Tabular |
| [Domo](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-domo.html) | External SaaS platform | Tabular |
| [Datadog](https://docs.aws.amazon.com/appflow/latest/userguide/datadog.html) | External SaaS platform | Tabular |
| [Dynatrace](https://docs.aws.amazon.com/appflow/latest/userguide/dynatrace.html) | External SaaS platform | Tabular |
| [Facebook Ads](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-facebook-ads.html) | External SaaS platform | Tabular |
| [Facebook Page Insights](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-facebook-page-insights.html) | External SaaS platform | Tabular |
| [Google Ads](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-google-ads.html) | External SaaS platform | Tabular |
| [Google Analytics 4](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-google-analytics-4.html) | External SaaS platform | Tabular |
| [Google Search Console](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-google-search-console.html) | External SaaS platform | Tabular |
| [GitHub](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-github.html) | External SaaS platform | Tabular |
| [GitLab](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-gitlab.html) | External SaaS platform | Tabular |
| [Infor Nexus](https://docs.aws.amazon.com/appflow/latest/userguide/infor-nexus.html) | External SaaS platform | Tabular |
| [Instagram Ads](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-instagram-ads.html) | External SaaS platform | Tabular |
| [Jira Cloud](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-jira-cloud.html) | External SaaS platform | Tabular |
| [LinkedIn Ads](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-linkedin-ads.html) | External SaaS platform | Tabular |
| [LinkedIn Ads](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-linkedin-ads.html) | External SaaS platform | Tabular |
| [Mailchimp](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-mailchimp.html) | External SaaS platform | Tabular |
| [Marketo](https://docs.aws.amazon.com/appflow/latest/userguide/marketo.html) | External SaaS platform | Tabular |
| [Microsoft Teams](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-microsoft-teams.html) | External SaaS platform | Tabular |
| [Mixpanel](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-mixpanel.html) | External SaaS platform | Tabular |
| [Okta](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-okta.html) | External SaaS platform | Tabular |
| [Salesforce](https://docs.aws.amazon.com/appflow/latest/userguide/salesforce.html) | External SaaS platform | Tabular |
| [Salesforce Marketing Cloud](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-salesforce-marketing-cloud.html) | External SaaS platform | Tabular |
| [Salesforce Pardot](https://docs.aws.amazon.com/appflow/latest/userguide/pardot.html) | External SaaS platform | Tabular |
| [SAP OData](https://docs.aws.amazon.com/appflow/latest/userguide/sapodata.html) | External SaaS platform | Tabular |
| [SendGrid](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-sendgrid.html) | External SaaS platform | Tabular |
| [ServiceNow](https://docs.aws.amazon.com/appflow/latest/userguide/servicenow.html) | External SaaS platform | Tabular |
| [Singular](https://docs.aws.amazon.com/appflow/latest/userguide/singular.html) | External SaaS platform | Tabular |
| [Slack](https://docs.aws.amazon.com/appflow/latest/userguide/slack.html) | External SaaS platform | Tabular |
| [Stripe](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-stripe.html) | External SaaS platform | Tabular |
| [Trend Micro](https://docs.aws.amazon.com/appflow/latest/userguide/trend-micro.html) | External SaaS platform | Tabular |
| [Typeform](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-typeform.html) | External SaaS platform | Tabular |
| [Veeva](https://docs.aws.amazon.com/appflow/latest/userguide/veeva.html) | External SaaS platform | Tabular |
| [Zendesk](https://docs.aws.amazon.com/appflow/latest/userguide/zendesk.html) | External SaaS platform | Tabular |
| [Zendesk Chat](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-zendesk-chat.html) | External SaaS platform | Tabular |
| [Zendesk Sell](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-zendesk-sell.html) | External SaaS platform | Tabular |
| [Zendesk Sunshine](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-zendesk-sunshine.html) | External SaaS platform | Tabular |
| [Zoom Meetings](https://docs.aws.amazon.com/appflow/latest/userguide/connectors-zoom.html) | External SaaS platform | Tabular |
For instructions on how to import data and information regarding input data requirements, such as the maximum file size for images, see [Create a dataset](canvas-import-dataset.md).
Canvas also provides several sample datasets in your application to help you get started. To learn more about the SageMaker AI-provided sample datasets you can experiment with, see [Use sample datasets](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-sample-datasets.html).
After you import a dataset into Canvas, you can update the dataset at any time. You can do a manual update or you can set up a schedule for automatic dataset updates. For more information, see [Update a dataset](canvas-update-dataset.md).
For more information specific to each dataset type, see the following sections:
**Tabular**
To import data from an external data source (such as a Snowflake database or a SaaS platform), you must authenticate and connect to the data source in the Canvas application. For more information, see [Connect to data sources](canvas-connecting-external.md).
If you want to import datasets larger than 5 GB from Amazon S3 into Canvas, you can achieve faster sampling by using Amazon Athena to query and sample the data from Amazon S3.
After creating datasets in Canvas, you can prepare and transform your data using the data preparation functionality of Data Wrangler. You can use Data Wrangler to handle missing values, transform your features, join multiple datasets into a single dataset, and more. For more information, see [Data preparation](canvas-data-prep.md).
**Tip**
As long as your data is arranged into tables, you can join datasets from various sources, such as Amazon Redshift, Amazon Athena, or Snowflake.
**Image**
For information about how to edit an image dataset and perform tasks such as assigning or reassigning labels, adding images, or deleting images, see [Edit an image dataset](canvas-edit-image.md).
# Create a dataset
**Note**
If you're importing datasets larger than 5 GB into Amazon SageMaker Canvas, we recommend that you use the [Data Wrangler feature](canvas-data-prep.md) in Canvas to create a data flow. Data Wrangler supports advanced data preparation features such as [joining](canvas-transform.md#canvas-transform-join) and [concatenating](canvas-transform.md#canvas-transform-concatenate) data. After you create a data flow, you can export your data flow as a Canvas dataset and begin building a model. For more information, see [Export to create a model](canvas-processing-export-model.md).
The following sections describe how to create a dataset in Amazon SageMaker Canvas. For custom models, you can create datasets for tabular and image data. For Ready-to-use models, you can use tabular and image datasets as well as document datasets. Choose your workflow based on the following information:
+ For categorical, numeric, text, and timeseries data, see [Import tabular data](#canvas-import-dataset-tabular).
+ For image data, see [Import image data](#canvas-import-dataset-image).
+ For document data, see [Import document data](#canvas-ready-to-use-import-document).
A dataset can consist of multiple files. For example, you might have multiple files of inventory data in CSV format. You can upload these files together as a dataset as long as the schema (or column names and data types) of the files match.
Canvas also supports managing multiple versions of your dataset. When you create a dataset, the first version is labeled as `V1`. You can create a new version of your dataset by updating your dataset. You can do a manual update, or you can set up an automated schedule for updating your dataset with new data. For more information, see [Update a dataset](canvas-update-dataset.md).
When you import your data into Canvas, make sure that it meets the requirements in the following table. The limitations are specific to the type of model you’re building.
| Limit | 2 category, 3\$1 category, numeric, and time series models | Text prediction models | Image prediction models | \$1Document data for Ready-to-use models |
| --- | --- | --- | --- | --- |
| Supported file types | CSV and Parquet (local upload, Amazon S3, or databases) JSON (databases) | CSV and Parquet (local upload, Amazon S3, or databases) JSON (databases) | JPG, PNG | PDF, JPG, PNG, TIFF |
| Maximum file size | Local upload: 5 GB Data sources: PBs | Local upload: 5 GB Data sources: PBs | 30 MB per image | 5 MB per document |
| Maximum number of files you can upload at a time | 30 | 30 | N/A | N/A |
| Maximum number of columns | 1,000 | 1,000 | N/A | N/A |
| Maximum number of entries (rows, images, or documents) for **Quick builds** | N/A | 7500 rows | 5000 images | N/A |
| Maximum number of entries (rows, images, or documents) for **Standard builds** | N/A | 150,000 rows | 180,000 images | N/A |
| Minimum number of entries (rows) for **Quick builds** | 2 category: 500 rows 3\$1 category, numeric, time series: N/A | N/A | N/A | N/A |
| Minimum number of entries (rows, images, or documents) for **Standard builds** | 250 rows | 50 rows | 50 images | N/A |
| Minimum number of entries (rows or images) per label | N/A | 25 rows | 25 rows | N/A |
| Minimum number of labels | 2 category: 2 3\$1 category: 3 Numeric, time series: N/A | 2 | 2 | N/A |
| Minimum sample size for random sampling | 500 | N/A | N/A | N/A |
| Maximum sample size for random sampling | 200,000 | N/A | N/A | N/A |
| Maximum number of labels | 2 category: 2 3\$1 category, numeric, time series: N/A | 1000 | 1000 | N/A |
\$1Document data is currently only supported for [Ready-to-use models](canvas-ready-to-use-models.md) that accept document data. You can't build a custom model with document data.
Also note the following restrictions:
+ When importing data from an Amazon S3 bucket, make sure that your Amazon S3 bucket name doesn't contain a `.`. If your bucket name contains a `.`, you might experience errors when trying to import data into Canvas.
+ For tabular data, Canvas disallows selecting any file with extensions other than .csv, .parquet, .parq, and .pqt for both local upload and Amazon S3 import. CSV files can use any common or custom delimiter, and they must not have newline characters except when denoting a new row.
+ For tabular data using Parquet files, note the following:
+ Parquet files can't include complex types like maps and lists.
+ The column names of Parquet files can't contain spaces.
+ If using compression, Parquet files must use either gzip or snappy compression types. For more information about the preceding compression types, see the [gzip documentation](https://www.gzip.org/) and the [snappy documentation](https://github.com/google/snappy).
+ For image data, if you have any unlabeled images, you must label them before building your model. For information about how to assign labels to images within the Canvas application, see [Edit an image dataset](canvas-edit-image.md).
+ If you set up automatic dataset updates or automatic batch prediction configurations, you can only create a total of 20 configurations in your Canvas application. For more information, see [How to manage automations](canvas-manage-automations.md).
After you import a dataset, you can view your datasets on the **Datasets** page at any time.
## Import tabular data
With tabular datasets, you can build categorical, numeric, time series forecasting, and text prediction models. Review the limitations table in the preceding **Import a dataset** section to ensure that your data meets the requirements for tabular data.
Use the following procedure to import a tabular dataset into Canvas:
1. Open your SageMaker Canvas application.
1. In the left navigation pane, choose **Datasets**.
1. Choose **Import data**.
1. From the dropdown menu, choose **Tabular**.
1. In the popup dialog box, in the **Dataset name** field, enter a name for the dataset and choose **Create**.
1. On the **Create tabular dataset** page, open the **Data Source** dropdown menu.
1. Choose your data source:
+ To upload files from your computer, choose **Local upload**.
+ To import data from another source, such as an Amazon S3 bucket or a Snowflake database, search for your data source in the **Search data source bar**. Then, choose the tile for your desired data source.
**Note**
You can only import data from the tiles that have an active connection. If you want to connect to a data source that is unavailable to you, contact your administrator. If you’re an administrator, see [Connect to data sources](canvas-connecting-external.md).
The following screenshot shows the **Data Source** dropdown menu.
![\[Screenshot showing the Data Source dropdown menu and a search for a data source in the search bar.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/import-data-choose-source.png)
1. (Optional) If you’re connecting to an Amazon Redshift or Snowflake database for the first time, a dialog box appears to create a connection. Fill out the dialog box with your credentials and choose **Create connection**. If you already have a connection, choose your connection.
1. From your data source, select your files to import. For local upload and importing from Amazon S3, you can select files. For Amazon S3 only, you also have the option to directly enter the S3 URI, alias, or ARN of your bucket or S3 access point in the **Input S3 endpoint** field, and then choose files to import. For database sources, you can drag-and-drop data tables from the left navigation pane.
1. (Optional) For tabular data sources that support SQL querying (such as Amazon Redshift, Amazon Athena, or Snowflake), you can choose **Edit in SQL** to make SQL queries before importing them.
The following screenshot shows the **Edit SQL** view for an Amazon Athena data source.
![\[Screenshot showing a SQL query in the Edit SQL view for Amazon Athena data.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/import-data-edit-sql.png)
1. Choose **Preview dataset** to preview your data before importing it.
1. In the **Import settings**, enter a **Dataset name** or use the default dataset name.
1. (Optional) For data that you import from Amazon S3, you are shown the **Advanced** settings and can fill out the following fields:
1. Toggle the **Use first row as header** option on if you want to use the first row of your dataset as the column names. If you selected multiple files, this applies to each file.
1. If you're importing a CSV file, for the **File encoding (CSV)** dropdown, select your dataset file’s encoding. `UTF-8` is the default.
1. For the **Delimiter** dropdown, select the delimiter that separates each cell in your data. The default delimiter is `,`. You can also specify a custom delimiter.
1. Select **Multi-line detection** if you’d like Canvas to manually parse your entire dataset for multi-line cells. By default, this option is not selected and Canvas determines whether or not to use multi-line support by taking a sample of your data. However, Canvas might not detect any multi-line cells in the sample. If you have multi-line cells, we recommend that you select the **Multi-line detection** option to force Canvas to check your entire dataset for multi-line cells.
1. When you’re ready to import your data, choose **Create dataset**.
While your dataset is importing into Canvas, you can see your datasets listed on the **Datasets** page. From this page, you can [View your dataset details](#canvas-view-dataset-details).
When the **Status** of your dataset shows as `Ready`, Canvas successfully imported your data and you can proceed with [building a model](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-build-model.html).
If you have a connection to a data source, such as an Amazon Redshift database or a SaaS connector, you can return to that connection. For Amazon Redshift and Snowflake, you can add another connection by creating another dataset, returning to the **Import data** page, and choosing the **Data Source** tile for that connection. From the dropdown menu, you can open the previous connection or choose **Add connection**.
**Note**
For SaaS platforms, you can only have one connection per data source.
## Import image data
With image datasets, you can build single-label image prediction custom models, which predict a label for an image. Review the limitations in the preceding **Import a dataset** section to ensure that your image dataset meets the requirements for image data.
**Note**
You can only import image datasets from local file upload or an Amazon S3 bucket. Also, for image datasets, you must have at least 25 images per label.
Use the following procedure to import an image dataset into Canvas:
1. Open your SageMaker Canvas application.
1. In the left navigation pane, choose **Datasets**.
1. Choose **Import data**.
1. From the dropdown menu, choose **Image**.
1. In the popup dialog box, in the **Dataset name** field, enter a name for the dataset and choose **Create**.
1. On the **Import** page, open the **Data Source** dropdown menu.
1. Choose your data source. To upload files from your computer, choose **Local upload**. To import files from Amazon S3, choose **Amazon S3**.
1. From your computer or Amazon S3 bucket, select the images or folders of images that you want to upload.
1. When you’re ready to import your data, choose **Import data**.
While your dataset is importing into Canvas, you can see your datasets listed on the **Datasets** page. From this page, you can [View your dataset details](#canvas-view-dataset-details).
When the **Status** of your dataset shows as `Ready`, Canvas successfully imported your data and you can proceed with [building a model](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-build-model.html).
When you are building your model, you can edit your image dataset, and you can assign or re-assign labels, add images, or delete images from your dataset. For more information about how to edit your image dataset, see [Edit an image dataset](canvas-edit-image.md).
## Import document data
The Ready-to-use models for expense analysis, identity document analysis, document analysis, and document queries support document data. You can’t build a custom model with document data.
With document datasets, you can generate predictions for expense analysis, identity document analysis, document analysis, and document queries Ready-to-use models. Review the limitations table in the [Create a dataset](#canvas-import-dataset) section to ensure that your document dataset meets the requirements for document data.
**Note**
You can only import document datasets from local file upload or an Amazon S3 bucket.
Use the following procedure to import a document dataset into Canvas:
1. Open your SageMaker Canvas application.
1. In the left navigation pane, choose **Datasets**.
1. Choose **Import data**.
1. From the dropdown menu, choose **Document**.
1. In the popup dialog box, in the **Dataset name** field, enter a name for the dataset and choose **Create**.
1. On the **Import** page, open the **Data Source** dropdown menu.
1. Choose your data source. To upload files from your computer, choose **Local upload**. To import files from Amazon S3, choose **Amazon S3**.
1. From your computer or Amazon S3 bucket, select the document files that you want to upload.
1. When you’re ready to import your data, choose **Import data**.
While your dataset is importing into Canvas, you can see your datasets listed on the **Datasets** page. From this page, you can [View your dataset details](#canvas-view-dataset-details).
When the **Status** of your dataset shows as `Ready`, Canvas has successfully imported your data.
On the **Datasets** page, you can choose your dataset to preview it, which shows you up to the first 100 documents of your dataset.
## View your dataset details
For each of your datasets, you can view all of the files in a dataset, the dataset’s version history, and any auto update configurations for the dataset. From the **Datasets** page, you can also initiate actions such as [Update a dataset](canvas-update-dataset.md) or [How custom models work](canvas-build-model.md).
To view the details for a dataset, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **Datasets**.
1. From the list of datasets, choose your dataset.
On the **Data** tab, you can see a preview of your data. If you choose **Dataset details**, you can see all of the files that are part of your dataset. Choose a file to see only the data from that file in the preview. For image datasets, the preview only shows you the first 100 images of your dataset.
On the **Version history** tab, you can see a list of all of the versions of your dataset. A new version is made whenever you update a dataset. To learn more about updating a dataset, see [Update a dataset](canvas-update-dataset.md). The following screenshot shows the **Version history** tab in the Canvas application.
![\[Screenshot of the Version history tab for a dataset, with a list of dataset versions.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-version-history.png)
On the **Auto updates** tab, you can enable auto updates for the dataset and set up a configuration to update your dataset on a regular schedule. To learn more about setting up auto updates for a dataset, see [Configure automatic updates for a dataset](canvas-update-dataset-auto.md). The following screenshot shows the **Auto updates** tab with auto updates turned on and a list of auto update jobs that have been performed on the dataset.
![\[The Auto updates tab for dataset showing the auto updates turned on and a list of auto update jobs.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-auto-updates.png)
# Update a dataset
After importing your initial dataset into Amazon SageMaker Canvas, you might have additional data that you want to add to your dataset. For example, you might get inventory data at the end of every week that you want to add to your dataset. Instead of importing your data multiple times, you can update your existing dataset and add or remove files from it.
**Note**
You can only update datasets that you have imported through local upload or Amazon S3.
You can update your dataset either manually or automatically. For more information about automatic dataset updates, see [Configure automatic updates for a dataset](canvas-update-dataset-auto.md).
Every time you update your dataset, Canvas creates a new version of your dataset. You can only use the latest version of your dataset to build a model or generate predictions. For more information about viewing the version history of your dataset, see [View your dataset details](canvas-import-dataset.md#canvas-view-dataset-details).
You can also use dataset updates with automated batch predictions, which starts a batch prediction job whenever you update your dataset. For more information, see [Batch predictions in SageMaker Canvas](canvas-make-predictions-batch.md).
The following section describes how to do manual updates to your dataset.
## Manually update a dataset
To do a manual update, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **Datasets**.
1. From the list of datasets, choose the dataset you want to update.
1. Choose the **Update dataset** dropdown menu and choose **Manual update**. You are taken to the import data workflow.
1. From the **Data source** dropdown menu, choose either **Local upload** or **Amazon S3**.
1. The page shows you a preview of your data. From here, you can add or remove files from the dataset. If you’re importing tabular data, the schema of the new files (column names and data types) must match the schema of the existing files. Additionally, your new files must not exceed the maximum dataset size or file size. For more information about these limitations, see [ Import a dataset](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-import-dataset.html).
**Note**
If you add a file with the same name as an existing file in your dataset, the new file overwrites the old version of the file.
1. When you’re ready to save your changes, choose **Update dataset**.
You should now have a new version of your dataset.
On the **Datasets** page, you can choose the **Version history** tab to see all of the versions of your dataset and the history of both manual and automatic updates you’ve made.
# Configure automatic updates for a dataset
After importing your initial dataset into Amazon SageMaker Canvas, you might have additional data that you want to add to your dataset. For example, you might get inventory data at the end of every week that you want to add to your dataset. Instead of importing your data multiple times, you can update your existing dataset and add or remove files from it.
**Note**
You can only update datasets that you have imported through local upload or Amazon S3.
With automatic dataset updates, you specify a location where Canvas checks for files at a frequency you specify. If you import new files during the update, the schema of the files must match the existing dataset exactly.
Every time you update your dataset, Canvas creates a new version of your dataset. You can only use the latest version of your dataset to build a model or generate predictions. For more information about viewing the version history of your dataset, see [View your dataset details](canvas-import-dataset.md#canvas-view-dataset-details).
You can also use dataset updates with automated batch predictions, which starts a batch prediction job whenever you update your dataset. For more information, see [Batch predictions in SageMaker Canvas](canvas-make-predictions-batch.md).
The following section describes how to do automatic updates to your dataset.
An automatic update is when you set up a configuration for Canvas to update your dataset at a given frequency. We recommend that you use this option if you regularly receive new files of data that you want to add to your dataset.
When you set up the auto update configuration, you specify an Amazon S3 location where you upload your files and a frequency at which Canvas checks the location and imports files. Each instance of Canvas updating your dataset is referred to as a *job*. For each job, Canvas imports all of the files in the Amazon S3 location. If you have new files with the same names as existing files in your dataset, Canvas overwrites the old files with the new files.
For automatic dataset updates, Canvas doesn’t perform schema validation. If the schema of files imported during an automatic update don’t match the schema of the existing files or exceed the size limitations (see [Import a dataset](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-import-dataset.html) for a table of file size limitations), then you get errors when your jobs run.
**Note**
You can only set up a maximum of 20 automatic configurations in your Canvas application. Additionally, Canvas only does automatic updates while you’re logged in to your Canvas application. If you log out of your Canvas application, automatic updates pause until you log back in.
To configure automatic updates for your dataset, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **Datasets**.
1. From the list of datasets, choose the dataset you want to update.
1. Choose the **Update dataset** dropdown menu and choose **Automatic update**. You are taken to the **Auto updates**tab for the dataset.
1. Turn on the **Auto update enabled** toggle.
1. For **Specify a data source**, enter the Amazon S3 path to a folder where you plan to regularly upload files.
1. For **Choose a frequency**, select **Hourly**, **Weekly**, or **Daily**.
1. For **Specify a starting time**, use the calendar and time picker to select when you want the first auto update job to start.
1. When you’re ready to create the auto update configuration, choose **Save**.
Canvas begins the first job of your auto update cadence at the specified starting time.
# View your automatic dataset update jobs
To view the job history for your automatic dataset updates in Amazon SageMaker Canvas, on your dataset details page, choose the **Auto updates** tab.
Each automatic update to a dataset shows as a job in the **Auto updates** tab under the **Job history** section. For each job, you can see the following:
+ **Job created** – The timestamp for when Canvas started updating the dataset.
+ **Files** – The number of files in the dataset.
+ **Cells (Columns x Rows)** – The number of columns and rows in the dataset.
+ **Status** – The status of the dataset after the update. If the job was successful, the status is **Ready**. If the job failed for any reason, the status is **Failed**, and you can hover over the status for more details.
# Edit your automatic dataset update configuration
You might want to make changes to your auto update configuration for a dataset, such as changing the frequency of the updates. You might also want to turn off your automatic update configuration to pause the updates to your dataset.
To make changes to your auto update configuration for a dataset, go to the **Auto updates** tab of your dataset and choose **Edit** to make changes to the configuration.
To pause your dataset updates, turn off your automatic configuration. You can turn off auto updates by going to the **Auto updates** tab of your dataset and turning the **Enable auto updates** toggle off. You can turn this toggle back on at any time to resume the update schedule.
To learn how to delete your configuration, see [Delete an automatic configuration](canvas-manage-automations-delete.md).
# Connect to data sources
In Amazon SageMaker Canvas, you can import data from a location outside of your local file system through an AWS service, a SaaS platform, or other databases using JDBC connectors. For example, you might want to import tables from a data warehouse in Amazon Redshift, or you might want to import Google Analytics data.
When you go through the **Import** workflow to import data in the Canvas application, you can choose your data source and then select the data that you want to import. For certain data sources, like Snowflake and Amazon Redshift, you must specify your credentials and add a connection to the data source.
The following screenshot shows the data sources toolbar in the **Import** workflow, with all of the available data sources highlighted. You can only import data from the data sources that are available to you. Contact your administrator if your desired data source isn’t available.
![\[The Data Source dropdown menu on the Import data page in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/data-sources.png)
The following sections provide information about establishing connections to external data sources and and importing data from them. Review the following section first to determine what permissions you need to import data from your data source.
## Permissions
Review the following information to ensure that you have the necessary permissions to import data from your data source:
+ **Amazon S3:** You can import data from any Amazon S3 bucket as long as your user has permissions to access the bucket. For more information about using AWS IAM to control access to Amazon S3 buckets, see [Identity and access management in Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) in the *Amazon S3 User Guide*.
+ **Amazon Athena:** If you have the [AmazonSageMakerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerFullAccess.html) policy and the [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasFullAccess.html) policy attached to your user’s execution role, then you can query your AWS Glue Data Catalog with Amazon Athena. If you’re part of an Athena workgroup, make sure that the Canvas user has permissions to run Athena queries on the data. For more information, see [Using workgroups for running queries](https://docs.aws.amazon.com/athena/latest/ug/workgroups.html) in the *Amazon Athena User Guide*.
+ **Amazon DocumentDB:** You can import data from any Amazon DocumentDB database as long as you have the credentials (username and password) to connect to the database and have the minimum base Canvas permissions attached to your user’s execution role. For more information about Canvas permissions, see the [Prerequisites for setting up Amazon SageMaker Canvas](canvas-getting-started.md#canvas-prerequisites).
+ **Amazon Redshift:** To give yourself the necessary permissions to import data from Amazon Redshift, see [Grant Users Permissions to Import Amazon Redshift Data](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-redshift-permissions.html).
+ **Amazon RDS:** If you have the [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasFullAccess.html) policy attached to your user’s execution role, then you’ll be able to access your Amazon RDS databases from Canvas.
+ **SaaS platforms:** If you have the [AmazonSageMakerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerFullAccess.html) policy and the [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasFullAccess.html) policy attached to your user’s execution role, then you have the necessary permissions to import data from SaaS platforms. See [Use SaaS connectors with Canvas](#canvas-connecting-external-appflow) for more information about connecting to a specific SaaS connector.
+ **JDBC connectors:** For database sources such as Databricks, MySQL or MariaDB, you must enable username and password authentication on the source database before attempting to connect from Canvas. If you’re connecting to a Databricks database, you must have the JDBC URL that contains the necessary credentials.
## Connect to a database stored in AWS
You might want to import data that you’ve stored in AWS. You can import data from Amazon S3, use Amazon Athena to query a database in the AWS Glue Data Catalog, import data from [Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html), or make a connection to a provisioned Amazon Redshift database (not Redshift Serverless).
You can create multiple connections to Amazon Redshift. For Amazon Athena, you can access any databases that you have in your [AWS Glue Data Catalog](https://docs.aws.amazon.com/prescriptive-guidance/latest/serverless-etl-aws-glue/aws-glue-data-catalog.html). For Amazon S3, you can import data from a bucket as long as you have the necessary permissions.
Review the following sections for more detailed information.
### Connect to data in Amazon S3, Amazon Athena, or Amazon RDS
For Amazon S3, you can import data from an Amazon S3 bucket as long as you have permissions to access the bucket.
For Amazon Athena, you can access databases in your AWS Glue Data Catalog as long as you have permissions through your [Amazon Athena workgroup](https://docs.aws.amazon.com/athena/latest/ug/manage-queries-control-costs-with-workgroups.html).
For Amazon RDS, if you have the [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasFullAccess.html) policy attached to your user’s role, then you’ll be able to import data from your Amazon RDS databases into Canvas.
To import data from an Amazon S3 bucket, or to run queries and import data tables with Amazon Athena, see [Create a dataset](canvas-import-dataset.md). You can only import tabular data from Amazon Athena, and you can import tabular and image data from Amazon S3.
### Connect to an Amazon DocumentDB database
Amazon DocumentDB is a fully managed, serverless, document database service. You can import unstructured document data stored in an Amazon DocumentDB database into SageMaker Canvas as a tabular dataset, and then you can build machine learning models with the data.
**Important**
Your SageMaker AI domain must be configured in **VPC only** mode to add connections to Amazon DocumentDB. You can only access Amazon DocumentDB clusters in the same Amazon VPC as your Canvas application. Additionally, Canvas can only connect to TLS-enabled Amazon DocumentDB clusters. For more information about how to set up Canvas in **VPC only** mode, see [Configure Amazon SageMaker Canvas in a VPC without internet access](canvas-vpc.md).
To import data from Amazon DocumentDB databases, you must have credentials to access the Amazon DocumentDB database and specify the username and password when creating a database connection. You can configure more granular permissions and restrict access by modifying the Amazon DocumentDB user permissions. To learn more about access control in Amazon DocumentDB, see [Database Access Using Role-Based Access Control](https://docs.aws.amazon.com/documentdb/latest/developerguide/role_based_access_control.html) in the *Amazon DocumentDB Developer Guide*.
When you import from Amazon DocumentDB, Canvas converts your unstructured data into a tabular dataset by mapping the fields to columns in a table. Additional tables are created for each complex field (or nested structure) in the data, where the columns correspond to the sub-fields of the complex field. For more detailed information about this process and examples of schema conversion, see the [ Amazon DocumentDB JDBC Driver Schema Discovery](https://github.com/aws/amazon-documentdb-jdbc-driver/blob/develop/src/markdown/schema/schema-discovery.md) GitHub page.
Canvas can only make a connection to a single database in Amazon DocumentDB. To import data from a different database, you must create a new connection.
You can import data from Amazon DocumentDB into Canvas by using the following methods:
+ [Create a dataset](canvas-import-dataset.md). You can import your Amazon DocumentDB data and create a tabular dataset in Canvas. If you choose this method, make sure that you follow the [ Import tabular data](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-import-dataset.html#canvas-import-dataset-tabular) procedure.
+ [Create a data flow](canvas-data-flow.md). You can create a data preparation pipeline in Canvas and add your Amazon DocumentDB database as a data source.
To proceed with importing your data, follow the procedure for one of the methods linked in the preceding list.
When you reach the step in either workflow to choose a data source (Step 6 for creating a dataset, or Step 8 for creating a data flow), do the following:
1. For **Data Source**, open the dropdown menu and choose **DocumentDB**.
1. Choose **Add connection**.
1. In the dialog box, specify your Amazon DocumentDB credentials:
1. Enter a **Connection name**. This is a name used by Canvas to identify this connection.
1. For **Cluster**, select the cluster in Amazon DocumentDB that stores your data. Canvas automatically populates the dropdown menu with Amazon DocumentDB clusters in the same VPC as your Canvas application.
1. Enter the **Username** for your Amazon DocumentDB cluster.
1. Enter the **Password** for your Amazon DocumentDB cluster.
1. Enter the name of the **Database** to which you want to connect.
1. The **Read preference** option determines which types of instances on your cluster Canvas reads the data from. Select one of the following:
+ **Secondary preferred** – Canvas defaults to reading from the cluster’s secondary instances, but if a secondary instance isn’t available, then Canvas reads from a primary instance.
+ **Secondary** – Canvas only reads from the cluster’s secondary instances, which prevents the read operations from interfering with the cluster’s regular read and write operations.
1. Choose **Add connection**. The following image shows the dialog box with the preceding fields for an Amazon DocumentDB connection.
![\[Screenshot of the Add a new DocumentDB connection dialog box in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/add-docdb-connection.png)
You should now have an Amazon DocumentDB connection, and you can use your Amazon DocumentDB data in Canvas to create either a dataset or a data flow.
### Connect to an Amazon Redshift database
You can import data from Amazon Redshift, a data warehouse where your organization keeps its data. Before you can import data from Amazon Redshift, the AWS IAM role you use must have the `AmazonRedshiftFullAccess` managed policy attached. For instructions on how to attach this policy, see [Grant Users Permissions to Import Amazon Redshift Data](canvas-redshift-permissions.md).
To import data from Amazon Redshift, you do the following:
1. Create a connection to an Amazon Redshift database.
1. Choose the data that you're importing.
1. Import the data.
You can use the Amazon Redshift editor to drag datasets onto the import pane and import them into SageMaker Canvas. For more control over the values returned in the dataset, you can use the following:
+ SQL queries
+ Joins
With SQL queries, you can customize how you import the values in the dataset. For example, you can specify the columns returned in the dataset or the range of values for a column.
You can use joins to combine multiple datasets from Amazon Redshift into a single dataset. You can drag your datasets from Amazon Redshift into the panel that gives you the ability to join the datasets.
You can use the SQL editor to edit the dataset that you've joined and convert the joined dataset into a single node. You can join another dataset to the node. You can import the data that you've selected into SageMaker Canvas.
Use the following procedure to import data from Amazon Redshift.
1. In the SageMaker Canvas application, go to the **Datasets** page.
1. Choose **Import data**, and from the dropdown menu, choose **Tabular**.
1. Enter a name for the dataset and choose **Create**.
1. For **Data Source**, open the dropdown menu and choose **Redshift**.
1. Choose **Add connection**.
1. In the dialog box, specify your Amazon Redshift credentials:
1. For **Authentication method**, choose **IAM**.
1. Enter the **Cluster identifier** to specify to which cluster you want to connect. Enter only the cluster identifier and not the full endpoint of the Amazon Redshift cluster.
1. Enter the **Database name** of the database to which you want to connect.
1. Enter a **Database user** to identify the user you want to use to connect to the database.
1. For **ARN**, enter the IAM role ARN of the role that the Amazon Redshift cluster should assume to move and write data to Amazon S3. For more information about this role, see [ Authorizing Amazon Redshift to access other AWS services on your behalf](https://docs.aws.amazon.com/redshift/latest/mgmt/authorizing-redshift-service.html) in the *Amazon Redshift Management Guide*.
1. Enter a **Connection name**. This is a name used by Canvas to identify this connection.
1. From the tab that has the name of your connection, drag the .csv file that you're importing to the **Drag and drop table to import** pane.
1. Optional: Drag additional tables to the import pane. You can use the GUI to join the tables. For more specificity in your joins, choose **Edit in SQL**.
1. Optional: If you're using SQL to query the data, you can choose **Context** to add context to the connection by specifying values for the following:
+ **Warehouse**
+ **Database**
+ **Schema**
1. Choose **Import data**.
The following image shows an example of fields specified for an Amazon Redshift connection.
![\[Screenshot of the Add a new Redshift connection dialog box in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-redshift-add-connection.png)
The following image shows the page used to join datasets in Amazon Redshift.
![\[Screenshot of the Import page in Canvas, showing two datasets being joined.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-redshift-join.png)
The following image shows an SQL query being used to edit a join in Amazon Redshift.
![\[Screenshot of a SQL query in the Edit SQL editor on the Import page in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-redshift-edit-sql.png)
## Connect to your data with JDBC connectors
With JDBC, you can connect to your databases from sources such as Databricks, SQLServer, MySQL, PostgreSQL, MariaDB, Amazon RDS, and Amazon Aurora.
You must make sure that you have the necessary credentials and permissions to create the connection from Canvas.
+ For Databricks, you must provide a JDBC URL. The URL formatting can vary between Databricks instances. For information about finding the URL and the specifying the parameters within it, see [JDBC configuration and connection parameters](https://docs.databricks.com/integrations/bi/jdbc-odbc-bi.html#jdbc-configuration-and-connection-parameters) in the Databricks documentation. The following is an example of how a URL can be formatted: `jdbc:spark://aws-sagemaker-datawrangler.cloud.databricks.com:443/default;transportMode=http;ssl=1;httpPath=sql/protocolv1/o/3122619508517275/0909-200301-cut318;AuthMech=3;UID=token;PWD=personal-access-token`
+ For other database sources, you must set up username and password authentication, and then specify those credentials when connecting to the database from Canvas.
Additionally, your data source must either be accessible through the public internet, or if your Canvas application is running in **VPC only** mode, then the data source must run in the same VPC. For more information about configuring an Amazon RDS database in a VPC, see [Amazon VPC VPCs and Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*.
After you’ve configured your data source credentials, you can sign in to the Canvas application and create a connection to the data source. Specify your credentials (or, for Databricks, the URL) when creating the connection.
## Connect to data sources with OAuth
Canvas supports using OAuth as an authentication method for connecting to your data in Snowflake and Salesforce Data Cloud. [OAuth](https://oauth.net/2/) is a common authentication platform for granting access to resources without sharing passwords.
**Note**
You can only establish one OAuth connection for each data source.
To authorize the connection, you must following the initial setup described in [Set up connections to data sources with OAuth](canvas-setting-up-oauth.md).
After setting up the OAuth credentials, you can do the following to add a Snowflake or Salesforce Data Cloud connection with OAuth:
1. Sign in to the Canvas application.
1. Create a tabular dataset. When prompted to upload data, choose Snowflake or Salesforce Data Cloud as your data source.
1. Create a new connection to your Snowflake or Salesforce Data Cloud data source. Specify OAuth as the authentication method and enter your connection details.
You should now be able to import data from your databases in Snowflake or Salesforce Data Cloud.
## Connect to a SaaS platform
You can import data from Snowflake and over 40 other external SaaS platforms. For a full list of the connectors, see the table on [Data import](canvas-importing-data.md).
**Note**
You can only import tabular data, such as data tables, from SaaS platforms.
### Use Snowflake with Canvas
Snowflake is a data storage and analytics service, and you can import your data from Snowflake into SageMaker Canvas. For more information about Snowflake, see the [Snowflake documentation](https://www.snowflake.com/en/).
You can import data from your Snowflake account by doing the following:
1. Create a connection to the Snowflake database.
1. Choose the data that you're importing by dragging and dropping the table from the left navigation menu into the editor.
1. Import the data.
You can use the Snowflake editor to drag datasets onto the import pane and import them into SageMaker Canvas. For more control over the values returned in the dataset, you can use the following:
+ SQL queries
+ Joins
With SQL queries, you can customize how you import the values in the dataset. For example, you can specify the columns returned in the dataset or the range of values for a column.
You can join multiple Snowflake datasets into a single dataset before you import into Canvas using SQL or the Canvas interface. You can drag your datasets from Snowflake into the panel that gives you the ability to join the datasets, or you can edit the joins in SQL and convert the SQL into a single node. You can join other nodes to the node that you've converted. You can then combine the datasets that you've joined into a single node and join the nodes to a different Snowflake dataset. Finally, you can import the data that you've selected into Canvas.
Use the following procedure to import data from Snowflake to Amazon SageMaker Canvas.
1. In the SageMaker Canvas application, go to the **Datasets** page.
1. Choose **Import data**, and from the dropdown menu, choose **Tabular**.
1. Enter a name for the dataset and choose **Create**.
1. For **Data Source**, open the dropdown menu and choose **Snowflake**.
1. Choose **Add connection**.
1. In the **Add a new Snowflake connection** dialog box, specify your Snowflake credentials. For the **Authentication method**, choose one of the following:
+ **Basic - username password** – Provide your Snowflake account ID, username, and password.
+ **ARN** – For improved protection of your Snowflake credentials, provide the ARN of an AWS Secrets Manager secret that contains your credentials. For more information, see [ Create an AWS Secrets Manager secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html) in the *AWS Secrets Manager User Guide*.
Your secret should have your Snowflake credentials stored in the following JSON format:
```
{"accountid": "ID",
"username": "username",
"password": "password"}
```
+ **OAuth** – OAuth lets you authenticate without providing a password but requires additional setup. For more information about setting up OAuth credentials for Snowflake, see [Set up connections to data sources with OAuth](canvas-setting-up-oauth.md).
1. Choose **Add connection**.
1. From the tab that has the name of your connection, drag the .csv file that you're importing to the **Drag and drop table to import** pane.
1. Optional: Drag additional tables to the import pane. You can use the user interface to join the tables. For more specificity in your joins, choose **Edit in SQL**.
1. Optional: If you're using SQL to query the data, you can choose **Context** to add context to the connection by specifying values for the following:
+ **Warehouse**
+ **Database**
+ **Schema**
Adding context to a connection makes it easier to specify future queries.
1. Choose **Import data**.
The following image shows an example of fields specified for a Snowflake connection.
![\[Screenshot of the Add a new Snowflake connection dialog box in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-snowflake-connection.png)
The following image shows the page used to add context to a connection.
![\[Screenshot of the Import page in Canvas, showing the Context dialog box.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-connection-context.png)
The following image shows the page used to join datasets in Snowflake.
![\[Screenshot of the Import page in Canvas, showing datasets being joined.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-snowflake-join.png)
The following image shows a SQL query being used to edit a join in Snowflake.
![\[Screenshot of a SQL query in the Edit SQL editor on the Import page in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-snowflake-edit-sql.png)
### Use SaaS connectors with Canvas
**Note**
For SaaS platforms besides Snowflake, you can only have one connection per data source.
Before you can import data from a SaaS platform, your administrator must authenticate and create a connection to the data source. For more information about how administrators can create a connection with a SaaS platform, see [Managing Amazon AppFlow connections](https://docs.aws.amazon.com/appflow/latest/userguide/connections.html) in the *Amazon AppFlow User Guide*.
If you’re an administrator getting started with Amazon AppFlow for the first time, see [Getting started](https://docs.aws.amazon.com/appflow/latest/userguide/getting-started.html) in the *Amazon AppFlow User Guide*.
To import data from a SaaS platform, you can follow the standard [Import tabular data](canvas-import-dataset.md#canvas-import-dataset-tabular) procedure, which shows you how to import tabular datasets into Canvas.
# Sample datasets in Canvas
SageMaker Canvas provides sample datasets addressing unique use cases so you can start building, training, and validating models quickly without writing any code. The use cases associated with these datasets highlight the capabilities of SageMaker Canvas, and you can leverage these datasets to get started with building models. You can find the sample datasets in the **Datasets** page of your SageMaker Canvas application.
The following datasets are the samples that SageMaker Canvas provides by default. These datasets cover use cases such as predicting house prices, loan defaults, and readmission for diabetic patients; forecasting sales; predicting machine failures to streamline predictive maintenance in manufacturing units; and generating supply chain predictions for transportation and logistics. The datasets are stored in the `sample_dataset` folder in the default Amazon S3 bucket that SageMaker AI creates for your account in a Region.
+ **canvas-sample-diabetic-readmission.csv:** This dataset contains historical data including over fifteen features with patient and hospital outcomes. You can use this dataset to predict whether high-risk diabetic patients are likely to get readmitted to the hospital within 30 days of discharge, after 30 days, or not at all. Use the **redadmitted** column as the target column, and use the 3\$1 category prediction model type with this dataset. To learn more about how to build a model with this dataset, see the [SageMaker Canvas workshop page](https://catalog.us-east-1.prod.workshops.aws/workshops/80ba0ea5-7cf9-4b8c-9d3f-1cd988b6c071/en-US/zzz-legacy/1-use-cases/5-hcls). This dataset was obtained from the [UCI Machine Learning Repository](https://archive.ics.uci.edu/ml/datasets/diabetes+130-us+hospitals+for+years+1999-2008).
+ **canvas-sample-housing.csv:** This dataset contains data on the characteristics tied to a given housing price. You can use this dataset to predict housing prices. Use the **median\$1house\$1value** column as the target column, and use the numeric prediction model type with this dataset. To learn more about building a model with this dataset, see the [SageMaker Canvas workshop page](https://catalog.us-east-1.prod.workshops.aws/workshops/80ba0ea5-7cf9-4b8c-9d3f-1cd988b6c071/en-US/zzz-legacy/1-use-cases/2-real-estate). This is the California housing dataset obtained from the [StatLib repository](https://www.dcc.fc.up.pt/~ltorgo/Regression/cal_housing.html).
+ **canvas-sample-loans.csv:** This dataset contains complete loan data for all loans issued from 2007–2011, including the current loan status and latest payment information. You can use this dataset to predict whether a customer will repay a loan. Use the **loan\$1status** column as the target column, and use the 3\$1 category prediction model type with this dataset. To learn more about how to build a model with this dataset, see the [SageMaker Canvas workshop page](https://catalog.us-east-1.prod.workshops.aws/workshops/80ba0ea5-7cf9-4b8c-9d3f-1cd988b6c071/en-US/zzz-legacy/1-use-cases/4-finserv). This data uses the LendingClub data obtained from [Kaggle](https://www.kaggle.com/datasets/wordsforthewise/lending-club).
+ **canvas-sample-maintenance.csv:** This dataset contains data on the characteristics tied to a given maintenance failure type. You can use this dataset to predict which failure will occur in the future. Use the **Failure Type** column as the target column, and use the 3\$1 category prediction model type with this dataset. To learn more about how to build a model with this dataset, see the [SageMaker Canvas workshop page](https://catalog.us-east-1.prod.workshops.aws/workshops/80ba0ea5-7cf9-4b8c-9d3f-1cd988b6c071/en-US/zzz-legacy/1-use-cases/6-manufacturing). This dataset was obtained from the [UCI Machine Learning Repository](https://archive.ics.uci.edu/ml/datasets/AI4I+2020+Predictive+Maintenance+Dataset).
+ **canvas-sample-shipping-logs.csv:** This dataset contains complete shipping data for all products delivered, including estimated time shipping priority, carrier, and origin. You can use this dataset to predict the estimated time of arrival of the shipment in number of days. Use the **ActualShippingDays** column as the target column, and use the numeric prediction model type with this dataset. To learn more about how to build a model with this data, see the [SageMaker Canvas workshop page](https://catalog.us-east-1.prod.workshops.aws/workshops/80ba0ea5-7cf9-4b8c-9d3f-1cd988b6c071/en-US/zzz-legacy/1-use-cases/7-supply-chain). This is a synthetic dataset created by Amazon.
+ **canvas-sample-sales-forecasting.csv:** This dataset contains historical time series sales data for retail stores. You can use this dataset to forecast sales for a particular retail store. Use the **sales** column as the target column, and use the time series forecasting model type with this dataset. To learn more about how to build a model with this dataset, see the [SageMaker Canvas workshop page](https://catalog.us-east-1.prod.workshops.aws/workshops/80ba0ea5-7cf9-4b8c-9d3f-1cd988b6c071/en-US/zzz-legacy/1-use-cases/3-retail). This is a synthetic dataset created by Amazon.
# Re-import a deleted sample dataset
Amazon SageMaker Canvas provides you with sample datasets for various use cases that highlight the capabilities of Canvas. To learn more about the sample datasets that are available, see [Sample datasets in Canvas](canvas-sample-datasets.md). If you no longer wish to use the sample datasets, you can delete them from the **Datasets** page of your SageMaker Canvas application. However, these datasets are still stored in the Amazon S3 bucket that you specified as the [Canvas storage location](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-storage-configuration.html), so you can always access them later.
If you used the default Amazon S3 bucket, the bucket name follows the pattern `sagemaker-{region}-{account ID}`. You can find the sample datasets in the directory path `Canvas/sample_dataset`.
If you delete a sample dataset from your SageMaker Canvas application and want to access the sample dataset again, use the following procedure.
1. Navigate to the **Datasets** page in your SageMaker Canvas application.
1. Choose **Import data**.
1. From the list of Amazon S3 buckets, select the bucket that is your Canvas storage location. If using the default SageMaker AI-created Amazon S3 bucket, it follows the naming pattern `sagemaker-{region}-{account ID}`.
1. Select the **Canvas** folder.
1. Select the **sample\$1dataset** folder, which contains all of the sample datasets for SageMaker Canvas.
1. Select the dataset you want to import, and then choose **Import data**.
# Data preparation
**Note**
Previously, Amazon SageMaker Data Wrangler was part of the SageMaker Studio Classic experience. Now, if you update to using the new Studio experience, you must use SageMaker Canvas to access Data Wrangler and receive the latest feature updates. If you have been using Data Wrangler in Studio Classic until now and want to migrate to Data Wrangler in Canvas, you might have to grant additional permissions so that you can create and use a Canvas application. For more information, see [(Optional) Migrate from Data Wrangler in Studio Classic to SageMaker Canvas](studio-updated-migrate-ui.md#studio-updated-migrate-dw).
To learn how to migrate your data flows from Data Wrangler in Studio Classic, see [(Optional) Migrate data from Studio Classic to Studio](studio-updated-migrate-data.md).
Use Amazon SageMaker Data Wrangler in Amazon SageMaker Canvas to prepare, featurize and analyze your data. You can integrate a Data Wrangler data preparation flow into your machine learning (ML) workflows to simplify and streamline data pre-processing and feature engineering using little to no coding. You can also add your own Python scripts and transformations to customize workflows.
+ **Data Flow** – Create a data flow to define a series of ML data prep steps. You can use a flow to combine datasets from different data sources, identify the number and types of transformations you want to apply to datasets, and define a data prep workflow that can be integrated into an ML pipeline.
+ **Transform** – Clean and transform your dataset using standard *transforms* like string, vector, and numeric data formatting tools. Featurize your data using transforms like text and date/time embedding and categorical encoding.
+ **Generate Data Insights** – Automatically verify data quality and detect abnormalities in your data with Data Wrangler Data Quality and Insights Report.
+ **Analyze** – Analyze features in your dataset at any point in your flow. Data Wrangler includes built-in data visualization tools like scatter plots and histograms, as well as data analysis tools like target leakage analysis and quick modeling to understand feature correlation.
+ **Export** – Export your data preparation workflow to a different location. The following are example locations:
+ Amazon Simple Storage Service (Amazon S3) bucket
+ Amazon SageMaker Feature Store – Store the features and their data in a centralized store.
+ **Automate data preparation** – Create machine learning workflows from your data flow.
+ Amazon SageMaker Pipelines – Build workflows that manage your SageMaker AI data preparation, model training, and model deployment jobs.
+ Serial inference pipeline – Create a serial inference pipeline from your data flow. Use it to make predictions on new data.
+ Python script – Store the data and their transformations in a Python script for your custom workflows.
# Create a data flow
Use a Data Wrangler flow in SageMaker Canvas, or *data flow*, to create and modify a data preparation pipeline. We recommend that you use Data Wrangler for datasets larger than 5 GB.
To get started, use the following procedure to import your data into a data flow.
1. Open SageMaker Canvas.
1. In the left-hand navigation, choose **Data Wrangler**.
1. Choose **Import and prepare**.
1. From the dropdown menu, choose either **Tabular** or **Image**.
1. For **Select a data source**, choose your data source and select the data that you want to import. You have the option to select up to 30 files or one folder. If you have a dataset already imported into Canvas, choose **Canvas dataset** as your source. Otherwise, connect to a data source such as Amazon S3 or Snowflake and browse through your data. For information about connecting to a data source or importing data, see the following pages:
+ [Data import](canvas-importing-data.md)
+ [Connect to data sources](canvas-connecting-external.md)
1. After selecting the data that you want to import, choose **Next**.
1. (Optional) For the **Import settings** section when importing a tabular dataset, expand the **Advanced** dropdown menu. You can specify the following advanced settings for data flow imports:
+ **Sampling method** – Select the sampling method and sample size you'd like to use. For more information about how to change your sample, see the section [Edit the data flow sampling configuration](canvas-data-flow-edit-sampling.md).
+ **File encoding (CSV)** – Select your dataset file’s encoding. `UTF-8` is the default.
+ **Skip first rows** – Enter the number of rows you’d like to skip importing if you have redundant rows at the beginning of your dataset.
+ **Delimiter** – Select the delimiter that separates each item in your data. You can also specify a custom delimiter.
+ **Multi-line detection** – Select this option if you’d like Canvas to manually parse your entire dataset for multi-line cells. Canvas determines whether or not to use multi-line support by taking a sample of your data, but Canvas might not detect any multi-line cells in the sample. In this case, we recommend that you select the **Multi-line detection** option to force Canvas to check your entire dataset for multi-line cells.
1. Choose **Import**.
You should now have a new data flow, and you can begin adding transform steps and analyses.
# How the data flow UI works
To help you navigate your data flow, Data Wrangler has the following tabs in the top navigation pane:
+ **Data flow** – This tab provides you with a visual view of your data flow step where you can add or remove transforms, and export data.
+ **Data** – This tab gives you a preview of your data so that you can check the results of your transforms. You can also see an ordered list of your data flow steps and edit or reorder the steps.
**Note**
In this tab, you can only preview data visualizations (such as the distribution of values per column) for Amazon S3 data sources. Visualizations for other data sources, such as Amazon Athena, aren't supported.
+ **Analyses** – In this tab, you can see separate sub-tabs for each analysis you create. For example, if you create a histogram and a Data Quality and Insights (DQI) report, Canvas creates a tab for each.
When you import a dataset, the original dataset appears on the data flow and is named **Source**. SageMaker Canvas automatically infers the types of each column in your dataset and creates a new dataframe named **Data types**. You can select this frame to update the inferred data types.
The datasets, transformations, and analyses that you use in the data flow are represented as *steps*. Each time you add a transform step, you create a new dataframe. When multiple transform steps (other than **Join** or **Concatenate**) are added to the same dataset, they are stacked.
Under the **Combine data** option, **Join** and **Concatenate** create standalone steps that contain the new joined or concatenated dataset.
# Edit the data flow sampling configuration
When importing tabular data into a Data Wrangler data flow, you can opt to take a sample of your dataset to speed up the data exploration and cleaning process. Running exploratory transforms on a sample of your dataset is often faster than running transforms on your entire dataset, and when you're ready to export your dataset and build a model, you can apply the transforms to the full dataset.
Canvas supports the following sampling methods:
+ **FirstK** – Canvas selects the first *K* items from your dataset, where *K* is a number you specify. This sampling method is simple but can introduce bias if your dataset isn't randomly ordered.
+ **Random** – Canvas selects items from the dataset at random, with each item having an equal probability of being chosen. This sampling method helps ensure that the sample is representative of the entire dataset.
+ **Stratified** – Canvas divides the dataset into groups (or *strata*) based on one or more attributes (for example, age and income level). Then, a proportional number of items are randomly selected from each group. This method ensures that all relevant subgroups are adequately represented in the sample.
You can edit your sampling configuration at any time to change the size of the sample used for data exploration.
To make changes to your sampling configuration, do the following:
1. In your data flow graph, select your data source node.
1. Choose **Sampling** on the bottom navigation bar.
1. The **Sampling** dialog box opens. For the **Sampling method** dropdown, select your desired sampling method.
1. For **Maximum sample size**, enter the number of rows you want to sample.
1. Choose **Update** to save your changes.
The changes to your sampling configuration should now be applied.
# Add a step to your data flow
In your Data Wrangler data flows, you can add steps that represent data transformations and analyses.
To add a step to your data flow, select **\$1** next to any dataset node or previously added step. Then, select one of the following options:
+ **Edit data types** (For a **Data types** step only): If you have not added any transforms to a **Data types** step, you can double-click on the **Data types** step in your flow to open the **Data** tab and edit the data types that Data Wrangler inferred when importing your dataset.
+ **Add transform**: Adds a new transform step. See [Transform data](canvas-transform.md) to learn more about the data transformations you can add.
+ **Get data insights**: Add analyses, such as histograms or custom visualizations. You can use this option to analyze your data at any point in the data flow. See [Perform exploratory data analysis (EDA)](canvas-analyses.md) to learn more about the analyses you can add.
+ **Join**: Find this option under **Combine data** to join two datasets and add the resulting dataset to the data flow. To learn more, see [Join Datasets](canvas-transform.md#canvas-transform-join).
+ **Concatenate**: Find this option under **Combine data** to concatenate two datasets and add the resulting dataset to the data flow. To learn more, see [Concatenate Datasets](canvas-transform.md#canvas-transform-concatenate).
# Edit data flow steps
In Amazon SageMaker Canvas, you can edit individual steps in your data flows to transform your dataset without having to create a new data flow. The following page covers how to edit join and concatenate steps, as well as data source steps.
## Edit join and concatenate steps
Within your data flows, you have the flexibility to edit your join and concatenate steps. You can make necessary adjustments to your data processing workflow, ensuring that your data is properly combined and transformed without having to redo your entire data flow.
To edit a join or concatenate step in your data flow, do the following:
1. Open your data flow.
1. Choose the plus icon (**\$1**) next to the join or concatenate node that you want to edit.
1. From the context menu, choose **Edit**.
1. A side panel opens where you can edit the details of your join or concatenation. Modify your step fields, such as the type of join. To swap out a data node and select a different one to join or concatenate, choose the delete icon next to the node and then, in the data flow view, select the new node that you want to include in your transformation.
**Note**
When swapping out a node during the editing process, you can only select steps that occur before the join or concatenate operation. You can swap either the left or right node, but you can only swap one node at a time. Additionally, you cannot select a source node as a replacement.
1. Choose **Preview** to view the result of the combining operation.
1. Choose **Update** to save your changes.
Your data flow should now be updated.
## Edit or replace a data source step
You might need to make changes to your data source or dataset without deleting the transforms and data flow steps applied to your original data. Within Data Wrangler, you can edit or replace your data source configuration while keeping the steps of your data flow. When editing a data source, you can change the import settings, such as the sampling size or method and any advanced settings. You can also add more files with the same schema, or for query-based data sources such as Amazon Athena, you can edit the query. When replacing a data source, you have the option to select a different dataset, or even import the data from a different data source altogether, as long as the schema of the new data matches the original data.
To edit a data source configuration, do the following:
1. In the Canvas application, go to the **Data Wrangler** page.
1. Choose your data flow to view it.
1. In the **Data flow** tab that shows your data flow steps, find the **Source** node that you want to edit.
1. Choose the ellipsis icon next to the **Source** node.
1. From the context menu, choose **Edit**.
1. For Amazon S3 data sources and local upload, you have the option to select or upload more files with the same schema as your original data. For query-based data sources such as Amazon Athena, you can remove and select different tables in the visual query builder, or you can edit the SQL query directly. When you're done, choose **Next**.
1. For the **Import settings**, make any desired changes.
1. When you're done, choose **Save changes**.
Your data source should now be updated.
To replace a data source, do the following:
1. In the Canvas application, go to the **Data Wrangler** page.
1. Choose your data flow to view it.
1. In the **Data flow** tab that shows your data flow steps, find the **Source** node that you want to edit.
1. Choose the ellipsis icon next to the **Source** node.
1. From the context menu, choose **Replace**.
1. Go through the [create a data flow experience](canvas-data-flow.md) to select another data source and data.
1. When you’ve selected your data and are ready to update the source node, choose **Save**.
You should now see the **Source** node updated in your data flow.
# Reorder steps in your data flow
After adding steps to your data flow, you have the option to reorder steps instead of deleting and re-adding them in the correct order. For example, you might decide to move a transform to impute missing values before a step to format strings.
**Note**
You can’t change the order of certain step types, such as defining your data source, changing data types, joining, concatenating, or splitting. Steps that can’t be reordered are grayed out in the Canvas application UI.
To reorder your data flow steps, do the following:
1. While editing a data flow in Data Wrangler, choose the **Data** tab. A side panel called **Steps** lists your data flow steps in order.
1. Hover over a transform step and choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) next to that step.
1. From the context menu, choose **Reorder**.
1. Drag and drop your data flow steps into your desired order.
1. When you’ve finished, choose **Save**.
Your data flow steps and graph should now reflect the changes you’ve made.
# Delete a step from your data flow
Within your data flows, you have the flexibility to delete your join and concatenate steps and choose whether or not to still apply any subsequent transforms to your data.
To delete a join or concatenate step from your data flow, do the following:
1. Open your data flow.
1. Choose the plus icon (**\$1**) next to the join or concatenate node that you want to delete.
1. In the context menu, choose **Delete**.
1. (Optional) If you have transformation steps following the join or concatenate step, then you can choose whether or not to keep the subsequent transformation steps and add them separately to each data node. In the **Delete join** side panel, choose a node to deselect it and remove any subsequent transformation steps. You can leave both nodes selected to keep all transformation steps, or you can deselect both nodes to discard all transformation steps.
The following screenshot shows this step with only the second of two data nodes selected. When the join is successfully deleted, then the subsequent **Rename column** transform is only kept by the second data node.
![\[Screenshot of a data flow in Data Wrangler showing the delete join view.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-data-flow-delete-step.png)
1. Choose **Delete**.
The join or concatenate step should now be removed from your data flow.
# Perform exploratory data analysis (EDA)
Data Wrangler includes built-in analyses that help you generate visualizations and data analyses in a few clicks. You can also create custom analyses using your own code.
You add an analysis to a dataframe by selecting a step in your data flow, and then choosing **Add analysis**. To access an analysis you've created, select the step that contains the analysis, and select the analysis.
Analyses are generated using a sample of up to 200,000 rows of your dataset, and you can configure the sample size. For more information about changing the sample size of your data flow, see [Edit the data flow sampling configuration](canvas-data-flow-edit-sampling.md).
**Note**
Analyses are optimized for data with 1000 or fewer columns. You may experience some latency when generating analyses for data with additional columns.
You can add the following analysis to a dataframe:
+ Data visualizations, including histograms and scatter plots.
+ A quick summary of your dataset, including number of entries, minimum and maximum values (for numeric data), and most and least frequent categories (for categorical data).
+ A quick model of the dataset, which can be used to generate an importance score for each feature.
+ A target leakage report, which you can use to determine if one or more features are strongly correlated with your target feature.
+ A custom visualization using your own code.
Use the following sections to learn more about these options.
## Get insights on data and data quality
Use the **Data Quality and Insights Report** to perform an analysis of the data that you've imported into Data Wrangler. We recommend that you create the report after you import your dataset. You can use the report to help you clean and process your data. It gives you information such as the number of missing values and the number of outliers. If you have issues with your data, such as target leakage or imbalance, the insights report can bring those issues to your attention.
Use the following procedure to create a Data Quality and Insights report. It assumes that you've already imported a dataset into your Data Wrangler flow.
**To create a Data Quality and Insights report**
1. Choose the ellipsis icon next to a node in your Data Wrangler flow.
1. Select **Get data insights**.
1. For **Analysis type**, select **Data Quality and Insights Report**.
1. For **Analysis name**, specify a name for the insights report.
1. For **Problem type**, specify **Regression** or **Classification**.
1. For **Target column**, specify the target column.
1. For **Data size**, specify one of the following:
+ **Sampled dataset** – Uses the interactive sample from your data flow, which can contain up to 200,000 rows of your dataset. For information about how to edit the size of your sample, see [Edit the data flow sampling configuration](canvas-data-flow-edit-sampling.md).
+ **Full dataset** – Uses the full dataset from your data source to create the report.
**Note**
Creating a Data Quality and Insights report on the full dataset uses an Amazon SageMaker processing job. A SageMaker Processing job provisions the additional compute resources required to get insights for all of your data. For more information about SageMaker Processing jobs, see [Data transformation workloads with SageMaker Processing](processing-job.md).
1. Choose **Create**.
The following topics show the sections of the report:
**Topics**
+ [
### Summary
](#canvas-data-insights-summary)
+ [
### Target column
](#canvas-data-insights-target-column)
+ [
### Quick model
](#canvas-data-insights-quick-model)
+ [
### Feature summary
](#canvas-data-insights-feature-summary)
+ [
### Samples
](#canvas-data-insights-samples)
+ [
### Definitions
](#canvas-data-insights-definitions)
You can either download the report or view it online. To download the report, choose the download button at the top right corner of the screen.
### Summary
The insights report has a brief summary of the data that includes general information such as missing values, invalid values, feature types, outlier counts, and more. It can also include high severity warnings that point to probable issues with the data. We recommend that you investigate the warnings.
### Target column
When you create the Data Quality and Insights Report, Data Wrangler gives you the option to select a target column. A target column is a column that you're trying to predict. When you choose a target column, Data Wrangler automatically creates a target column analysis. It also ranks the features in the order of their predictive power. When you select a target column, you must specify whether you’re trying to solve a regression or a classification problem.
For classification, Data Wrangler shows a table and a histogram of the most common classes. A class is a category. It also presents observations, or rows, with a missing or invalid target value.
For regression, Data Wrangler shows a histogram of all the values in the target column. It also presents observations, or rows, with a missing, invalid, or outlier target value.
### Quick model
The **Quick model** provides an estimate of the expected predicted quality of a model that you train on your data.
Data Wrangler splits your data into training and validation folds. It uses 80% of the samples for training and 20% of the values for validation. For classification, the sample is stratified split. For a stratified split, each data partition has the same ratio of labels. For classification problems, it's important to have the same ratio of labels between the training and classification folds. Data Wrangler trains the XGBoost model with the default hyperparameters. It applies early stopping on the validation data and performs minimal feature preprocessing.
For classification models, Data Wrangler returns both a model summary and a confusion matrix.
To learn more about the information that the classification model summary returns, see [Definitions](#canvas-data-insights-definitions).
A confusion matrix gives you the following information:
+ The number of times the predicted label matches the true label.
+ The number of times the predicted label doesn't match the true label.
The true label represents an actual observation in your data. For example, if you're using a model to detect fraudulent transactions, the true label represents a transaction that is actually fraudulent or non-fraudulent. The predicted label represents the label that your model assigns to the data.
You can use the confusion matrix to see how well the model predicts the presence or the absence of a condition. If you're predicting fraudulent transactions, you can use the confusion matrix to get a sense of both the sensitivity and the specificity of the model. The sensitivity refers to the model's ability to detect fraudulent transactions. The specificity refers to the model's ability to avoid detecting non-fraudulent transactions as fraudulent.
### Feature summary
When you specify a target column, Data Wrangler orders the features by their prediction power. Prediction power is measured on the data after it is split into 80% training and 20% validation folds. Data Wrangler fits a model for each feature separately on the training fold. It applies minimal feature preprocessing and measures prediction performance on the validation data.
It normalizes the scores to the range [0,1]. Higher prediction scores indicate columns that are more useful for predicting the target on their own. Lower scores point to columns that aren’t predictive of the target column.
It’s uncommon for a column that isn’t predictive on its own to be predictive when it’s used in tandem with other columns. You can confidently use the prediction scores to determine whether a feature in your dataset is predictive.
A low score usually indicates the feature is redundant. A score of 1 implies perfect predictive abilities, which often indicates target leakage. Target leakage usually happens when the dataset contains a column that isn’t available at the prediction time. For example, it could be a duplicate of the target column.
### Samples
Data Wrangler provides information about whether your samples are anomalous or if there are duplicates in your dataset.
Data Wrangler detects anomalous samples using the *isolation forest algorithm*. The isolation forest associates an anomaly score with each sample (row) of the dataset. Low anomaly scores indicate anomalous samples. High scores are associated with non-anomalous samples. Samples with a negative anomaly score are usually considered anomalous and samples with positive anomaly score are considered non-anomalous.
When you look at a sample that might be anomalous, we recommend that you pay attention to unusual values. For example, you might have anomalous values that result from errors in gathering and processing the data. The following is an example of the most anomalous samples according to the Data Wrangler’s implementation of the isolation forest algorithm. We recommend using domain knowledge and business logic when you examine the anomalous samples.
Data Wrangler detects duplicate rows and calculates the ratio of duplicate rows in your data. Some data sources could include valid duplicates. Other data sources could have duplicates that point to problems in data collection. Duplicate samples that result from faulty data collection could interfere with machine learning processes that rely on splitting the data into independent training and validation folds.
The following are elements of the insights report that can be impacted by duplicated samples:
+ Quick model
+ Prediction power estimation
+ Automatic hyperparameter tuning
You can remove duplicate samples from the dataset using the **Drop duplicates** transform under **Manage rows**. Data Wrangler shows you the most frequently duplicated rows.
### Definitions
The following are definitions for the technical terms that are used in the data insights report.
------
#### [ Feature types ]
The following are the definitions for each of the feature types:
+ **Numeric** – Numeric values can be either floats or integers, such as age or income. The machine learning models assume that numeric values are ordered and a distance is defined over them. For example, 3 is closer to 4 than to 10 and 3 < 4 < 10.
+ **Categorical** – The column entries belong to a set of unique values, which is usually much smaller than the number of entries in the column. For example, a column of length 100 could contain the unique values `Dog`, `Cat`, and `Mouse`. The values could be numeric, text, or a combination of both. `Horse`, `House`, `8`, `Love`, and `3.1` would all be valid values and could be found in the same categorical column. The machine learning model does not assume order or distance on the values of categorical features, as opposed to numeric features, even when all the values are numbers.
+ **Binary** – Binary features are a special categorical feature type in which the cardinality of the set of unique values is 2.
+ **Text** – A text column contains many non-numeric unique values. In extreme cases, all the elements of the column are unique. In an extreme case, no two entries are the same.
+ **Datetime** – A datetime column contains information about the date or time. It can have information about both the date and time.
------
#### [ Feature statistics ]
The following are definitions for each of the feature statistics:
+ **Prediction power** – Prediction power measures how useful the column is in predicting the target.
+ **Outliers** (in numeric columns) – Data Wrangler detects outliers using two statistics that are robust to outliers: median and robust standard deviation (RSTD). RSTD is derived by clipping the feature values to the range [5 percentile, 95 percentile] and calculating the standard deviation of the clipped vector. All values larger than median \$1 5 \$1 RSTD or smaller than median - 5 \$1 RSTD are considered to be outliers.
+ **Skew** (in numeric columns) – Skew measures the symmetry of the distribution and is defined as the third moment of the distribution divided by the third power of the standard deviation. The skewness of the normal distribution or any other symmetric distribution is zero. Positive values imply that the right tail of the distribution is longer than the left tail. Negative values imply that the left tail of the distribution is longer than the right tail. As a rule of thumb, a distribution is considered skewed when the absolute value of the skew is larger than 3.
+ **Kurtosis** (in numeric columns) – Pearson's kurtosis measures the heaviness of the tail of the distribution. It's defined as the fourth moment of the distribution divided by the square of the second moment. The kurtosis of the normal distribution is 3. Kurtosis values lower than 3 imply that the distribution is concentrated around the mean and the tails are lighter than the tails of the normal distribution. Kurtosis values higher than 3 imply heavier tails or outliers.
+ **Missing values** – Null-like objects, empty strings and strings composed of only white spaces are considered missing.
+ **Valid values for numeric features or regression target** – All values that you can cast to finite floats are valid. Missing values are not valid.
+ **Valid values for categorical, binary, or text features, or for classification target** – All values that are not missing are valid.
+ **Datetime features** – All values that you can cast to a datetime object are valid. Missing values are not valid.
+ **Invalid values** – Values that are either missing or you can't properly cast. For example, in a numeric column, you can't cast the string `"six"` or a null value.
------
#### [ Quick model metrics for regression ]
The following are the definitions for the quick model metrics:
+ R2 or coefficient of determination) – R2 is the proportion of the variation in the target that is predicted by the model. R2 is in the range of [-infty, 1]. 1 is the score of the model that predicts the target perfectly and 0 is the score of the trivial model that always predicts the target mean.
+ MSE or mean squared error – MSE is in the range [0, infty]. 0 is the score of the model that predicts the target perfectly.
+ MAE or mean absolute error – MAE is in the range [0, infty] where 0 is the score of the model that predicts the target perfectly.
+ RMSE or root mean square error – RMSE is in the range [0, infty] where 0 is the score of the model that predicts the target perfectly.
+ Max error – The maximum absolute value of the error over the dataset. Max error is in the range [0, infty]. 0 is the score of the model that predicts the target perfectly.
+ Median absolute error – Median absolute error is in the range [0, infty]. 0 is the score of the model that predicts the target perfectly.
------
#### [ Quick model metrics for classification ]
The following are the definitions for the quick model metrics:
+ **Accuracy** – Accuracy is the ratio of samples that are predicted accurately. Accuracy is in the range [0, 1]. 0 is the score of the model that predicts all samples incorrectly and 1 is the score of the perfect model.
+ **Balanced accuracy** – Balanced accuracy is the ratio of samples that are predicted accurately when the class weights are adjusted to balance the data. All classes are given the same importance, regardless of their frequency. Balanced accuracy is in the range [0, 1]. 0 is the score of the model that predicts all samples wrong. 1 is the score of the perfect model.
+ **AUC (binary classification)** – This is the area under the receiver operating characteristic curve. AUC is in the range [0, 1] where a random model returns a score of 0.5 and the perfect model returns a score of 1.
+ **AUC (OVR)** – For multiclass classification, this is the area under the receiver operating characteristic curve calculated separately for each label using one versus rest. Data Wrangler reports the average of the areas. AUC is in the range [0, 1] where a random model returns a score of 0.5 and the perfect model returns a score of 1.
+ **Precision** – Precision is defined for a specific class. Precision is the fraction of true positives out of all the instances that the model classified as that class. Precision is in the range [0, 1]. 1 is the score of the model that has no false positives for the class. For binary classification, Data Wrangler reports the precision of the positive class.
+ **Recall** – Recall is defined for a specific class. Recall is the fraction of the relevant class instances that are successfully retrieved. Recall is in the range [0, 1]. 1 is the score of the model that classifies all the instances of the class correctly. For binary classification, Data Wrangler reports the recall of the positive class.
+ **F1** – F1 is defined for a specific class. It's the harmonic mean of the precision and recall. F1 is in the range [0, 1]. 1 is the score of the perfect model. For binary classification, Data Wrangler reports the F1 for classes with positive values.
------
#### [ Textual patterns ]
**Patterns** describe the textual format of a string using an easy to read format. The following are examples of textual patterns:
+ "\$1digits:4-7\$1" describes a sequence of digits that have a length between 4 and 7.
+ "\$1alnum:5\$1" describes an alpha-numeric string with a length of exactly 5.
Data Wrangler infers the patterns by looking at samples of non-empty strings from your data. It can describe many of the commonly used patterns. The **confidence** expressed as a percentage indicates how much of the data is estimated to match the pattern. Using the textual pattern, you can see which rows in your data you need to correct or drop.
The following describes the patterns that Data Wrangler can recognize:
| Pattern | Textual Format |
| --- | --- |
| \$1alnum\$1 | Alphanumeric strings |
| \$1any\$1 | Any string of word characters |
| \$1digits\$1 | A sequence of digits |
| \$1lower\$1 | A lowercase word |
| \$1mixed\$1 | A mixed-case word |
| \$1name\$1 | A word beginning with a capital letter |
| \$1upper\$1 | An uppercase word |
| \$1whitespace\$1 | Whitespace characters |
A word character is either an underscore or a character that might appear in a word in any language. For example, the strings `'Hello_word'` and `'écoute'` both consist of word characters. 'H' and 'é' are both examples of word characters.
------
## Bias report
SageMaker Canvas provides the bias report in Data Wrangler to help uncover potential biases in your data. The bias report analyzes the relationship between the target column (label) and a column that you believe might contain bias (facet variable). For example, if you are trying to predict customer conversion, the facet variable may be the age of the customer. The bias report can help you determine whether or not your data is biased toward a certain age group.
To generate a bias report in Canvas, do the following:
1. In your data flow in Data Wrangler, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) next to a node in the flow.
1. From the context menu, choose **Get data insights**.
1. The **Create analysis** side panel opens. For the **Analysis type** dropdown menu, select **Bias Report**.
1. In the **Analysis name** field, enter a name for the bias report.
1. For the **Select the column your model predicts (target)** dropdown menu, select your target column.
1. For **Is your predicted column a value or threshold?**, select **Value** if your target column has categorical values or **Threshold** if it has numerical values.
1. For **Predicted value** (or **Predicted threshold**, depending on your selection in the previous step), enter the target column value or values that correspond to a positive outcome. For example, if predicting customer conversion, your value might be `yes` to indicate that a customer was converted.
1. For the **Select the column to analyze for bias** dropdown menu, select the column that you believe might contain bias, also known as the facet variable.
1. For **Is your column a value or threshold?**, select **Value** if the facet variable has categorical values or **Threshold** if it has numerical values.
1. For **Column value(s) to analyze for bias** (or **Column threshold to analyze for bias**, depending on your selection in the previous step), enter the value or values that you want to analyze for potential bias. For example, if you're checking for bias against customers over a certain age, use the beginning of that age range as your threshold.
1. For **Choose bias metrics**, select the bias metrics you'd like to include in your bias report. Hover over the info icons for more information about each metric.
1. (Optional) When prompted with the option **Would you like to analyze additional metrics?**, select **Yes** to view and include more bias metrics.
1. When you're ready to create the bias report, choose **Add**.
Once generated, the report gives you an overview of the bias metrics you selected. You can view the bias report at any time from the **Analyses** tab of your data flow.
## Histogram
Use histograms to see the counts of feature values for a specific feature. You can inspect the relationships between features using the **Color by** option.
You can use the **Facet by** feature to create histograms of one column, for each value in another column.
## Scatter plot
Use the **Scatter Plot** feature to inspect the relationship between features. To create a scatter plot, select a feature to plot on the **X axis** and the **Y axis**. Both of these columns must be numeric typed columns.
You can color scatter plots by an additional column.
Additionally, you can facet scatter plots by features.
## Table summary
Use the **Table Summary** analysis to quickly summarize your data.
For columns with numerical data, including log and float data, a table summary reports the number of entries (count), minimum (min), maximum (max), mean, and standard deviation (stddev) for each column.
For columns with non-numerical data, including columns with string, Boolean, or date/time data, a table summary reports the number of entries (count), least frequent value (min), and most frequent value (max).
## Quick model
Use the **Quick Model** visualization to quickly evaluate your data and produce importance scores for each feature. A [feature importance score](http://spark.apache.org/docs/2.1.0/api/python/pyspark.ml.html#pyspark.ml.classification.DecisionTreeClassificationModel.featureImportances) score indicates how useful a feature is at predicting a target label. The feature importance score is between [0, 1] and a higher number indicates that the feature is more important to the whole dataset. On the top of the quick model chart, there is a model score. A classification problem shows an F1 score. A regression problem has a mean squared error (MSE) score.
When you create a quick model chart, you select a dataset you want evaluated, and a target label against which you want feature importance to be compared. Data Wrangler does the following:
+ Infers the data types for the target label and each feature in the dataset selected.
+ Determines the problem type. Based on the number of distinct values in the label column, Data Wrangler determines if this is a regression or classification problem type. Data Wrangler sets a categorical threshold to 100. If there are more than 100 distinct values in the label column, Data Wrangler classifies it as a regression problem; otherwise, it is classified as a classification problem.
+ Pre-processes features and label data for training. The algorithm used requires encoding features to vector type and encoding labels to double type.
+ Trains a random forest algorithm with 70% of data. Spark’s [RandomForestRegressor](https://spark.apache.org/docs/latest/ml-classification-regression.html#random-forest-regression) is used to train a model for regression problems. The [RandomForestClassifier](https://spark.apache.org/docs/latest/ml-classification-regression.html#random-forest-classifier) is used to train a model for classification problems.
+ Evaluates a random forest model with the remaining 30% of data. Data Wrangler evaluates classification models using an F1 score and evaluates regression models using an MSE score.
+ Calculates feature importance for each feature using the Gini importance method.
## Target leakage
Target leakage occurs when there is data in a machine learning training dataset that is strongly correlated with the target label, but is not available in real-world data. For example, you may have a column in your dataset that serves as a proxy for the column you want to predict with your model.
When you use the **Target Leakage** analysis, you specify the following:
+ **Target**: This is the feature about which you want your ML model to be able to make predictions.
+ **Problem type**: This is the ML problem type on which you are working. Problem type can either be **classification** or **regression**.
+ (Optional) **Max features**: This is the maximum number of features to present in the visualization, which shows features ranked by their risk of being target leakage.
For classification, the target leakage analysis uses the area under the receiver operating characteristic, or AUC - ROC curve for each column, up to **Max features**. For regression, it uses a coefficient of determination, or R2 metric.
The AUC - ROC curve provides a predictive metric, computed individually for each column using cross-validation, on a sample of up to around 1000 rows. A score of 1 indicates perfect predictive abilities, which often indicates target leakage. A score of 0.5 or lower indicates that the information on the column could not provide, on its own, any useful information towards predicting the target. Although it can happen that a column is uninformative on its own but is useful in predicting the target when used in tandem with other features, a low score could indicate the feature is redundant.
## Multicollinearity
Multicollinearity is a circumstance where two or more predictor variables are related to each other. The predictor variables are the features in your dataset that you're using to predict a target variable. When you have multicollinearity, the predictor variables are not only predictive of the target variable, but also predictive of each other.
You can use the **Variance Inflation Factor (VIF)**, **Principal Component Analysis (PCA)**, or **Lasso feature selection** as measures for the multicollinearity in your data. For more information, see the following.
------
#### [ Variance Inflation Factor (VIF) ]
The Variance Inflation Factor (VIF) is a measure of collinearity among variable pairs. Data Wrangler returns a VIF score as a measure of how closely the variables are related to each other. A VIF score is a positive number that is greater than or equal to 1.
A score of 1 means that the variable is uncorrelated with the other variables. Scores greater than 1 indicate higher correlation.
Theoretically, you can have a VIF score with a value of infinity. Data Wrangler clips high scores to 50. If you have a VIF score greater than 50, Data Wrangler sets the score to 50.
You can use the following guidelines to interpret your VIF scores:
+ A VIF score less than or equal to 5 indicates that the variables are moderately correlated with the other variables.
+ A VIF score greater than or equal to 5 indicates that the variables are highly correlated with the other variables.
------
#### [ Principle Component Analysis (PCA) ]
Principal Component Analysis (PCA) measures the variance of the data along different directions in the feature space. The feature space consists of all the predictor variables that you use to predict the target variable in your dataset.
For example, if you're trying to predict who survived on the *RMS Titanic* after it hit an iceberg, your feature space can include the passengers' age, gender, and the fare that they paid.
From the feature space, PCA generates an ordered list of variances. These variances are also known as singular values. The values in the list of variances are greater than or equal to 0. We can use them to determine how much multicollinearity there is in our data.
When the numbers are roughly uniform, the data has very few instances of multicollinearity. When there is a lot of variability among the values, we have many instances of multicollinearity. Before it performs PCA, Data Wrangler normalizes each feature to have a mean of 0 and a standard deviation of 1.
**Note**
PCA in this circumstance can also be referred to as Singular Value Decomposition (SVD).
------
#### [ Lasso feature selection ]
Lasso feature selection uses the L1 regularization technique to only include the most predictive features in your dataset.
For both classification and regression, the regularization technique generates a coefficient for each feature. The absolute value of the coefficient provides an importance score for the feature. A higher importance score indicates that it is more predictive of the target variable. A common feature selection method is to use all the features that have a non-zero lasso coefficient.
------
## Detect anomalies in time series data
You can use the anomaly detection visualization to see outliers in your time series data. To understand what determines an anomaly, you need to understand that we decompose the time series into a predicted term and an error term. We treat the seasonality and trend of the time series as the predicted term. We treat the residuals as the error term.
For the error term, you specify a threshold as the number of standard of deviations the residual can be away from the mean for it to be considered an anomaly. For example, you can specify a threshold as being 3 standard deviations. Any residual greater than 3 standard deviations away from the mean is an anomaly.
You can use the following procedure to perform an **Anomaly detection** analysis.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add analysis**.
1. For **Analysis type**, choose **Time Series**.
1. For **Visualization**, choose **Anomaly detection**.
1. For **Anomaly threshold**, choose the threshold that a value is considered an anomaly.
1. Choose **Preview** to generate a preview of the analysis.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
## Seasonal trend decomposition in time series data
You can determine whether there's seasonality in your time series data by using the Seasonal Trend Decomposition visualization. We use the STL (Seasonal Trend decomposition using LOESS) method to perform the decomposition. We decompose the time series into its seasonal, trend, and residual components. The trend reflects the long term progression of the series. The seasonal component is a signal that recurs in a time period. After removing the trend and the seasonal components from the time series, you have the residual.
You can use the following procedure to perform a **Seasonal-Trend decomposition** analysis.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add analysis**.
1. For **Analysis type**, choose **Time Series**.
1. For **Visualization**, choose **Seasonal-Trend decomposition**.
1. For **Anomaly threshold**, choose the threshold that a value is considered an anomaly.
1. Choose **Preview** to generate a preview of the analysis.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
## Create custom visualizations
You can add an analysis to your Data Wrangler flow to create a custom visualization. Your dataset, with all the transformations you've applied, is available as a [Pandas DataFrame](https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.DataFrame.html). Data Wrangler uses the `df` variable to store the dataframe. You access the dataframe by calling the variable.
You must provide the output variable, `chart`, to store an [Altair](https://altair-viz.github.io/) output chart. For example, you can use the following code block to create a custom histogram using the Titanic dataset.
```
import altair as alt
df = df.iloc[:30]
df = df.rename(columns={"Age": "value"})
df = df.assign(count=df.groupby('value').value.transform('count'))
df = df[["value", "count"]]
base = alt.Chart(df)
bar = base.mark_bar().encode(x=alt.X('value', bin=True, axis=None), y=alt.Y('count'))
rule = base.mark_rule(color='red').encode(
x='mean(value):Q',
size=alt.value(5))
chart = bar + rule
```
**To create a custom visualization:**
1. Next to the node containing the transformation that you'd like to visualize, choose the **\$1**.
1. Choose **Add analysis**.
1. For **Analysis type**, choose **Custom Visualization**.
1. For **Analysis name**, specify a name.
1. Enter your code in the code box.
1. Choose **Preview** to preview your visualization.
1. Choose **Save** to add your visualization.
If you don’t know how to use the Altair visualization package in Python, you can use custom code snippets to help you get started.
Data Wrangler has a searchable collection of visualization snippets. To use a visualization snippet, choose **Search example snippets** and specify a query in the search bar.
The following example uses the **Binned scatterplot** code snippet. It plots a histogram for 2 dimensions.
The snippets have comments to help you understand the changes that you need to make to the code. You usually need to specify the column names of your dataset in the code.
```
import altair as alt
# Specify the number of top rows for plotting
rows_number = 1000
df = df.head(rows_number)
# You can also choose bottom rows or randomly sampled rows
# df = df.tail(rows_number)
# df = df.sample(rows_number)
chart = (
alt.Chart(df)
.mark_circle()
.encode(
# Specify the column names for binning and number of bins for X and Y axis
x=alt.X("col1:Q", bin=alt.Bin(maxbins=20)),
y=alt.Y("col2:Q", bin=alt.Bin(maxbins=20)),
size="count()",
)
)
# :Q specifies that label column has quantitative type.
# For more details on Altair typing refer to
# https://altair-viz.github.io/user_guide/encoding.html#encoding-data-types
```
# Transform data
Amazon SageMaker Data Wrangler provides numerous ML data transforms to streamline cleaning and featurizing your data. Using the interactive data preparation tools in Data Wrangler, you can sample datasets of any size with a variety of sampling techniques and start exploring your data in a matter of minutes. After finalizing your data transforms on the sampled data, you can then scale the data flow to apply those transformations to the entire dataset.
When you add a transform, it adds a step to the data flow. Each transform you add modifies your dataset and produces a new dataframe. All subsequent transforms apply to the resulting dataframe.
Data Wrangler includes built-in transforms, which you can use to transform columns without any code. If you know how you want to prepare your data but don't know how to get started or which transforms to use, you can use the chat for data prep feature to interact conversationally with Data Wrangler and apply transforms using natural language. For more information, see [Chat for data prep](canvas-chat-for-data-prep.md).
You can also add custom transformations using PySpark, Python (User-Defined Function), pandas, and PySpark SQL. Some transforms operate in place, while others create a new output column in your dataset.
You can apply transforms to multiple columns at once. For example, you can delete multiple columns in a single step.
You can apply the **Process numeric** and **Handle missing** transforms only to a single column.
Use this page to learn more about the built-in and custom transforms offered by Data Wrangler.
## Join Datasets
You can join datasets directly in your data flow. When you join two datasets, the resulting joined dataset appears in your flow. The following join types are supported by Data Wrangler.
+ **Left outer** – Include all rows from the left table. If the value for the column joined on a left table row does not match any right table row values, that row contains null values for all right table columns in the joined table.
+ **Left anti** – Include rows from the left table that do not contain values in the right table for the joined column.
+ **Left semi** – Include a single row from the left table for all identical rows that satisfy the criteria in the join statement. This excludes duplicate rows from the left table that match the criteria of the join.
+ **Right outer** – Include all rows from the right table. If the value for the joined column in a right table row does not match any left table row values, that row contains null values for all left table columns in the joined table.
+ **Inner** – Include rows from left and right tables that contain matching values in the joined column.
+ **Full outer** – Include all rows from the left and right tables. If the row value for the joined column in either table does not match, separate rows are created in the joined table. If a row doesn’t contain a value for a column in the joined table, null is inserted for that column.
+ **Cartesian cross** – Include rows which combine each row from the first table with each row from the second table. This is a [Cartesian product](https://en.wikipedia.org/wiki/Cartesian_product) of rows from tables in the join. The result of this product is the size of the left table times the size of the right table. Therefore, we recommend caution in using this join between very large datasets.
Use the following procedure to join two datasets. You should have already imported two data sources into your data flow.
1. Select the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) next to the left node that you want to join. The first node you select is always the left table in your join.
1. Hover over **Combine data**, and then choose **Join**.
1. Select the right node. The second node you select is always the right table in your join.
1. The **Join type** field is set to **Inner join** by default. Select the dropdown menu to change the join type.
1. For **Join keys**, verify the columns from the left and right tables that you want to use to join the data. You can add or remove additional join keys.
1. For **Name of join**, enter a name for the joined data, or use the default name.
1. (Optional) Choose **Preview** to preview the joined data.
1. Choose **Add** to complete the join.
**Note**
If you receive a notice that Canvas didn't identify any matching rows when joining your data, we recommend that you either verify that you've selected the correct columns, or update your sample to try to find matching rows. You can choose a different sampling strategy or change the size of the sample. For information about how to edit the sample, see [Edit the data flow sampling configuration](canvas-data-flow-edit-sampling.md).
You should now see a join node added to your data flow.
## Concatenate Datasets
Concatenating combines two datasets by appending the rows from one dataset to another.
Use the following procedure to concatenate two datasets. You should have already imported two data sources into your data flow.
**To concatenate two datasets:**
1. Select the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) next to the left node that you want to concatenate. The first node you select is always the left table in your concatenate operation.
1. Hover over **Combine data**, and then choose **Concatenate**.
1. Select the right node. The second node you select is always the right table in your concatenate.
1. (Optional) Select the checkbox next to **Remove duplicates after concatenation** to remove duplicate columns.
1. (Optional) Select the checkbox next to **Add column to indicate source dataframe** to add a column to the resulting dataframe that lists the source dataset for each record.
1. For **Indicator column name**, enter a name for the added column.
1. For **First dataset indicating string**, enter the value you want to use to mark records from the first dataset (or the left node).
1. For **Second dataset indicating string**, enter the value you want to use to mark records from the second dataset (or the right node).
1. For **Name of concatenate**, enter a name for the concatenation.
1. (Optional) Choose **Preview** to preview the concatenated data.
1. Choose **Add** to add the new dataset to your data flow.
You should now see a concatenate node added to your data flow.
## Balance Data
You can balance the data for datasets with an underrepresented category. Balancing a dataset can help you create better models for binary classification.
**Note**
You can't balance datasets containing column vectors.
You can use the **Balance data** operation to balance your data using one of the following operators:
+ *Random oversampling* – Randomly duplicates samples in the minority category. For example, if you're trying to detect fraud, you might only have cases of fraud in 10% of your data. For an equal proportion of fraudulent and non-fraudulent cases, this operator randomly duplicates fraud cases within the dataset 8 times.
+ *Random undersampling* – Roughly equivalent to random oversampling. Randomly removes samples from the overrepresented category to get the proportion of samples that you desire.
+ *Synthetic Minority Oversampling Technique (SMOTE)* – Uses samples from the underrepresented category to interpolate new synthetic minority samples. For more information about SMOTE, see the following description.
You can use all transforms for datasets containing both numeric and non-numeric features. SMOTE interpolates values by using neighboring samples. Data Wrangler uses the R-squared distance to determine the neighborhood to interpolate the additional samples. Data Wrangler only uses numeric features to calculate the distances between samples in the underrepresented group.
For two real samples in the underrepresented group, Data Wrangler interpolates the numeric features by using a weighted average. It randomly assigns weights to those samples in the range of [0, 1]. For numeric features, Data Wrangler interpolates samples using a weighted average of the samples. For samples A and B, Data Wrangler could randomly assign a weight of 0.7 to A and 0.3 to B. The interpolated sample has a value of 0.7A \$1 0.3B.
Data Wrangler interpolates non-numeric features by copying from either of the interpolated real samples. It copies the samples with a probability that it randomly assigns to each sample. For samples A and B, it can assign probabilities 0.8 to A and 0.2 to B. For the probabilities it assigned, it copies A 80% of the time.
## Custom Transforms
The **Custom Transforms** group allows you to use Python (User-Defined Function), PySpark, pandas, or PySpark (SQL) to define custom transformations. For all three options, you use the variable `df` to access the dataframe to which you want to apply the transform. To apply your custom code to your dataframe, assign the dataframe with the transformations that you've made to the `df` variable. If you're not using Python (User-Defined Function), you don't need to include a return statement. Choose **Preview** to preview the result of the custom transform. Choose **Add** to add the custom transform to your list of **Previous steps**.
You can import the popular libraries with an `import` statement in the custom transform code block, such as the following:
+ NumPy version 1.19.0
+ scikit-learn version 0.23.2
+ SciPy version 1.5.4
+ pandas version 1.0.3
+ PySpark version 3.0.0
**Important**
**Custom transform** doesn't support columns with spaces or special characters in the name. We recommend that you specify column names that only have alphanumeric characters and underscores. You can use the **Rename column** transform in the **Manage columns** transform group to remove spaces from a column's name. You can also add a **Python (Pandas)** **Custom transform** similar to the following to remove spaces from multiple columns in a single step. This example changes columns named `A column` and `B column` to `A_column` and `B_column` respectively.
```
df.rename(columns={"A column": "A_column", "B column": "B_column"})
```
If you include print statements in the code block, the result appears when you select **Preview**. You can resize the custom code transformer panel. Resizing the panel provides more space to write code.
The following sections provide additional context and examples for writing custom transform code.
**Python (User-Defined Function)**
The Python function gives you the ability to write custom transformations without needing to know Apache Spark or pandas. Data Wrangler is optimized to run your custom code quickly. You get similar performance using custom Python code and an Apache Spark plugin.
To use the Python (User-Defined Function) code block, you specify the following:
+ **Input column** – The input column where you're applying the transform.
+ **Mode** – The scripting mode, either pandas or Python.
+ **Return type** – The data type of the value that you're returning.
Using the pandas mode gives better performance. The Python mode makes it easier for you to write transformations by using pure Python functions.
**PySpark**
The following example extracts date and time from a timestamp.
```
from pyspark.sql.functions import from_unixtime, to_date, date_format
df = df.withColumn('DATE_TIME', from_unixtime('TIMESTAMP'))
df = df.withColumn( 'EVENT_DATE', to_date('DATE_TIME')).withColumn(
'EVENT_TIME', date_format('DATE_TIME', 'HH:mm:ss'))
```
**pandas**
The following example provides an overview of the dataframe to which you are adding transforms.
```
df.info()
```
**PySpark (SQL)**
The following example creates a new dataframe with four columns: *name*, *fare*, *pclass*, *survived*.
```
SELECT name, fare, pclass, survived FROM df
```
If you don’t know how to use PySpark, you can use custom code snippets to help you get started.
Data Wrangler has a searchable collection of code snippets. You can use to code snippets to perform tasks such as dropping columns, grouping by columns, or modelling.
To use a code snippet, choose **Search example snippets** and specify a query in the search bar. The text you specify in the query doesn’t have to match the name of the code snippet exactly.
The following example shows a **Drop duplicate rows** code snippet that can delete rows with similar data in your dataset. You can find the code snippet by searching for one of the following:
+ Duplicates
+ Identical
+ Remove
The following snippet has comments to help you understand the changes that you need to make. For most snippets, you must specify the column names of your dataset in the code.
```
# Specify the subset of columns
# all rows having identical values in these columns will be dropped
subset = ["col1", "col2", "col3"]
df = df.dropDuplicates(subset)
# to drop the full-duplicate rows run
# df = df.dropDuplicates()
```
To use a snippet, copy and paste its content into the **Custom transform** field. You can copy and paste multiple code snippets into the custom transform field.
## Custom Formula
Use **Custom formula** to define a new column using a Spark SQL expression to query data in the current dataframe. The query must use the conventions of Spark SQL expressions.
**Important**
**Custom formula** doesn't support columns with spaces or special characters in the name. We recommend that you specify column names that only have alphanumeric characters and underscores. You can use the **Rename column** transform in the **Manage columns** transform group to remove spaces from a column's name. You can also add a **Python (Pandas)** **Custom transform** similar to the following to remove spaces from multiple columns in a single step. This example changes columns named `A column` and `B column` to `A_column` and `B_column` respectively.
```
df.rename(columns={"A column": "A_column", "B column": "B_column"})
```
You can use this transform to perform operations on columns, referencing the columns by name. For example, assuming the current dataframe contains columns named *col\$1a* and *col\$1b*, you can use the following operation to produce an **Output column** that is the product of these two columns with the following code:
```
col_a * col_b
```
Other common operations include the following, assuming a dataframe contains `col_a` and `col_b` columns:
+ Concatenate two columns: `concat(col_a, col_b)`
+ Add two columns: `col_a + col_b`
+ Subtract two columns: `col_a - col_b`
+ Divide two columns: `col_a / col_b`
+ Take the absolute value of a column: `abs(col_a)`
For more information, see the [Spark documentation](http://spark.apache.org/docs/latest/api/python) on selecting data.
## Reduce Dimensionality within a Dataset
Reduce the dimensionality in your data by using Principal Component Analysis (PCA). The dimensionality of your dataset corresponds to the number of features. When you use dimensionality reduction in Data Wrangler, you get a new set of features called components. Each component accounts for some variability in the data.
The first component accounts for the largest amount of variation in the data. The second component accounts for the second largest amount of variation in the data, and so on.
You can use dimensionality reduction to reduce the size of the data sets that you use to train models. Instead of using the features in your dataset, you can use the principal components instead.
To perform PCA, Data Wrangler creates axes for your data. An axis is an affine combination of columns in your dataset. The first principal component is the value on the axis that has the largest amount of variance. The second principal component is the value on the axis that has the second largest amount of variance. The nth principal component is the value on the axis that has the nth largest amount of variance.
You can configure the number of principal components that Data Wrangler returns. You can either specify the number of principal components directly or you can specify the variance threshold percentage. Each principal component explains an amount of variance in the data. For example, you might have a principal component with a value of 0.5. The component would explain 50% of the variation in the data. When you specify a variance threshold percentage, Data Wrangler returns the smallest number of components that meet the percentage that you specify.
The following are example principal components with the amount of variance that they explain in the data.
+ Component 1 – 0.5
+ Component 2 – 0.45
+ Component 3 – 0.05
If you specify a variance threshold percentage of `94` or `95`, Data Wrangler returns Component 1 and Component 2. If you specify a variance threshold percentage of `96`, Data Wrangler returns all three principal components.
You can use the following procedure to run PCA on your dataset.
To run PCA on your dataset, do the following.
1. Open your Data Wrangler data flow.
1. Choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Dimensionality Reduction**.
1. For **Input Columns**, choose the features that you're reducing into the principal components.
1. (Optional) For **Number of principal components**, choose the number of principal components that Data Wrangler returns in your dataset. If specify a value for the field, you can't specify a value for **Variance threshold percentage**.
1. (Optional) For **Variance threshold percentage**, specify the percentage of variation in the data that you want explained by the principal components. Data Wrangler uses the default value of `95` if you don't specify a value for the variance threshold. You can't specify a variance threshold percentage if you've specified a value for **Number of principal components**.
1. (Optional) Deselect **Center** to not use the mean of the columns as the center of the data. By default, Data Wrangler centers the data with the mean before scaling.
1. (Optional) Deselect **Scale** to not scale the data with the unit standard deviation.
1. (Optional) Choose **Columns** to output the components to separate columns. Choose **Vector** to output the components as a single vector.
1. (Optional) For **Output column**, specify a name for an output column. If you're outputting the components to separate columns, the name that you specify is a prefix. If you're outputting the components to a vector, the name that you specify is the name of the vector column.
1. (Optional) Select **Keep input columns**. We don't recommend selecting this option if you plan on only using the principal components to train your model.
1. Choose **Preview**.
1. Choose **Add**.
## Encode Categorical
Categorical data is usually composed of a finite number of categories, where each category is represented with a string. For example, if you have a table of customer data, a column that indicates the country a person lives in is categorical. The categories would be *Afghanistan*, *Albania*, *Algeria*, and so on. Categorical data can be *nominal* or *ordinal*. Ordinal categories have an inherent order, and nominal categories do not. The highest degree obtained (*High school*, *Bachelors*, *Masters*, and so on) is an example of ordinal categories.
Encoding categorical data is the process of creating a numerical representation for categories. For example, if your categories are *Dog* and *Cat*, you may encode this information into two vectors, `[1,0]` to represent *Dog*, and `[0,1]` to represent *Cat*.
When you encode ordinal categories, you may need to translate the natural order of categories into your encoding. For example, you can represent the highest degree obtained with the following map: `{"High school": 1, "Bachelors": 2, "Masters":3}`.
Use categorical encoding to encode categorical data that is in string format into arrays of integers.
The Data Wrangler categorical encoders create encodings for all categories that exist in a column at the time the step is defined. If new categories have been added to a column when you start a Data Wrangler job to process your dataset at time *t*, and this column was the input for a Data Wrangler categorical encoding transform at time *t*-1, these new categories are considered *missing* in the Data Wrangler job. The option you select for **Invalid handling strategy** is applied to these missing values. Examples of when this can occur are:
+ When you use a .flow file to create a Data Wrangler job to process a dataset that was updated after the creation of the data flow. For example, you may use a data flow to regularly process sales data each month. If that sales data is updated weekly, new categories may be introduced into columns for which an encode categorical step is defined.
+ When you select **Sampling** when you import your dataset, some categories may be left out of the sample.
In these situations, these new categories are considered missing values in the Data Wrangler job.
You can choose from and configure an *ordinal* and a *one-hot encode*. Use the following sections to learn more about these options.
Both transforms create a new column named **Output column name**. You specify the output format of this column with **Output style**:
+ Select **Vector** to produce a single column with a sparse vector.
+ Select **Columns** to create a column for every category with an indicator variable for whether the text in the original column contains a value that is equal to that category.
### Ordinal Encode
Select **Ordinal encode** to encode categories into an integer between 0 and the total number of categories in the **Input column** you select.
**Invalid handing strategy**: Select a method to handle invalid or missing values.
+ Choose **Skip** if you want to omit the rows with missing values.
+ Choose **Keep** to retain missing values as the last category.
+ Choose **Error** if you want Data Wrangler to throw an error if missing values are encountered in the **Input column**.
+ Choose **Replace with NaN** to replace missing with NaN. This option is recommended if your ML algorithm can handle missing values. Otherwise, the first three options in this list may produce better results.
### One-Hot Encode
Select **One-hot encode** for **Transform** to use one-hot encoding. Configure this transform using the following:
+ **Drop last category**: If `True`, the last category does not have a corresponding index in the one-hot encoding. When missing values are possible, a missing category is always the last one and setting this to `True` means that a missing value results in an all zero vector.
+ **Invalid handing strategy**: Select a method to handle invalid or missing values.
+ Choose **Skip** if you want to omit the rows with missing values.
+ Choose **Keep** to retain missing values as the last category.
+ Choose **Error** if you want Data Wrangler to throw an error if missing values are encountered in the **Input column**.
+ **Is input ordinal encoded**: Select this option if the input vector contains ordinal encoded data. This option requires that input data contain non-negative integers. If **True**, input *i* is encoded as a vector with a non-zero in the *i*th location.
### Similarity encode
Use similarity encoding when you have the following:
+ A large number of categorical variables
+ Noisy data
The similarity encoder creates embeddings for columns with categorical data. An embedding is a mapping of discrete objects, such as words, to vectors of real numbers. It encodes similar strings to vectors containing similar values. For example, it creates very similar encodings for "California" and "Calfornia".
Data Wrangler converts each category in your dataset into a set of tokens using a 3-gram tokenizer. It converts the tokens into an embedding using min-hash encoding.
The similarity encodings that Data Wrangler creates:
+ Have low dimensionality
+ Are scalable to a large number of categories
+ Are robust and resistant to noise
For the preceding reasons, similarity encoding is more versatile than one-hot encoding.
To add the similarity encoding transform to your dataset, use the following procedure.
To use similarity encoding, do the following.
1. Sign in to the [Amazon SageMaker AI Console](https://console.aws.amazon.com/sagemaker/).
1. Choose **Open Studio Classic**.
1. Choose **Launch app**.
1. Choose **Studio**.
1. Specify your data flow.
1. Choose a step with a transformation.
1. Choose **Add step**.
1. Choose **Encode categorical**.
1. Specify the following:
+ **Transform** – **Similarity encode**
+ **Input column** – The column containing the categorical data that you're encoding.
+ **Target dimension** – (Optional) The dimension of the categorical embedding vector. The default value is 30. We recommend using a larger target dimension if you have a large dataset with many categories.
+ **Output style** – Choose **Vector** for a single vector with all of the encoded values. Choose **Column** to have the encoded values in separate columns.
+ **Output column** – (Optional) The name of the output column for a vector encoded output. For a column-encoded output, this is the prefix of the column names followed by listed number.
## Featurize Text
Use the **Featurize Text** transform group to inspect string-typed columns and use text embedding to featurize these columns.
This feature group contains two features, *Character statistics* and *Vectorize*. Use the following sections to learn more about these transforms. For both options, the **Input column** must contain text data (string type).
### Character Statistics
Use **Character statistics** to generate statistics for each row in a column containing text data.
This transform computes the following ratios and counts for each row, and creates a new column to report the result. The new column is named using the input column name as a prefix and a suffix that is specific to the ratio or count.
+ **Number of words**: The total number of words in that row. The suffix for this output column is `-stats_word_count`.
+ **Number of characters**: The total number of characters in that row. The suffix for this output column is `-stats_char_count`.
+ **Ratio of upper**: The number of uppercase characters, from A to Z, divided by all characters in the column. The suffix for this output column is `-stats_capital_ratio`.
+ **Ratio of lower**: The number of lowercase characters, from a to z, divided by all characters in the column. The suffix for this output column is `-stats_lower_ratio`.
+ **Ratio of digits**: The ratio of digits in a single row over the sum of digits in the input column. The suffix for this output column is `-stats_digit_ratio`.
+ **Special characters ratio**: The ratio of non-alphanumeric (characters like \$1\$1&%:@) characters to over the sum of all characters in the input column. The suffix for this output column is `-stats_special_ratio`.
### Vectorize
Text embedding involves mapping words or phrases from a vocabulary to vectors of real numbers. Use the Data Wrangler text embedding transform to tokenize and vectorize text data into term frequency–inverse document frequency (TF-IDF) vectors.
When TF-IDF is calculated for a column of text data, each word in each sentence is converted to a real number that represents its semantic importance. Higher numbers are associated with less frequent words, which tend to be more meaningful.
When you define a **Vectorize** transform step, Data Wrangler uses the data in your dataset to define the count vectorizer and TF-IDF methods . Running a Data Wrangler job uses these same methods.
You configure this transform using the following:
+ **Output column name**: This transform creates a new column with the text embedding. Use this field to specify a name for this output column.
+ **Tokenizer**: A tokenizer converts the sentence into a list of words, or *tokens*.
Choose **Standard** to use a tokenizer that splits by white space and converts each word to lowercase. For example, `"Good dog"` is tokenized to `["good","dog"]`.
Choose **Custom** to use a customized tokenizer. If you choose **Custom**, you can use the following fields to configure the tokenizer:
+ **Minimum token length**: The minimum length, in characters, for a token to be valid. Defaults to `1`. For example, if you specify `3` for minimum token length, words like `a, at, in` are dropped from the tokenized sentence.
+ **Should regex split on gaps**: If selected, **regex** splits on gaps. Otherwise, it matches tokens. Defaults to `True`.
+ **Regex pattern**: Regex pattern that defines the tokenization process. Defaults to `' \\ s+'`.
+ **To lowercase**: If chosen, Data Wrangler converts all characters to lowercase before tokenization. Defaults to `True`.
To learn more, see the Spark documentation on [Tokenizer](https://spark.apache.org/docs/latest/ml-features#tokenizer).
+ **Vectorizer**: The vectorizer converts the list of tokens into a sparse numeric vector. Each token corresponds to an index in the vector and a non-zero indicates the existence of the token in the input sentence. You can choose from two vectorizer options, *Count* and *Hashing*.
+ **Count vectorize** allows customizations that filter infrequent or too common tokens. **Count vectorize parameters** include the following:
+ **Minimum term frequency**: In each row, terms (tokens) with smaller frequency are filtered. If you specify an integer, this is an absolute threshold (inclusive). If you specify a fraction between 0 (inclusive) and 1, the threshold is relative to the total term count. Defaults to `1`.
+ **Minimum document frequency**: Minimum number of rows in which a term (token) must appear to be included. If you specify an integer, this is an absolute threshold (inclusive). If you specify a fraction between 0 (inclusive) and 1, the threshold is relative to the total term count. Defaults to `1`.
+ **Maximum document frequency**: Maximum number of documents (rows) in which a term (token) can appear to be included. If you specify an integer, this is an absolute threshold (inclusive). If you specify a fraction between 0 (inclusive) and 1, the threshold is relative to the total term count. Defaults to `0.999`.
+ **Maximum vocabulary size**: Maximum size of the vocabulary. The vocabulary is made up of all terms (tokens) in all rows of the column. Defaults to `262144`.
+ **Binary outputs**: If selected, the vector outputs do not include the number of appearances of a term in a document, but rather are a binary indicator of its appearance. Defaults to `False`.
To learn more about this option, see the Spark documentation on [CountVectorizer](https://spark.apache.org/docs/latest/ml-features#countvectorizer).
+ **Hashing** is computationally faster. **Hash vectorize parameters** includes the following:
+ **Number of features during hashing**: A hash vectorizer maps tokens to a vector index according to their hash value. This feature determines the number of possible hash values. Large values result in fewer collisions between hash values but a higher dimension output vector.
To learn more about this option, see the Spark documentation on [FeatureHasher](https://spark.apache.org/docs/latest/ml-features#featurehasher)
+ **Apply IDF** applies an IDF transformation, which multiplies the term frequency with the standard inverse document frequency used for TF-IDF embedding. **IDF parameters** include the following:
+ **Minimum document frequency **: Minimum number of documents (rows) in which a term (token) must appear to be included. If **count\$1vectorize** is the chosen vectorizer, we recommend that you keep the default value and only modify the **min\$1doc\$1freq** field in **Count vectorize parameters**. Defaults to `5`.
+ ** Output format**:The output format of each row.
+ Select **Vector** to produce a single column with a sparse vector.
+ Select **Flattened** to create a column for every category with an indicator variable for whether the text in the original column contains a value that is equal to that category. You can only choose flattened when **Vectorizer** is set as **Count vectorizer**.
## Transform Time Series
In Data Wrangler, you can transform time series data. The values in a time series dataset are indexed to specific time. For example, a dataset that shows the number of customers in a store for each hour in a day is a time series dataset. The following table shows an example of a time series dataset.
Hourly number of customers in a store
| Number of customers | Time (hour) |
| --- | --- |
| 4 | 09:00 |
| 10 | 10:00 |
| 14 | 11:00 |
| 25 | 12:00 |
| 20 | 13:00 |
| 18 | 14:00 |
For the preceding table, the **Number of Customers** column contains the time series data. The time series data is indexed on the hourly data in the **Time (hour)** column.
You might need to perform a series of transformations on your data to get it in a format that you can use for your analysis. Use the **Time series** transform group to transform your time series data. For more information about the transformations that you can perform, see the following sections.
**Topics**
+ [
### Group by a Time Series
](#canvas-group-by-time-series)
+ [
### Resample Time Series Data
](#canvas-resample-time-series)
+ [
### Handle Missing Time Series Data
](#canvas-transform-handle-missing-time-series)
+ [
### Validate the Timestamp of Your Time Series Data
](#canvas-transform-validate-timestamp)
+ [
### Standardizing the Length of the Time Series
](#canvas-transform-standardize-length)
+ [
### Extract Features from Your Time Series Data
](#canvas-transform-extract-time-series-features)
+ [
### Use Lagged Features from Your Time Series Data
](#canvas-transform-lag-time-series)
+ [
### Create a Datetime Range In Your Time Series
](#canvas-transform-datetime-range)
+ [
### Use a Rolling Window In Your Time Series
](#canvas-transform-rolling-window)
### Group by a Time Series
You can use the group by operation to group time series data for specific values in a column.
For example, you have the following table that tracks the average daily electricity usage in a household.
Average daily household electricity usage
| Household ID | Daily timestamp | Electricity usage (kWh) | Number of household occupants |
| --- | --- | --- | --- |
| household\$10 | 1/1/2020 | 30 | 2 |
| household\$10 | 1/2/2020 | 40 | 2 |
| household\$10 | 1/4/2020 | 35 | 3 |
| household\$11 | 1/2/2020 | 45 | 3 |
| household\$11 | 1/3/2020 | 55 | 4 |
If you choose to group by ID, you get the following table.
Electricity usage grouped by household ID
| Household ID | Electricity usage series (kWh) | Number of household occupants series |
| --- | --- | --- |
| household\$10 | [30, 40, 35] | [2, 2, 3] |
| household\$11 | [45, 55] | [3, 4] |
Each entry in the time series sequence is ordered by the corresponding timestamp. The first element of the sequence corresponds to the first timestamp of the series. For `household_0`, `30` is the first value of the **Electricity Usage Series**. The value of `30` corresponds to the first timestamp of `1/1/2020`.
You can include the starting timestamp and ending timestamp. The following table shows how that information appears.
Electricity usage grouped by household ID
| Household ID | Electricity usage series (kWh) | Number of household occupants series | Start\$1time | End\$1time |
| --- | --- | --- | --- | --- |
| household\$10 | [30, 40, 35] | [2, 2, 3] | 1/1/2020 | 1/4/2020 |
| household\$11 | [45, 55] | [3, 4] | 1/2/2020 | 1/3/2020 |
You can use the following procedure to group by a time series column.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Time Series**.
1. Under **Transform**, choose **Group by**.
1. Specify a column in **Group by this column**.
1. For **Apply to columns**, specify a value.
1. Choose **Preview** to generate a preview of the transform.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
### Resample Time Series Data
Time series data usually has observations that aren't taken at regular intervals. For example, a dataset could have some observations that are recorded hourly and other observations that are recorded every two hours.
Many analyses, such as forecasting algorithms, require the observations to be taken at regular intervals. Resampling gives you the ability to establish regular intervals for the observations in your dataset.
You can either upsample or downsample a time series. Downsampling increases the interval between observations in the dataset. For example, if you downsample observations that are taken either every hour or every two hours, each observation in your dataset is taken every two hours. The hourly observations are aggregated into a single value using an aggregation method such as the mean or median.
Upsampling reduces the interval between observations in the dataset. For example, if you upsample observations that are taken every two hours into hourly observations, you can use an interpolation method to infer hourly observations from the ones that have been taken every two hours. For information on interpolation methods, see [pandas.DataFrame.interpolate](https://pandas.pydata.org/docs/reference/api/pandas.DataFrame.interpolate.html).
You can resample both numeric and non-numeric data.
Use the **Resample** operation to resample your time series data. If you have multiple time series in your dataset, Data Wrangler standardizes the time interval for each time series.
The following table shows an example of downsampling time series data by using the mean as the aggregation method. The data is downsampled from every two hours to every hour.
Hourly temperature readings over a day before downsampling
| Timestamp | Temperature (Celsius) |
| --- | --- |
| 12:00 | 30 |
| 1:00 | 32 |
| 2:00 | 35 |
| 3:00 | 32 |
| 4:00 | 30 |
Temperature readings downsampled to every two hours
| Timestamp | Temperature (Celsius) |
| --- | --- |
| 12:00 | 30 |
| 2:00 | 33.5 |
| 4:00 | 35 |
You can use the following procedure to resample time series data.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Resample**.
1. For **Timestamp**, choose the timestamp column.
1. For **Frequency unit**, specify the frequency that you're resampling.
1. (Optional) Specify a value for **Frequency quantity**.
1. Configure the transform by specifying the remaining fields.
1. Choose **Preview** to generate a preview of the transform.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
### Handle Missing Time Series Data
If you have missing values in your dataset, you can do one of the following:
+ For datasets that have multiple time series, drop the time series that have missing values that are greater than a threshold that you specify.
+ Impute the missing values in a time series by using other values in the time series.
Imputing a missing value involves replacing the data by either specifying a value or by using an inferential method. The following are the methods that you can use for imputation:
+ Constant value – Replace all the missing data in your dataset with a value that you specify.
+ Most common value – Replace all the missing data with the value that has the highest frequency in the dataset.
+ Forward fill – Use a forward fill to replace the missing values with the non-missing value that precedes the missing values. For the sequence: [2, 4, 7, NaN, NaN, NaN, 8], all of the missing values are replaced with 7. The sequence that results from using a forward fill is [2, 4, 7, 7, 7, 7, 8].
+ Backward fill – Use a backward fill to replace the missing values with the non-missing value that follows the missing values. For the sequence: [2, 4, 7, NaN, NaN, NaN, 8], all of the missing values are replaced with 8. The sequence that results from using a backward fill is [2, 4, 7, 8, 8, 8, 8].
+ Interpolate – Uses an interpolation function to impute the missing values. For more information on the functions that you can use for interpolation, see [pandas.DataFrame.interpolate](https://pandas.pydata.org/docs/reference/api/pandas.DataFrame.interpolate.html).
Some of the imputation methods might not be able to impute of all the missing value in your dataset. For example, a **Forward fill** can't impute a missing value that appears at the beginning of the time series. You can impute the values by using either a forward fill or a backward fill.
You can either impute missing values within a cell or within a column.
The following example shows how values are imputed within a cell.
Electricity usage with missing values
| Household ID | Electricity usage series (kWh) |
| --- | --- |
| household\$10 | [30, 40, 35, NaN, NaN] |
| household\$11 | [45, NaN, 55] |
Electricity usage with values imputed using a forward fill
| Household ID | Electricity usage series (kWh) |
| --- | --- |
| household\$10 | [30, 40, 35, 35, 35] |
| household\$11 | [45, 45, 55] |
The following example shows how values are imputed within a column.
Average daily household electricity usage with missing values
| Household ID | Electricity usage (kWh) |
| --- | --- |
| household\$10 | 30 |
| household\$10 | 40 |
| household\$10 | NaN |
| household\$11 | NaN |
| household\$11 | NaN |
Average daily household electricity usage with values imputed using a forward fill
| Household ID | Electricity usage (kWh) |
| --- | --- |
| household\$10 | 30 |
| household\$10 | 40 |
| household\$10 | 40 |
| household\$11 | 40 |
| household\$11 | 40 |
You can use the following procedure to handle missing values.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Handle missing**.
1. For **Time series input type**, choose whether you want to handle missing values inside of a cell or along a column.
1. For **Impute missing values for this column**, specify the column that has the missing values.
1. For **Method for imputing values**, select a method.
1. Configure the transform by specifying the remaining fields.
1. Choose **Preview** to generate a preview of the transform.
1. If you have missing values, you can specify a method for imputing them under **Method for imputing values**.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
### Validate the Timestamp of Your Time Series Data
You might have time stamp data that is invalid. You can use the **Validate time stamp** function to determine whether the timestamps in your dataset are valid. Your timestamp can be invalid for one or more of the following reasons:
+ Your timestamp column has missing values.
+ The values in your timestamp column are not formatted correctly.
If you have invalid timestamps in your dataset, you can't perform your analysis successfully. You can use Data Wrangler to identify invalid timestamps and understand where you need to clean your data.
The time series validation works in one of the two ways:
You can configure Data Wrangler to do one of the following if it encounters missing values in your dataset:
+ Drop the rows that have the missing or invalid values.
+ Identify the rows that have the missing or invalid values.
+ Throw an error if it finds any missing or invalid values in your dataset.
You can validate the timestamps on columns that either have the `timestamp` type or the `string` type. If the column has the `string` type, Data Wrangler converts the type of the column to `timestamp` and performs the validation.
You can use the following procedure to validate the timestamps in your dataset.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Validate timestamps**.
1. For **Timestamp Column**, choose the timestamp column.
1. For **Policy**, choose whether you want to handle missing timestamps.
1. (Optional) For **Output column**, specify a name for the output column.
1. If the date time column is formatted for the string type, choose **Cast to datetime**.
1. Choose **Preview** to generate a preview of the transform.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
### Standardizing the Length of the Time Series
If you have time series data stored as arrays, you can standardize each time series to the same length. Standardizing the length of the time series array might make it easier for you to perform your analysis on the data.
You can standardize your time series for data transformations that require the length of your data to be fixed.
Many ML algorithms require you to flatten your time series data before you use them. Flattening time series data is separating each value of the time series into its own column in a dataset. The number of columns in a dataset can't change, so the lengths of the time series need to be standardized between you flatten each array into a set of features.
Each time series is set to the length that you specify as a quantile or percentile of the time series set. For example, you can have three sequences that have the following lengths:
+ 3
+ 4
+ 5
You can set the length of all of the sequences as the length of the sequence that has the 50th percentile length.
Time series arrays that are shorter than the length you've specified have missing values added. The following is an example format of standardizing the time series to a longer length: [2, 4, 5, NaN, NaN, NaN].
You can use different approaches to handle the missing values. For information on those approaches, see [Handle Missing Time Series Data](#canvas-transform-handle-missing-time-series).
The time series arrays that are longer than the length that you specify are truncated.
You can use the following procedure to standardize the length of the time series.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Standardize length**.
1. For **Standardize the time series length for the column**, choose a column.
1. (Optional) For **Output column**, specify a name for the output column. If you don't specify a name, the transform is done in place.
1. If the datetime column is formatted for the string type, choose **Cast to datetime**.
1. Choose **Cutoff quantile** and specify a quantile to set the length of the sequence.
1. Choose **Flatten the output** to output the values of the time series into separate columns.
1. Choose **Preview** to generate a preview of the transform.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
### Extract Features from Your Time Series Data
If you're running a classification or a regression algorithm on your time series data, we recommend extracting features from the time series before running the algorithm. Extracting features might improve the performance of your algorithm.
Use the following options to choose how you want to extract features from your data:
+ Use **Minimal subset** to specify extracting 8 features that you know are useful in downstream analyses. You can use a minimal subset when you need to perform computations quickly. You can also use it when your ML algorithm has a high risk of overfitting and you want to provide it with fewer features.
+ Use **Efficient subset** to specify extracting the most features possible without extracting features that are computationally intensive in your analyses.
+ Use **All features** to specify extracting all features from the tune series.
+ Use **Manual subset** to choose a list of features that you think explain the variation in your data well.
Use the following the procedure to extract features from your time series data.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Extract features**.
1. For **Extract features for this column**, choose a column.
1. (Optional) Select **Flatten** to output the features into separate columns.
1. For **Strategy**, choose a strategy to extract the features.
1. Choose **Preview** to generate a preview of the transform.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
### Use Lagged Features from Your Time Series Data
For many use cases, the best way to predict the future behavior of your time series is to use its most recent behavior.
The most common uses of lagged features are the following:
+ Collecting a handful of past values. For example, for time, t \$1 1, you collect t, t - 1, t - 2, and t - 3.
+ Collecting values that correspond to seasonal behavior in the data. For example, to predict the occupancy in a restaurant at 1:00 PM, you might want to use the features from 1:00 PM on the previous day. Using the features from 12:00 PM or 11:00 AM on the same day might not be as predictive as using the features from previous days.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Lag features**.
1. For **Generate lag features for this column**, choose a column.
1. For **Timestamp Column**, choose the column containing the timestamps.
1. For **Lag**, specify the duration of the lag.
1. (Optional) Configure the output using one of the following options:
+ **Include the entire lag window**
+ **Flatten the output**
+ **Drop rows without history**
1. Choose **Preview** to generate a preview of the transform.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
### Create a Datetime Range In Your Time Series
You might have time series data that don't have timestamps. If you know that the observations were taken at regular intervals, you can generate timestamps for the time series in a separate column. To generate timestamps, you specify the value for the start timestamp and the frequency of the timestamps.
For example, you might have the following time series data for the number of customers at a restaurant.
Time series data on the number of customers at a restaurant
| Number of customers |
| --- |
| 10 |
| 14 |
| 24 |
| 40 |
| 30 |
| 20 |
If you know that the restaurant opened at 5:00 PM and that the observations are taken hourly, you can add a timestamp column that corresponds to the time series data. You can see the timestamp column in the following table.
Time series data on the number of customers at a restaurant
| Number of customers | Timestamp |
| --- | --- |
| 10 | 1:00 PM |
| 14 | 2:00 PM |
| 24 | 3:00 PM |
| 40 | 4:00 PM |
| 30 | 5:00 PM |
| 20 | 6:00 PM |
Use the following procedure to add a datetime range to your data.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Datetime range**.
1. For **Frequency type**, choose the unit used to measure the frequency of the timestamps.
1. For **Starting timestamp**, specify the start timestamp.
1. For **Output column**, specify a name for the output column.
1. (Optional) Configure the output using the remaining fields.
1. Choose **Preview** to generate a preview of the transform.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
### Use a Rolling Window In Your Time Series
You can extract features over a time period. For example, for time, *t*, and a time window length of 3, and for the row that indicates the *t*th timestamp, we append the features that are extracted from the time series at times *t* - 3, *t* -2, and *t* - 1. For information on extracting features, see [Extract Features from Your Time Series Data](#canvas-transform-extract-time-series-features).
You can use the following procedure to extract features over a time period.
1. Open your Data Wrangler data flow.
1. In your data flow, under **Data types**, choose the **\$1**, and select **Add transform**.
1. Choose **Add step**.
1. Choose **Rolling window features**.
1. For **Generate rolling window features for this column**, choose a column.
1. For **Timestamp Column**, choose the column containing the timestamps.
1. (Optional) For **Output Column**, specify the name of the output column.
1. For **Window size**, specify the window size.
1. For **Strategy**, choose the extraction strategy.
1. Choose **Preview** to generate a preview of the transform.
1. Choose **Add** to add the transform to the Data Wrangler data flow.
## Featurize Datetime
Use **Featurize date/time** to create a vector embedding representing a datetime field. To use this transform, your datetime data must be in one of the following formats:
+ Strings describing datetime: For example, `"January 1st, 2020, 12:44pm"`.
+ A Unix timestamp: A Unix timestamp describes the number of seconds, milliseconds, microseconds, or nanoseconds from 1/1/1970.
You can choose to **Infer datetime format** and provide a **Datetime format**. If you provide a datetime format, you must use the codes described in the [Python documentation](https://docs.python.org/3/library/datetime.html#strftime-and-strptime-format-codes). The options you select for these two configurations have implications for the speed of the operation and the final results.
+ The most manual and computationally fastest option is to specify a **Datetime format** and select **No** for **Infer datetime format**.
+ To reduce manual labor, you can choose **Infer datetime format** and not specify a datetime format. It is also a computationally fast operation; however, the first datetime format encountered in the input column is assumed to be the format for the entire column. If there are other formats in the column, these values are NaN in the final output. Inferring the datetime format can give you unparsed strings.
+ If you don't specify a format and select **No** for **Infer datetime format**, you get the most robust results. All the valid datetime strings are parsed. However, this operation can be an order of magnitude slower than the first two options in this list.
When you use this transform, you specify an **Input column** which contains datetime data in one of the formats listed above. The transform creates an output column named **Output column name**. The format of the output column depends on your configuration using the following:
+ **Vector**: Outputs a single column as a vector.
+ **Columns**: Creates a new column for every feature. For example, if the output contains a year, month, and day, three separate columns are created for year, month, and day.
Additionally, you must choose an **Embedding mode**. For linear models and deep networks, we recommend choosing **cyclic**. For tree-based algorithms, we recommend choosing **ordinal**.
## Format String
The **Format string** transforms contain standard string formatting operations. For example, you can use these operations to remove special characters, normalize string lengths, and update string casing.
This feature group contains the following transforms. All transforms return copies of the strings in the **Input column** and add the result to a new, output column.
| Name | Function |
| --- | --- |
| Left pad | Left-pad the string with a given **Fill character** to the given **width**. If the string is longer than **width**, the return value is shortened to **width** characters. |
| Right pad | Right-pad the string with a given **Fill character** to the given **width**. If the string is longer than **width**, the return value is shortened to **width** characters. |
| Center (pad on either side) | Center-pad the string (add padding on both sides of the string) with a given **Fill character** to the given **width**. If the string is longer than **width**, the return value is shortened to **width** characters. |
| Prepend zeros | Left-fill a numeric string with zeros, up to a given **width**. If the string is longer than **width**, the return value is shortened to **width** characters. |
| Strip left and right | Returns a copy of the string with the leading and trailing characters removed. |
| Strip characters from left | Returns a copy of the string with leading characters removed. |
| Strip characters from right | Returns a copy of the string with trailing characters removed. |
| Lower case | Convert all letters in text to lowercase. |
| Upper case | Convert all letters in text to uppercase. |
| Capitalize | Capitalize the first letter in each sentence. |
| Swap case | Converts all uppercase characters to lowercase and all lowercase characters to uppercase characters of the given string, and returns it. |
| Add prefix or suffix | Adds a prefix and a suffix the string column. You must specify at least one of **Prefix** and **Suffix**. |
| Remove symbols | Removes given symbols from a string. All listed characters are removed. Defaults to white space. |
## Handle Outliers
Machine learning models are sensitive to the distribution and range of your feature values. Outliers, or rare values, can negatively impact model accuracy and lead to longer training times. Use this feature group to detect and update outliers in your dataset.
When you define a **Handle outliers** transform step, the statistics used to detect outliers are generated on the data available in Data Wrangler when defining this step. These same statistics are used when running a Data Wrangler job.
Use the following sections to learn more about the transforms this group contains. You specify an **Output name** and each of these transforms produces an output column with the resulting data.
### Robust standard deviation numeric outliers
This transform detects and fixes outliers in numeric features using statistics that are robust to outliers.
You must define an **Upper quantile** and a **Lower quantile** for the statistics used to calculate outliers. You must also specify the number of **Standard deviations** from which a value must vary from the mean to be considered an outlier. For example, if you specify 3 for **Standard deviations**, a value must fall more than 3 standard deviations from the mean to be considered an outlier.
The **Fix method** is the method used to handle outliers when they are detected. You can choose from the following:
+ **Clip**: Use this option to clip the outliers to the corresponding outlier detection bound.
+ **Remove**: Use this option to remove rows with outliers from the dataframe.
+ **Invalidate**: Use this option to replace outliers with invalid values.
### Standard Deviation Numeric Outliers
This transform detects and fixes outliers in numeric features using the mean and standard deviation.
You specify the number of **Standard deviations** a value must vary from the mean to be considered an outlier. For example, if you specify 3 for **Standard deviations**, a value must fall more than 3 standard deviations from the mean to be considered an outlier.
The **Fix method** is the method used to handle outliers when they are detected. You can choose from the following:
+ **Clip**: Use this option to clip the outliers to the corresponding outlier detection bound.
+ **Remove**: Use this option to remove rows with outliers from the dataframe.
+ **Invalidate**: Use this option to replace outliers with invalid values.
### Quantile Numeric Outliers
Use this transform to detect and fix outliers in numeric features using quantiles. You can define an **Upper quantile** and a **Lower quantile**. All values that fall above the upper quantile or below the lower quantile are considered outliers.
The **Fix method** is the method used to handle outliers when they are detected. You can choose from the following:
+ **Clip**: Use this option to clip the outliers to the corresponding outlier detection bound.
+ **Remove**: Use this option to remove rows with outliers from the dataframe.
+ **Invalidate**: Use this option to replace outliers with invalid values.
### Min-Max Numeric Outliers
This transform detects and fixes outliers in numeric features using upper and lower thresholds. Use this method if you know threshold values that demark outliers.
You specify a **Upper threshold** and a **Lower threshold**, and if values fall above or below those thresholds respectively, they are considered outliers.
The **Fix method** is the method used to handle outliers when they are detected. You can choose from the following:
+ **Clip**: Use this option to clip the outliers to the corresponding outlier detection bound.
+ **Remove**: Use this option to remove rows with outliers from the dataframe.
+ **Invalidate**: Use this option to replace outliers with invalid values.
### Replace Rare
When you use the **Replace rare** transform, you specify a threshold and Data Wrangler finds all values that meet that threshold and replaces them with a string that you specify. For example, you may want to use this transform to categorize all outliers in a column into an "Others" category.
+ **Replacement string**: The string with which to replace outliers.
+ **Absolute threshold**: A category is rare if the number of instances is less than or equal to this absolute threshold.
+ **Fraction threshold**: A category is rare if the number of instances is less than or equal to this fraction threshold multiplied by the number of rows.
+ **Max common categories**: Maximum not-rare categories that remain after the operation. If the threshold does not filter enough categories, those with the top number of appearances are classified as not rare. If set to 0 (default), there is no hard limit to the number of categories.
## Handle Missing Values
Missing values are a common occurrence in machine learning datasets. In some situations, it is appropriate to impute missing data with a calculated value, such as an average or categorically common value. You can process missing values using the **Handle missing values** transform group. This group contains the following transforms.
### Fill Missing
Use the **Fill missing** transform to replace missing values with a **Fill value** you define.
### Impute Missing
Use the **Impute missing** transform to create a new column that contains imputed values where missing values were found in input categorical and numerical data. The configuration depends on your data type.
For numeric data, choose an imputing strategy, the strategy used to determine the new value to impute. You can choose to impute the mean or the median over the values that are present in your dataset. Data Wrangler uses the value that it computes to impute the missing values.
For categorical data, Data Wrangler imputes missing values using the most frequent value in the column. To impute a custom string, use the **Fill missing** transform instead.
### Add Indicator for Missing
Use the **Add indicator for missing** transform to create a new indicator column, which contains a Boolean `"false"` if a row contains a value, and `"true"` if a row contains a missing value.
### Drop Missing
Use the **Drop missing** option to drop rows that contain missing values from the **Input column**.
## Manage Columns
You can use the following transforms to quickly update and manage columns in your dataset:
****
| Name | Function |
| --- | --- |
| Drop Column | Delete a column. |
| Duplicate Column | Duplicate a column. |
| Rename Column | Rename a column. |
| Move Column | Move a column's location in the dataset. Choose to move your column to the start or end of the dataset, before or after a reference column, or to a specific index. |
## Manage Rows
Use this transform group to quickly perform sort and shuffle operations on rows. This group contains the following:
+ **Sort**: Sort the entire dataframe by a given column. Select the check box next to **Ascending order** for this option; otherwise, deselect the check box and descending order is used for the sort.
+ **Shuffle**: Randomly shuffle all rows in the dataset.
## Manage Vectors
Use this transform group to combine or flatten vector columns. This group contains the following transforms.
+ **Assemble**: Use this transform to combine Spark vectors and numeric data into a single column. For example, you can combine three columns: two containing numeric data and one containing vectors. Add all the columns you want to combine in **Input columns** and specify a **Output column name** for the combined data.
+ **Flatten**: Use this transform to flatten a single column containing vector data. The input column must contain PySpark vectors or array-like objects. You can control the number of columns created by specifying a **Method to detect number of outputs**. For example, if you select **Length of first vector**, the number of elements in the first valid vector or array found in the column determines the number of output columns that are created. All other input vectors with too many items are truncated. Inputs with too few items are filled with NaNs.
You also specify an **Output prefix**, which is used as the prefix for each output column.
## Process Numeric
Use the **Process Numeric** feature group to process numeric data. Each scalar in this group is defined using the Spark library. The following scalars are supported:
+ **Standard Scaler**: Standardize the input column by subtracting the mean from each value and scaling to unit variance. To learn more, see the Spark documentation for [StandardScaler](https://spark.apache.org/docs/latest/ml-features#standardscaler).
+ **Robust Scaler**: Scale the input column using statistics that are robust to outliers. To learn more, see the Spark documentation for [RobustScaler](https://spark.apache.org/docs/latest/ml-features#robustscaler).
+ **Min Max Scaler**: Transform the input column by scaling each feature to a given range. To learn more, see the Spark documentation for [MinMaxScaler](https://spark.apache.org/docs/latest/ml-features#minmaxscaler).
+ **Max Absolute Scaler**: Scale the input column by dividing each value by the maximum absolute value. To learn more, see the Spark documentation for [MaxAbsScaler](https://spark.apache.org/docs/latest/ml-features#maxabsscaler).
## Sampling
After you've imported your data, you can use the **Sampling** transformer to take one or more samples of it. When you use the sampling transformer, Data Wrangler samples your original dataset.
You can choose one of the following sample methods:
+ **Limit**: Samples the dataset starting from the first row up to the limit that you specify.
+ **Randomized**: Takes a random sample of a size that you specify.
+ **Stratified**: Takes a stratified random sample.
You can stratify a randomized sample to make sure that it represents the original distribution of the dataset.
You might be performing data preparation for multiple use cases. For each use case, you can take a different sample and apply a different set of transformations.
The following procedure describes the process of creating a random sample.
To take a random sample from your data.
1. Choose the **\$1** to the right of the dataset that you've imported. The name of your dataset is located below the **\$1**.
1. Choose **Add transform**.
1. Choose **Sampling**.
1. For **Sampling method**, choose the sampling method.
1. For **Approximate sample size**, choose the approximate number of observations that you want in your sample.
1. (Optional) Specify an integer for **Random seed** to create a reproducible sample.
The following procedure describes the process of creating a stratified sample.
To take a stratified sample from your data.
1. Choose the **\$1** to the right of the dataset that you've imported. The name of your dataset is located below the **\$1**.
1. Choose **Add transform**.
1. Choose **Sampling**.
1. For **Sampling method**, choose the sampling method.
1. For **Approximate sample size**, choose the approximate number of observations that you want in your sample.
1. For **Stratify column**, specify the name of the column that you want to stratify on.
1. (Optional) Specify an integer for **Random seed** to create a reproducible sample.
## Search and Edit
Use this section to search for and edit specific patterns within strings. For example, you can find and update strings within sentences or documents, split strings by delimiters, and find occurrences of specific strings.
The following transforms are supported under **Search and edit**. All transforms return copies of the strings in the **Input column** and add the result to a new output column.
****
| Name | Function |
| --- | --- |
| Find substring | Returns the index of the first occurrence of the **Substring** for which you searched , You can start and end the search at **Start** and **End** respectively. |
| Find substring (from right) | Returns the index of the last occurrence of the **Substring** for which you searched. You can start and end the search at **Start** and **End** respectively. |
| Matches prefix | Returns a Boolean value if the string contains a given **Pattern**. A pattern can be a character sequence or regular expression. Optionally, you can make the pattern case sensitive. |
| Find all occurrences | Returns an array with all occurrences of a given pattern. A pattern can be a character sequence or regular expression. |
| Extract using regex | Returns a string that matches a given Regex pattern. |
| Extract between delimiters | Returns a string with all characters found between **Left delimiter** and **Right delimiter**. |
| Extract from position | Returns a string, starting from **Start position** in the input string, that contains all characters up to the start position plus **Length**. |
| Find and replace substring | Returns a string with all matches of a given **Pattern** (regular expression) replaced by **Replacement string**. |
| Replace between delimiters | Returns a string with the substring found between the first appearance of a **Left delimiter** and the last appearance of a **Right delimiter** replaced by **Replacement string**. If no match is found, nothing is replaced. |
| Replace from position | Returns a string with the substring between **Start position** and **Start position** plus **Length** replaced by **Replacement string**. If **Start position** plus **Length** is greater than the length of the replacement string, the output contains **…**. |
| Convert regex to missing | Converts a string to `None` if invalid and returns the result. Validity is defined with a regular expression in **Pattern**. |
| Split string by delimiter | Returns an array of strings from the input string, split by **Delimiter**, with up to **Max number of splits** (optional). The delimiter defaults to white space. |
## Split data
Use the **Split data** transform to split your dataset into two or three datasets. For example, you can split your dataset into a dataset used to train your model and a dataset used to test it. You can determine the proportion of the dataset that goes into each split. For example, if you’re splitting one dataset into two datasets, the training dataset can have 80% of the data while the testing dataset has 20%.
Splitting your data into three datasets gives you the ability to create training, validation, and test datasets. You can see how well the model performs on the test dataset by dropping the target column.
Your use case determines how much of the original dataset each of your datasets get and the method you use to split the data. For example, you might want to use a stratified split to make sure that the distribution of the observations in the target column are the same across datasets. You can use the following split transforms:
+ Randomized split — Each split is a random, non-overlapping sample of the original dataset. For larger datasets, using a randomized split might be computationally expensive and take longer than an ordered split.
+ Ordered split – Splits the dataset based on the sequential order of the observations. For example, for an 80/20 train-test split, the first observations that make up 80% of the dataset go to the training dataset. The last 20% of the observations go to the testing dataset. Ordered splits are effective in keeping the existing order of the data between splits.
+ Stratified split – Splits the dataset to make sure that the number of observations in the input column have proportional representation. For an input column that has the observations 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, an 80/20 split on the column would mean that approximately 80% of the 1s, 80% of the 2s, and 80% of the 3s go to the training set. About 20% of each type of observation go to the testing set.
+ Split by key – Avoids data with the same key occurring in more than one split. For example, if you have a dataset with the column 'customer\$1id' and you're using it as a key, no customer id is in more than one split.
After you split the data, you can apply additional transformations to each dataset. For most use cases, they aren't necessary.
Data Wrangler calculates the proportions of the splits for performance. You can choose an error threshold to set the accuracy of the splits. Lower error thresholds more accurately reflect the proportions that you specify for the splits. If you set a higher error threshold, you get better performance, but lower accuracy.
For perfectly split data, set the error threshold to 0. You can specify a threshold between 0 and 1 for better performance. If you specify a value greater than 1, Data Wrangler interprets that value as 1.
If you have 10000 rows in your dataset and you specify an 80/20 split with an error of 0.001, you would get observations approximating one of the following results:
+ 8010 observations in the training set and 1990 in the testing set
+ 7990 observations in the training set and 2010 in the testing set
The number of observations for the testing set in the preceding example is in the interval between 8010 and 7990.
By default, Data Wrangler uses a random seed to make the splits reproducible. You can specify a different value for the seed to create a different reproducible split.
------
#### [ Randomized split ]
Use the following procedure to perform a randomized split on your dataset.
To split your dataset randomly, do the following
1. Choose the **\$1** next to the node containing the dataset that you're splitting.
1. Choose **Add transform**.
1. Choose **Split data**.
1. (Optional) For **Splits**, specify the names and proportions of each split. The proportions must sum to 1.
1. (Optional) Choose the **\$1** to create an additional split.
1. Specify the names and proportions of all the splits. The proportions must sum to 1.
1. (Optional) Specify a value for **Error threshold** other than the default value.
1. (Optional) Specify a value for **Random seed**.
1. Choose **Preview**.
1. Choose **Add**.
------
#### [ Ordered split ]
Use the following procedure to perform an ordered split on your dataset.
To make an ordered split in your dataset, do the following.
1. Choose the **\$1** next to the node containing the dataset that you're splitting.
1. Choose **Add transform**.
1. For **Transform**, choose **Ordered split**.
1. Choose **Split data**.
1. (Optional) For **Splits**, specify the names and proportions of each split. The proportions must sum to 1.
1. (Optional) Choose the **\$1** to create an additional split.
1. Specify the names and proportions of all the splits. The proportions must sum to 1.
1. (Optional) Specify a value for **Error threshold** other than the default value.
1. (Optional) For **Input column**, specify a column with numeric values. Uses the values of the columns to infer which records are in each split. The smaller values are in one split with the larger values in the other splits.
1. (Optional) Select **Handle duplicates** to add noise to duplicate values and create a dataset of entirely unique values.
1. (Optional) Specify a value for **Random seed**.
1. Choose **Preview**.
1. Choose **Add**.
------
#### [ Stratified split ]
Use the following procedure to perform a stratified split on your dataset.
To make a stratified split in your dataset, do the following.
1. Choose the **\$1** next to the node containing the dataset that you're splitting.
1. Choose **Add transform**.
1. Choose **Split data**.
1. For **Transform**, choose **Stratified split**.
1. (Optional) For **Splits**, specify the names and proportions of each split. The proportions must sum to 1.
1. (Optional) Choose the **\$1** to create an additional split.
1. Specify the names and proportions of all the splits. The proportions must sum to 1.
1. For **Input column**, specify a column with up to 100 unique values. Data Wrangler can't stratify a column with more than 100 unique values.
1. (Optional) Specify a value for **Error threshold** other than the default value.
1. (Optional) Specify a value for **Random seed** to specify a different seed.
1. Choose **Preview**.
1. Choose **Add**.
------
#### [ Split by column keys ]
Use the following procedure to split by the column keys in your dataset.
To split by the column keys in your dataset, do the following.
1. Choose the **\$1** next to the node containing the dataset that you're splitting.
1. Choose **Add transform**.
1. Choose **Split data**.
1. For **Transform**, choose **Split by key**.
1. (Optional) For **Splits**, specify the names and proportions of each split. The proportions must sum to 1.
1. (Optional) Choose the **\$1** to create an additional split.
1. Specify the names and proportions of all the splits. The proportions must sum to 1.
1. For **Key columns**, specify the columns with values that you don't want to appear in both datasets.
1. (Optional) Specify a value for **Error threshold** other than the default value.
1. Choose **Preview**.
1. Choose **Add**.
------
## Parse Value as Type
Use this transform to cast a column to a new type. The supported Data Wrangler data types are:
+ Long
+ Float
+ Boolean
+ Date, in the format dd-MM-yyyy, representing day, month, and year respectively.
+ String
## Validate String
Use the **Validate string** transforms to create a new column that indicates that a row of text data meets a specified condition. For example, you can use a **Validate string** transform to verify that a string only contains lowercase characters. The following transforms are supported under **Validate string**.
The following transforms are included in this transform group. If a transform outputs a Boolean value, `True` is represented with a `1` and `False` is represented with a `0`.
****
| Name | Function |
| --- | --- |
| String length | Returns `True` if a string length equals specified length. Otherwise, returns `False`. |
| Starts with | Returns `True` if a string starts will a specified prefix. Otherwise, returns `False`. |
| Ends with | Returns `True` if a string length equals specified length. Otherwise, returns `False`. |
| Is alphanumeric | Returns `True` if a string only contains numbers and letters. Otherwise, returns `False`. |
| Is alpha (letters) | Returns `True` if a string only contains letters. Otherwise, returns `False`. |
| Is digit | Returns `True` if a string only contains digits. Otherwise, returns `False`. |
| Is space | Returns `True` if a string only contains numbers and letters. Otherwise, returns `False`. |
| Is title | Returns `True` if a string contains any white spaces. Otherwise, returns `False`. |
| Is lowercase | Returns `True` if a string only contains lower case letters. Otherwise, returns `False`. |
| Is uppercase | Returns `True` if a string only contains upper case letters. Otherwise, returns `False`. |
| Is numeric | Returns `True` if a string only contains numbers. Otherwise, returns `False`. |
| Is decimal | Returns `True` if a string only contains decimal numbers. Otherwise, returns `False`. |
## Unnest JSON Data
If you have a .csv file, you might have values in your dataset that are JSON strings. Similarly, you might have nested data in columns of either a Parquet file or a JSON document.
Use the **Flatten structured** operator to separate the first level keys into separate columns. A first level key is a key that isn't nested within a value.
For example, you might have a dataset that has a *person* column with demographic information on each person stored as JSON strings. A JSON string might look like the following.
```
"{"seq": 1,"name": {"first": "Nathaniel","last": "Ferguson"},"age": 59,"city": "Posbotno","state": "WV"}"
```
The **Flatten structured** operator converts the following first level keys into additional columns in your dataset:
+ seq
+ name
+ age
+ city
+ state
Data Wrangler puts the values of the keys as values under the columns. The following shows the column names and values of the JSON.
```
seq, name, age, city, state
1, {"first": "Nathaniel","last": "Ferguson"}, 59, Posbotno, WV
```
For each value in your dataset containing JSON, the **Flatten structured** operator creates columns for the first-level keys. To create columns for nested keys, call the operator again. For the preceding example, calling the operator creates the columns:
+ name\$1first
+ name\$1last
The following example shows the dataset that results from calling the operation again.
```
seq, name, age, city, state, name_first, name_last
1, {"first": "Nathaniel","last": "Ferguson"}, 59, Posbotno, WV, Nathaniel, Ferguson
```
Choose **Keys to flatten on** to specify the first-level keys that want to extract as separate columns. If you don't specify any keys, Data Wrangler extracts all the keys by default.
## Explode Array
Use **Explode array** to expand the values of the array into separate output rows. For example, the operation can take each value in the array, [[1, 2, 3,], [4, 5, 6], [7, 8, 9]] and create a new column with the following rows:
```
[1, 2, 3]
[4, 5, 6]
[7, 8, 9]
```
Data Wrangler names the new column, input\$1column\$1name\$1flatten.
You can call the **Explode array** operation multiple times to get the nested values of the array into separate output columns. The following example shows the result of calling the operation multiple times on a dataset with a nested array.
Putting the values of a nested array into separate columns
| id | array | id | array\$1items | id | array\$1items\$1items |
| --- | --- | --- | --- | --- | --- |
| 1 | [ [cat, dog], [bat, frog] ] | 1 | [cat, dog] | 1 | cat |
| 2 | [[rose, petunia], [lily, daisy]] | 1 | [bat, frog] | 1 | dog |
| | | 2 | [rose, petunia] | 1 | bat |
| | | 2 | [lily, daisy] | 1 | frog |
| | | | 2 | 2 | rose |
| | | | 2 | 2 | petunia |
| | | | 2 | 2 | lily |
| | | | 2 | 2 | daisy |
## Transform Image Data
Use Data Wrangler to import and transform the images that you're using for your machine learning (ML) pipelines. After you've prepared your image data, you can export it from your Data Wrangler flow to your ML pipeline.
You can use the information provided here to familiarize yourself with importing and transforming image data in Data Wrangler. Data Wrangler uses OpenCV to import images. For more information about supported image formats, see [Image file reading and writing](https://docs.opencv.org/3.4/d4/da8/group__imgcodecs.html#ga288b8b3da0892bd651fce07b3bbd3a56).
After you've familiarized yourself with the concepts of transforming your image data, go through the following tutorial, [Prepare image data with Amazon SageMaker Data Wrangler](https://aws.amazon.com/blogs/machine-learning/prepare-image-data-with-amazon-sagemaker-data-wrangler/).
The following industries and use cases are examples where applying machine learning to transformed image data can be useful:
+ Manufacturing – Identifying defects in items from the assembly line
+ Food – Identifying spoiled or rotten food
+ Medicine – Identifying lesions in tissues
When you work with image data in Data Wrangler, you go through the following process:
1. Import – Select the images by choosing the directory containing them in your Amazon S3 bucket.
1. Transform – Use the built-in transformations to prepare the images for your machine learning pipeline.
1. Export – Export the images that you’ve transformed to a location that can be accessed from the pipeline.
Use the following procedure to import your image data.
**To import your image data**
1. Navigate to the **Create connection** page.
1. Choose **Amazon S3**.
1. Specify the Amazon S3 file path that contains the image data.
1. For **File type**, choose **Image**.
1. (Optional) Choose **Import nested directories** to import images from multiple Amazon S3 paths.
1. Choose **Import**.
Data Wrangler uses the open-source [imgaug](https://imgaug.readthedocs.io/en/latest/) library for its built-in image transformations. You can use the following built-in transformations:
+ **ResizeImage**
+ **EnhanceImage**
+ **CorruptImage**
+ **SplitImage**
+ **DropCorruptedImages**
+ **DropImageDuplicates**
+ **Brightness**
+ **ColorChannels**
+ **Grayscale**
+ **Rotate**
Use the following procedure to transform your images without writing code.
**To transform the image data without writing code**
1. From your Data Wrangler flow, choose the **\$1** next to the node representing the images that you've imported.
1. Choose **Add transform**.
1. Choose **Add step**.
1. Choose the transform and configure it.
1. Choose **Preview**.
1. Choose **Add**.
In addition to using the transformations that Data Wrangler provides, you can also use your own custom code snippets. For more information about using custom code snippets, see [Custom Transforms](#canvas-transform-custom). You can import the OpenCV and imgaug libraries within your code snippets and use the transforms associated with them. The following is an example of a code snippet that detects edges within the images.
```
# A table with your image data is stored in the `df` variable
import cv2
import numpy as np
from pyspark.sql.functions import column
from sagemaker_dataprep.compute.operators.transforms.image.constants import DEFAULT_IMAGE_COLUMN, IMAGE_COLUMN_TYPE
from sagemaker_dataprep.compute.operators.transforms.image.decorators import BasicImageOperationDecorator, PandasUDFOperationDecorator
@BasicImageOperationDecorator
def my_transform(image: np.ndarray) -> np.ndarray:
# To use the code snippet on your image data, modify the following lines within the function
HYST_THRLD_1, HYST_THRLD_2 = 100, 200
edges = cv2.Canny(image,HYST_THRLD_1,HYST_THRLD_2)
return edges
@PandasUDFOperationDecorator(IMAGE_COLUMN_TYPE)
def custom_image_udf(image_row):
return my_transform(image_row)
df = df.withColumn(DEFAULT_IMAGE_COLUMN, custom_image_udf(column(DEFAULT_IMAGE_COLUMN)))
```
When apply transformations in your Data Wrangler flow, Data Wrangler only applies them to a sample of the images in your dataset. To optimize your experience with the application, Data Wrangler doesn't apply the transforms to all of your images.
## Filter data
Use Data Wrangler to filter the data in your columns. When you filter the data in a column, you specify the following fields:
+ **Column name** – The name of the column that you're using to filter the data.
+ **Condition** – The type of filter that you're applying to values in the column.
+ **Value** – The value or category in the column to which you're applying the filter.
You can filter on the following conditions:
+ **=** – Returns values that match the value or category that you specify.
+ **\$1=** – Returns values that don't match the value or category that you specify.
+ **>=** – For **Long** or **Float** data, filters for values that are greater than or equal to the value that you specify.
+ **<=** – For **Long** or **Float** data, filters for values that are less than or equal to the value that you specify.
+ **>** – For **Long** or **Float** data, filters for values that are greater than the value that you specify.
+ **<** – For **Long** or **Float** data, filters for values that are less than the value that you specify.
For a column that has the categories, `male` and `female`, you can filter out all the `male` values. You could also filter for all the `female` values. Because there are only `male` and `female` values in the column, the filter returns a column that only has `female` values.
You can also add multiple filters. The filters can be applied across multiple columns or the same column. For example, if you're creating a column that only has values within a certain range, you add two different filters. One filter specifies that the column must have values greater than the value that you provide. The other filter specifies that the column must have values less than the value that you provide.
Use the following procedure to add the filter transform to your data.
**To filter your data**
1. From your Data Wrangler flow, choose the **\$1** next to the node with the data that you're filtering.
1. Choose **Add transform**.
1. Choose **Add step**.
1. Choose **Filter data**.
1. Specify the following fields:
+ **Column name** – The column that you're filtering.
+ **Condition** – The condition of the filter.
+ **Value** – The value or category in the column to which you're applying the filter.
1. (Optional) Choose **\$1** following the filter that you've created.
1. Configure the filter.
1. Choose **Preview**.
1. Choose **Add**.
# Chat for data prep
**Important**
For administrators:
Chat for data prep requires the `AmazonSageMakerCanvasAIServicesAccess` policy. For more information, see [AWS managed policy: AmazonSageMakerCanvasAIServicesAccess](security-iam-awsmanpol-canvas.md#security-iam-awsmanpol-AmazonSageMakerCanvasAIServicesAccess)
Chat for data prep requires access to Amazon Bedrock and the **Anthropic Claude** model within it. For more information, see [Add model access](https://docs.aws.amazon.com/bedrock/latest/userguide/model-access.html#add-model-access).
You must run SageMaker Canvas data prep in the same AWS Region as the Region where you're running your model. Chat for data prep is available in the US East (N. Virginia), US West (Oregon), and Europe (Frankfurt) AWS Regions.
In addition to using the built-in transforms and analyses, you can use natural language to explore, visualize, and transform your data in a conversational interface. Within the conversational interface, you can use natural language queries to understand and prepare your data to build ML models.
The following are examples of some prompts that you can use:
+ Summarize my data
+ Drop column `example-column-name`
+ Replace missing values with median
+ Plot histogram of prices
+ What is the most expensive item sold?
+ How many distinct items were sold?
+ Sort data by region
When you’re transforming your data using your prompts, you can view a preview that shows how data is being transformed. You can choose to add it as step in your Data Wrangler flow based on what you see in the preview.
The responses to your prompts generate code for your transformations and analyses. You can modify the code to update the output from the prompt. For example, you can modify the code for an analysis to change the values of the axes of a graph.
Use the following procedure to start chatting with your data:
**To chat with your data**
1. Open the SageMaker Canvas data flow.
1. Choose the speech bubble.
![\[Chat for data prep is at the top of the screen\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/chat-for-data-prep-welcome-step.png)
1. Specify a prompt.
1. (Optional) If an analysis has been generated by your query, choose **Add to analyses** to reference it for later.
![\[The view of an editable and copyable code block.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/encanto-query-for-visualization.png)
1. (Optional) If you've transformed your data using a prompt, do the following.
1. Choose **Preview** to view the results.
1. (Optional) Modify the code in the transform and choose **Update**.
1. (Optional) If you're happy with the results of the transform, choose **Add to steps** to add it to the steps panel on the right-hand navigation.
![\[Added to steps shows confirmation that the transform has been added to the flow.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/transform-added-to-steps-panel.png)
After you’ve prepared your data using natural language, you can create a model using your transformed data. For more information about creating a model, see [How custom models work](canvas-build-model.md).
# How data processing works in Data Wrangler
While working with data interactively in an Amazon SageMaker Data Wrangler data flow, Amazon SageMaker Canvas only applies the transformations to a sample dataset for you to preview. After finishing your data flow in SageMaker Canvas, you can process all of your data and save it in a location that is suitable for your machine learning workflows.
There are several options for how to proceed after you've finished transforming your data in Data Wrangler:
+ [Create a model](canvas-processing-export-model.md). You can create a Canvas model, where you directly start creating a model with your prepared data. You can create a model either after processing your entire dataset, or by exporting just the sample data you worked with in Data Wrangler. Canvas saves your processed data (either the entire dataset or the sample data) as a Canvas dataset.
We recommend that you use your sample data for quick iterations, but that you use your entire data when you want to train your final model. When building tabular models, datasets larger than 5 GB are automatically downsampled to 5 GB, and for time series forecasting models, datasets larger than 30 GB are downsampled to 30 GB.
To learn more about creating a model, see [How custom models work](canvas-build-model.md).
+ [Export the data](canvas-export-data.md). You can export your data for use in machine learning workflows. When you choose to export your data, you have several options:
+ You can save your data in the Canvas application as a dataset. For more information about the supported file types for Canvas datasets and additional requirements when importing data into Canvas, see [Create a dataset](canvas-import-dataset.md).
+ You can save your data to Amazon S3. Depending on the Canvas memory availability, your data is processed in the application and then exported to Amazon S3. If the size of your dataset exceeds what Canvas can process, then by default, Canvas uses an EMR Serverless job to scale to multiple compute instances, process your full dataset, and export it to Amazon S3. You can also manually configure a SageMaker Processing job to have more granular control over the compute resources used to process your data.
+ [Export a data flow](canvas-export-data-flow.md). You might want to save the code for your data flow so that you can modify or run your transformations outside of Canvas. Canvas provides you with the option to save your data flow transformations as Python code in a Jupyter notebook, which you can then export to Amazon S3 for use elsewhere in your machine learning workflows.
When you export your data from a data flow and save it either as a Canvas dataset or to Amazon S3, Canvas creates a new destination node in your data flow, which is a final node that shows you where your processed data is stored. You can add additional destination nodes to your flow if you'd like to perform multiple export operations. For example, you can export the data from different points in your data flow to only apply some of the transformations, or you can export transformed data to different Amazon S3 locations. For more information about how to add or edit a destination node, see [Add destination nodes](canvas-destination-nodes-add.md) and [Edit a destination node](canvas-destination-nodes-edit.md).
For more information about setting up a schedule with Amazon EventBridge to automatically process and export your data on a schedule, see [Create a schedule to automatically process new data](canvas-data-export-schedule-job.md).
# Export to create a model
In just a few clicks from your data flow, you can export your transformed data and start creating an ML model in Canvas. Canvas saves your data as a Canvas dataset, and you're taken to the model build configuration page for a new model.
To create a Canvas model with your transformed data:
1. Navigate to your data flow.
1. Choose the ellipsis icon next to the node that you're exporting.
1. From the context menu, choose **Create model**.
1. In the **Export to create a model** side panel, enter a **Dataset name** for the new dataset.
1. Leave the **Process entire dataset** option selected to process and export your entire dataset before proceeding with building a model. Turn this option off to train your model using the interactive sample data you are working with in your data flow.
1. Enter a **Model name** to name the new model.
1. Select a **Problem type**, or the type of model that you want to build. For more information about the supported model types in SageMaker Canvas, see [How custom models work](canvas-build-model.md).
1. Select the **Target column**, or the value that you want the model to predict.
1. Choose **Export and create model**.
The **Build** tab for a new Canvas model should open, and you can finish configuring and training your model. For more information about how to build a model, see [Build a model](canvas-build-model-how-to.md).
# Export data
Export data to apply the transforms from your data flow to the full imported dataset. You can export any node in your data flow to the following locations:
+ SageMaker Canvas dataset
+ Amazon S3
If you want to train models in Canvas, you can export your full, transformed dataset as a Canvas dataset. If you want to use your transformed data in machine learning workflows external to SageMaker Canvas, you can export your dataset to Amazon S3.
## Export to a Canvas dataset
Use the following procedure to export a SageMaker Canvas dataset from a node in your data flow.
**To export a node in your flow as a SageMaker Canvas dataset**
1. Navigate to your data flow.
1. Choose the ellipsis icon next to the node that you're exporting.
1. In the context menu, hover over **Export**, and then select **Export data to Canvas dataset**.
1. In the **Export to Canvas dataset** side panel, enter a **Dataset name** for the new dataset.
1. Leave the **Process entire dataset** option selected if you want SageMaker Canvas to process and save your full dataset. Turn this option off to only apply the transforms to the sample data you are working with in your data flow.
1. Choose **Export**.
You should now be able to go to the **Datasets** page of the Canvas application and see your new dataset.
## Export to Amazon S3
When exporting your data to Amazon S3, you can scale to transform and process data of any size. Canvas automatically processes your data locally if the application's memory can handle the size of your dataset. If your dataset size exceeds the local memory capacity of 5 GB, then Canvas initiates a remote job on your behalf to provision additional compute resources and process the data more quickly. By default, Canvas uses Amazon EMR Serverless to run these remote jobs. However, you can manually configure Canvas to use either EMR Serverless or a SageMaker Processing job with your own settings.
**Note**
When running an EMR Serverless job, by default the job inherits the IAM role, KMS key settings, and tags of your Canvas application.
The following summarizes the options for remote jobs in Canvas:
+ **EMR Serverless**: This is the default option that Canvas uses for remote jobs. EMR Serverless automatically provisions and scales compute resources to process your data so that you don't have to worry about choosing the right compute resources for your workload. For more information about EMR Serverless, see the [EMR Serverless User Guide](https://docs.aws.amazon.com/emr/latest/EMR-Serverless-UserGuide/emr-serverless.html).
+ **SageMaker Processing**: SageMaker Processing jobs offer more advanced options and granular control over the compute resources used to process your data. For example, you can specify the type and count of the compute instances, configure the job in your own VPC and control network access, automate processing jobs, and more. For more information about automating processing jobs see [Create a schedule to automatically process new data](canvas-data-export-schedule-job.md). For more general information about SageMaker Processing jobs, see [Data transformation workloads with SageMaker Processing](processing-job.md).
The following file types are supported when exporting to Amazon S3:
+ CSV
+ Parquet
To get started, review the following prerequisites.
### Prerequisites for EMR Serverless jobs
To create a remote job that uses EMR Serverless resources, you must have the necessary permissions. You can grant permissions either through the Amazon SageMaker AI domain or user profile settings, or you can manually configure your user's AWS IAM role. For instructions on how to grant users permissions to perform large data processing, see [Grant Users Permissions to Use Large Data across the ML Lifecycle](canvas-large-data-permissions.md).
If you don't want to configure these policies but still need to process large datasets through Data Wrangler, you can alternatively use a SageMaker Processing job.
Use the following procedures to export your data to Amazon S3. To configure a remote job, follow the optional advanced steps.
**To export a node in your flow to Amazon S3**
1. Navigate to your data flow.
1. Choose the ellipsis icon next to the node that you're exporting.
1. In the context menu, hover over **Export**, and then select **Export data to Amazon S3**.
1. In the **Export to Amazon S3** side panel, you can change the **Dataset name** for the new dataset.
1. For the **S3 location**, enter the Amazon S3 location to which you want to export the dataset. You can enter the S3 URI, alias, or ARN of the S3 location or S3 access point. For more information access points, see [Managing data access with Amazon S3 access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html) in the *Amazon S3 User Guide*.
1. (Optional) For the **Advanced settings**, specify values for the following fields:
1. **File type** – The file format of your exported data.
1. **Delimiter** – The delimiter used to separate values in the file.
1. **Compression** – The compression method used to reduce the file size.
1. **Number of partitions** – The number of dataset files that Canvas writes as the output of the job.
1. **Choose columns** – You can choose a subset of columns from the data to include in the partitions.
1. Leave the **Process entire dataset** option selected if you want Canvas to apply your data flow transforms to your entire dataset and export the result. If you deselect this option, Canvas only applies the transforms to the sample of your dataset used in the interactive Data Wrangler data flow.
**Note**
If you only export a sample of your data, Canvas processes your data in the application and doesn't create a remote job for you.
1. Leave the **Auto job configuration** option selected if you want Canvas to automatically determine whether to run the job using Canvas application memory or an EMR Serverless job. If you deselect this option and manually configure your job, then you can choose to use either an EMR Serverless or a SageMaker Processing job. For instructions on how to configure an EMR Serverless or a SageMaker Processing job, see the section after this procedure before you export your data.
1. Choose **Export**.
The following procedures show how to manually configure the remote job settings for either EMR Serverless or SageMaker Processing when exporting your full dataset to Amazon S3.
------
#### [ EMR Serverless ]
To configure an EMR Serverless job while exporting to Amazon S3, do the following:
1. In the Export to Amazon S3 side panel, turn off the **Auto job configuration** option.
1. Select **EMR Serverless**.
1. For **Job name**, enter a name for your EMR Serverless job. The name can contain letters, numbers, hyphens, and underscores.
1. For **IAM role**, enter the user's IAM execution role. This role should have the required permissions to run EMR Serverless applications. For more information, see [Grant Users Permissions to Use Large Data across the ML Lifecycle](canvas-large-data-permissions.md).
1. (Optional) For **KMS key**, specify the key ID or ARN of an AWS KMS key to encrypt the job logs. If you don't enter a key, Canvas uses a default key for EMR Serverless.
1. (Optional) For **Monitoring configuration**, enter the name of an Amazon CloudWatch Logs log group to which you want to publish your logs.
1. (Optional) For **Tags**, add metadata tags to the EMR Serverless job consisting of key-value pairs. These tags can be used to categorize and search for jobs.
1. Choose **Export** to start the job.
------
#### [ SageMaker Processing ]
To configure a SageMaker Processing job while exporting to Amazon S3, do the following:
1. In the **Export to Amazon S3** side panel, turn off the **Auto job configuration** option.
1. Select **SageMaker Processing**.
1. For **Job name**, enter a name for your SageMaker AI Processing job.
1. For **Instance type**, select the type of compute instance to run the processing job.
1. For **Instance count**, specify the number of compute instances to launch.
1. For **IAM role**, enter the user's IAM execution role. This role should have the required permissions for SageMaker AI to create and run processing jobs on your behalf. These permissions are granted if you have the [AmazonSageMakerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerFullAccess.html) policy attached to your IAM role.
1. For **Volume size**, enter the storage size in GB for the ML storage volume that is attached to each processing instance. Choose the size based on your expected input and output data size.
1. (Optional) For **Volume KMS key**, specify a KMS key to encrypt the storage volume. If you don't specify a key, the default Amazon EBS encryption key is used.
1. (Optional) For **KMS key**, specify a KMS key to encrypt input and output Amazon S3 data sources used by the processing job.
1. (Optional) For **Spark memory configuration**, do the following:
1. Enter **Driver memory in MB** for the Spark driver node that handles job coordination and scheduling.
1. Enter **Executor memory in MB** for the Spark executor nodes that run individual tasks in the job.
1. (Optional) For **Network configuration**, do the following:
1. For **Subnet configuration**, enter the IDs of the VPC subnets for the processing instances to be launched in. By default, the job uses the settings of your default VPC.
1. For **Security group configuration**, enter the IDs of the security groups to control inbound and outbound connectivity rules.
1. Turn on the **Enable inter-container traffic encryption** option to encrypt network communication between processing containers during the job.
1. (Optional) For **Associate schedules**, you can choose create an Amazon EventBridge schedule to have the processing job run on recurring intervals. Choose **Create new schedule** and fill out the dialog box. For more information about filling out this section and running processing jobs on a schedule, see [Create a schedule to automatically process new data](canvas-data-export-schedule-job.md).
1. (Optional) Add **Tags** as key-value pairs so that you can categorize and search for processing jobs.
1. Choose **Export** to start the processing job.
------
After exporting your data, you should find the fully processed dataset in the specified Amazon S3 location.
# Export a data flow
Exporting your data flow translates the operations that you've made in Data Wrangler and exports it into a Jupyter notebook of Python code that you can modify and run. This can be helpful for integrating the code for your data transformations into your machine learning pipelines.
You can choose any data node in your data flow and export it. Exporting the data node exports the transformation that the node represents and the transformations that precede it.
**To export a data flow as a Jupyter notebook**
1. Navigate to your data flow.
1. Choose the ellipsis icon next to the node that you want to export.
1. In the context menu, hover over **Export**, and then hover over **Export via Jupyter notebook**.
1. Choose one of the following:
+ **SageMaker Pipelines**
+ **Amazon S3**
+ **SageMaker AI Inference Pipeline**
+ **SageMaker AI Feature Store**
+ **Python Code**
1. The **Export data flow as notebook** dialog box opens. Select one of the following:
+ **Download a local copy**
+ **Export to S3 location**
1. If you selected **Export to S3 location**, enter the Amazon S3 location to which you want to export the notebook.
1. Choose **Export**.
Your Jupyter notebook should either download to your local machine, or you can find it saved in the Amazon S3 location you specified.
# Add destination nodes
A destination node in SageMaker Canvas specifies where to store your processed and transformed data. When you choose to export your transformed data to Amazon S3, Canvas uses the specified destination node location, applying all the transformations you've configured in your data flow. For more information about export jobs to Amazon S3, see the preceding section [Export to Amazon S3](canvas-export-data.md#canvas-export-data-s3).
By default, choosing to export your data to Amazon S3 adds a destination node to your data flow. However, you can add multiple destination nodes to your flow, allowing you to simultaneously export different sets of transformations or variations of your data to different Amazon S3 locations. For example, you can create one destination node that exports the data after applying all transformations, and another destination node that exports the data after only certain initial transformations, such as a join operation. This flexibility enables you to export and store different versions or subsets of your transformed data in separate S3 locations for various use cases.
Use the following procedure to add a destination node to your data flow.
**To add a destination node**
1. Navigate to your data flow.
1. Choose the ellipsis icon next to the node where you want to place the destination node.
1. In the context menu, hover over **Export**, and then select **Add destination**.
1. In the **Export destination** side panel, enter a **Dataset name** to name the output.
1. For **Amazon S3 location**, enter the Amazon S3 location to which you want to export the output. You can enter the S3 URI, alias, or ARN of the S3 location or S3 access point. For more information access points, see [Managing data access with Amazon S3 access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html) in the *Amazon S3 User Guide*.
1. For **Export settings**, specify the following fields:
1. **File type** – The file format of the exported data.
1. **Delimiter** – The delimiter used to separate values in the file.
1. **Compression** – The compression method used to reduce the file size.
1. For **Partitioning**, specify the following fields:
1. **Number of partitions** – The number of dataset files that SageMaker Canvas writes as the output of the job.
1. **Choose columns** – You can choose a subset of columns from the data to include in the partitions.
1. Choose **Add** if you want to simply add a destination node to your data flow, or choose **Add** and then choose **Export** if you want to add the node and initiate an export job.
You should now see a new destination node in your flow.
# Edit a destination node
A *destination node* in a Amazon SageMaker Canvas data flow specifies the Amazon S3 location where your processed and transformed data is stored, applying all the configured transformations in your data flow. You can edit the configuration of an existing destination node and then choose to re-run the job to overwrite the data in the specified Amazon S3 location. For more information about adding a new destination node, see [Add destination nodes](canvas-destination-nodes-add.md).
Use the following procedure to edit a destination node in your data flow and initiate an export job.
**To edit a destination node**
1. Navigate to your data flow.
1. Choose the ellipsis icon next to the destination node that you want to edit.
1. In the context menu, choose **Edit**.
1. The **Edit destination** side panel opens. From this panel, you can edit details such as the dataset name, the Amazon S3 location, and the export and partitioning settings.
1. (Optional) In **Additional nodes to export**, you can select more destination nodes to process when you run the export job.
1. Leave the **Process entire dataset** option selected if you want Canvas to apply your data flow transforms to your entire dataset and export the result. If you deselect this option, Canvas only applies the transforms to the sample of your dataset used in the interactive Data Wrangler data flow.
1. Leave the **Auto job configuration** option selected if you want Canvas to automatically determine whether to run the job using Canvas application memory or an EMR Serverless job. If you deselect this option and manually configure your job, then you can choose to use either an EMR Serverless or a SageMaker Processing job. For instructions on how to configure an EMR Serverless or a SageMaker Processing job, see the preceding section [Export to Amazon S3](canvas-export-data.md#canvas-export-data-s3).
1. When you're done making changes, choose **Update**.
Saving changes to your destination node configuration doesn't automatically re-run a job or overwrite data that has already been processed and exported. Export your data again to run a job with the new configuration. If you decide to export your data again with a job, Canvas uses the updated destination node configuration to transform and output the data to the specified location, overwriting any existing data.
# Create a schedule to automatically process new data
**Note**
The following section only applies to SageMaker Processing jobs. If you used the default Canvas settings or EMR Serverless to create a remote job to apply transforms to your full dataset, this section doesn’t apply.
If you're processing data periodically, you can create a schedule to run the processing job automatically. For example, you can create a schedule that runs a processing job automatically when you get new data. For more information about processing jobs, see [Export to Amazon S3](canvas-export-data.md#canvas-export-data-s3).
When you create a job, you must specify an IAM role that has permissions to create the job. You can use the [AmazonSageMakerCanvasDataPrepFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasDataPrepFullAccess.html) policy to add permissions.
Add the following trust policy to the role to allow EventBridge to assume it.
```
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
```
**Important**
When you create a schedule, Data Wrangler creates an `eventRule` in EventBridge. You incur charges for both the event rules that you create and the instances used to run the processing job.
For information about EventBridge pricing, see [Amazon EventBridge pricing](https://aws.amazon.com/eventbridge/pricing/). For information about processing job pricing, see [Amazon SageMaker Pricing](https://aws.amazon.com/sagemaker/pricing/).
You can set a schedule using one of the following methods:
+ [CRON expressions](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-schedule.html)
**Note**
Data Wrangler doesn't support the following expressions:
LW\$1
Abbreviations for days
Abbreviations for months
+ [RATE expressions](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-schedule.html#eb-rate-expressions)
+ Recurring – Set an hourly or daily interval to run the job.
+ Specific time – Set specific days and times to run the job.
The following sections provide procedures on scheduling jobs when filling out the SageMaker AI Processing job settings while [exporting your data to Amazon S3](canvas-export-data.md#canvas-export-data-s3). All of the following instructions begin in the **Associate schedules** section of the SageMaker Processing job settings.
------
#### [ CRON ]
Use the following procedure to create a schedule with a CRON expression.
1. In the **Export to Amazon S3** side panel, make sure you've turned off the **Auto job configuration** toggle and have the **SageMaker Processing** option selected.
1. In the **SageMaker Processing** job settings, open the **Associate schedules** section and choose **Create new schedule**.
1. The **Create new schedule** dialog box opens. For **Schedule Name**, specify the name of the schedule.
1. For **Run Frequency**, choose **CRON**.
1. For each of the **Minutes**, **Hours**, **Days of month**, **Month**, and **Day of week** fields, enter valid CRON expression values.
1. Choose **Create**.
1. (Optional) Choose **Add another schedule** to run the job on an additional schedule.
**Note**
You can associate a maximum of two schedules. The schedules are independent and don't affect each other unless the times overlap.
1. Choose one of the following:
+ **Schedule and run now** – The job runs immediately and subsequently runs on the schedules.
+ **Schedule only** – The job only runs on the schedules that you specify.
1. Choose **Export** after you've filled out the rest of the export job settings.
------
#### [ RATE ]
Use the following procedure to create a schedule with a RATE expression.
1. In the **Export to Amazon S3** side panel, make sure you've turned off the **Auto job configuration** toggle and have the **SageMaker Processing** option selected.
1. In the **SageMaker Processing** job settings, open the **Associate schedules** section and choose **Create new schedule**.
1. The **Create new schedule** dialog box opens. For **Schedule Name**, specify the name of the schedule.
1. For **Run Frequency**, choose **Rate**.
1. For **Value**, specify an integer.
1. For **Unit**, select one of the following:
+ **Minutes**
+ **Hours**
+ **Days**
1. Choose **Create**.
1. (Optional) Choose **Add another schedule** to run the job on an additional schedule.
**Note**
You can associate a maximum of two schedules. The schedules are independent and don't affect each other unless the times overlap.
1. Choose one of the following:
+ **Schedule and run now** – The job runs immediately and subsequently runs on the schedules.
+ **Schedule only** – The job only runs on the schedules that you specify.
1. Choose **Export** after you've filled out the rest of the export job settings.
------
#### [ Recurring ]
Use the following procedure to create a schedule that runs a job on a recurring basis.
1. In the **Export to Amazon S3** side panel, make sure you've turned off the **Auto job configuration** toggle and have the **SageMaker Processing** option selected.
1. In the **SageMaker Processing** job settings, open the **Associate schedules** section and choose **Create new schedule**.
1. The **Create new schedule** dialog box opens. For **Schedule Name**, specify the name of the schedule.
1. For **Run Frequency**, choose **Recurring**.
1. For **Every x hours**, specify the hourly frequency that the job runs during the day. Valid values are integers in the inclusive range of **1** and **23**.
1. For **On days**, select one of the following options:
+ **Every Day**
+ **Weekends**
+ **Weekdays**
+ **Select Days**
1. (Optional) If you've selected **Select Days**, choose the days of the week to run the job.
**Note**
The schedule resets every day. If you schedule a job to run every five hours, it runs at the following times during the day:
00:00
05:00
10:00
15:00
20:00
1. Choose **Create**.
1. (Optional) Choose **Add another schedule** to run the job on an additional schedule.
**Note**
You can associate a maximum of two schedules. The schedules are independent and don't affect each other unless the times overlap.
1. Choose one of the following:
+ **Schedule and run now** – The job runs immediately and subsequently runs on the schedules.
+ **Schedule only** – The job only runs on the schedules that you specify.
1. Choose **Export** after you've filled out the rest of the export job settings.
------
#### [ Specific time ]
Use the following procedure to create a schedule that runs a job at specific times.
1. In the **Export to Amazon S3** side panel, make sure you've turned off the **Auto job configuration** toggle and have the **SageMaker Processing** option selected.
1. In the **SageMaker Processing** job settings, open the **Associate schedules** section and choose **Create new schedule**.
1. The **Create new schedule** dialog box opens. For **Schedule Name**, specify the name of the schedule.
1. For **Run Frequency**, choose **Start time**.
1. For **Start time**, enter a time in UTC format (for example, **09:00**). The start time defaults to the time zone where you are located.
1. For **On days**, select one of the following options:
+ **Every Day**
+ **Weekends**
+ **Weekdays**
+ **Select Days**
1. (Optional) If you've selected **Select Days**, choose the days of the week to run the job.
1. Choose **Create**.
1. (Optional) Choose **Add another schedule** to run the job on an additional schedule.
**Note**
You can associate a maximum of two schedules. The schedules are independent and don't affect each other unless the times overlap.
1. Choose one of the following:
+ **Schedule and run now** – The job runs immediately and subsequently runs on the schedules.
+ **Schedule only** – The job only runs on the schedules that you specify.
1. Choose **Export** after you've filled out the rest of the export job settings.
------
You can use the SageMaker AI AWS Management Console to view the jobs that are scheduled to run. Your processing jobs run within Pipelines. Each processing job has its own pipeline. It runs as a processing step within the pipeline. You can view the schedules that you've created within a pipeline. For information about viewing a pipeline, see [View the details of a pipeline](pipelines-studio-list.md).
Use the following procedure to view the jobs that you've scheduled.
To view the jobs you've scheduled, do the following.
1. Open Amazon SageMaker Studio Classic.
1. Open Pipelines
1. View the pipelines for the jobs that you've created.
The pipeline running the job uses the job name as a prefix. For example, if you've created a job named `housing-data-feature-enginnering`, the name of the pipeline is `canvas-data-prep-housing-data-feature-engineering`.
1. Choose the pipeline containing your job.
1. View the status of the pipelines. Pipelines with a **Status** of **Succeeded** have run the processing job successfully.
To stop the processing job from running, do the following:
To stop a processing job from running, delete the event rule that specifies the schedule. Deleting an event rule stops all the jobs associated with the schedule from running. For information about deleting a rule, see [Disabling or deleting an Amazon EventBridge rule](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-delete-rule.html).
You can stop and delete the pipelines associated with the schedules as well. For information about stopping a pipeline, see [StopPipelineExecution](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StopPipelineExecution.html). For information about deleting a pipeline, see [DeletePipeline](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DeletePipeline.html#API_DeletePipeline_RequestSyntax).
# Automate data preparation in SageMaker Canvas
After you transform your data in data flow, you can export the transforms to your machine learning workflows. When you export your transforms, SageMaker Canvas creates a Jupyter notebook. You must run the notebook within Amazon SageMaker Studio Classic. For information about getting started with Studio Classic, contact your administrator.
## Automate data preparation using Pipelines
When you want to build and deploy large-scale machine learning (ML) workflows, you can use Pipelines to create workflows that manage and deploy SageMaker AI jobs. With Pipelines, you can build workflows that manage your SageMaker AI data preparation, model training, and model deployment jobs. You can use the first-party algorithms that SageMaker AI offers by using Pipelines. For more information on Pipelines, see [SageMaker Pipelines](https://docs.aws.amazon.com/sagemaker/latest/dg/pipelines.html).
When you export one or more steps from your data flow to Pipelines, Data Wrangler creates a Jupyter notebook that you can use to define, instantiate, run, and manage a pipeline.
### Use a Jupyter Notebook to Create a Pipeline
Use the following procedure to create a Jupyter notebook to export your Data Wrangler flow to Pipelines.
Use the following procedure to generate a Jupyter notebook and run it to export your Data Wrangler flow to Pipelines.
1. Choose the **\$1** next to the node that you want to export.
1. Choose **Export data flow**.
1. Choose **Pipelines (via Jupyter Notebook)**.
1. Download the Jupyter notebook or copy it to an Amazon S3 location. We recommend copying it to an Amazon S3 location that you can access within Studio Classic. Contact your administrator if you need guidance on a suitable location.
1. Run the Jupyter notebook.
You can use the Jupyter notebook that Data Wrangler produces to define a pipeline. The pipeline includes the data processing steps that are defined by your Data Wrangler flow.
You can add additional steps to your pipeline by adding steps to the `steps` list in the following code in the notebook:
```
pipeline = Pipeline(
name=pipeline_name,
parameters=[instance_type, instance_count],
steps=[step_process], #Add more steps to this list to run in your Pipeline
)
```
For more information on defining pipelines, see [Define SageMaker AI Pipeline](https://docs.aws.amazon.com/sagemaker/latest/dg/define-pipeline.html).
## Automate data preparation using an inference endpoint
Use your Data Wrangler flow to process data at the time of inference by creating a SageMaker AI serial inference pipeline from your Data Wrangler flow. An inference pipeline is a series of steps that results in a trained model making predictions on new data. A serial inference pipeline within Data Wrangler transforms the raw data and provides it to the machine learning model for a prediction. You create, run, and manage the inference pipeline from a Jupyter notebook within Studio Classic. For more information about accessing the notebook, see [Use a Jupyter notebook to create an inference endpoint](#canvas-inference-notebook).
Within the notebook, you can either train a machine learning model or specify one that you've already trained. You can either use Amazon SageMaker Autopilot or XGBoost to train the model using the data that you've transformed in your Data Wrangler flow.
The pipeline provides the ability to perform either batch or real-time inference. You can also add the Data Wrangler flow to SageMaker Model Registry. For more information about hosting models, see [Multi-model endpoints](multi-model-endpoints.md).
**Important**
You can't export your Data Wrangler flow to an inference endpoint if it has the following transformations:
Join
Concatenate
Group by
If you must use the preceding transforms to prepare your data, use the following procedure.
Create a Data Wrangler flow.
Apply the preceding transforms that aren't supported.
Export the data to an Amazon S3 bucket.
Create a separate Data Wrangler flow.
Import the data that you've exported from the preceding flow.
Apply the remaining transforms.
Create a serial inference pipeline using the Jupyter notebook that we provide.
For information about exporting your data to an Amazon S3 bucket see [Export data](canvas-export-data.md). For information about opening the Jupyter notebook used to create the serial inference pipeline, see [Use a Jupyter notebook to create an inference endpoint](#canvas-inference-notebook).
Data Wrangler ignores transforms that remove data at the time of inference. For example, Data Wrangler ignores the [Handle Missing Values](canvas-transform.md#canvas-transform-handle-missing) transform if you use the **Drop missing** configuration.
If you've refit transforms to your entire dataset, the transforms carry over to your inference pipeline. For example, if you used the median value to impute missing values, the median value from refitting the transform is applied to your inference requests. You can either refit the transforms from your Data Wrangler flow when you're using the Jupyter notebook or when you're exporting your data to an inference pipeline. .
The serial inference pipeline supports the following data types for the input and output strings. Each data type has a set of requirements.
**Supported datatypes**
+ `text/csv` – the datatype for CSV strings
+ The string can't have a header.
+ Features used for the inference pipeline must be in the same order as features in the training dataset.
+ There must be a comma delimiter between features.
+ Records must be delimited by a newline character.
The following is an example of a validly formatted CSV string that you can provide in an inference request.
```
abc,0.0,"Doe, John",12345\ndef,1.1,"Doe, Jane",67890
```
+ `application/json` – the datatype for JSON strings
+ The features used in the dataset for the inference pipeline must be in the same order as the features in the training dataset.
+ The data must have a specific schema. You define schema as a single `instances` object that has a set of `features`. Each `features` object represents an observation.
The following is an example of a validly formatted JSON string that you can provide in an inference request.
```
{
"instances": [
{
"features": ["abc", 0.0, "Doe, John", 12345]
},
{
"features": ["def", 1.1, "Doe, Jane", 67890]
}
]
}
```
### Use a Jupyter notebook to create an inference endpoint
Use the following procedure to export your Data Wrangler flow to create an inference pipeline.
To create an inference pipeline using a Jupyter notebook, do the following.
1. Choose the **\$1** next to the node that you want to export.
1. Choose **Export data flow**.
1. Choose **SageMaker AI Inference Pipeline (via Jupyter Notebook)**.
1. Download the Jupyter notebook or copy it to an Amazon S3 location. We recommend copying it to an Amazon S3 location that you can access within Studio Classic. Contact your administrator if you need guidance on a suitable location.
1. Run the Jupyter notebook.
When you run the Jupyter notebook, it creates an inference flow artifact. An inference flow artifact is a Data Wrangler flow file with additional metadata used to create the serial inference pipeline. The node that you're exporting encompasses all of the transforms from the preceding nodes.
**Important**
Data Wrangler needs the inference flow artifact to run the inference pipeline. You can't use your own flow file as the artifact. You must create it by using the preceding procedure.
## Automate data preparation using Python Code
To export all steps in your data flow to a Python file that you can manually integrate into any data processing workflow, use the following procedure.
Use the following procedure to generate a Jupyter notebook and run it to export your Data Wrangler flow to Python code.
1. Choose the **\$1** next to the node that you want to export.
1. Choose **Export data flow**.
1. Choose **Python Code**.
1. Download the Jupyter notebook or copy it to an Amazon S3 location. We recommend copying it to an Amazon S3 location that you can access within Studio Classic. Contact your administrator if you need guidance on a suitable location.
1. Run the Jupyter notebook.
You might need to configure the Python script to make it run in your pipeline. For example, if you're running a Spark environment, make sure that you are running the script from an environment that has permission to access AWS resources.
# Generative AI foundation models in SageMaker Canvas
Amazon SageMaker Canvas provides generative AI foundation models that you can use to start conversational chats. These content generation models are trained on large amounts of text data to learn the statistical patterns and relationships between words, and they can produce coherent text that is statistically similar to the text on which they were trained. You can use this capability to increase your productivity by doing the following:
+ Generate content, such as document outlines, reports, and blogs
+ Summarize text from large corpuses of text, such as earnings call transcripts, annual reports, or chapters of user manuals
+ Extract insights and key takeaways from large passages of text, such as meeting notes or narratives
+ Improve text and catch grammatical errors or typos
The foundation models are a combination of Amazon SageMaker JumpStart and [Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/what-is-service.html) large language models (LLMs). Canvas offers the following models:
| Model | Type | Description |
| --- | --- | --- |
| Amazon Titan | Amazon Bedrock model | Amazon Titan is a powerful, general-purpose language model that you can use for tasks such as summarization, text generation (such as creating a blog post), classification, open-ended Q&A, and information extraction. It is pretrained on large datasets, making it suitable for complex tasks and reasoning. To continue supporting best practices in the responsible use of AI, Amazon Titan foundation models are built to detect and remove harmful content in the data, reject inappropriate content in the user input, and filter model outputs that contain inappropriate content (such as hate speech, profanity, and violence). |
| Anthropic Claude Instant | Amazon Bedrock model | Anthropic's Claude Instant is a faster and more cost-effective yet still very capable model. This model can handle a range of tasks including casual dialogue, text analysis, summarization, and document question answering. Just like Claude-2, Claude Instant can support up to 100,000 tokens in each prompt, equivalent to about 200 pages of information. |
| Anthropic Claude-2 | Amazon Bedrock model | Claude-2 is Anthropic's most powerful model, which excels at a wide range of tasks from sophisticated dialogue and creative content generation to detailed instruction following. Claude-2 can take up to 100,000 tokens in each prompt, equivalent to about 200 pages of information. It can generate longer responses compared to its prior version. It supports use cases such as question answering, information extraction, removing PII, content generation, multiple-choice classification, roleplay, comparing text, summarization, and document Q&A with citation. |
| Falcon-7B-Instruct | JumpStart model | Falcon-7B-Instruct has 7 billion parameters and was fine-tuned on a mixture of chat and instruct datasets. It is suitable as a virtual assistant and performs best when following instructions or engaging in conversation. Since the model was trained on large amounts of English-language web data, it carries the stereotypes and biases commonly found online and is not suitable for languages other than English. Compared to Falcon-40B-Instruct, Falcon-7B-Instruct is a slightly smaller and more compact model. |
| Falcon-40B-Instruct | JumpStart model | Falcon-40B-Instruct has 40 billion parameters and was fine-tuned on a mixture of chat and instruct datasets. It is suitable as a virtual assistant and performs best when following instructions or engaging in conversation. Since the model was trained on large amounts of English-language web data, it carries the stereotypes and biases commonly found online and is not suitable for languages other than English. Compared to Falcon-7B-Instruct, Falcon-40B-Instruct is a slightly larger and more powerful model. |
| Jurassic-2 Mid | Amazon Bedrock model | Jurassic-2 Mid is a high-performance text generation model trained on a massive corpus of text (current up to mid 2022). It is highly versatile, general-purpose, and capable of composing human-like text and solving complex tasks such as question answering, text classification, and many others. This model offers zero-shot instruction capabilities, allowing it to be directed with only natural language and without the use of examples. It performs up to 30% faster than its predecessor, the Jurassic-1 model. Jurassic-2 Mid is AI21’s mid-sized model, carefully designed to strike the right balance between exceptional quality and affordability. |
| Jurassic-2 Ultra | Amazon Bedrock model | Jurassic-2 Ultra is a high-performance text generation model trained on a massive corpus of text (current up to mid 2022). It is highly versatile, general-purpose, and capable of composing human-like text and solving complex tasks such as question answering, text classification, and many others. This model offers zero-shot instruction capabilities, allowing it to be directed with only natural language and without the use of examples. It performs up to 30% faster than its predecessor, the Jurassic-1 model. Compared to Jurassic-2 Mid, Jurassic-2 Ultra is a slightly larger and more powerful model. |
| Llama-2-7b-Chat | JumpStart model | Llama-2-7b-Chat is a foundation model by Meta that is suitable for engaging in meaningful and coherent conversations, generating new content, and extracting answers from existing notes. Since the model was trained on large amounts of English-language internet data, it carries the biases and limitations commonly found online and is best-suited for tasks in English. |
| Llama-2-13B-Chat | Amazon Bedrock model | Llama-2-13B-Chat by Meta was fine-tuned on conversational data after initial training on internet data. It is optimized for natural dialog and engaging chat abilities, making it well-suited as a conversational agent. Compared to the smaller Llama-2-7b-Chat, Llama-2-13B-Chat has nearly twice as many parameters, allowing it to remember more context and produce more nuanced conversational responses. Like Llama-2-7b-Chat, Llama-2-13B-Chat was trained on English-language data and is best-suited for tasks in English. |
| Llama-2-70B-Chat | Amazon Bedrock model | Like Llama-2-7b-Chat and Llama-2-13B-Chat, the Llama-2-70B-Chat model by Meta is optimized for engaging in natural and meaningful dialog. With 70 billion parameters, this large conversational model can remember more extensive context and produce highly coherent responses when compared to the more compact model versions. However, this comes at the cost of slower responses and higher resource requirements. Llama-2-70B-Chat was trained on large amounts of English-language internet data and is best-suited for tasks in English. |
| Mistral-7B | JumpStart model | Mistral-7B by Mistral.AI is an excellent general purpose language model suitable for a wide range of natural language (NLP) tasks like text generation, summarization, and question answering. It utilizes grouped-query attention (GQA) which allows for faster inference speeds, making it perform comparably to models with twice or three times as many parameters. It was trained on a mixture of text data including books, websites, and scientific papers in the English language, so it is best-suited for tasks in English. |
| Mistral-7B-Chat | JumpStart model | Mistral-7B-Chat is a conversational model by Mistral.AI based on Mistral-7B. While Mistral-7B is best for general NLP tasks, Mistral-7B-Chat has been further fine-tuned on conversational data to optimize its abilities for natural, engaging chat. As a result, Mistral-7B-Chat generates more human-like responses and remembers the context of previous responses. Like Mistral-7B, this model is best-suited for English language tasks. |
| MPT-7B-Instruct | JumpStart model | MPT-7B-Instruct is a model for long-form instruction following tasks and can assist you with writing tasks including text summarization and question-answering to save you time and effort. This model was trained on large amounts of fine-tuned data and can handle larger inputs, such as complex documents. Use this model when you want to process large bodies of text or want the model to generate long responses. |
The foundation models from Amazon Bedrock are currently only available in the US East (N. Virginia) and US West (Oregon) Regions. Additionally, when using foundation models from Amazon Bedrock, you are charged based on the volume of input tokens and output tokens, as specified by each model provider. For more information, see the [Amazon Bedrock pricing page](https://aws.amazon.com/bedrock/pricing/). The JumpStart foundation models are deployed on SageMaker AI Hosting instances, and you are charged for the duration of usage based on the instance type used. For more information about the cost of different instance types, see the Amazon SageMaker AI Hosting: Real-Time Inference section on the [SageMaker pricing page](https://aws.amazon.com/sagemaker/pricing/).
Document querying is an additional feature that you can use to query and get insights from documents stored in indexes using Amazon Kendra. With this functionality, you can generate content from the context of those documents and receive responses that are specific to your business use case, as opposed to responses that are generic to the large amounts of data on which the foundation models were trained. For more information about indexes in Amazon Kendra, see the [Amazon Kendra Developer Guide](https://docs.aws.amazon.com/kendra/latest/dg/what-is-kendra.html).
If you would like to get responses from any of the foundation models that are customized to your data and use case, you can fine-tune foundation models. To learn more, see [Fine-tune foundation models](canvas-fm-chat-fine-tune.md).
If you'd like to get predictions from an Amazon SageMaker JumpStart foundation model through an application or website, you can deploy the model to a SageMaker AI *endpoint*. SageMaker AI endpoints host your model, and you can send requests to the endpoint through your application code to receive predictions from the model. For more information, see [Deploy your models to an endpoint](canvas-deploy-model.md).
# Complete the prerequisites for foundation models in SageMaker Canvas
The following sections outline the prerequisites for interacting with foundation models and using the document query feature in Canvas. The rest of the content on this page assumes that you’ve met the prerequisites for foundation models. The document query feature requires additional permissions.
## Prerequisites for foundation models
The permissions you need for interacting with models are included in the Canvas Ready-to-use models permissions. To use the generative AI-powered models in Canvas, you must turn on the **Canvas Ready-to-use models configuration** permissions when setting up your Amazon SageMaker AI domain. For more information, see [Prerequisites for setting up Amazon SageMaker Canvas](canvas-getting-started.md#canvas-prerequisites). The **Canvas Ready-to-use models configuration** attaches the [AmazonSageMakerCanvasAIServicesAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasAIServicesAccess) policy to your Canvas user's AWS Identity and Access Management (IAM) execution role. If you encounter any issues with granting permissions, see the topic [Troubleshooting issues with granting permissions through the SageMaker AI console](canvas-limits.md#canvas-troubleshoot-trusted-services).
If you’ve already set up your domain, you can edit your domain settings and turn on the permissions. For instructions on how to edit your domain settings, see [Edit domain settings](domain-edit.md). When editing the settings for your domain, go to the **Canvas settings** and turn on the **Enable Canvas Ready-to-use models** option.
Certain JumpStart foundation models also require that you request a SageMaker AI instance quota increase. Canvas hosts the models that you’re currently interacting with on these instances, but the default quota for your account may be insufficient. If you run into an error while running any of the following models, request a quota increase for the associated instance types:
+ Falcon-40B – `ml.g5.12xlarge`, `ml.g5.24xlarge`
+ Falcon-13B – `ml.g5.2xlarge`, `ml.g5.4xlarge`, `ml.g5.8xlarge`
+ MPT-7B-Instruct – `ml.g5.2xlarge`, `ml.g5.4xlarge`, `ml.g5.8xlarge`
For the preceding instances types, request an increase from 0 to 1 for the endpoint usage quota. For more information about how to increase an instance quota for your account, see [Requesting a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) in the *Service Quotas User Guide*.
## Prerequisites for document querying
**Note**
Document querying is supported in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and Asia Pacific (Mumbai).
The document querying feature requires that you already have an Amazon Kendra index that stores your documents and document metadata. For more information about Amazon Kendra, see the [Amazon Kendra Developer Guide](https://docs.aws.amazon.com/kendra/latest/dg/what-is-kendra.html). To learn more about the quotas for querying indexes, see [Quotas](https://docs.aws.amazon.com/kendra/latest/dg/quotas.html) in the *Amazon Kendra Developer Guide*.
You must also make sure that your Canvas user profile has the necessary permissions for document querying. The [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasFullAccess.html) policy must be attached to the AWS IAM execution role for the SageMaker AI domain that hosts your Canvas application (this policy is attached by default to all new and existing Canvas user profiles). You must also specifically grant document querying permissions and specify access to one or more Amazon Kendra indexes.
If your Canvas administrator is setting up a new domain or user profile, have them set up the domain by following the instructions in [Prerequisites for setting up Amazon SageMaker Canvas](canvas-getting-started.md#canvas-prerequisites). While setting up the domain, they can turn on the document querying permissions through the **Canvas Ready-to-use models configuration**.
The Canvas administrator can manage document querying permissions at the user profile level as well. For example, if the administrator wants to grant document querying permissions to some user profiles but remove permissions for others, they can edit the permissions for a specific user.
The following procedure shows how to turn on document querying permissions for a specific user profile:
1. Open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the user profile’s domain.
1. On the **domain details** page, choose the **User profile** whose permissions you want to edit.
1. On the **User Details** page, choose **Edit**.
1. In the left navigation pane, choose **Canvas settings**.
1. In the **Canvas Ready-to-use models configuration** section, turn on the **Enable document query using Amazon Kendra** toggle.
1. In the dropdown, select one or more Amazon Kendra indexes to which you want to grant access.
1. Choose **Submit** to save the changes to your domain settings.
You should now be able to use Canvas foundation models to query documents in the specified Amazon Kendra indexes.
# Start a new conversation to generate, extract, or summarize content
To get started with generative AI foundation models in Canvas, you can initiate a new chat session with one of the models. For JumpStart models, you are charged while the model is active, so you must start up models when you want to use them and shut them down when you are done interacting. If you do not shut down a JumpStart model, Canvas shuts it down after 2 hours of inactivity. For Amazon Bedrock models (such as Amazon Titan), you are charged by prompt; the models are already active and don’t need to be started up or shut down. You are charged directly for use of these models by Amazon Bedrock.
To open a chat with a model, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **Ready-to-use models**.
1. Choose **Generate, extract and summarize content**.
1. On the welcome page, you’ll receive a recommendation to start up the default model. You can start the recommended model, or you can choose **Select another model** from the dropdown to choose a different one.
1. If you selected a JumpStart foundation model, you have to start it up before it is available for use. Choose **Start up the model**, and then the model is deployed to a SageMaker AI instance. It might take several minutes for this to complete. When the model is ready, you can enter prompts and ask the model questions.
If you selected a foundation model from Amazon Bedrock, you can start using it instantly by entering a prompt and asking questions.
Depending on the model, you can perform various tasks. For example, you can enter a passage of text and ask the model to summarize it. Or, you can ask the model to come up with a short summary of the market trends in your domain.
The model’s responses in a chat are based on the context of your previous prompts. If you want to ask a new question in the chat that is unrelated to the previous conversation topic, we recommend that you start a new chat with the model.
# Extract information from documents with document querying
**Note**
This section assumes that you’ve completed the section above [Prerequisites for document querying](canvas-fm-chat-prereqs.md#canvas-fm-chat-prereqs-kendra).
Document querying is a feature that you can use while interacting with foundation models in Canvas. With document querying, you can access a corpus of documents stored in an Amazon Kendra *index*, which holds the contents of your documents and is structured in a way to make documents searchable. You can ask specific questions that are targeted to the data in your Amazon Kendra index, and the foundation model returns answers to your questions. For example, you can query an internal knowledge base of IT information and ask questions such as “How do I connect to my company’s network?” For more information about setting up an index, see the [Amazon Kendra Developer Guide](https://docs.aws.amazon.com/kendra/latest/dg/what-is-kendra.html).
When using the document query feature, the foundation models restrict their responses to the content of the documents in your index with a technique called Retrieval Augmented Generation (RAG). This technique bundles the most relevant information from the index along with the user's prompt and sends it to the foundation model to get a response. Responses are limited to what can be found in your index, preventing the model from giving you incorrect responses based on external data. For more information about this process, see the blog post [Quickly build high-accuracy Generative AI applications on enterprise data](https://aws.amazon.com/blogs/machine-learning/quickly-build-high-accuracy-generative-ai-applications-on-enterprise-data-using-amazon-kendra-langchain-and-large-language-models/).
To get started, in a chat with a foundation model in Canvas, turn on the **Document query** toggle at the top of the page. From the dropdown, select the Amazon Kendra index that you want to query. Then, you can begin asking questions related to the documents in your index.
**Important**
Document querying supports the [Compare model outputs](canvas-fm-chat-compare.md) feature. Any existing chat history is overwritten when you start a new chat to compare model outputs.
# Start up models
**Note**
The following section describe starting up models, which only applies to the JumpStart foundation models, such as Falcon-40B-Instruct. You can access Amazon Bedrock models, such as Amazon Titan, instantly at any time.
You can start up as many JumpStart models as you like. Each active JumpStart model incurs charges on your account, so we recommend that you don’t start up more models than you are currently using.
To start up another model, you can do the following:
1. On the **Generate, extract and summarize content** page, choose **New chat**.
1. Choose the model from the dropdown menu. If you want to choose a model not displayed in the dropdown, choose **Start up another model**, and then select the model that you want to start up.
1. Choose **Start up model**.
The model should begin starting up, and within a few minutes you can chat with the model.
# Shut down models
We highly recommend that you shut down models that you aren’t using. The models automatically shut down after 2 hours of inactivity. However, to manually shut down a model, you can do the following:
1. On the **Generate, extract and summarize content** page, open the chat for the model that you want to shut down.
1. On the chat page, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)).
1. Choose **Shut down model**.
1. In the **Shut down model** confirmation box, choose **Shut down**.
The model begins shutting down. If your chat compares two or more models, you can shut down an individual model from the chat page by choosing the model’s **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) and then choosing **Shut down model**.
# Compare model outputs
You might want to compare the output of different models side by side to see which model output you prefer. This can help you decide which model is best suited to your use case. You can compare up to three models in chats.
**Note**
Each individual model incurs charges on your account.
You must start a new chat to add models for comparison. To compare the output of models side by side in a chat, do the following:
1. In a chat, choose **New chat**.
1. Choose **Compare**, and use the dropdown menu to select the model that you want to add. To add a third model, choose **Compare** again to add another model.
**Note**
If you want to use a JumpStart model that isn’t currently active, you are prompted to start up the model.
When the models are active, you see the two models side by side in the chat. You can submit your prompt, and each model responds in the same chat, as shown in the following screenshot.
![\[Screenshot of the Canvas interface with the output of two models shown side by side.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-chat-compare-outputs.png)
When you’re done interacting, make sure to shut down any JumpStart models individually to avoid incurring further charges.
# Fine-tune foundation models
The foundation models that you can access through Amazon SageMaker Canvas can help you with a range of general purpose tasks. However, if you have a specific use case and would like to customized responses based on your own data, you can *fine-tune* a foundation model.
To fine-tune a foundation model, you provide a dataset that consists of sample prompts and model responses. Then, you train the foundation model on the data. Finally, the fine-tuned foundation model is able to provide you with more specific responses.
The following list contains the foundation models that you can fine-tune in Canvas:
+ Titan Express
+ Falcon-7B
+ Falcon-7B-Instruct
+ Falcon-40B-Instruct
+ Falcon-40B
+ Flan-T5-Large
+ Flan-T5-Xl
+ Flan-T5-Xxl
+ MPT-7B
+ MPT-7B-Instruct
You can access more detailed information about each foundation model in the Canvas application while fine-tuning a model. For more information, see [Fine-tune the model](#canvas-fm-chat-fine-tune-procedure-model).
This topic describes how to fine-tune foundation models in Canvas.
## Before you begin
Before fine-tuning a foundation model, make sure that you have the permissions for Ready-to-use models in Canvas and an AWS Identity and Access Management execution role that has a trust relationship with Amazon Bedrock, which allows Amazon Bedrock to assume your role while fine-tuning foundation models.
While setting up or editing your Amazon SageMaker AI domain, you must 1) turn on the Canvas Ready-to-use models configuration permissions, and 2) create or specify an Amazon Bedrock role, which is an IAM execution role to which SageMaker AI attaches a trust relationship with Amazon Bedrock. For more information about configuring these settings, see [Prerequisites for setting up Amazon SageMaker Canvas](canvas-getting-started.md#canvas-prerequisites).
You can configure the Amazon Bedrock role manually if you would rather use your own IAM execution role (instead of letting SageMaker AI create one on your behalf). For more information about configuring your own IAM execution role’s trust relationship with Amazon Bedrock, see [Grant Users Permissions to Use Amazon Bedrock and Generative AI Features in Canvas](canvas-fine-tuning-permissions.md).
You must also have a dataset that is formatted for fine-tuning large language models (LLMs). The following is a list of requirements for your dataset:
+ The dataset must be tabular and contain at least two columns of text data–one input column (which contains example prompts to the model) and one output column (which contains example responses from the model).
An example is the following:
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sagemaker/latest/dg/canvas-fm-chat-fine-tune.html)
+ We recommend that the dataset has at least 100 text pairs (rows of corresponding input and output items). This ensures that the foundation model has enough data for fine-tuning and increases the accuracy of its responses.
+ Each input and output item should contain a maximum of 512 characters. Anything longer is reduced to 512 characters when fine-tuning the foundation model.
When fine-tuning an Amazon Bedrock model, you must adhere to the Amazon Bedrock quotas. For more information, see [Model customization quotas](https://docs.aws.amazon.com/bedrock/latest/userguide/quotas.html#model-customization-quotas) in the *Amazon Bedrock User Guide*.
For more information about general dataset requirements and limitations in Canvas, see [Create a dataset](canvas-import-dataset.md).
## Fine-tune a foundation model
You can fine-tune a foundation model by using any of the following methods in the Canvas application:
+ While in a **Generate, extract and summarize content** chat with a foundation model, choose the **Fine-tune model** icon (![\[Magnifying glass icon with a plus sign, indicating a search or zoom-in function.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/wrench-icon-small.png)).
+ While in a chat with a foundation model, if you’ve re-generated the response two or more times, then Canvas offers you the option to **Fine-tune model**. The following screenshot shows you what this looks like.
![\[Screenshot of the Fine-tune foundation model option shown in a chat.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/fine-tuning-ingress.png)
+ On the **My models** page, you can create a new model by choosing **New model**, and then select **Fine-tune foundation model**.
+ On the **Ready-to-use models** home page, you can choose **Create your own model**, and then in the **Create new model** dialog box, choose **Fine-tune foundation model**.
+ While browsing your datasets in the **Data Wrangler** tab, you can select a dataset and choose **Create a model**. Then, choose **Fine-tune foundation model**.
After you’ve begun to fine-tune a model, do the following:
### Select a dataset
On the **Select** tab of fine-tuning a model, you choose the data on which you’d like to train the foundation model.
Either select an existing dataset or create a new dataset that meets the requirements listed in the [Before you begin](#canvas-fm-chat-fine-tune-prereqs) section. For more information about how to create a dataset, see [Create a dataset](canvas-import-dataset.md).
When you’ve selected or created a dataset and you’re ready to move on, choose **Select dataset**.
### Fine-tune the model
After selecting your data, you’re now ready to begin training and fine-tune the model.
On the **Fine-tune** tab, do the following:
1. (Optional) Choose **Learn more about our foundation models** to access more information about each model and help you decide which foundation model or models to deploy.
1. For **Select up to 3 base models**, open the dropdown menu and check up to 3 foundation models (up to 2 JumpStart models and 1 Amazon Bedrock model) that you’d like to fine-tune during the training job. By fine-tuning multiple foundation models, you can compare their performance and ultimately choose the one best suited to your use case as the default model. For more information about default models, see [View model candidates in the model leaderboard](canvas-evaluate-model-candidates.md).
1. For **Select Input column**, select the column of text data in your dataset that contains the example model prompts.
1. For **Select Output column**, select the column of text data in your dataset that contains the example model responses.
1. (Optional) To configure advanced settings for the training job, choose **Configure model**. For more information about the advanced model building settings, see [Advanced model building configurations](canvas-advanced-settings.md).
In the **Configure model** pop-up window, do the following:
1. For **Hyperparameters**, you can adjust the **Epoch count**, **Batch size**, **Learning rate**, and **Learning rate warmup steps** for each model you selected. For more information about these parameters, see the [ Hyperparameters section in the JumpStart documentation](https://docs.aws.amazon.com/sagemaker/latest/dg/jumpstart-fine-tune.html#jumpstart-hyperparameters).
1. For **Data split**, you can specify percentages for how to divide your data between the **Training set** and **Validation set**.
1. For **Max job runtime**, you can set the maximum amount of time that Canvas runs the build job. This feature is only available for JumpStart foundation models.
1. After configuring the settings, choose **Save**.
1. Choose **Fine-tune** to begin training the foundation models you selected.
After the fine-tuning job begins, you can leave the page. When the model shows as **Ready** on the **My models** page, it’s ready for use, and you can now analyze the performance of your fine-tuned foundation model.
### Analyze the fine-tuned foundation model
On the **Analyze** tab of your fine-tuned foundation model, you can see the model’s performance.
The **Overview** tab on this page shows you the perplexity and loss scores, along with analyses that visualize the model’s improvement over time during training. The following screenshot shows the **Overview** tab.
![\[The Analyze tab of a fine-tuned foundation model in Canvas, showing the perplexity and loss curves.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-fine-tune-analyze-2.png)
On this page, you can see the following visualizations:
+ The **Perplexity Curve** measures how well the model predicts the next word in a sequence, or how grammatical the model’s output is. Ideally, as the model improves during training, the score decreases and results in a curve that lowers and flattens over time.
+ The **Loss Curve** quantifies the difference between the correct output and the model’s predicted output. A loss curve that decreases and flattens over time indicates that the model is improving its ability to make accurate predictions.
The **Advanced metrics** tab shows you the hyperparameters and additional metrics for your model. It looks like the following screenshot:
![\[Screenshot of the Advanced metrics tab of a fine-tuned foundation model in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-fine-tune-metrics.png)
The **Advanced metrics** tab contains the following information:
+ The **Explainability** section contains the **Hyperparameters**, which are the values set before the job to guide the model’s fine-tuning. If you didn’t specify custom hyperparameters in the model’s advanced settings in the [Fine-tune the model](#canvas-fm-chat-fine-tune-procedure-model) section, then Canvas selects default hyperparameters for you.
For JumpStart models, you can also see the advanced metric [ROUGE (Recall-Oriented Understudy for Gisting Evaluation)](https://en.wikipedia.org/wiki/ROUGE_(metric)), which evaluates the quality of summaries generated by the model. It measures how well the model can summarize the main points of a passage.
+ The **Artifacts** section provides you with links to artifacts generated during the fine-tuning job. You can access the training and validation data saved in Amazon S3, as well as the link to the model evaluation report (to learn more, see the following paragraph).
To get more model evaluation insights, you can download a report that is generated using [SageMaker Clarify](https://docs.aws.amazon.com/sagemaker/latest/dg/clarify-configure-processing-jobs.html), which is a feature that can help you detect bias in your model and data. First, generate the report by choosing **Generate evaluation report** at the bottom of the page. After the report has generated, you can download the full report by choosing **Download report** or by returning to the **Artifacts** section.
You can also access a Jupyter notebook that shows you how to replicate your fine-tuning job in Python code. You can use this to replicate or make programmatic changes to your fine-tuning job or get a deeper understanding of how Canvas fine-tunes your model. To learn more about model notebooks and how to access them, see [Download a model notebook](canvas-notebook.md).
For more information about how to interpret the information in the **Analyze** tab of your fine-tuned foundation model, see the topic [Model evaluation](canvas-evaluate-model.md).
After analyzing the **Overview** and **Advanced metrics** tabs, you can also choose to open the **Model leaderboard**, which shows you the list of the base models trained during the build. The model with the lowest loss score is considered the best performing model and is selected as the **Default model**, which is the model whose analysis you see in the **Analyze** tab. You can only test and deploy the default model. For more information about the model leaderboard and how to change the default model, see [View model candidates in the model leaderboard](canvas-evaluate-model-candidates.md).
### Test a fine-tuned foundation model in a chat
After analyzing the performance of a fine-tuned foundation model, you might want to test it out or compare its responses with the base model. You can test a fine-tuned foundation model in a chat in the **Generate, extract and summarize content** feature.
Start a chat with a fine-tuned model by choosing one of the following methods:
+ On the fine-tuned model’s **Analyze** tab, choose **Test in Ready-to-use foundation models**.
+ On the Canvas **Ready-to-use models** page, choose **Generate, extract and summarize content**. Then, choose **New chat** and select the version of the model that you want to test.
The model starts up in a chat, and you can interact with it like any other foundation model. You can add more models to the chat and compare their outputs. For more information about the functionality of chats, see [Generative AI foundation models in SageMaker Canvas](canvas-fm-chat.md).
## Operationalize fine-tuned foundation models
After fine-tuning your model in Canvas, you can do the following:
+ Register the model to the SageMaker Model Registry for integration into your organizations MLOps processes. For more information, see [Register a model version in the SageMaker AI model registry](canvas-register-model.md).
+ Deploy the model to a SageMaker AI endpoint and send requests to the model from your application or website to get predictions (or *inference*). For more information, see [Deploy your models to an endpoint](canvas-deploy-model.md).
**Important**
You can only register and deploy JumpStart based fine-tuned foundation models, not Amazon Bedrock based models.
# Ready-to-use models
With Amazon SageMaker Canvas Ready-to-use models, you can make predictions on your data without writing a single line of code or having to build a model—all you have to bring is your data. The Ready-to-use models use pre-built models to generate predictions without requiring you to spend the time, expertise, or cost required to build a model, and you can choose from a variety of use cases ranging from language detection to expense analysis.
Canvas integrates with existing AWS services, such as [Amazon Textract](https://docs.aws.amazon.com/textract/latest/dg/what-is.html), [Amazon Rekognition](https://docs.aws.amazon.com/rekognition/latest/dg/what-is.html), and [Amazon Comprehend](https://docs.aws.amazon.com/comprehend/latest/dg/what-is.html), to analyze your data and make predictions or extract insights. You can use the predictive power of these services from within the Canvas application to get high quality predictions for your data.
Canvas supports the following Ready-to-use models types:
| Ready-to-use model | Description | Supported data type |
| --- | --- | --- |
| Sentiment analysis | Detect sentiment in lines of text, which can be positive, negative, neutral, or mixed. Currently, you can only do sentiment analysis for English language text. | Plain text or tabular (CSV, Parquet) |
| Entities extraction | Extract entities, which are real-world objects such as people, places, and commercial items, or units such as dates and quantities, from text. | Plain text or tabular (CSV, Parquet) |
| Language detection | Determine the dominant language in text such as English, French, or German. | Plain text or tabular (CSV, Parquet) |
| Personal information detection | Detect personal information that could be used to identify an individual, such as addresses, bank account numbers, and phone numbers, from text. | Plain text or tabular (CSV, Parquet) |
| Object detection in images | Detect objects, concepts, scenes, and actions in your images. | Image (JPG, PNG) |
| Text detection in images | Detect text in your images. | Image (JPG, PNG) |
| Expense analysis | Extract information from invoices and receipts, such as date, number, item prices, total amount, and payment terms. | Document (PDF, JPG, PNG, TIFF) |
| Identity document analysis | Extract information from passports, driver licenses, and other identity documentation issued by the US Government. | Document (PDF, JPG, PNG, TIFF) |
| Document analysis | Analyze documents and forms for relationships among detected text. | Document (PDF, JPG, PNG, TIFF) |
| Document queries | Extract information from structured documents such as paystubs, bank statements, W-2s, and mortgage application forms by asking questions using natural language. | Document (PDF) |
## Get started
To get started with Ready-to-use models, review the following information.
**Prerequisites**
To use Ready-to-use models in Canvas, you must turn on the **Canvas Ready-to-use models configuration** permissions when [setting up your Amazon SageMaker AI domain](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-getting-started.html#canvas-prerequisites). The **Canvas Ready-to-use models configuration** attaches the [AmazonSageMakerCanvasAIServicesAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasAIServicesAccess) policy to your Canvas user's AWS Identity and Access Management (IAM) execution role. If you encounter any issues with granting permissions, see the topic [Troubleshooting issues with granting permissions through the SageMaker AI console](canvas-limits.md#canvas-troubleshoot-trusted-services).
If you’ve already set up your domain, you can edit your domain settings and turn on the permissions. For instructions on how to edit your domain settings, see [Edit domain settings](https://docs.aws.amazon.com/sagemaker/latest/dg/domain-edit.html). When editing the settings for your domain, go to the **Canvas settings** and turn on the **Enable Canvas Ready-to-use models** option.
**(Optional) Opt out of AI services data storage**
Certain AWS AI services store and use your data to make improvements to the service. You can opt out of having your data stored or used for service improvements. To learn more about how to opt out, see [ AI services opt-out policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) in the *AWS Organizations User Guide*.
**How to use Ready-to-use models**
To get started with Ready-to-use models, do the following:
1. **(Optional) Import your data.** You can import a tabular, image, or document dataset to generate batch predictions, or a dataset of predictions, with Ready-to-use models. To get started with importing a dataset, see [Create a data flow](canvas-data-flow.md).
1. **Generate predictions.** You can generate single or batch predictions with your chosen Ready-to-use model. To get started with making predictions, see [Make predictions for text data](canvas-ready-to-use-predict-text.md).
# Make predictions for text data
The following procedures describe how to make both single and batch predictions for text datasets. Each Ready-to-use model supports both **Single predictions** and **Batch predictions** for your dataset. A **Single prediction** is when you only need to make one prediction. For example, you have one image from which you want to extract text, or one paragraph of text for which you want to detect the dominant language. A **Batch prediction** is when you’d like to make predictions for an entire dataset. For example, you might have a CSV file of customer reviews for which you’d like to analyze the customer sentiment, or you might have image files in which you’d like to detect objects.
You can use these procedures for the following Ready-to-use model types: sentiment analysis, entities extraction, language detection, and personal information detection.
**Note**
For sentiment analysis, you can only use English language text.
## Single predictions
To make a single prediction for Ready-to-use models that accept text data, do the following:
1. In the left navigation pane of the Canvas application, choose **Ready-to-use models**.
1. On the **Ready-to-use models** page, choose the Ready-to-use model for your use case. For text data, it should be one of the following: **Sentiment analysis**, **Entities extraction**, **Language detection**, or **Personal information detection**.
1. On the **Run predictions** page for your chosen Ready-to-use model, choose **Single prediction**.
1. For **Text field**, enter the text for which you’d like to get a prediction.
1. Choose **Generate prediction results** to get your prediction.
In the right pane **Prediction results**, you receive an analysis of your text in addition to a **Confidence** score for each result or label. For example, if you chose language detection and entered a passage of text in French, you might get French with a 95% confidence score and traces of other languages, like English, with a 5% confidence score.
The following screenshot shows the results for a single prediction using language detection where the model is 100% confident that the passage is English.
![\[Screenshot of the results of a single prediction with the language detection Ready-to-use model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-ready-to-use/ai-solutions-text-prediction.png)
## Batch predictions
To make batch predictions for Ready-to-use models that accept text data, do the following:
1. In the left navigation pane of the Canvas application, choose **Ready-to-use models**.
1. On the **Ready-to-use models** page, choose the Ready-to-use model for your use case. For text data, it should be one of the following: **Sentiment analysis**, **Entities extraction**, **Language detection**, or **Personal information detection**.
1. On the **Run predictions** page for your chosen Ready-to-use model, choose **Batch prediction**.
1. Choose **Select dataset** if you’ve already imported your dataset. If not, choose **Import new dataset**, and then you are directed through the import data workflow.
1. From the list of available datasets, select your dataset and choose **Generate predictions** to get your predictions.
After the prediction job finishes running, on the **Run predictions** page, you see an output dataset listed under **Predictions**. This dataset contains your results, and if you select the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), you can **Preview** the output data. Then, you can choose **Download** to download the results.
# Make predictions for image data
The following procedures describe how to make both single and batch predictions for image datasets. Each Ready-to-use model supports both **Single predictions** and **Batch predictions** for your dataset. A **Single prediction** is when you only need to make one prediction. For example, you have one image from which you want to extract text, or one paragraph of text for which you want to detect the dominant language. A **Batch prediction** is when you’d like to make predictions for an entire dataset. For example, you might have a CSV file of customer reviews for which you’d like to analyze the customer sentiment, or you might have image files in which you’d like to detect objects.
You can use these procedures for the following Ready-to-use model types: object detection images and text detection in images.
## Single predictions
To make a single prediction for Ready-to-use models that accept image data, do the following:
1. In the left navigation pane of the Canvas application, choose **Ready-to-use models**.
1. On the **Ready-to-use models** page, choose the Ready-to-use model for your use case. For image data, it should be one of the following: **Object detection images** or **Text detection in images**.
1. On the **Run predictions** page for your chosen Ready-to-use model, choose **Single prediction**.
1. Choose **Upload image**.
1. You are prompted to select an image to upload from your local computer. Select the image from your local files, and then the prediction results generate.
In the right pane **Prediction results**, you receive an analysis of your image in addition to a **Confidence** score for each object or text detected. For example, if you chose object detection in images, you receive a list of objects in the image along with a confidence score of how certain the model is that each object was accurately detected, such as 93%.
The following screenshot shows the results for a single prediction using the object detection in images solution, where the model predicts objects such as a clock tower and bus with 100% confidence.
![\[The results of a single prediction with the object detection solution in images Ready-to-use model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-ready-to-use/ai-solutions-image-prediction.png)
## Batch predictions
To make batch predictions for Ready-to-use models that accept image data, do the following:
1. In the left navigation pane of the Canvas application, choose **Ready-to-use models**.
1. On the **Ready-to-use models** page, choose the Ready-to-use model for your use case. For image data, it should be one of the following: **Object detection images** or **Text detection in images**.
1. On the **Run predictions** page for your chosen Ready-to-use model, choose **Batch prediction**.
1. Choose **Select dataset** if you’ve already imported your dataset. If not, choose **Import new dataset**, and then you are directed through the import data workflow.
1. From the list of available datasets, select your dataset and choose **Generate predictions** to get your predictions.
After the prediction job finishes running, on the **Run predictions** page, you see an output dataset listed under **Predictions**. This dataset contains your results, and if you select the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), you can choose **View prediction results** to preview the output data. Then, you can choose **Download prediction** and download the results as a CSV or a ZIP file.
# Make predictions for document data
The following procedures describe how to make both single and batch predictions for document datasets. Each Ready-to-use model supports both **Single predictions** and **Batch predictions** for your dataset. A **Single prediction** is when you only need to make one prediction. For example, you have one image from which you want to extract text, or one paragraph of text for which you want to detect the dominant language. A **Batch prediction** is when you’d like to make predictions for an entire dataset. For example, you might have a CSV file of customer reviews for which you’d like to analyze the customer sentiment, or you might have image files in which you’d like to detect objects.
You can use these procedures for the following Ready-to-use model types: expense analysis, identity document analysis, and document analysis.
**Note**
For document queries, only single predictions are currently supported.
## Single predictions
To make a single prediction for Ready-to-use models that accept document data, do the following:
1. In the left navigation pane of the Canvas application, choose **Ready-to-use models**.
1. On the **Ready-to-use models** page, choose the Ready-to-use model for your use case. For document data, it should be one of the following: **Expense analysis**, **Identity document analysis**, or **Document analysis**.
1. On the **Run predictions** page for your chosen Ready-to-use model, choose **Single prediction**.
1. If your Ready-to-use model is identity document analysis or document analysis, complete the following actions. If you’re doing expense analysis or document queries, skip this step and go to Step 5 or Step 6, respectively.
1. Choose **Upload document**.
1. You are prompted to upload a PDF, JPG, or PNG file from your local computer. Select the document from your local files, and then the prediction results will generate.
1. If your Ready-to-use model is expense analysis, do the following:
1. Choose **Upload invoice or receipt**.
1. You are prompted to upload a PDF, JPG, PNG, or TIFF file from your local computer. Select the document from your local files, and then the prediction results will generate.
1. If your Ready-to-use model is document queries, do the following:
1. Choose **Upload document**.
1. You are prompted to upload a PDF file from your local computer. Select the document from your local files. Your PDF must be 1–100 pages long.
**Note**
If you're in the Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), or Europe (Frankfurt) regions, then the maximum PDF size for document queries is 20 pages.
1. In the right side pane, enter queries to search for information in the document. The number of characters you can have in a single query is from 1–200. You can add up to 15 queries at a time.
1. Choose **Submit queries**, and then the results generate with answers to your queries. You are billed once for each submissions of queries you make.
In the right pane **Prediction results**, you’ll receive an analysis of your document.
The following information describes the results for each type of solution:
+ For expense analysis, the results are categorized into **Summary fields**, which include fields such as the total on a receipt, and **Line item fields**, which include fields such as individual items on a receipt. The identified fields are highlighted on the document image in the output.
+ For identity document analysis, the output shows you the fields that the Ready-to-use model identified, such as first and last name, address, or date of birth. The identified fields are highlighted on the document image in the output.
+ For document analysis, the results are categorized into **Raw text**, **Forms**, **Tables**, and **Signatures**. **Raw text** includes all of the extracted text, while **Forms**, **Tables**, and **Signatures** only include information on the form that falls into those categories. For example, **Tables** only includes information extracted from tables in the document. The identified fields are highlighted on the document image in the output.
+ For document queries, Canvas returns answers to each of your queries. You can open the collapsible query dropdown to view a result, along with a confidence score for the prediction. If Canvas finds multiple answers in the document, then you might have more than one result for each query.
The following screenshot shows the results for a single prediction using the document analysis solution.
![\[Screenshot of the results of a single prediction with the document analysis Ready-to-use model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-ready-to-use/ai-solutions-document-analysis.png)
## Batch predictions
To make batch predictions for Ready-to-use models that accept document data, do the following:
1. In the left navigation pane of the Canvas application, choose **Ready-to-use models**.
1. On the **Ready-to-use models** page, choose the Ready-to-use model for your use case. For image data, it should be one of the following: **Expense analysis**, **Identity document analysis**, or **Document analysis**.
1. On the **Run predictions** page for your chosen Ready-to-use model, choose **Batch prediction**.
1. Choose **Select dataset** if you’ve already imported your dataset. If not, choose **Import new dataset**, and then you are directed through the import data workflow.
1. From the list of available datasets, select your dataset and choose **Generate predictions**. If your use case is document analysis, continue to Step 6.
1. (Optional) If your use case is Document analysis, another dialog box called **Select features to include in batch prediction** appears. You can select **Forms**, **Tables**, and **Signatures** to group the results by those features. Then, choose **Generate predictions**.
After the prediction job finishes running, on the **Run predictions** page, you see an output dataset listed under **Predictions**. This dataset contains your results, and if you select the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), you can choose **View prediction results** to preview the analysis of your document data.
The following information describes the results for each type of solution:
+ For expense analysis, the results are categorized into **Summary fields**, which include fields such as the total on a receipt, and **Line item fields**, which include fields such as individual items on a receipt. The identified fields are highlighted on the document image in the output.
+ For identity document analysis, the output shows you the fields that the Ready-to-use model identified, such as first and last name, address, or date of birth. The identified fields are highlighted on the document image in the output.
+ For document analysis, the results are categorized into **Raw text**, **Forms**, **Tables**, and **Signatures**. **Raw text** includes all of the extracted text, while **Forms**, **Tables**, and **Signatures** only include information on the form that falls into those categories. For example, **Tables** only includes information extracted from tables in the document. The identified fields are highlighted on the document image in the output.
After previewing your results, you can choose **Download prediction** and download the results as a ZIP file.
# Custom models
In Amazon SageMaker Canvas, you can train custom machine learning models tailored to your specific data and use case. By training a custom model on your data, you are able to capture characteristics and trends that are specific and most representative of your data. For example, you might want to create a custom time series forecasting model that you train on inventory data from your warehouse to manage your logistics operations.
Canvas supports training a range of model types. After training a custom model, you can evaluate the model's performance and accuracy. Once satisfied with a model, you can make predictions on new data, and you also have the option to share the custom model with data scientists for further analysis or to deploy it to a SageMaker AI hosted endpoint for real-time inference, all from within the Canvas application.
You can train a Canvas custom model on the following types of datasets:
+ Tabular (including numeric, categorical, timeseries, and text data)
+ Image
The following table shows the types of custom models that you can build in Canvas, along with their supported data types and data sources.
| Model type | Example use case | Supported data types | Supported data sources |
| --- | --- | --- | --- |
| Numeric prediction | Predicting house prices based on features like square footage | Numeric | Local upload, Amazon S3, SaaS connectors |
| 2 category prediction | Predicting whether or not a customer is likely to churn | Binary or categorical | Local upload, Amazon S3, SaaS connectors |
| 3\$1 category prediction | Predicting patient outcomes after being discharged from the hospital | Categorical | Local upload, Amazon S3, SaaS connectors |
| Time series forecasting | Predicting your inventory for the next quarter | Timeseries | Local upload, Amazon S3, SaaS connectors |
| Single-label image prediction | Predicting types of manufacturing defects in images | Image (JPG, PNG) | Local upload, Amazon S3 |
| Multi-category text prediction | Predicting categories of products, such as clothing, electronics, or household goods, based on product descriptions | Source column: text Target column: binary or categorical | Local upload, Amazon S3 |
**Get started**
To get started with building and generating predictions from a custom model, do the following:
+ Determine your use case and type of model that you want to build. For more information about the custom model types, see [How custom models work](canvas-build-model.md). For more information about the data types and sources supported for custom models, see [Data import](canvas-importing-data.md).
+ [Import your data](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-importing-data.html) into Canvas. You can build a custom model with any tabular or image dataset that meets the input requirements. For more information about the input requirements, see [Create a dataset](canvas-import-dataset.md).
To learn more about sample datasets provided by SageMaker AI with which you can experiment, see [Sample datasets in Canvas](canvas-sample-datasets.md).
+ [Build](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-build-model.html) your custom model. You can do a **Quick build** to get your model and start making predictions more quickly, or you can do a **Standard build** for greater accuracy.
For numeric, categorical, and time series forecasting model types, you can clean and prepare your data with the [Data Wrangler feature](canvas-data-prep.md). In Data Wrangler, you can create a data flow and use various data preparation techniques, such as applying advanced transforms or joining datasets. For image prediction models, you can [Edit an image dataset](canvas-edit-image.md) to update your labels or add and delete images. Note that you can't use these features for multi-category text prediction models.
+ [Evaluate your model's performance](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-evaluate-model.html) and determine how well it might perform on real-world data.
+ [Make single or batch predictions](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-make-predictions.html) with your model.
# How custom models work
Use Amazon SageMaker Canvas to build a custom model on the dataset that you've imported. Use the model that you've built to make predictions on new data. SageMaker Canvas uses the information in the dataset to build up to 250 models and choose the one that performs the best.
When you begin building a model, Canvas automatically recommends one or more *model types*. Model types fall into one of the following categories:
+ **Numeric prediction** – This is known as *regression* in machine learning. Use the numeric prediction model type when you want to make predictions for numeric data. For example, you might want to predict the price of houses based on features such as the house’s square footage.
+ **Categorical prediction** – This is known as *classification* in machine learning. When you want to categorize data into groups, use the categorical prediction model types:
+ **2 category prediction** – Use the 2 category prediction model type (also known as *binary classification* in machine learning) when you have two categories that you want to predict for your data. For example, you might want to determine whether a customer is likely to churn.
+ **3\$1 category prediction** – Use the 3\$1 category prediction model type (also known as *multi-class classification* in machine learning) when you have three or more categories that you want to predict for your data. For example, you might want to predict a customer's loan status based on features such as previous payments.
+ **Time series forecasting** – Use time series forecasts when you want to make predictions over a period of time. For example, you might want to predict the number of items you’ll sell in the next quarter. For information about time series forecasts, see [Time Series Forecasts in Amazon SageMaker Canvas](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-time-series.html).
+ **Image prediction** – Use the single-label image prediction model type (also known as *single-label image classification* in machine learning) when you want to assign labels to images. For example, you might want to classify different types of manufacturing defects in images of your product.
+ **Text prediction** – Use the multi-category text prediction model type (also known as *multi-class text classification* in machine learning) when you want to assign labels to passages of text. For example, you might have a dataset of customer reviews for a product, and you want to determine whether customers liked or disliked the product. You might have your model predict whether a given passage of text is `Positive`, `Negative`, or `Neutral`.
For a table of the supported input data types for each model type, see [Custom models](canvas-custom-models.md).
For each tabular data model that you build (which includes numeric, categorical, time series forecasting, and text prediction models), you choose the **Target column**. The **Target column** is the column that contains the information that you want to predict. For example, if you're building a model to predict whether people have cancelled their subscriptions, the **Target column** contains data points that are either a `yes` or a `no` about someone's cancellation status.
For image prediction models, you build the model with a dataset of images that have been assigned labels. For the unlabeled images that you provide, the model predicts a label. For example, if you’re building a model to predict whether an image is a cat or a dog, you provide images labeled as cats or dogs when building the model. Then, the model can accept unlabeled images and predict them as either cats or dogs.
**What happens when you build a model**
To build your model, you can choose either a **Quick build** or a **Standard build**. The **Quick build** has a shorter build time, but the **Standard build** generally has a higher accuracy.
For tabular and time series forecasting models, Canvas uses *downsampling* to reduce the size of datasets larger than 5 GB or 30 GB, respectively. Canvas downsamples with the stratified sampling method. The table below lists the size of the downsample by model type. To control the sampling process, you can use Data Wrangler in Canvas to sample using your preferred sampling technique. For time series data, you can resample to aggregate data points. For more information about sampling, see [Sampling](canvas-transform.md#canvas-transform-sampling). For more information about resampling time series data, see [Resample Time Series Data](canvas-transform.md#canvas-resample-time-series).
If you choose to do a **Quick build** on a dataset with more than 50,000 rows, then Canvas samples your data down to 50,000 rows for a shorter model training time.
The following table summarizes key characteristics of the model building process, including average build times for each model and build type, the size of the downsample when building models with large datasets, and the minimum and maximum number of data points you should have for each build type.
| Limit | Numeric and categorical prediction | Time series forecasting | Image prediction | Text prediction |
| --- | --- | --- | --- | --- |
| **Quick build** time | 2‐20 minutes | 2‐20 minutes | 15‐30 minutes | 15‐30 minutes |
| **Standard build** time | 2‐4 hours | 2‐4 hours | 2‐5 hours | 2‐5 hours |
| Downsample size (the reduced size of a large dataset after Canvas downsamples) | 5 GB | 30 GB | N/A | N/A |
| Minimum number of entries (rows) for **Quick builds** | 2 category: 500 rows 3\$1 category, numeric, time series: N/A | N/A | N/A | N/A |
| Minimum number of entries (rows, images, or documents) for **Standard builds** | 250 | 50 | 50 | N/A |
| Maximum number of entries (rows, images, or documents) for **Quick builds** | N/A | N/A | 5000 | 7500 |
| Maximum number of entries (rows, images, or documents) for **Standard builds** | N/A | 150,000 | 180,000 | N/A |
| Maximum number of columns | 1,000 | 1,000 | N/A | N/A |
Canvas predicts values by using the information in the rest of the dataset, depending on the model type:
+ For categorical prediction, Canvas puts each row into one of the categories listed in the **Target column**.
+ For numeric prediction, Canvas uses the information in the dataset to predict the numeric values in the **Target column**.
+ For time series forecasting, Canvas uses historical data to predict values for the **Target column** in the future.
+ For image prediction, Canvas uses images that have been assigned labels to predict labels for unlabeled images.
+ For text prediction, Canvas analyzes text data that has been assigned labels to predict labels for passages of unlabeled text.
**Additional features to help you build your model**
Before building your model, you can use Data Wrangler in Canvas to prepare your data using 300\$1 built-in transforms and operators. Data Wrangler supports transforms for both tabular and image datasets. Additionally, you can connect to data sources outside of Canvas, create jobs to apply transforms to your entire dataset, and export your fully prepared and cleaned data for use in ML workflows outside of Canvas. For more information, see [Data preparation](canvas-data-prep.md).
To see visualizations and analytics to explore your data and determine which features to include in your model, you can use Data Wrangler’s built-in analyses. You can also access a **Data Quality and Insights Report** that highlights potential issues with your dataset and provides recommendations for how to fix them. For more information, see [Perform exploratory data analysis (EDA)](canvas-analyses.md).
In addition to the more advanced data preparation and exploration functionality provided through Data Wrangler, Canvas provides some basic features that you can use:
+ To filter your data and access a set of basic data transforms, see [Prepare data for model building](canvas-prepare-data.md).
+ To access simple visualizations and analytics for feature exploration, see [Data exploration and analysis](canvas-explore-data.md).
+ To learn more about additional features such as previewing your model, validating your dataset, and changing the size of the random sample used to build your model, see [Preview your model](canvas-preview-model.md).
For tabular datasets with multiple columns (such as datasets for building categorical, numeric, or time series forecasting model types), you might have rows with missing data points. While Canvas builds the model, it automatically adds missing values. Canvas uses the values in your dataset to perform a mathematical approximation for the missing values. For the highest model accuracy, we recommend adding in the missing data if you can find it. Note that the missing data feature is not supported for text prediction or image prediction models.
**Get started**
To get started with building a custom model, see [Build a model](canvas-build-model-how-to.md) and follow the procedure for the type of model that you want to build.
# Preview your model
**Note**
The following functionality is only available for custom models built with tabular datasets. Multi-category text prediction models are also excluded.
SageMaker Canvas provides you with a tool to preview your model before you begin building. This gives you an estimated accuracy score and also gives you a preliminary idea of how each column might impact the model.
To preview the model score, when you're on the **Build** tab of your model, choose **Preview model**.
The model preview generates an **Estimated accuracy** prediction of how well the model might analyze your data. The accuracy of a **Quick build** or a **Standard build** represents how well the model can perform on real data and is generally higher than the **Estimated accuracy**.
The model preview also provides you with the **Column Impact** scores, which can indicate the importance of each column to the model's predictions.
The following screenshot shows a model preview in the Canvas application.
![\[Screenshot of the Build tab for a model in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-build/canvas-build-preview-model.png)
Amazon SageMaker Canvas automatically handles missing values in your dataset while it builds the model. It infers the missing values by using adjacent values that are present in the dataset.
If you're satisfied with your model preview and want to proceed with building a model, then see [Build a model](canvas-build-model-how-to.md).
# Data validation
Before you build your model, SageMaker Canvas checks your dataset for issues that might cause your build to fail. If SageMaker Canvas finds any issues, then it warns you on the **Build** page before you attempt to build a model.
You can choose **Validate data** to see a list of the issues with your dataset. You can then use the SageMaker Canvas [Data Wrangler data preparation features](canvas-data-prep.md), or your own tools, to fix your dataset before starting a build. If you don’t fix the issues with your dataset, then your build fails.
If you make changes to your dataset to fix the issues, you have the option to re-validate your dataset before attempting a build. We recommend that you re-validate your dataset before building.
The following table shows the issues that SageMaker Canvas checks for in your dataset and how to resolve them.
| Issue | Resolution |
| --- | --- |
| Wrong model type for your data | Try another model type or use a different dataset. |
| Missing values in your target column | Replace the missing values, drop rows with missing values, or use a different dataset. |
| Too many unique labels in your target column | Verify that you've used the correct column for your target column, or use a different dataset. |
| Too many non-numeric values in your target column | Choose a different target column, select another model type, or use a different dataset. |
| One or more column names contain double underscores | Rename the columns to remove any double underscores, and try again. |
| None of the rows in your dataset are complete | Replace the missing values, or use a different dataset. |
| Too many unique labels for the number of rows in your data | Check that you're using the right target column, increase the number of rows in your dataset, consolidate similar labels, or use a different dataset. |
# Random sample
SageMaker Canvas uses the random sampling method to sample your dataset. The random sample method means that each row has an equal chance of being picked for the sample. You can choose a column in the preview to get summary statistics for the random sample, such as the mean and the mode.
By default, SageMaker Canvas uses a random sample size of 20,000 rows from your dataset for datasets with more than 20,000 rows. For datasets smaller than 20,000 rows, the default sample size is the number of rows in your dataset. You can increase or decrease the sample size by choosing **Random sample** in the **Build** tab of the SageMaker Canvas application. You can use the slider to select your desired sample size, and then choose **Update** to change the sample size. The maximum sample size you can choose for a dataset is 40,000 rows, and the minimum sample size is 500 rows. If you choose a large sample size, the dataset preview and summary statistics might take a few moments to reload.
The **Build** page shows a preview of 100 rows from your dataset. If the sample size is the same size as your dataset, then the preview uses the first 100 rows of your dataset. Otherwise, the preview uses the first 100 rows of the random sample.
# Build a model
The following sections show you how to build a model for each of the main types of custom models.
+ To build numeric prediction, 2 category prediction, or 3\$1 category prediction models, see [Build a custom numeric or categorical prediction model](#canvas-build-model-numeric-categorical).
+ To build single-label image prediction models, see [Build a custom image prediction model](#canvas-build-model-image).
+ To build multi-category text prediction models, see [Build a custom text prediction model](#canvas-build-model-text).
+ To build time series forecasting models, see [Build a time series forecasting model](#canvas-build-model-forecasting).
**Note**
If you encounter an error during post-building analysis that tells you to increase your quota for `ml.m5.2xlarge` instances, see [Request a Quota Increase](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-requesting-quota-increases.html).
## Build a custom numeric or categorical prediction model
Numeric and categorical prediction models support both **Quick builds** and **Standard builds**.
To build a numeric or categorical prediction model, use the following procedure:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. Choose **New model**.
1. In the **Create new model** dialog box, do the following:
1. Enter a name in the **Model name** field.
1. Select the **Predictive analysis** problem type.
1. Choose **Create**.
1. For **Select dataset**, select your dataset from the list of datasets. If you haven’t already imported your data, choose **Import** to be directed through the import data workflow.
1. When you’re ready to begin building your model, choose **Select dataset**.
1. On the **Build** tab, for the **Target column** dropdown list, select the target for your model that you would like to predict.
1. For **Model type**, Canvas automatically detects the problem type for you. If you want to change the type or configure advanced model settings, choose **Configure model**.
When the **Configure model** dialog box opens, do the following:
1. For **Model type**, choose the model type that you want to build.
1. After you choose the model type, there are additional **Advanced settings**. For more information about each of the advanced settings, see [Advanced model building configurations](canvas-advanced-settings.md). To configure the advanced settings, do the following:
1. (Optional) For the **Objective metric** dropdown menu, select the metric that you want Canvas to optimize while building your model. If you don’t select a metric, Canvas chooses one for you by default. For descriptions of the available metrics, see [Metrics reference](canvas-metrics.md).
1. For **Training method**, choose **Auto**, **Ensemble**, or **Hyperparameter optimization (HPO) mode**.
1. For **Algorithms**, select the algorithms that you want to include for building model candidates.
1. For **Data split**, specify in percentages how you want to split your data between the **Training set** and the **Validation set**. The training set is used for building the model, while the validation set is used for testing accuracy of model candidates.
1. For **Max candidates and runtime**, do the following:
1. Set the **Max candidates** value, or the maximum number of model candidates that Canvas can generate. Note that **Max candidates** is only available in HPO mode.
1. Set the hour and minute values for **Max job runtime**, or the maximum amount of time that Canvas can spend building your model. After the maximum time, Canvas stops building and selects the best model candidate.
1. After configuring the advanced settings, choose **Save**.
1. Select or deselect columns in your data to include or drop them from your build.
**Note**
If you make batch predictions with your model after building, Canvas adds dropped columns to your prediction results. However, Canvas does not add the dropped columns to your batch predictions for time series models.
1. (Optional) Use the visualization and analytics tools that Canvas provides to visualize your data and determine which features you might want to include in your model. For more information, see [Explore and analyze your data](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-explore-data.html).
1. (Optional) Use data transformations to clean, transform, and prepare your data for model building. For more information, see [ Prepare your data with advanced transformations](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-prepare-data.html). You can view and remove your transforms by choosing **Model recipe** to open the **Model recipe** side panel.
1. (Optional) For additional features such as previewing the accuracy of your model, validating your dataset, and changing the size of the random sample that Canvas takes from your dataset, see [Preview your model](canvas-preview-model.md).
1. After reviewing your data and making any changes to your dataset, choose **Quick build** or **Standard build** to begin a build for your model. The following screenshot shows the **Build** page and the **Quick build** and **Standard build** options.
![\[The Build page for a 2 category model showing the Quick build and Standard build options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/build-page-tabular-quick-standard-options.png)
After your model begins building, you can leave the page. When the model shows as **Ready** on the **My models** page, it’s ready for analysis and predictions.
## Build a custom image prediction model
Single-label image prediction models support both **Quick builds** and **Standard builds**.
To build a single-label image prediction model, use the following procedure:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. Choose **New model**.
1. In the **Create new model** dialog box, do the following:
1. Enter a name in the **Model name** field.
1. Select the **Image analysis** problem type.
1. Choose **Create**.
1. For **Select dataset**, select your dataset from the list of datasets. If you haven’t already imported your data, choose **Import** to be directed through the import data workflow.
1. When you’re ready to begin building your model, choose **Select dataset**.
1. On the **Build** tab, you see the **Label distribution** for the images in your dataset. The **Model type** is set to **Single-label image prediction**.
1. On this page, you can preview your images and edit the dataset. If you have any unlabeled images, choose **Edit dataset** and [Assign labels to unlabeled images](canvas-edit-image.md#canvas-edit-image-assign). You can also perform other tasks when you [Edit an image dataset](canvas-edit-image.md), such as renaming labels and adding images to the dataset.
1. After reviewing your data and making any changes to your dataset, choose **Quick build** or **Standard build** to begin a build for your model. The following screenshot shows the **Build** page of an image prediction model that is ready to be built.
![\[The Build page for a single-label image prediction model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/build-page-image-model.png)
After your model begins building, you can leave the page. When the model shows as **Ready** on the **My models** page, it’s ready for analysis and predictions.
## Build a custom text prediction model
Multi-category text prediction models support both **Quick builds** and **Standard builds**.
To build a text prediction model, use the following procedure:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. Choose **New model**.
1. In the **Create new model** dialog box, do the following:
1. Enter a name in the **Model name** field.
1. Select the **Text analysis** problem type.
1. Choose **Create**.
1. For **Select dataset**, select your dataset from the list of datasets. If you haven’t already imported your data, choose **Import** to be directed through the import data workflow.
1. When you’re ready to begin building your model, choose **Select dataset**.
1. On the **Build** tab, for the **Target column** dropdown list, select the target for your model that you would like to predict. The target column must have a binary or categorical data type, and there must be at least 25 entries (or rows of data) for each unique label in the target column.
1. For **Model type**, confirm that the model type is automatically set to **Multi-category text prediction**.
1. For the training column, select your source column of text data. This should be the column containing the text that you want to analyze.
1. Choose **Quick build** or **Standard build** to begin building your model. The following screenshot shows the **Build** page of a text prediction model that is ready to be built.
![\[The Build page for a multi-category text prediction model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/build-page-text-model.png)
After your model begins building, you can leave the page. When the model shows as **Ready** on the **My models** page, it’s ready for analysis and predictions.
## Build a time series forecasting model
Time series forecasting models support both **Quick builds** and **Standard builds**.
To build a time series forecasting model, use the following procedure:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. Choose **New model**.
1. In the **Create new model** dialog box, do the following:
1. Enter a name in the **Model name** field.
1. Select the **Time series forecasting** problem type.
1. Choose **Create**.
1. For **Select dataset**, select your dataset from the list of datasets. If you haven’t already imported your data, choose **Import** to be directed through the import data workflow.
1. When you’re ready to begin building your model, choose **Select dataset**.
1. On the **Build** tab, for the **Target column** dropdown list, select the target for your model that you would like to predict.
1. In the **Model type** section, choose **Configure model**.
1. The **Configure model** box opens. For the **Time series configuration** section, fill out the following fields:
1. For **Item ID column**, choose a column in your dataset that uniquely identifies each row. The column should have a data type of `Text`.
1. (Optional) For **Group column**, choose one or more categorical columns (with a data type of `Text`) that you want to use for grouping your forecasting values.
1. For **Time stamp column**, select the column with timestamps (in datetime format). For more information about the accepted datetime formats, see [Time Series Forecasts in Amazon SageMaker Canvas](canvas-time-series.md).
1. For the **Forecast length** field, enter the period of time for which you want to forecast values. Canvas automatically detects the units of time in your data.
1. (Optional) Turn on the **Use holiday schedule** toggle to select a holiday schedule from various countries and make your forecasts with holiday data more accurate.
1. In the **Configure model** box, there are additional settings in the **Advanced** section. For more information about each of the advanced settings, see [Advanced model building configurations](canvas-advanced-settings.md). To configure the **Advanced** settings, do the following:
1. For the **Objective metric** dropdown menu, select the metric that you want Canvas to optimize while building your model. If you don’t select a metric, Canvas chooses one for you by default. For descriptions of the available metrics, see [Metrics reference](canvas-metrics.md).
1. If you’re running a standard build, you’ll see the **Algorithms** section. This section is for selecting the time series forecasting algorithms that you’d like to use for building your model. You can select a subset of the available algorithms, or you can select all of them if you aren’t sure which ones to try.
When you run your standard build, Canvas builds an ensemble model that combines all of the algorithms together to optimize prediction accuracy.
**Note**
If you’re running a quick build, Canvas uses a single tree-based learning algorithm to train your model, and you don’t have to select any algorithms.
1. For **Forecast quantiles**, enter up to 5 comma-separated quantile values to specify the upper and lower bounds of your forecast.
1. After configuring the **Advanced** settings, choose **Save**.
1. Select or deselect columns in your data to include or drop them from your build.
**Note**
If you make batch predictions with your model after building, Canvas adds dropped columns to your prediction results. However, Canvas does not add the dropped columns to your batch predictions for time series models.
1. (Optional) Use the visualization and analytics tools that Canvas provides to visualize your data and determine which features you might want to include in your model. For more information, see [Explore and analyze your data](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-explore-data.html).
1. (Optional) Use data transformations to clean, transform, and prepare your data for model building. For more information, see [ Prepare your data with advanced transformations](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-prepare-data.html). You can view and remove your transforms by choosing **Model recipe** to open the **Model recipe** side panel.
1. (Optional) For additional features such as previewing the accuracy of your model, validating your dataset, and changing the size of the random sample that Canvas takes from your dataset, see [Preview your model](canvas-preview-model.md).
1. After reviewing your data and making any changes to your dataset, choose **Quick build** or **Standard build** to begin a build for your model.
After your model begins building, you can leave the page. When the model shows as **Ready** on the **My models** page, it’s ready for analysis and predictions.
# Advanced model building configurations
Amazon SageMaker Canvas supports various advanced settings that you can configure when building a model. The following page lists all of the advanced settings along with additional information about their options and configurations.
**Note**
The following advanced settings are currently only supported for numeric, categorical, and time series forecasting model types.
## Advanced numeric and categorical prediction model settings
Canvas supports the following advanced settings for numeric and categorical prediction model types.
### Objective metric
The objective metric is the metric that you want Canvas to optimize while building your model. If you don’t select a metric, Canvas chooses one for you by default. For descriptions of the available metrics, see the [Metrics reference](canvas-metrics.md).
### Training method
Canvas can automatically select the training method based on the dataset size, or you can select it manually. The following training methods are available for you to choose from:
+ **Ensembling** – SageMaker AI leverages the AutoGluon library to train several base models. To find the best combination for your dataset, ensemble mode runs 5–10 trials with different model and meta parameter settings. Then, these models are combined using a stacking ensemble method to create an optimal predictive model. For a list of algorithms supported by ensemble mode for tabular data, see the following [Algorithms](#canvas-advanced-settings-predictive-algos) section.
+ **Hyperparameter optimization (HPO)** – SageMaker AI finds the best version of a model by tuning hyperparameters using Bayesian optimization or multi-fidelity optimization while running training jobs on your dataset. HPO mode selects the algorithms that are most relevant to your dataset and selects the best range of hyperparameters to tune your models. To tune your models, HPO mode runs up to 100 trials (default) to find the optimal hyperparameters settings within the selected range. If your dataset size is less than 100 MB, SageMaker AI uses Bayesian optimization. SageMaker AI chooses multi-fidelity optimization if your dataset is larger than 100 MB.
For a list of algorithms supported by HPO mode for tabular data, see the following [Algorithms](#canvas-advanced-settings-predictive-algos) section.
+ **Auto** – SageMaker AI automatically chooses either ensembling mode or HPO mode based on your dataset size. If your dataset is larger than 100 MB, SageMaker AI chooses HPO mode. Otherwise, it chooses ensembling mode.
### Algorithms
In **Ensembling** mode, Canvas supports the following machine learning algorithms:
+ [LightGBM](https://docs.aws.amazon.com/sagemaker/latest/dg/lightgbm.html) – An optimized framework that uses tree-based algorithms with gradient boosting. This algorithm uses trees that grow in breadth, rather than depth, and is highly optimized for speed.
+ [CatBoost](https://docs.aws.amazon.com/sagemaker/latest/dg/catboost.html) – A framework that uses tree-based algorithms with gradient boosting. Optimized for handling categorical variables.
+ [XGBoost](https://docs.aws.amazon.com/sagemaker/latest/dg/xgboost.html) – A framework that uses tree-based algorithms with gradient boosting that grows in depth, rather than breadth.
+ [Random Forest](https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.RandomForestClassifier.html) – A tree-based algorithm that uses several decision trees on random sub-samples of the data with replacement. The trees are split into optimal nodes at each level. The decisions of each tree are averaged together to prevent overfitting and improve predictions.
+ [Extra Trees](https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.ExtraTreesClassifier.html#sklearn.ensemble.ExtraTreesClassifier) – A tree-based algorithm that uses several decision trees on the entire dataset. The trees are split randomly at each level. The decisions of each tree are averaged to prevent overfitting and to improve predictions. Extra trees add a degree of randomization in comparison to the random forest algorithm.
+ [Linear Models](https://scikit-learn.org/stable/modules/classes.html#module-sklearn.linear_model) – A framework that uses a linear equation to model the relationship between two variables in observed data.
+ Neural network torch – A neural network model that's implemented using [Pytorch](https://pytorch.org/).
+ Neural network fast.ai – A neural network model that's implemented using [fast.ai](https://www.fast.ai/).
In **HPO mode**, Canvas supports the following machine learning algorithms:
+ [XGBoost](https://docs.aws.amazon.com/sagemaker/latest/dg/xgboost.html) – A supervised learning algorithm that attempts to accurately predict a target variable by combining an ensemble of estimates from a set of simpler and weaker models.
+ Deep learning algorithm – A multilayer perceptron (MLP) and feedforward artificial neural network. This algorithm can handle data that is not linearly separable.
### Data split
You have the option to specify how you want to split your dataset between the training set (the portion of your dataset used for building the model) and the validation set, (the portion of your dataset used for verifying the model’s accuracy). For example, a common split ratio is 80% training and 20% validation, where 80% of your data is used to build the model while 20% is saved for measuring model performance. If you don’t specify a custom ratio, then Canvas splits your dataset automatically.
### Max candidates
**Note**
This feature is only available in the HPO training mode.
You can specify the maximum number of model candidates that Canvas generates while building your model. We recommend that you use the default number of candidates, which is 100, to build the most accurate models. The maximum number you can specify is 250. Decreasing the number of model candidates may impact your model’s accuracy.
### Max job runtime
You can specify the maximum job runtime, or the maximum amount of time that Canvas spends building your model. After the time limit, Canvas stops building and selects the best model candidate.
The maximum time that you can specify is 720 hours. We highly recommend that you keep the maximum job runtime greater than 30 minutes to ensure that Canvas has enough time to generate model candidates and finish building your model.
## Advanced time series forecasting model settings
For time series forecasting models, Canvas supports the Objective metric, which is listed in the previous section.
Time series forecasting models also support the following advanced setting:
### Algorithm selection
When you build a time series forecasting model, Canvas uses an *ensemble* (or a combination) of statistical and machine learning algorithms to deliver highly accurate time series forecasts. By default, Canvas selects the optimal combination of all the available algorithms based on the time series in your dataset. However, you have the option to specify one or more algorithms to use for your forecasting model. In this case, Canvas determines the best blend using only your selected algorithms. If you're uncertain about which algorithm to select for training your model, we recommend that you choose all of the available algorithms.
**Note**
Algorithm selection is only supported for standard builds. If you don’t select any algorithms in the advanced settings, then by default SageMaker AI runs a quick build and trains model candidates using a single tree-based learning algorithm. For more information about the difference between quick builds and standard builds, see [How custom models work](canvas-build-model.md).
Canvas supports the following time series forecasting algorithms:
+ [ Autoregressive Integrated Moving Average (ARIMA)](https://en.wikipedia.org/wiki/Autoregressive_integrated_moving_average) – A simple stochastic time series model that uses statistical analysis to interpret the data and make future predictions. This algorithm is useful for simple datasets with fewer than 100 time series.
+ [ Convolutional Neural Network - Quantile Regression (CNN-QR)](https://docs.aws.amazon.com/forecast/latest/dg/aws-forecast-algo-cnnqr.html) – A proprietary, supervised learning algorithm that trains one global model from a large collection of time series and uses a quantile decoder to make predictions. CNN-QR works best with large datasets containing hundreds of time series.
+ [ DeepAR\$1](https://docs.aws.amazon.com/forecast/latest/dg/aws-forecast-recipe-deeparplus.html) – A proprietary, supervised learning algorithm for forecasting scalar time series using recurrent neural networks (RNNs) to train a single model jointly over all of the time series. DeepAR\$1 works best with large datasets containing hundreds of feature time series.
+ [ Non-Parametric Time Series (NPTS)](https://docs.aws.amazon.com/forecast/latest/dg/aws-forecast-recipe-npts.html) – A scalable, probabilistic baseline forecaster that predicts the future value distribution of a given time series by sampling from past observations. NPTS is useful when working with sparse or intermittent time series (for example, forecasting demand for individual items where the time series has many 0s or low counts).
+ [Exponential Smoothing (ETS)](https://en.wikipedia.org/wiki/Exponential_smoothing) – A forecasting method that produces forecasts which are weighted averages of past observations where the weights of older observations exponentially decrease. The algorithm is useful for simple datasets with fewer than 100 time series and datasets with seasonality patterns.
+ [Prophet](https://facebook.github.io/prophet/) – An additive regression model that works best with time series that have strong seasonal effects and several seasons of historical data. The algorithm is useful for datasets with non-linear growth trends that approach a limit.
### Forecast quantiles
For time series forecasting, SageMaker AI trains 6 model candidates with your target time series. Then, SageMaker AI combines these models using a stacking ensemble method to create an optimal forecasting model for a given objective metric. Each forecasting model generates a probabilistic forecast by producing forecasts at quantiles between P1 and P99. These quantiles are used to account for forecast uncertainty. By default, forecasts are generated for 0.1 (`p10`), 0.5 (`p50`), and 0.9 (`p90`). You can choose to specify up to five of your own quantiles from 0.01 (`p1`) to 0.99 (`p99`), by increments of 0.01 or higher.
# Edit an image dataset
In Amazon SageMaker Canvas, you can edit your image datasets and review your labels before building a model. You might want to perform tasks such as assigning labels to unlabeled images or adding more images to the dataset. These tasks can all be done in the Canvas application, providing you with one place to modify your dataset and build a model.
**Note**
Before building a model, you must assign labels to all images in your dataset. Also, you must have at least 25 images per label and a minimum of two labels. For more information about assigning labels, see the section on this page called **Assign labels to unlabeled images**. If you can’t determine a label for an image, you should delete it from your dataset. For more information about deleting images, see the section on this page [Add or delete images from the dataset](#canvas-edit-image-add-delete).
To begin editing your image dataset, you should be on the **Build** tab while building your single-label image prediction model.
A new page opens that shows the images in your dataset along with their labels. This page categorizes your image dataset into **Total images**, **Labeled images**, and **Unlabeled images**. You can also review the **Dataset preparation guide** for best practices on building a more accurate image prediction model.
The following screenshot shows the page for editing your image dataset.
![\[Screenshot of the image dataset management page in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/dataset-management-page.png)
From this page, you can do the following actions.
## View the properties for each image (label, size, dimensions)
To view an individual image, you can search for it by file name in the search bar. Then, choose the image to open the full view. You can view the image properties and reassign the image’s label. Choose **Save** when you’re doing viewing the image.
## Add, rename, or delete labels in the dataset
Canvas lists the labels for your dataset in the left navigation pane. You can add new labels to the dataset by entering a label in the **Add label** text field.
To rename or delete a label from your dataset, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) next to the label and select either **Rename** or **Delete**. If you rename the label, you can enter the new label name and choose **Confirm**. If you delete the label, the label is removed from all images in your dataset that have that label. Any images with that label are left unlabeled.
## Assign labels to unlabeled images
To view the unlabeled images in your dataset, choose **Unlabeled** in the left navigation pane. For each image, select it and open the label titled **Unlabeled** and select a label to assign to the image from the dropdown list. You can also select more than one image and perform this action, and all selected images are assigned the label you chose.
## Reassign labels to images
You can reassign labels to images by selecting the image (or multiple images at a time) and opening the dropdown titled with the current label. Select your desired label, and the image or images are updated with the new label.
## Sort your images by label
You can view all the images for a given label by choosing the label in the left navigation pane.
## Add or delete images from the dataset
You can add more images to your dataset by choosing **Add images** in the top navigation pane. You’ll be taken through the workflow to import more images. The images you import are added to your existing dataset.
You can delete images from your dataset by selecting them and then choosing **Delete** in the top navigation pane.
**Note**
After making any changes to your dataset, choose **Save dataset** to make sure that you don’t lose your changes.
# Data exploration and analysis
**Note**
You can only use SageMaker Canvas visualizations and analytics for models built on tabular datasets. Multi-category text prediction models are also excluded.
In Amazon SageMaker Canvas, you can explore the variables in your dataset using visualizations and analytics and create in-application visualizations and analytics. You can use these explorations to uncover relationships between your variables before building your model.
For more information about visualization techniques in Canvas, see [Explore your data using visualization techniques](canvas-explore-data-visualization.md).
For more information about analytics in Canvas, see [Explore your data using analytics](canvas-explore-data-analytics.md).
# Explore your data using visualization techniques
**Note**
You can only use SageMaker Canvas visualizations for models built on tabular datasets. Multi-category text prediction models are also excluded.
With Amazon SageMaker Canvas, you can explore and visualize your data to gain advanced insights into your data before building your ML models. You can visualize using scatter plots, bar charts, and box plots, which can help you understand your data and discover the relationships between features that could affect the model accuracy.
In the **Build** tab of the SageMaker Canvas application, choose **Data visualizer** to begin creating your visualizations.
You can change the visualization sample size to adjust the size of the random sample taken from your dataset. A sample size that is too large might affect the performance of your data visualizations, so we recommend that you choose an appropriate sample size. To change the sample size, use the following procedure.
1. Choose **Visualization sample**.
1. Use the slider to select your desired sample size.
1. Choose **Update** to confirm the change to your sample size.
**Note**
Certain visualization techniques require columns of a specific data type. For example, you can only use numeric columns for the x and y-axes of scatter plots.
## Scatter plot
To create a scatter plot with your dataset, choose **Scatter plot** in the **Visualization** panel. Choose the features you want to plot on the x and y-axes from the **Columns** section. You can drag and drop the columns onto the axes or, once an axis has been dropped, you can choose a column from the list of supported columns.
You can use **Color by** to color the data points on the plot with a third feature. You can also use **Group by** to group the data into separate plots based on a fourth feature.
The following image shows a scatter plot that uses **Color by** and **Group by**. In this example, each data point is colored by the `MaritalStatus` feature, and grouping by the `Department` feature results in a scatter plot for the data points of each department.
![\[Screenshot of a scatter plot in the Data visualizer view of the Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-eda-scatter-plot.png)
## Bar chart
To create a bar chart with your dataset, choose **Bar chart** in the **Visualization** panel. Choose the features you want to plot on the x and y-axes from the **Columns** section. You can drag and drop the columns onto the axes or, once an axis has been dropped, you can choose a column from the list of supported columns.
You can use **Group by** to group the bar chart by a third feature. You can use **Stack by** to vertically shade each bar based on the unique values of a fourth feature.
The following image shows a bar chart that uses **Group by** and **Stack by**. In this example, the bar chart is grouped by the `MaritalStatus` feature and stacked by the `JobLevel` feature. For each `JobRole` on the x axis, there is a separate bar for the unique categories in the `MaritalStatus` feature, and every bar is vertically stacked by the `JobLevel` feature.
![\[Screenshot of a bar chart in the Data visualizer view of the Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-eda-bar-chart.png)
## Box plot
To create a box plot with your dataset, choose **Box plot** in the **Visualization** panel. Choose the features you want to plot on the x and y-axes from the **Columns** section. You can drag and drop the columns onto the axes or, once an axis has been dropped, you can choose a column from the list of supported columns.
You can use **Group by** to group the box plots by a third feature.
The following image shows a box plot that uses **Group by**. In this example, the x and y-axes show `JobLevel` and `JobSatisfaction`, respectively, and the colored box plots are grouped by the `Department` feature.
![\[Screenshot of a box plot in the Data visualizer view of the Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-eda-box-plot.png)
# Explore your data using analytics
**Note**
You can only use SageMaker Canvas analytics for models built on tabular datasets. Multi-category text prediction models are also excluded.
With analytics in Amazon SageMaker Canvas, you can explore your dataset and gain insight on all of your variables before building a model. You can determine the relationships between features in your dataset using correlation matrices. You can use this technique to summarize your dataset into a matrix that shows the correlations between two or more values. This helps you identify and visualize patterns in a given dataset for advanced data analysis.
The matrix shows the correlation between each feature as positive, negative, or neutral. You might want to include features that have a high correlation with each other when building your model. Features that have little to no correlation might be irrelevant to your model, and you can drop those features when building your model.
To get started with correlation matrices in SageMaker Canvas, see the following section.
## Create a correlation matrix
You can create a correlation matrix when you are preparing to build a model in the **Build** tab of the SageMaker Canvas application.
For instructions on how to begin creating a model, see [Build a model](canvas-build-model-how-to.md).
After you’ve started preparing a model in the SageMaker Canvas application, do the following:
1. In the **Build** tab, choose **Data visualizer**.
1. Choose **Analytics**.
1. Choose **Correlation matrix**.
You should see a visualization similar to the following screenshot, which shows up to 15 columns of the dataset organized into a correlation matrix.
![\[Screenshot of a correlation matrix in the Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-correlation-matrix-2.png)
After you’ve created the correlation matrix, you can customize it by doing the following:
### 1. Choose your columns
For **Columns**, you can select the columns that you want to include in the matrix. You can compare up to 15 columns from your dataset.
**Note**
You can use numeric, categorical, or binary column types for a correlation matrix. The correlation matrix doesn’t support datetime or text data column types.
To add or remove columns from the correlation matrix, select and deselect columns from the **Columns** panel. You can also drag and drop columns from the panel directly onto the matrix. If your dataset has a lot of columns, you can search for the columns you want in the **Search columns** bar.
To filter the columns by data type, choose the dropdown list and select **All**, **Numeric**, or **Categorical**. Selecting **All** shows you all of the columns from your dataset, whereas the **Numeric** and **Categorical** filters only show you the numeric or categorical columns in your dataset. Note that binary column types are included in the numeric or categorical filters.
For the best data insights, include your target column in the correlation matrix. When you include your target column in the correlation matrix, it appears as the last feature on the matrix with a target symbol.
### 2. Choose your correlation type
SageMaker Canvas supports different *correlation types*, or methods for calculating the correlation between your columns.
To change the correlation type, use the **Columns** filter mentioned in the preceding section to filter for your desired column type and columns. You should see the **Correlation type** in the side panel. For numeric comparisons, you have the option to select either **Pearson** or **Spearman**. For categorical comparisons, the correlation type is set as **MI**. For categorical and mixed comparisons, the correlation type is set as **Spearman & MI**.
For matrices that only compare numeric columns, the correlation type is either Pearson or Spearman. The Pearson measure evaluates the linear relationship between two continuous variables. The Spearman measure evaluates the monotonic relationship between two variables. For both Pearson and Spearman, the scale of correlation ranges from -1 to 1, with either end of the scale indicating a perfect correlation (a direct 1:1 relationship) and 0 indicating no correlation. You might want to select Pearson if your data has more linear relationships (as revealed by a [scatter plot visualization](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-explore-data.html#canvas-explore-data-scatterplot)). If your data is not linear, or contains a mixture of linear and monotonic relationships, then you might want to select Spearman.
For matrices that only compare categorical columns, the correlation type is set to Mutual Information Classification (MI). The MI value is a measure of the mutual dependence between two random variables. The MI measure is on a scale of 0 to 1, with 0 indicating no correlation and 1 indicating a perfect correlation.
For matrices that compare a mix of numeric and categorical columns, the correlation type **Spearman & MI** is a combination of the Spearman and MI correlation types. For correlations between two numeric columns, the matrix shows the Spearman value. For correlations between a numeric and categorical column or two categorical columns, the matrix shows the MI value.
Lastly, remember that correlation does not necessarily indicate causation. A strong correlation value only indicates that there is a relationship between two variables, but the variables might not have a causal relationship. Carefully review your columns of interest to avoid bias when building your model.
### 3. Filter your correlations
In the side panel, you can use the **Filter correlations** feature to filter for the range of correlation values that you want to include in the matrix. For example, if you want to filter for features that only have positive or neutral correlation, you can set the **Min** to 0 and the **Max** to 1 (valid values are -1 to 1).
For Spearman and Pearson comparisons, you can set the **Filter correlations** range anywhere from -1 to 1, with 0 meaning that there is no correlation. -1 and 1 mean that the variables have a strong negative or positive correlation, respectively.
For MI comparisons, the correlation range only goes from 0 to 1, with 0 meaning that there is no correlation and 1 meaning that the variables have a strong correlation, either positive or negative.
Each feature has a perfect correlation (1) with itself. Therefore, you might notice that the top row of the correlation matrix is always 1. If you want to exclude these values, you can use the filter to set the **Max** less than 1.
Keep in mind that if your matrix compares a mix of numeric and categorical columns and uses the **Spearman & MI** correlation type, then the *categorical x numeric* and *categorical x categorical* correlations (which use the MI measure) are on a scale of 0 to 1, whereas the *numeric x numeric* correlations (which use the Spearman measure) are on a scale of -1 to 1. Review your correlations of interest carefully to ensure that you know the correlation type being used to calculate each value.
### 4. Choose the visualization method
In the side panel, you can use **Visualize by** to change the visualization method of the matrix. Choose the **Numeric** visualization method to show the correlation (Pearson, Spearman, or MI) value, or choose the **Size** visualization method to visualize the correlation with differently sized and colored dots. If you choose **Size**, you can hover over a specific dot on the matrix to see the actual correlation value.
### 5. Choose a color palette
In the side panel, you can use **Color selection** to change the color palette used for the scale of negative to positive correlation in the matrix. Select one of the alternative color palettes to change the colors used in the matrix.
# Prepare data for model building
**Note**
You can now do advanced data preparation in SageMaker Canvas with Data Wrangler, which provides you with a natural language interface and over 300 built-in transformations. For more information, see [Data preparation](canvas-data-prep.md).
Your machine learning dataset might require data preparation before you build your model. You might want to clean your data due to various issues, which might include missing values or outliers, and perform feature engineering to improve the accuracy of your model. Amazon SageMaker Canvas provides ML data transforms with which you can clean, transform, and prepare your data for model building. You can use these transforms on your datasets without any code. SageMaker Canvas adds the transforms you use to the **Model recipe**, which is a record of the data preparation done on your data before building the model. Any data transforms you use only modify the input data for model building and do not modify your original data source.
The preview of your dataset shows the first 100 rows of the dataset. If your dataset has more than 20,000 rows, Canvas takes a random sample of 20,000 rows and previews the first 100 rows from that sample. You can only search for and specify values from the previewed rows, and the filter functionality only filters the previewed rows and not the entire dataset.
The following transforms are available in SageMaker Canvas for you to prepare your data for building.
**Note**
You can only use advanced transformations for models built on tabular datasets. Multi-category text prediction models are also excluded.
## Drop columns
You can exclude a column from your model build by dropping it in the **Build** tab of the SageMaker Canvas application. Deselect the column you want to drop, and it isn't included when building the model.
**Note**
If you drop columns and then make [batch predictions](canvas-make-predictions.md) with your model, SageMaker Canvas adds the dropped columns back to the ouput dataset available for you to download. However, SageMaker Canvas does not add the dropped columns back for time series models.
## Filter rows
The filter functionality filters the previewed rows (the first 100 rows of your dataset) according to conditions that you specify. Filtering rows creates a temporary preview of the data and does not impact the model building. You can filter to preview rows that have missing values, contain outliers, or meet custom conditions in a column you choose.
### Filter rows by missing values
Missing values are a common occurrence in machine learning datasets. If you have rows with null or empty values in certain columns, you might want to filter for and preview those rows.
To filter missing values from your previewed data, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Filter by rows ** (![\[Filter icon in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/filter-icon.png)).
1. Choose the **Column** you want to check for missing values.
1. For the **Operation**, choose **Is missing**.
SageMaker Canvas filters for rows that contain missing values in the **Column** you selected and provides a preview of the filtered rows.
![\[Screenshot of the filter by missing values operation in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-filter-missing.png)
### Filter rows by outliers
Outliers, or rare values in the distribution and range of your data, can negatively impact model accuracy and lead to longer building times. SageMaker Canvas enables you to detect and filter rows that contain outliers in numeric columns. You can choose to define outliers with either standard deviations or a custom range.
To filter for outliers in your data, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Filter by rows ** (![\[Filter icon in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/filter-icon.png)).
1. Choose the **Column** you want to check for outliers.
1. For the **Operation**, choose **Is outlier**.
1. Set the **Outlier range** to either **Standard deviation** or **Custom range**.
1. If you choose **Standard deviation**, specify a **SD** (standard deviation) value from 1–3. If you choose **Custom range**, select either **Percentile** or **Number**, and then specify the **Min** and **Max** values.
The **Standard deviation** option detects and filters for outliers in numeric columns using the mean and standard deviation. You specify the number of standard deviations a value must vary from the mean to be considered an outlier. For example, if you specify `3` for **SD**, a value must fall more than 3 standard deviations from the mean to be considered an outlier.
The **Custom range** option detects and filters for outliers in numeric columns using minimum and maximum values. Use this method if you know your threshold values that delimit outliers. You can set the **Type** of the range to either **Percentile** or **Number**. If you choose **Percentile**, the **Min** and **Max** values should be the minimum and maximum of the percentile range (0-100) that you want to allow. If you choose **Number**, the **Min** and **Max** values should be the minimum and maximum numeric values that you want to filter in the data.
![\[Screenshot of the filter by outliers operation in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-filter-outlier.png)
### Filter rows by custom values
You can filter for rows with values that meet custom conditions. For example, you might want to preview rows that have a price value greater than 100 before removing them. With this functionality, you can filter rows that exceed the threshold you set and preview the filtered data.
To use the custom filter functionality, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Filter by rows** (![\[Filter icon in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/filter-icon.png)).
1. Choose the **Column** you want to check.
1. Select the type of **Operation** you want to use, and then specify the values for the selected condition.
For the **Operation**, you can choose one of the following options. Note that the available operations depend on the data type of the column you choose. For example, you cannot create a `is greater than` operation for a column containing text values.
| Operation | Supported data type | Supported feature type | Function |
| --- | --- | --- | --- |
| Is equal to | Numeric, Text | Binary, Categorical | Filters rows where the value in **Column** equals the values you specify. |
| Is not equal to | Numeric, Text | Binary, Categorical | Filters rows where the value in **Column** doesn't equal the values you specify. |
| Is less than | Numeric | N/A | Filters rows where the value in **Column** is less than the value you specify. |
| Is less than or equal to | Numeric | N/A | Filters rows where the value in **Column** is less than or equal to the value you specify. |
| Is greater than | Numeric | N/A | Filters rows where the value in **Column** is greater than the value you specify. |
| Is greater than or equal to | Numeric | N/A | Filters rows where the value in **Column** is greater than or equal to the value you specify. |
| Is between | Numeric | N/A | Filters rows where the value in **Column** is between or equal to two values you specify. |
| Contains | Text | Categorical | Filters rows where the value in **Column** contains a values you specify. |
| Starts with | Text | Categorical | Filters rows where the value in **Column** begins with a value you specify. |
| Ends with | Categorical | Categorical | Filters rows where the value in **Column** ends with a value you specify. |
After you set the filter operation, SageMaker Canvas updates the preview of the dataset to show you the filtered data.
![\[Screenshot of the filter by custom values operation in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-filter-custom.png)
## Functions and operators
You can use mathematical functions and operators to explore and distribute your data. You can use the SageMaker Canvas supported functions or create your own formula with your existing data and create a new column with the result of the formula. For example, you can add the corresponding values of two columns and save the result to a new column.
You can nest statements to create more complex functions. The following are some examples of nested functions that you might use.
+ To calculate BMI, you could use the function `weight / (height ^ 2)`.
+ To classify ages, you could use the function `Case(age < 18, 'child', age < 65, 'adult', 'senior')`.
You can specify functions in the data preparation stage before you build your model. To use a function, do the following.
+ In the **Build** tab of the SageMaker Canvas application, choose **View all** and then choose **Custom formula** to open the **Custom formula** panel.
+ In the **Custom formula** panel, you can choose a **Formula** to add to your **Model Recipe**. Each formula is applied to all of the values in the columns you specify. For formulas that accept two or more columns as arguments, use columns with matching data types; otherwise, you get an error or `null` values in the new column.
+ After you’ve specified a **Formula**, add a column name in the **New Column Name** field. SageMaker Canvas uses this name for the new column that is created.
+ (Optional) Choose **Preview** to preview your transform.
+ To add the function to your **Model Recipe**, choose **Add**.
SageMaker Canvas saves the result of your function to a new column using the name you specified in **New Column Name**. You can view or remove functions from the **Model Recipe** panel.
SageMaker Canvas supports the following operators for functions. You can use either the text format or the in-line format to specify your function.
| Operator | Description | Supported data types | Text format | In-line format |
| --- | --- | --- | --- | --- |
| Add | Returns the sum of the values | Numeric | Add(sales1, sales2) | sales1 \$1 sales2 |
| Subtract | Returns the difference between the values | Numeric | Subtract(sales1, sales2) | sales1 ‐ sales2 |
| Multiply | Returns the product of the values | Numeric | Multiply(sales1, sales2) | sales1 \$1 sales2 |
| Divide | Returns the quotient of the values | Numeric | Divide(sales1, sales2) | sales1 / sales2 |
| Mod | Returns the result of the modulo operator (the remainder after dividing the two values) | Numeric | Mod(sales1, sales2) | sales1 % sales2 |
| Abs | Returns the absolute value of the value | Numeric | Abs(sales1) | N/A |
| Negate | Returns the negative of the value | Numeric | Negate(c1) | ‐c1 |
| Exp | Returns e (Euler's number) raised to the power of the value | Numeric | Exp(sales1) | N/A |
| Log | Returns the logarithm (base 10) of the value | Numeric | Log(sales1) | N/A |
| Ln | Returns the natural logarithm (base e) of the value | Numeric | Ln(sales1) | N/A |
| Pow | Returns the value raised to a power | Numeric | Pow(sales1, 2) | sales1 ^ 2 |
| If | Returns a true or false label based on a condition you specify | Boolean, Numeric, Text | If(sales1>7000, 'truelabel, 'falselabel') | N/A |
| Or | Returns a Boolean value of whether one of the specified values or conditions is true or not | Boolean | Or(fullprice, discount) | fullprice \$1\$1 discount |
| And | Returns a Boolean value of whether two of the specified values or conditions are true or not | Boolean | And(sales1,sales2) | sales1 && sales2 |
| Not | Returns a Boolean value that is the opposite of the specified value or conditions | Boolean | Not(sales1) | \$1sales1 |
| Case | Returns a Boolean value based on conditional statements (returns c1 if cond1 is true, returns c2 if cond2 is true, else returns c3) | Boolean, Numeric, Text | Case(cond1, c1, cond2, c2, c3) | N/A |
| Equal | Returns a Boolean value of whether two values are equal | Boolean, Numeric, Text | N/A | c1 = c2c1 == c2 |
| Not equal | Returns a Boolean value of whether two values are not equal | Boolean, Numeric, Text | N/A | c1 \$1= c2 |
| Less than | Returns a Boolean value of whether c1 is less than c2 | Boolean, Numeric, Text | N/A | c1 < c2 |
| Greater than | Returns a Boolean value of whether c1 is greater than c2 | Boolean, Numeric, Text | N/A | c1 > c2 |
| Less than or equal | Returns a Boolean value of whether c1 is less than or equal to c2 | Boolean, Numeric, Text | N/A | c1 <= c2 |
| Greater than or equal | Returns a Boolean value of whether c1 is greater than or equal to c2 | Boolean, Numeric, Text | N/A | c1 >= c2 |
SageMaker Canvas also supports aggregate operators, which can perform operations such as calculating the sum of all the values or finding the minimum value in a column. You can use aggregate operators in combination with standard operators in your functions. For example, to calculate the difference of values from the mean, you could use the function `Abs(height – avg(height))`. SageMaker Canvas supports the following aggregate operators.
| Aggregate operator | Description | Format | Example |
| --- | --- | --- | --- |
| sum | Returns the sum of all the values in a column | sum | sum(c1) |
| minimum | Returns the minimum value of a column | min | min(c2) |
| maximum | Returns the maximum value of a column | max | max(c3) |
| average | Returns the average value of a column | avg | avg(c4) |
| std | Returns the sample standard deviation of a column | std | std(c1) |
| stddev | Returns the standard deviation of the values in a column | stddev | stddev(c1) |
| variance | Returns the unbiased variance of the values in a column | variance | variance(c1) |
| approx\$1count\$1distinct | Returns the approximate number of distinct items in a column | approx\$1count\$1distinct | approx\$1count\$1distinct(c1) |
| count | Returns the number of items in a column | count | count(c1) |
| first | Returns the first value of a column | first | first(c1) |
| last | Returns the last value of a column | last | last(c1) |
| stddev\$1pop | Returns the population standard deviation of a column | stddev\$1pop | stddev\$1pop(c1) |
| variance\$1pop | Returns the population variance of the values in a column | variance\$1pop | variance\$1pop(c1) |
## Manage rows
With the Manage rows transform, you can perform sort, random shuffle, and remove rows of data from the dataset.
### Sort rows
To sort the rows in a dataset by a given column, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Manage rows** and then choose **Sort rows**.
1. For **Sort Column**, choose the column you want to sort by.
1. For **Sort Order**, choose either **Ascending** or **Descending**.
1. Choose **Add** to add the transform to the **Model recipe**.
### Shuffle rows
To randomly shuffle the rows in a dataset, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Manage rows** and then choose **Shuffle rows**.
1. Choose **Add** to add the transform to the **Model recipe**.
### Drop duplicate rows
To remove duplicate rows in a dataset, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Manage rows** and then choose **Drop duplicate rows**.
1. Choose **Add** to add the transform to the **Model recipe**.
### Remove rows by missing values
Missing values are a common occurrence in machine learning datasets and can impact model accuracy. Use this transform if you want to drop rows with null or empty values in certain columns.
To remove rows that contain missing values in a specified column, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Manage rows**.
1. Choose **Drop rows by missing values**.
1. Choose **Add** to add the transform to the **Model recipe**.
SageMaker Canvas drops rows that contain missing values in the **Column** you selected. After removing the rows from the dataset, SageMaker Canvas adds the transform in the **Model recipe** section. If you remove the transform from the **Model recipe** section, the rows return to your dataset.
![\[Screenshot of the remove rows by missing values operation in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-remove-missing.png)
### Remove rows by outliers
Outliers, or rare values in the distribution and range of your data, can negatively impact model accuracy and lead to longer building times. With SageMaker Canvas, you can detect and remove rows that contain outliers in numeric columns. You can choose to define outliers with either standard deviations or a custom range.
To remove outliers from your data, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Manage rows**.
1. Choose **Drop rows by outlier values**.
1. Choose the **Column** you want to check for outliers.
1. Set the **Operator** to **Standard deviation**, **Custom numeric range**, or **Custom quantile range**.
1. If you choose **Standard deviation**, specify a **Standard deviations** (standard deviation) value from 1–3. If you choose **Custom numeric range** or **Custom quantile range**, specify the **Min** and **Max** values (numbers for numeric ranges, or percentiles between 0–100% for quantile ranges).
1. Choose **Add** to add the transform to the **Model recipe**.
The **Standard deviation** option detects and removes outliers in numeric columns using the mean and standard deviation. You specify the number of standard deviations a value must vary from the mean to be considered an outlier. For example, if you specify `3` for **Standard deviations**, a value must fall more than 3 standard deviations from the mean to be considered an outlier.
The **Custom numeric range** and **Custom quantile range** options detect and remove outliers in numeric columns using minimum and maximum values. Use this method if you know your threshold values that delimit outliers. If you choose a numeric range, the **Min** and **Max** values should be the minimum and maximum numeric values that you want to allow in the data. If you choose a quantile range, the **Min** and **Max** values should be the minimum and maximum of the percentile range (0–100) that you want to allow.
After removing the rows from the dataset, SageMaker Canvas adds the transform in the **Model recipe** section. If you remove the transform from the **Model recipe** section, the rows return to your dataset.
![\[Screenshot of the remove rows by outliers operation in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-remove-outlier.png)
### Remove rows by custom values
You can remove rows with values that meet custom conditions. For example, you might want to exclude all of the rows with a price value greater than 100 when building your model. With this transform, you can create a rule that removes all rows that exceed the threshold you set.
To use the custom remove transform, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Manage rows**.
1. Choose **Drop rows by formula**.
1. Choose the **Column** you want to check.
1. Select the type of **Operation** you want to use, and then specify the values for the selected condition.
1. Choose **Add** to add the transform to the **Model recipe**.
For the **Operation**, you can choose one of the following options. Note that the available operations depend on the data type of the column you choose. For example, you cannot create a `is greater than` operation for a column containing text values.
| Operation | Supported data type | Supported feature type | Function |
| --- | --- | --- | --- |
| Is equal to | Numeric, Text | Binary, Categorical | Removes rows where the value in **Column** equals the values you specify. |
| Is not equal to | Numeric, Text | Binary, Categorical | Removes rows where the value in **Column** doesn't equal the values you specify. |
| Is less than | Numeric | N/A | Removes rows where the value in **Column** is less than the value you specify. |
| Is less than or equal to | Numeric | N/A | Removes rows where the value in **Column** is less than or equal to the value you specify. |
| Is greater than | Numeric | N/A | Removes rows where the value in **Column** is greater than the value you specify. |
| Is greater than or equal to | Numeric | N/A | Removes rows where the value in **Column** is greater than or equal to the value you specify. |
| Is between | Numeric | N/A | Removes rows where the value in **Column** is between or equal to two values you specify. |
| Contains | Text | Categorical | Removes rows where the value in **Column** contains a values you specify. |
| Starts with | Text | Categorical | Removes rows where the value in **Column** begins with a value you specify. |
| Ends with | Text | Categorical | Removes rows where the value in **Column** ends with a value you specify. |
After removing the rows from the dataset, SageMaker Canvas adds the transform in the **Model recipe** section. If you remove the transform from the **Model recipe** section, the rows return to your dataset.
![\[Screenshot of the remove rows by custom values operation in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-remove-custom.png)
## Rename columns
With the rename columns transform, you can rename columns in your data. When you rename a column, SageMaker Canvas changes the column name in the model input.
You can rename a column in your dataset by double-clicking on the column name in the **Build** tab of the SageMaker Canvas application and entering a new name. Pressing the **Enter** key submits the change, and clicking anywhere outside the input cancels the change. You can also rename a column by clicking the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), located at the end of the row in list view or at the end of the header cell in grid view, and choosing **Rename**.
Your column name can’t be longer than 32 characters or have double underscores (\$1\$1), and you can’t rename a column to the same name as another column. You also can’t rename a dropped column.
The following screenshot shows how to rename a column by double-clicking the column name.
![\[Screenshot of renaming a column with the double-click method in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-rename-column.png)
When you rename a column, SageMaker Canvas adds the transform in the **Model recipe** section. If you remove the transform from the **Model recipe** section, the column reverts to its original name.
## Manage columns
With the following transforms, you can change the data type of columns and replace missing values or outliers for specific columns. SageMaker Canvas uses the updated data types or values when building your model but doesn’t change your original dataset. Note that if you've dropped a column from your dataset using the [Drop columns](#canvas-prepare-data-drop) transform, you can't replace values in that column.
### Replace missing values
Missing values are a common occurrence in machine learning datasets and can impact model accuracy. You can choose to drop rows that have missing values, but your model is more accurate if you choose to replace the missing values instead. With this transform, you can replace missing values in numeric columns with the mean or median of the data in a column, or you can also specify a custom value with which to replace missing values. For non-numeric columns, you can replace missing values with the mode (most common value) of the column or a custom value.
Use this transform if you want to replace the null or empty values in certain columns. To replace missing values in a specified column, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Manage columns**.
1. Choose **Replace missing values**.
1. Choose the **Column** in which you want to replace missing values.
1. Set **Mode** to **Manual** to replace missing values with values that you specify. With the **Automatic (default)** setting, SageMaker Canvas replaces missing values with imputed values that best fit your data. This imputation method is done automatically for each model build, unless you specify the **Manual** mode.
1. Set the **Replace with** value:
+ If your column is numeric, then select **Mean**, **Median**, or **Custom**. **Mean** replaces missing values with the mean for the column, and **Median** replaces missing values with the median for the column. If you choose **Custom**, then you must specify a custom value that you want to use to replace missing values.
+ If your column is non-numeric, then select **Mode** or **Custom**. **Mode** replaces missing values with the mode, or the most common value, for the column. For **Custom**, specify a custom value. that you want to use to replace missing values.
1. Choose **Add** to add the transform to the **Model recipe**.
After replacing the missing values in the dataset, SageMaker Canvas adds the transform in the **Model recipe** section. If you remove the transform from the **Model recipe** section, the missing values return to the dataset.
![\[Screenshot of the replace missing values operation in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-replace-missing.png)
### Replace outliers
Outliers, or rare values in the distribution and range of your data, can negatively impact model accuracy and lead to longer building times. SageMaker Canvas enables you to detect outliers in numeric columns and replace the outliers with values that lie within an accepted range in your data. You can choose to define outliers with either standard deviations or a custom range, and you can replace outliers with the minimum and maximum values in the accepted range.
To replace outliers in your data, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Manage columns**.
1. Choose **Replace outlier values**.
1. Choose the **Column** in which you want to replace outliers.
1. For **Define outliers**, choose **Standard deviation**, **Custom numeric range**, or **Custom quantile range**.
1. If you choose **Standard deviation**, specify a **Standard deviations** (standard deviation) value from 1–3. If you choose **Custom numeric range** or **Custom quantile range**, specify the **Min** and **Max** values (numbers for numeric ranges, or percentiles between 0–100% for quantile ranges).
1. For **Replace with**, select **Min/max range**.
1. Choose **Add** to add the transform to the **Model recipe**.
The **Standard deviation** option detects outliers in numeric columns using the mean and standard deviation. You specify the number of standard deviations a value must vary from the mean to be considered an outlier. For example, if you specify 3 for **Standard deviations**, a value must fall more than 3 standard deviations from the mean to be considered an outlier. SageMaker Canvas replaces outliers with the minimum value or maximum value in the accepted range. For example, if you configure the standard deviations to only include values from 200–300, then SageMaker Canvas changes a value of 198 to 200 (the minimum).
The **Custom numeric range** and **Custom quantile range** options detect outliers in numeric columns using minimum and maximum values. Use this method if you know your threshold values that delimit outliers. If you choose a numeric range, the **Min** and **Max** values should be the minimum and maximum numeric values that you want to allow. SageMaker Canvas replaces any values that fall outside of the minimum and maximum to the minimum and maximum values. For example, if your range only allows values from 1–100, then SageMaker Canvas changes a value of 102 to 100 (the maximum). If you choose a quantile range, the **Min** and **Max** values should be the minimum and maximum of the percentile range (0–100) that you want to allow.
After replacing the values in the dataset, SageMaker Canvas adds the transform in the **Model recipe** section. If you remove the transform from the **Model recipe** section, the original values return to the dataset.
![\[Screenshot of the replace outliers operation in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-replace-outlier.png)
### Change data type
SageMaker Canvas provides you with the ability to change the *data type* of your columns between numeric, text, and datetime, while also displaying the associated *feature type* for that data type. A *data type* refers to the format of the data and how it is stored, while the *feature type* refers to the characteristic of the data used in machine learning algorithms, such as binary or categorical. This gives you the flexibility to manually change the type of data in your columns based on the features. The ability to choose the right data type ensures data integrity and accuracy prior to building models. These data types are used when building models.
**Note**
Currently, changing the feature type (for example, from binary to categorical) is not supported.
The following table lists all of the supported data types in Canvas.
| Data type | Description | Example |
| --- | --- | --- |
| Numeric | Numeric data represents numerical values | 1, 2, 31.1, 1.2. 1.3 |
| Text | Text data represents sequences of characters, like names or descriptions | A, B, C, Dapple, banana, orange1A\$1, 2A\$1, 3A\$1 |
| Datetime | Datetime data represents dates and times in timestamp format | 2019-07-01 01:00:00, 2019-07-01 02:00:00, 2019-07-01 03:00:00 |
The following table lists all of the supported feature types in Canvas.
| Feature type | Description | Example |
| --- | --- | --- |
| Binary | Binary features represent two possible values | 0, 1, 0, 1, 0 (2 distinct values)true, false, true (2 distinct values) |
| Categorical | Categorical features represent distinct categories or groups | apple, banana, orange, apple (3 distinct values)A, B, C, D, E, A, D, C (5 distinct values) |
To modify data type of a column in a dataset, do the following.
1. In the **Build** tab of the SageMaker Canvas application, go to the **Column view** or **Grid view** and select the **Data type** dropdown for the specific column.
1. In the **Data type** dropdown, choose the data type to convert to. The following screenshot shows the dropdown menu.
![\[The data type conversion dropdown menu for a column, shown in the Build tab.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-prepare-data-change.png)
1. For **Column**, choose or verify the column you want to change the data type for.
1. For **New data type**, choose or verify the new data type you want to convert to.
1. If the **New data type** is `Datetime` or `Numeric`, choose one of the following options under **Handle invalid values**:
1. **Replace with empty value** – Invalid values are substituted with an empty value
1. **Delete rows** – Rows with an invalid value are removed from the dataset
1. **Replace with custom value** – Invalid values are substituted with the **Custom Value** that you specify.
1. Choose **Add** to add the transform to the **Model recipe**.
The data type for your column should now be updated.
## Prepare time series data
Use the following functionalities to prepare your time series data for building time series forecasting models.
### Resample time series data
By resampling time-series data, you can establish regular intervals for the observations in your time series dataset. This is particularly useful when working with time series data containing irregularly spaced observations. For instance, you can use resampling to transform a dataset with observations recorded every one hour, two hour and three hour intervals into a regular one hour interval between observations. Forecasting algorithms require the observations to be taken at regular intervals.
To resample time series data, do the following.
1. In the **Build** tab of the SageMaker Canvas application, choose **Time series**.
1. Choose **Resample**.
1. For **Timestamp column**, choose the column you want to apply the transform to. You can only select columns of the **Datetime** type.
1. In the **Frequency settings** section, choose a **Frequency** and **Rate**. **Frequency** is the unit of frequency and **Rate** is the interval of the unit of frequency to be applied to the column. For example, choosing `Calendar Day` for **Frequency value** and `1` for **Rate** sets the interval to increase every 1 calendar day, such as `2023-03-26 00:00:00`, `2023-03-27 00:00:00`, `2023-03-28 00:00:00`. See the table after this procedure for a complete list of **Frequency value**.
1. Choose **Add** to add the transform to the **Model recipe**.
The following table lists all of the **Frequency** types you can select when resampling time series data.
| Frequency | Description | Example values (assuming Rate is 1) |
| --- | --- | --- |
| Business Day | Resample observations in the datetime column to 5 business days of the week (Monday, Tuesday, Wednesday, Thursday, Friday) | 2023-03-24 00:00:00 2023-03-27 00:00:00 2023-03-28 00:00:00 2023-03-29 00:00:00 2023-03-30 00:00:00 2023-03-31 00:00:00 2023-04-03 00:00:00 |
| Calendar Day | Resample observations in the datetime column to all 7 days of the week (Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday) | 2023-03-26 00:00:00 2023-03-27 00:00:00 2023-03-28 00:00:00 2023-03-29 00:00:00 2023-03-30 00:00:00 2023-03-31 00:00:00 2023-04-01 00:00:00 |
| Week | Resample observations in the datetime column to the first day of each week | 2023-03-13 00:00:00 2023-03-20 00:00:00 2023-03-27 00:00:00 2023-04-03 00:00:00 |
| Month | Resample observations in the datetime column to the first day of each month | 2023-03-01 00:00:00 2023-04-01 00:00:00 2023-05-01 00:00:00 2023-06-01 00:00:00 |
| Annual Quarter | Resample observations in the datetime column to the last day of each quarter | 2023-03-31 00:00:00 2023-06-30 00:00:00 2023-09-30 00:00:00 2023-12-31 00:00:00 |
| Year | Resample observations in the datetime column to the last day of each year | 2022-12-31 0:00:00 2023-12-31 00:00:00 2024-12-31 00:00:00 |
| Hour | Resample observations in the datetime column to each hour of each day | 2023-03-24 00:00:00 2023-03-24 01:00:00 2023-03-24 02:00:00 2023-03-24 03:00:00 |
| Minute | Resample observations in the datetime column to each minute of each hour | 2023-03-24 00:00:00 2023-03-24 00:01:00 2023-03-24 00:02:00 2023-03-24 00:03:00 |
| Second | Resample observations in the datetime column to each second of each minute | 2023-03-24 00:00:00 2023-03-24 00:00:01 2023-03-24 00:00:02 2023-03-24 00:00:03 |
When applying the resampling transform, you can use the **Advanced** option to specify how the resulting values of the rest of the columns (other than the timestamp column) in your dataset are modified. This can be achieved by specifying the resampling methodology, which can either be downsampling or upsampling for both numeric and non-numeric columns.
*Downsampling* increases the interval between observations in the dataset. For example, if you downsample observations that are taken either every hour or every two hours, each observation in your dataset is taken every two hours. The values of other columns of the hourly observations are aggregated into a single value using a combination method. The following tables show an example of downsampling time series data by using mean as the combination method. The data is downsampled from every two hours to every hour.
The following table shows the hourly temperature readings over a day before downsampling.
| Timestamp | Temperature (Celsius) |
| --- | --- |
| 12:00 pm | 30 |
| 1:00 am | 32 |
| 2:00 am | 35 |
| 3:00 am | 32 |
| 4:00 am | 30 |
The following table shows the temperature readings after downsampling to every two hours.
| Timestamp | Temperature (Celsius) |
| --- | --- |
| 12:00 pm | 30 |
| 2:00 am | 33.5 |
| 2:00 am | 35 |
| 4:00 am | 32.5 |
To downsample time series data, do the following:
1. Expand the **Advanced ** section under the **Resample** transform.
1. Choose **Non-numeric combination** to specify the combination method for non-numeric columns. See the table below for a complete list of combination methods.
1. Choose **Numeric combination** to specify the combination method for numeric columns. See the table below for a complete list of combination methods.
If you don’t specify combination methods, the default values are `Most Common` for **Non-numeric combination** and `Mean` for **Numeric combination**. The following table lists the methods for numeric and non-numeric combination.
| Downsampling methodology | Combination method | Description |
| --- | --- | --- |
| Non-numeric combination | Most Common | Aggregate values in the non-numeric column by the most commonly ocurring value |
| Non-numeric combination | Last | Aggregate values in the non-numeric column by the last value in the column |
| Non-numeric combination | First | Aggregate values in the non-numeric column by the first value in the column |
| Numeric combination | Mean | Aggregate values in the numeric column by the taking the mean of all the values in the column |
| Numeric combination | Median | Aggregate values in the numeric column by the taking the median of all the values in the column |
| Numeric combination | Min | Aggregate values in the numeric column by the taking the minimum of all the values in the column |
| Numeric combination | Max | Aggregate values in the numeric column by the taking the maximum of all the values in the column |
| Numeric combination | Sum | Aggregate values in the numeric column by adding all the values in the column |
| Numeric combination | Quantile | Aggregate values in the numeric column by the taking the quantile of all the values in the column |
*Upsampling* reduces the interval between observations in the dataset. For example, if you upsample observations that are taken every two hours into hourly observations, the values of other columns of the hourly observations are interpolated from the ones that have been taken every two hours.
To upsample time series data, do the following:
1. Expand the **Advanced** section under the **Resample** transform.
1. Choose **Non-numeric estimation** to specify the estimation method for non-numeric columns. See the table after this procedure for a complete list of methods.
1. Choose **Numeric estimation** to specify the estimation method for numeric columns. See the table below for a complete list of methods.
1. (Optional) Choose **ID Column** to specify the column that has the IDs of the observations of the time series. Specify this option if your dataset has two time series. If you have a column representing only one time series, don't specify a value for this field. For example, you can have a dataset that has the columns `id` and `purchase`. The `id` column has the following values: `[1, 2, 2, 1]`. The `purchase` column has the following values `[$2, $3, $4, $1]`. Therefore, the dataset has two time series—one time series is: `1: [$2, $1]`, and the other time series is `2: [$3, $4]`.
If you don’t specify estimation methods, the default values are `Forward Fill` for **Non-numeric estimation** and `Linear` for **Numeric estimation**. The following table lists the methods for estimation.
| Upsampling methodology | Estimation method | Description |
| --- | --- | --- |
| Non-numeric estimation | Forward Fill | Interpolate values in the non-numeric column by taking the consecutive values after all the values in the column |
| Non-numeric estimation | Backward Fill | Interpolate values in the non-numeric column by taking the consecutive values before all the values in the column |
| Non-numeric estimation | Keep Missing | Interpolate values in the non-numeric column by showing empty values |
| Numeric estimation | Linear, Time, Index, Zero, S-Linear, Nearest, Quadratic, Cubic, Barycentric, Polynomial, Krogh, Piecewise Polynomial, Spline, P-chip, Akima, Cubic Spline, From Derivatives | Interpolate values in the numeric column by using the specfied interpolator. For information on interpolation methods, see [pandas.DataFrame.interpolate](https://pandas.pydata.org/docs/reference/api/pandas.DataFrame.interpolate.html) in the pandas documentation. |
The following screenshot shows the **Advanced** settings with the fields for downsampling and upsampling filled out.
![\[The Canvas application, with the time series resampling side panel showing the advanced options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-prepare-data-resampling.png)
### Use datetime extraction
With the datetime extraction transform, you can extract values from a datetime column to a separate column. For example, if you have a column containing dates of purchases, you can extract the month value to a separate column and use the new column when building your model. You can also extract multiple values to separate columns with a single transform.
Your datetime column must use a supported timestamp format. For a list of the formats that SageMaker Canvas supports, see [Time Series Forecasts in Amazon SageMaker Canvas](canvas-time-series.md). If your dataset does not use one of the supported formats, update your dataset to use a supported timestamp format and re-import it to Amazon SageMaker Canvas before building your model.
To perform a datetime extraction, do the following.
1. In the **Build** tab of the SageMaker Canvas application, on the transforms bar, choose **View all**.
1. Choose **Extract features**.
1. Choose the **Timestamp column** from which you want to extract values.
1. For **Values**, select one or more values to extract from the column. The values you can extract from a timestamp column are **Year**, **Month**, **Day**, **Hour**, **Week of year**, **Day of year**, and **Quarter**.
1. (Optional) Choose **Preview** to preview the transform results.
1. Choose **Add** to add the transform to the **Model recipe**.
SageMaker Canvas creates a new column in the dataset for each of the values you extract. Except for **Year** values, SageMaker Canvas uses a 0-based encoding for the extracted values. For example, if you extract the **Month** value, January is extracted as 0, and February is extracted as 1.
![\[Screenshot of the datetime extraction box in the SageMaker Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-datetime-extract.png)
You can see the transform listed in the **Model recipe** section. If you remove the transform from the **Model recipe** section, the new columns are removed from the dataset.
# Model evaluation
After you’ve built your model, you can evaluate how well your model performed on your data before using it to make predictions. You can use information, such as the model’s accuracy when predicting labels and advanced metrics, to determine whether your model can make sufficiently accurate predictions for your data.
The section [Evaluate your model's performance](canvas-scoring.md) describes how to view and interpret the information on your model's **Analyze** page. The section [Use advanced metrics in your analyses](canvas-advanced-metrics.md) contains more detailed information about the **Advanced metrics** used to quantify your model’s accuracy.
You can also view more advanced information for specific *model candidates*, which are all of the model iterations that Canvas runs through while building your model. Based on the advanced metrics for a given model candidate, you can select a different candidate to be the default, or the version that is used for making predictions and deploying. For each model candidate, you can view the **Advanced metrics** information to help you decide which model candidate you’d like to select as the default. You can view this information by selecting the model candidate from the **Model leaderboard**. For more information, see [View model candidates in the model leaderboard](canvas-evaluate-model-candidates.md).
Canvas also provides the option to download a Jupyter notebook so that you can view and run the code used to build your model. This is useful if you’d like to make adjustments to the code or learn more about how your model was built. For more information, see [Download a model notebook](canvas-notebook.md).
# Evaluate your model's performance
Amazon SageMaker Canvas provides overview and scoring information for the different types of model. Your model’s score can help you determine how accurate your model is when it makes predictions. The additional scoring insights can help you quantify the differences between the actual and predicted values.
To view the analysis of your model, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. Choose the model that you built.
1. In the top navigation pane, choose the **Analyze** tab.
1. Within the **Analyze** tab, you can view the overview and scoring information for your model.
The following sections describe how to interpret the scoring for each model type.
## Evaluate categorical prediction models
The **Overview** tab shows you the column impact for each column. **Column impact** is a percentage score that indicates how much weight a column has in making predictions in relation to the other columns. For a column impact of 25%, Canvas weighs the prediction as 25% for the column and 75% for the other columns.
The following screenshot shows the **Accuracy** score for the model, along with the **Optimization metric**, which is the metric that you choose to optimize when building the model. In this case, the **Optimization metric** is **Accuracy**. You can specify a different optimization metric if you build a new version of your model.
![\[Screenshot of the accuracy score and optimization metric on the Analyze tab in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/analyze-tab-2-category.png)
The **Scoring** tab for a categorical prediction model gives you the ability to visualize all the predictions. Line segments extend from the left of the page, indicating all the predictions the model has made. In the middle of the page, the line segments converge on a perpendicular segment to indicate the proportion of each prediction to a single category. From the predicted category, the segments branch out to the actual category. You can get a visual sense of how accurate the predictions were by following each line segment from the predicted category to the actual category.
The following image gives you an example **Scoring** section for a **3\$1 category prediction** model.
![\[Screenshot of the Scoring tab for a 3+ category prediction model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-analyze/canvas-multiclass-classification.png)
You can also view the **Advanced metrics** tab for more detailed information about your model’s performance, such as the advanced metrics, error density plots, or confusion matrices. To learn more about the **Advanced metrics** tab, see [Use advanced metrics in your analyses](canvas-advanced-metrics.md).
## Evaluate numeric prediction models
The **Overview** tab shows you the column impact for each column. **Column impact** is a percentage score that indicates how much weight a column has in making predictions in relation to the other columns. For a column impact of 25%, Canvas weighs the prediction as 25% for the column and 75% for the other columns.
The following screenshot shows the **RMSE** score for the model on the **Overview** tab, which in this case is the **Optimization metric**. The **Optimization metric** is the metric that you choose to optimize when building the model. You can specify a different optimization metric if you build a new version of your model.
![\[Screenshot of the RMSE optimization metric on the Analyze tab in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/analyze-tab-2-numeric.png)
The **Scoring** tab for numeric prediction shows a line to indicate the model's predicted value in relation to the data used to make predictions. The values of the numeric prediction are often \$1/- the RMSE (root mean squared error) value. The value that the model predicts is often within the range of the RMSE. The width of the purple band around the line indicates the RMSE range. The predicted values often fall within the range.
The following image shows the **Scoring** section for numeric prediction.
![\[Screenshot of the Scoring tab for a numeric prediction model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-analyze/canvas-analyze-regression-scoring.png)
You can also view the **Advanced metrics** tab for more detailed information about your model’s performance, such as the advanced metrics, error density plots, or confusion matrices. To learn more about the **Advanced metrics** tab, see [Use advanced metrics in your analyses](canvas-advanced-metrics.md).
## Evaluate time series forecasting models
On the **Analyze** page for time series forecasting models, you can see an overview of the model’s metrics. You can hover over each metric for more information, or you can see [Use advanced metrics in your analyses](canvas-advanced-metrics.md) for more information about each metric.
In the **Column impact** section, you can see the score for each column. **Column impact** is a percentage score that indicates how much weight a column has in making predictions in relation to the other columns. For a column impact of 25%, Canvas weighs the prediction as 25% for the column and 75% for the other columns.
The following screenshot shows the time series metrics scores for the model, along with the **Optimization metric**, which is the metric that you choose to optimize when building the model. In this case, the **Optimization metric** is **RMSE**. You can specify a different optimization metric if you build a new version of your model. These metrics scores are taken from your backtest results, which are available for download in the **Artifacts** tab.
![\[Screenshot of the RMSE optimization metric on the Analyze tab in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/analyze-tab-2-time-series.png)
The **Artifacts** tab provides access to several key resources that you can use to dive deeper into your model’s performance and continue iterating upon it:
+ **Shuffled training and validation splits** – This section includes links to the artifacts generated when your dataset was split into training and validation sets, enabling you to review the data distribution and potential biases.
+ **Backtest results** – This section includes a link to the forecasted values for your validation dataset, which is used to generate accuracy metrics and evaluation data for your model.
+ **Accuracy metrics** – This section lists the advanced metrics that evaluate your model's performance, such as Root Mean Squared Error (RMSE). For more information about each metric, see [Metrics for time series forecasts](canvas-metrics.md#canvas-time-series-forecast-metrics).
+ **Explainability report** – This section provides a link to download the explainability report, which offers insights into the model's decision-making process and the relative importance of input columns. This report can help you identify potential areas for improvement.
On the **Analyze** page, you can also choose the **Download** button to directly download the backtest results, accuracy metrics, and explainability report artifacts to your local machine.
## Evaluate image prediction models
The **Overview** tab shows you the **Per label performance**, which gives you an overall accuracy score for the images predicted for each label. You can choose a label to see more specific details, such as the **Correctly predicted** and **Incorrectly predicted** images for the label.
You can turn on the **Heatmap** toggle to see a heatmap for each image. The heatmap shows you the areas of interest that have the most impact when your model is making predictions. For more information about heatmaps and how to use them to improve your model, choose the **More info** icon next to the **Heatmap** toggle.
The **Scoring** tab for single-label image prediction models shows you a comparison of what the model predicted as the label versus what the actual label was. You can select up to 10 labels at a time. You can change the labels in the visualization by choosing the labels dropdown menu and selecting or deselecting labels.
You can also view insights for individual labels or groups of labels, such as the three labels with the highest or lowest accuracy, by choosing the **View scores for** dropdown menu in the **Model accuracy insights** section.
The following screenshot shows the **Scoring** information for a single-label image prediction model.
![\[The actual versus predicted labels on the Scoring page for a multi-category text prediction model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/analyze-image-scoring.png)
## Evaluate text prediction models
The **Overview** tab shows you the **Per label performance**, which gives you an overall accuracy score for the passages of text predicted for each label. You can choose a label to see more specific details, such as the **Correctly predicted** and **Incorrectly predicted** passages for the label.
The **Scoring** tab for multi-category text prediction models shows you a comparison of what the model predicted as the label versus what the actual label was.
In the **Model accuracy insights** section, you can see the **Most frequent category**, which tells you the category that the model predicted most frequently and how accurate those predictions were. If you model predicts a label of **Positive** correctly 99% of the time, then you can be fairly confident that your model is good at predicting positive sentiment in text.
The following screenshot shows the **Scoring** information for a multi-category text prediction model.
![\[The actual versus predicted labels on the Scoring page for a single-label image prediction model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/analyze-text-scoring.png)
# Use advanced metrics in your analyses
The following section describes how to find and interpret the advanced metrics for your model in Amazon SageMaker Canvas.
**Note**
Advanced metrics are only currently available for numeric and categorical prediction models.
To find the **Advanced metrics** tab, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. Choose the model that you built.
1. In the top navigation pane, choose the **Analyze** tab.
1. Within the **Analyze** tab, choose the **Advanced metrics** tab.
In the **Advanced metrics** tab, you can find the **Performance** tab. The page looks like the following screenshot.
![\[Screenshot of the advanced metrics tab for a categorical prediction model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-analyze-performance.png)
At the top, you can see an overview of the metrics scores, including the **Optimization metric**, which is the metric that you selected (or that Canvas selected by default) to optimize when building the model.
The following sections describe more detailed information for the **Performance** tab within the **Advanced metrics**.
## Performance
In the **Performance** tab, you’ll see a **Metrics table**, along with visualizations that Canvas creates based on your model type. For categorical prediction models, Canvas provides a *confusion matrix*, whereas for numeric prediction models, Canvas provides you with *residuals* and *error density* charts.
In the **Metrics table**, you are provided with a full list of your model’s scores for each advanced metric, which is more comprehensive than the scores overview at the top of the page. The metrics shown here depend on your model type. For a reference to help you understand and interpret each metric, see [Metrics reference](canvas-metrics.md).
To understand the visualizations that might appear based on your model type, see the following options:
+ **Confusion matrix** – Canvas uses confusion matrices to help you visualize when a model makes predictions correctly. In a confusion matrix, your results are arranged to compare the predicted values against the actual values. The following example explains how a confusion matrix works for a 2 category prediction model that predicts positive and negative labels:
+ True positive – The model correctly predicted positive when the true label was positive.
+ True negative – The model correctly predicted negative when the true label was negative.
+ False positive – The model incorrectly predicted positive when the true label was negative.
+ False negative – The model incorrectly predicted negative when the true label was positive.
+ **Precision recall curve** – The precision recall curve is a visualization of the model’s precision score plotted against the model’s recall score. Generally, a model that can make perfect predictions would have precision and recall scores that are both 1. The precision recall curve for a decently accurate model is fairly high in both precision and recall.
+ **Residuals** – Residuals are the difference between the actual values and the values predicted by the model. A residuals chart plots the residuals against the corresponding values to visualize their distribution and any patterns or outliers. A normal distribution of residuals around zero indicates that the model is a good fit for the data. However, if the residuals are significantly skewed or have outliers, it may indicate that the model is overfitting the data or that there are other issues that need to be addressed.
+ **Error density** – An error density plot is a representation of the distribution of errors made by a model. It shows the probability density of the errors at each point, helping you to identify any areas where the model may be overfitting or making systematic errors.
# View model candidates in the model leaderboard
When you do a [Standard build](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-build-model.html) for tabular and time series forecasting models in Amazon SageMaker Canvas, SageMaker AI trains multiple *model candidates* (different iterations of the model) and by default selects the one with the highest value for the optimization metric. For tabular models, Canvas builds up to 250 different model candidates using various algorithms and hyperparameter settings. For time series forecasting models, Canvas builds 7 different models—one for each of the [supported forecasting algorithms](canvas-advanced-settings.md#canvas-advanced-settings-time-series) and one ensemble model that averages the predictions of the other models to try to optimize accuracy.
The default model candidate is the only version that you can use in Canvas for actions like making predictions, registering to the model registry, or deploying to an endpoint. However, you might want to review all of the model candidates and select a different candidate to be the default model. You can view all of the model candidates and more details about each candidate on the **Model leaderboard** in Canvas.
To view the **Model leaderboard**, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. Choose the model that you built.
1. In the top navigation pane, choose the **Analyze** tab.
1. Within the **Analyze** tab, choose **Model leaderboard.**
The **Model leaderboard** page opens, which for tabular models looks like the following screenshot.
![\[The model leaderboard, which lists all of the model candidates that Canvas trained.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-model-leaderboard.png)
For time series forecasting models, you see 7 models, which include one for each of the time series forecasting algorithms supported by Canvas and one ensemble model. For more information about the algorithms, see [Advanced time series forecasting model settings](canvas-advanced-settings.md#canvas-advanced-settings-time-series).
In the preceding screenshot, you can see that the first model candidate listed is marked as the **Default model**. This is the model candidate with which you can make predictions or deploy to endpoints.
To view more detailed metrics information about the model candidates to compare them, you can choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) and choose **View model details**.
**Important**
Loading the model details for non-default model candidates may take a few minutes (typically less than 10 minutes), and SageMaker AI Hosting charges apply. For more information, see [SageMaker AI Pricing](https://aws.amazon.com/sagemaker/pricing/).
The model candidate opens in the **Analyze** tab, and the metrics shown are specific to that model candidate. When you’re done reviewing the model candidate’s metrics, you can go back or exit the view to return to the **Model leaderboard**.
If you’d like to set the **Default model** to a different candidate, you can choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) and choose **Change to default model**. Changing the default model for a model trained using HPO mode might take several minutes.
**Note**
If your model is already deployed in production, [registered to the model registry](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-register-model.html), or has [automations](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-manage-automations.html) set up, you must delete your deployment, model registration, or automations before changing the default model.
# Metrics reference
The following sections describe the metrics that are available in Amazon SageMaker Canvas for each model type.
## Metrics for numeric prediction
The following list defines the metrics for numeric prediction in SageMaker Canvas and gives you information about how you can use them.
+ InferenceLatency – The approximate amount of time between making a request for a model prediction to receiving it from a real-time endpoint to which the model is deployed. This metric is measured in seconds and is only available for models built with the **Ensembling**mode.
+ MAE – Mean absolute error. On average, the prediction for the target column is \$1/- \$1MAE\$1 from the actual value.
Measures how different the predicted and actual values are when they're averaged over all values. MAE is commonly used in numeric prediction to understand model prediction error. If the predictions are linear, MAE represents the average distance from a predicted line to the actual value. MAE is defined as the sum of absolute errors divided by the number of observations. Values range from 0 to infinity, with smaller numbers indicating a better model fit to the data.
+ MAPE – Mean absolute percent error. On average, the prediction for the target column is \$1/- \$1MAPE\$1 % from the actual value.
MAPE is the mean of the absolute differences between the actual values and the predicted or estimated values, divided by the actual values and expressed as a percentage. A lower MAPE indicates better performance, as it means that the predicted or estimated values are closer to the actual values.
+ MSE – Mean squared error, or the average of the squared differences between the predicted and actual values.
MSE values are always positive. The better a model is at predicting the actual values, the smaller the MSE value is.
+ R2 – The percentage of the difference in the target column that can be explained by the input column.
Quantifies how much a model can explain the variance of a dependent variable. Values range from one (1) to negative one (-1). Higher numbers indicate a higher fraction of explained variability. Values close to zero (0) indicate that very little of the dependent variable can be explained by the model. Negative values indicate a poor fit and that the model is outperformed by a constant function (or a horizontal line).
+ RMSE – Root mean squared error, or the standard deviation of the errors.
Measures the square root of the squared difference between predicted and actual values, and is averaged over all values. It is used to understand model prediction error, and it's an important metric to indicate the presence of large model errors and outliers. Values range from zero (0) to infinity, with smaller numbers indicating a better model fit to the data. RMSE is dependent on scale, and should not be used to compare datasets of different types.
## Metrics for categorical prediction
This section defines the metrics for categorical prediction in SageMaker Canvas and gives you information about how you can use them.
The following is a list of available metrics for 2-category prediction:
+ Accuracy – The percentage of correct predictions.
Or, the ratio of the number of correctly predicted items to the total number of predictions. Accuracy measures how close the predicted class values are to the actual values. Values for accuracy metrics vary between zero (0) and one (1). A value of 1 indicates perfect accuracy, and 0 indicates complete inaccuracy.
+ AUC – A value between 0 and 1 that indicates how well your model is able to separate the categories in your dataset. A value of 1 indicates that it was able to separate the categories perfectly.
+ BalancedAccuracy – Measures the ratio of accurate predictions to all predictions.
This ratio is calculated after normalizing true positives (TP) and true negatives (TN) by the total number of positive (P) and negative (N) values. It is defined as follows: `0.5*((TP/P)+(TN/N))`, with values ranging from 0 to 1. The balanced accuracy metric gives a better measure of accuracy when the number of positives or negatives differ greatly from each other in an imbalanced dataset, such as when only 1% of email is spam.
+ F1 – A balanced measure of accuracy that takes class balance into account.
It is the harmonic mean of the precision and recall scores, defined as follows: `F1 = 2 * (precision * recall) / (precision + recall)`. F1 scores vary between 0 and 1. A score of 1 indicates the best possible performance, and 0 indicates the worst.
+ InferenceLatency – The approximate amount of time between making a request for a model prediction to receiving it from a real-time endpoint to which the model is deployed. This metric is measured in seconds and is only available for models built with the **Ensembling**mode.
+ LogLoss – Log loss, also known as cross-entropy loss, is a metric used to evaluate the quality of the probability outputs, rather than the outputs themselves. Log loss is an important metric to indicate when a model makes incorrect predictions with high probabilities. Values range from 0 to infinity. A value of 0 represents a model that perfectly predicts the data.
+ Precision – Of all the times that \$1category x\$1 was predicted, the prediction was correct \$1precision\$1% of the time.
Precision measures how well an algorithm predicts the true positives (TP) out of all of the positives that it identifies. It is defined as follows: `Precision = TP/(TP+FP)`, with values ranging from zero (0) to one (1). Precision is an important metric when the cost of a false positive is high. For example, the cost of a false positive is very high if an airplane safety system is falsely deemed safe to fly. A false positive (FP) reflects a positive prediction that is actually negative in the data.
+ Recall – The model correctly predicted \$1recall\$1% to be \$1category x\$1 when \$1target\$1column\$1 was actually \$1category x\$1.
Recall measures how well an algorithm correctly predicts all of the true positives (TP) in a dataset. A true positive is a positive prediction that is also an actual positive value in the data. Recall is defined as follows: `Recall = TP/(TP+FN)`, with values ranging from 0 to 1. Higher scores reflect a better ability of the model to predict true positives (TP) in the data. Note that it is often insufficient to measure only recall, because predicting every output as a true positive yields a perfect recall score.
The following is a list of available metrics for 3\$1 category prediction:
+ Accuracy – The percentage of correct predictions.
Or, the ratio of the number of correctly predicted items to the total number of predictions. Accuracy measures how close the predicted class values are to the actual values. Values for accuracy metrics vary between zero (0) and one (1). A value of 1 indicates perfect accuracy, and 0 indicates complete inaccuracy.
+ BalancedAccuracy – Measures the ratio of accurate predictions to all predictions.
This ratio is calculated after normalizing true positives (TP) and true negatives (TN) by the total number of positive (P) and negative (N) values. It is defined as follows: `0.5*((TP/P)+(TN/N))`, with values ranging from 0 to 1. The balanced accuracy metric gives a better measure of accuracy when the number of positives or negatives differ greatly from each other in an imbalanced dataset, such as when only 1% of email is spam.
+ F1macro – The F1macro score applies F1 scoring by calculating the precision and recall, and then taking their harmonic mean to calculate the F1 score for each class. Then, the F1macro averages the individual scores to obtain the F1macro score. F1macro scores vary between 0 and 1. A score of 1 indicates the best possible performance, and 0 indicates the worst.
+ InferenceLatency – The approximate amount of time between making a request for a model prediction to receiving it from a real-time endpoint to which the model is deployed. This metric is measured in seconds and is only available for models built with the **Ensembling**mode.
+ LogLoss – Log loss, also known as cross-entropy loss, is a metric used to evaluate the quality of the probability outputs, rather than the outputs themselves. Log loss is an important metric to indicate when a model makes incorrect predictions with high probabilities. Values range from 0 to infinity. A value of 0 represents a model that perfectly predicts the data.
+ PrecisionMacro – Measures precision by calculating precision for each class and averaging scores to obtain precision for several classes. Scores range from zero (0) to one (1). Higher scores reflect the model's ability to predict true positives (TP) out of all of the positives that it identifies, averaged across multiple classes.
+ RecallMacro – Measures recall by calculating recall for each class and averaging scores to obtain recall for several classes. Scores range from 0 to 1. Higher scores reflect the model's ability to predict true positives (TP) in a dataset, whereas a true positive reflects a positive prediction that is also an actual positive value in the data. It is often insufficient to measure only recall, because predicting every output as a true positive will yield a perfect recall score.
Note that for 3\$1 category prediction, you also receive the average F1, Accuracy, Precision, and Recall metrics. The scores for these metrics are just the metric scores averaged for all categories.
## Metrics for image and text prediction
The following is a list of available metrics for image prediction and text prediction.
+ Accuracy – The percentage of correct predictions.
Or, the ratio of the number of correctly predicted items to the total number of predictions. Accuracy measures how close the predicted class values are to the actual values. Values for accuracy metrics vary between zero (0) and one (1). A value of 1 indicates perfect accuracy, and 0 indicates complete inaccuracy.
+ F1 – A balanced measure of accuracy that takes class balance into account.
It is the harmonic mean of the precision and recall scores, defined as follows: `F1 = 2 * (precision * recall) / (precision + recall)`. F1 scores vary between 0 and 1. A score of 1 indicates the best possible performance, and 0 indicates the worst.
+ Precision – Of all the times that \$1category x\$1 was predicted, the prediction was correct \$1precision\$1% of the time.
Precision measures how well an algorithm predicts the true positives (TP) out of all of the positives that it identifies. It is defined as follows: `Precision = TP/(TP+FP)`, with values ranging from zero (0) to one (1). Precision is an important metric when the cost of a false positive is high. For example, the cost of a false positive is very high if an airplane safety system is falsely deemed safe to fly. A false positive (FP) reflects a positive prediction that is actually negative in the data.
+ Recall – The model correctly predicted \$1recall\$1% to be \$1category x\$1 when \$1target\$1column\$1 was actually \$1category x\$1.
Recall measures how well an algorithm correctly predicts all of the true positives (TP) in a dataset. A true positive is a positive prediction that is also an actual positive value in the data. Recall is defined as follows: `Recall = TP/(TP+FN)`, with values ranging from 0 to 1. Higher scores reflect a better ability of the model to predict true positives (TP) in the data. Note that it is often insufficient to measure only recall, because predicting every output as a true positive yields a perfect recall score.
Note that for image and text prediction models where you are predicting 3 or more categories, you also receive the *average* F1, Accuracy, Precision, and Recall metrics. The scores for these metrics are just the metric scores average for all categories.
## Metrics for time series forecasts
The following defines the advanced metrics for time series forecasts in Amazon SageMaker Canvas and gives you information about how you can use them.
+ Average Weighted Quantile Loss (wQL) – Evaluates the forecast by averaging the accuracy at the P10, P50, and P90 quantiles. A lower value indicates a more accurate model.
+ Weighted Absolute Percent Error (WAPE) – The sum of the absolute error normalized by the sum of the absolute target, which measures the overall deviation of forecasted values from observed values. A lower value indicates a more accurate model, where WAPE = 0 is a model with no errors.
+ Root Mean Square Error (RMSE) – The square root of the average squared errors. A lower RMSE indicates a more accurate model, where RMSE = 0 is a model with no errors.
+ Mean Absolute Percent Error (MAPE) – The percentage error (percent difference of the mean forecasted value versus the actual value) averaged over all time points. A lower value indicates a more accurate model, where MAPE = 0 is a model with no errors.
+ Mean Absolute Scaled Error (MASE) – The mean absolute error of the forecast normalized by the mean absolute error of a simple baseline forecasting method. A lower value indicates a more accurate model, where MASE < 1 is estimated to be better than the baseline and MASE > 1 is estimated to be worse than the baseline.
# Predictions with custom models
Use the custom model that you've built in SageMaker Canvas to make predictions for your data. The following sections show you how to make predictions for numeric and categorical prediction models, time series forecasts, image prediction models, and text prediction models.
Numeric and categorical prediction, image prediction, and text prediction custom models support making the following types of predictions for your data:
+ **Single predictions** — A **Single prediction** is when you only need to make one prediction. For example, you have one image or passage of text that you want to classify.
+ **Batch predictions** — A **Batch prediction** is when you’d like to make predictions for an entire dataset. You can make batch predictions for datasets that are 1 TB\$1. For example, you have a CSV file of customer reviews for which you’d like to predict the customer sentiment, or you have a folder of image files that you'd like to classify. You should make predictions with a dataset that matches your input dataset. Canvas provides you with the ability to do manual batch predictions, or you can configure automatic batch predictions that run whenever you update a dataset.
For each prediction or set of predictions, SageMaker Canvas returns the following:
+ The predicted values
+ The probability of the predicted value being correct
**Get started**
Choose one of the following workflows to make predictions with your custom model:
+ [Batch predictions in SageMaker Canvas](canvas-make-predictions-batch.md)
+ [Make single predictions](canvas-make-predictions-single.md)
After generating predictions with your model, you can also do the following:
+ [Update your model by adding versions.](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-update-model.html) If you want to try to improve the prediction accuracy of your model, you can build new versions of your model. You can choose to clone your original model building configuration and dataset, or you can change your configuration and select a different dataset. After adding a new version, you can review and compare versions to choose the best one.
+ [Register a model version in the SageMaker AI model registry](canvas-register-model.md). You can register versions of your model to the SageMaker Model Registry, which is a feature for tracking and managing the status of model versions and machine learning pipelines. A data scientist or MLOps team user with access to the SageMaker Model Registry can review your model versions and approve or reject them before deploying them to production.
+ [Send your batch predictions to Quick.](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-send-predictions.html) In Quick, you can build and publish dashboards with your batch prediction datasets. This can help you analyze and share results generated by your custom model.
# Make single predictions
**Note**
This section describes how to get single predictions from your model inside the Canvas application. For information about making real-time invocations in a production environment by deploying your model to an endpoint, see [Deploy your models to an endpoint](canvas-deploy-model.md).
Make single predictions if you want to get a prediction for a single data point. You can use this feature to get real-time predictions or to experiment with changing individual values to see how they impact the prediction outcome. Note that single predictions rely on an Asynchronous Inference endpoint, which shuts down after being idle (or not receiving any prediction requests) for two hours.
Choose one of the following procedures based on your model type.
## Make single predictions with numeric and categorical prediction models
To make a single prediction for a numeric or categorical prediction model, do the following:
1. In the left navigation pane of the Canvas application, choose **My models**.
1. On the **My models** page, choose your model.
1. After opening your model, choose the **Predict** tab.
1. On the **Run predictions** page, choose **Single prediction**.
1. For each **Column** field, which represents the columns of your input data, you can change the **Value**. Select the dropdown menu for the **Value** you want to change. For numeric fields, you can enter a new number. For fields with labels, you can select a different label.
1. When you’re ready to generate the prediction, in the right **Prediction** pane, choose **Update**.
In the right **Prediction** pane, you’ll see the prediction result. You can **Copy** the prediction result chart, or you can also choose **Download** to either download the prediction result chart as an image or to download the values and prediction as a CSV file.
## Make single predictions with time series forecasting models
To make a single prediction for a time series forecasting model, do the following:
1. In the left navigation pane of the Canvas application, choose **My models**.
1. On the **My models** page, choose your model.
1. After opening your model, choose the **Predict** tab.
1. Choose **Single prediction**.
1. For **Item**, select the item for which you want to forecast values.
1. If you used a group by column to train the model, then select the group by category for the item.
The prediction result loads in the pane below, showing you a chart with the forecast for each quantile. Choose **Schema view** to see the numeric predicted values. You can also choose **Download** to download the prediction results as either an image or a CSV file.
## Make single predictions with image prediction models
To make a single prediction for a single-label image prediction model, do the following:
1. In the left navigation pane of the Canvas application, choose **My models**.
1. On the **My models** page, choose your model.
1. After opening your model, choose the **Predict** tab.
1. On the **Run predictions** page, choose **Single prediction**.
1. Choose **Import image**.
1. You’ll be prompted to upload an image. You can upload an image from your local computer or from an Amazon S3 bucket.
1. Choose **Import** to import your image and generate the prediction.
In the right **Prediction results** pane, the model lists the possible labels for the image along with a **Confidence** score for each label. For example, the model might predict the label **Sea** for an image, with a confidence score of 96%. The model may have predicted the image as a **Glacier** with only a confidence score of 4%. Therefore, you can determine that your model is fairly confident in predicting images of the sea.
## Make single predictions with text prediction models
To make a single prediction for a multi-category text prediction model, do the following:
1. In the left navigation pane of the Canvas application, choose **My models**.
1. On the **My models** page, choose your model.
1. After opening your model, choose the **Predict** tab.
1. On the **Run predictions** page, choose **Single prediction**.
1. For the **Text field**, enter the text for which you’d like to get a prediction.
1. Choose **Generate prediction results** to get your prediction.
In the right **Prediction results** pane, you receive an analysis of your text in addition to a **Confidence** score for each possible label. For example, if you entered a good review for a product, you might get **Positive** with a confidence score of 85%, while the confidence score for **Neutral** might be 10% and the confidence score for **Negative** only 5%.
# Batch predictions in SageMaker Canvas
Make batch predictions when you have an entire dataset for which you’d like to generate predictions. Amazon SageMaker Canvas supports batch predictions for datasets up to PBs in size.
There are two types of batch predictions you can make:
+ [Manual batch predictions](canvas-make-predictions-batch-manual.md) are when you have a dataset for which you want to make one-time predictions.
+ [Automatic batch predictions](canvas-make-predictions-batch-auto.md) are when you set up a configuration that runs whenever a specific dataset is updated. For example, if you’ve configured weekly updates to a SageMaker Canvas dataset of inventory data, you can set up automatic batch predictions that run whenever you update the dataset. After setting up an automated batch predictions workflow, see [How to manage automations](canvas-manage-automations.md) for more information about viewing and editing the details of your configuration. For more information about setting up automatic dataset updates, see [Configure automatic updates for a dataset](canvas-update-dataset-auto.md).
**Note**
Time series forecasting models don't support automatic batch predictions.
You can only set up automatic batch predictions for datasets imported through local upload or Amazon S3. Additionally, automatic batch predictions can only run while you’re logged in to the Canvas application. If you log out of Canvas, the automatic batch prediction job resumes when you log back in.
To get started, review the [Batch prediction dataset requirements](canvas-make-predictions-batch-preqreqs.md), and then choose one of the following manual or automatic batch prediction workflows.
**Topics**
+ [
# Batch prediction dataset requirements
](canvas-make-predictions-batch-preqreqs.md)
+ [
# Make manual batch predictions
](canvas-make-predictions-batch-manual.md)
+ [
# Make automatic batch predictions
](canvas-make-predictions-batch-auto.md)
+ [
# Edit your automatic batch prediction configuration
](canvas-make-predictions-batch-auto-edit.md)
+ [
# Delete your automatic batch prediction configuration
](canvas-make-predictions-batch-auto-delete.md)
+ [
# View your batch prediction jobs
](canvas-make-predictions-batch-auto-view.md)
# Batch prediction dataset requirements
For batch predictions, make sure that your datasets meet the requirements outlined in [Create a dataset](canvas-import-dataset.md). If your dataset is larger than 5 GB, then Canvas uses Amazon EMR Serverless to process your data and split it into smaller batches. After your data has been split, Canvas uses SageMaker AI Batch Transform to make predictions. You may see charges from both of these services after running batch predictions. For more information, see [Canvas pricing](https://aws.amazon.com/sagemaker/canvas/pricing/).
You might not be able to make predictions on some datasets if they have incompatible *schemas*. A *schema* is an organizational structure. For a tabular dataset, the schema is the names of the columns and the data type of the data in the columns. An incompatible schema might happen for one of the following reasons:
+ The dataset that you're using to make predictions has fewer columns than the dataset that you're using to build the model.
+ The data types in the columns you used to build the dataset might be different from the data types in dataset that you're using to make predictions.
+ The dataset that you're using to make predictions and the dataset that you've used to build the model have column names that don't match. The column names are case sensitive. `Column1` is not the same as `column1`.
To ensure that you can successfully generate batch predictions, match the schema of your batch predictions dataset to the dataset you used to train the model.
**Note**
For batch predictions, if you dropped any columns when building your model, Canvas adds the dropped columns back to the prediction results. However, Canvas does not add the dropped columns to your batch predictions for time series models.
# Make manual batch predictions
Choose one of the following procedures to make manual batch predictions based on your model type.
## Make manual batch predictions with numeric, categorical, and time series forecasting models
To make manual batch predictions for numeric, categorical, and time series forecasting model types, do the following:
1. In the left navigation pane of the Canvas application, choose **My models**.
1. On the **My models** page, choose your model.
1. After opening your model, choose the **Predict** tab.
1. On the **Run predictions** page, choose **Batch prediction**.
1. Choose **Select dataset** to pick a dataset for generating predictions.
1. From the list of available datasets, select your dataset, and then choose **Start Predictions** to get your predictions.
After the prediction job finishes running, there is an output dataset listed on the same page in the **Predictions** section. This dataset contains your results, and if you select the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), you can choose **Preview** to preview the output data. You can see the input data matched to the prediction and the probability that the prediction is correct. Then, you can choose **Download prediction** to download the results as a file.
## Make manual batch predictions with image prediction models
To make manual batch predictions for a single-label image prediction model, do the following:
1. In the left navigation pane of the Canvas application, choose **My models**.
1. On the **My models** page, choose your model.
1. After opening your model, choose the **Predict** tab.
1. On the **Run predictions** page, choose **Batch prediction**.
1. Choose **Select dataset** if you’ve already imported your dataset. If not, choose **Import new dataset**, and then you’ll be directed through the import data workflow.
1. From the list of available datasets, select your dataset and choose **Generate predictions** to get your predictions.
After the prediction job finishes running, on the **Run predictions** page, you see an output dataset listed under **Predictions**. This dataset contains your results, and if you select the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), you can choose **View prediction results** to see the output data. You can see the images along with their predicted labels and confidence scores. Then, you can choose **Download prediction** to download the results as a CSV or a ZIP file.
## Make manual batch predictions with text prediction models
To make manual batch predictions for a multi-category text prediction model, do the following:
1. In the left navigation pane of the Canvas application, choose **My models**.
1. On the **My models** page, choose your model.
1. After opening your model, choose the **Predict** tab.
1. On the **Run predictions** page, choose **Batch prediction**.
1. Choose **Select dataset** if you’ve already imported your dataset. If not, choose **Import new dataset**, and then you’ll be directed through the import data workflow. The dataset you choose must have the same source column as the dataset with which you built the model.
1. From the list of available datasets, select your dataset and choose **Generate predictions** to get your predictions.
After the prediction job finishes running, on the **Run predictions** page, you see an output dataset listed under **Predictions**. This dataset contains your results, and if you select the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), you can choose **Preview** to see the output data. You can see the images along with their predicted labels and confidence scores. Then, you can choose **Download prediction** to download the results.
# Make automatic batch predictions
**Note**
Time series forecasting models don't support automatic batch predictions.
To set up a schedule for automatic batch predictions, do the following:
1. In the left navigation pane of Canvas, choose **My models**.
1. Choose your model.
1. Choose the **Predict** tab.
1. Choose **Batch prediction**.
1. For **Generate predictions**, choose **Automatic**.
1. The **Automate batch predictions** dialog box pops up. Choose **Select dataset** and choose the dataset for which you want to automate predictions. Note that you can only select a dataset that was imported through local upload or Amazon S3.
1. After selecting a dataset, choose **Set up**.
Canvas runs a batch predictions job for the dataset after you set up the configuration. Then, every time you [Update a dataset](canvas-update-dataset.md), either manually or automatically, another batch predictions job runs.
After the prediction job finishes running, on the **Run predictions** page, you see an output dataset listed under **Predictions**. This dataset contains your results, and if you select the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), you can choose **Preview** to preview the output data. You can see the input data matched to the prediction and the probability that the prediction is correct. Then, you can choose **Download** to download the results.
The following sections describe how to view, update, and delete your automatic batch prediction configuration through the **Datasets** page in the Canvas application. You can only set up a maximum of 20 automatic configurations in Canvas. For more information about viewing your automated batch predictions job history or making changes to your automatic configuration through the **Automations** page, see [How to manage automations](canvas-manage-automations.md).
# Edit your automatic batch prediction configuration
You might want to make changes to your auto update configuration for a dataset, such as changing the frequency of the updates. You might also want to turn off your automatic update configuration to pause the updates to your dataset.
When you edit a batch prediction configuration, you can change the target dataset but not the frequency (since automatic batch predictions occur whenever the dataset is updated).
To edit your auto update configuration, do the following:
1. Go to the **Predict** tab of your model.
1. Under **Predictions**, choose the **Configuration** tab.
1. Find your configuration and choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)).
1. From the dropdown menu, choose **Update configuration**.
1. The **Automate batch prediction** dialog box opens. You can select another dataset and choose **Set up** to save your changes.
Your automatic batch predictions configuration is now updated.
To pause your automatic batch predictions, turn off your automatic configuration by doing the following:
1. Go to the **Predict** tab of your model.
1. Under **Predictions**, choose the **Configuration** tab.
1. Find your configuration from the list and turn off the **Auto update** toggle.
Automatic batch predictions are now paused. You can turn the toggle back on at any time to resume the update schedule.
# Delete your automatic batch prediction configuration
To learn how to delete your automatic batch prediction configuration, see [Delete an automatic configuration](canvas-manage-automations-delete.md).
You can also delete your configuration by doing the following:
1. Go to the **Predict** tab of your model.
1. Under **Predictions**, choose the **Configuration** tab.
1. Find your configuration from the list and choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)).
1. From the dropdown menu, choose **Delete configuration**.
Your configuration should now be deleted.
# View your batch prediction jobs
To view the statuses and history of your batch prediction jobs, go to the **Predict** tab of your model.
Each batch prediction job shows up in the **Predict** tab of your model. Under **Predictions**, you can see the **All jobs** tab and the **Configuration** tabs:
+ **All jobs** – In this tab, you can see all of the manual and automatic batch prediction jobs for this model. You can filter the jobs by configuration name. For each job, you can see the following fields:
+ **Status** – The current status of your batch prediction job. If the status is **Failed** or **Partially failed**, you can hover over the status to view a more detailed error message to help you troubleshoot.
+ **Input dataset** – The name of your Canvas input dataset, including the dataset version.
+ **Prediction type** – Whether the prediction job was automatic or manual.
+ **Rows** – The number of rows predicted.
+ **Configuration name** – The name of the batch prediction job configuration.
+ **QuickSight** – Describes whether you've sent the batch predictions to Quick.
+ **Created** – The creation time of the batch prediction job.
If you choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), you can choose **View details**, **Preview prediction**, **Download prediction**, or **Send to Quick**. If you choose **View details**, a page opens that shows you the full details of the batch prediction job, including the status, the input and output data configurations, information about the instances used to complete the job and access to the Amazon CloudWatch logs. The page looks like the following screenshot.
![\[Batch prediction job details page showing all of the additional details about a job.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-view-batch-prediction-job-details.png)
+ **Configuration** – In this tab, you can see all of the automatic batch prediction configurations you’ve created for this model. For each configuration, you can see fields such as the timestamp for when it was **Created**, the **Input dataset** it tracks for updates, and the **Next job scheduled**, which is the time when the next automatic prediction job is scheduled to start. If you choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), you can choose **View all jobs** to see the job history and in progress jobs for the configuration.
# Send predictions to Quick
**Note**
You can send batch predictions to Quick for numeric and categorical prediction and time series forecasting models. Single-label image prediction and multi-category text prediction models are excluded.
Once you generate batch predictions with custom tabular models in SageMaker Canvas, you can send those predictions as CSV files to Quick, which is a business intelligence (BI) service to build and publish predictive dashboards.
For example, if you built a 2 category prediction model to determine whether a customer will churn, you can create a visual, predictive dashboard in Quick to show the percentage of customers that are expected to churn. To learn more about Quick, see the [Quick User Guide](https://docs.aws.amazon.com/quicksight/latest/user/welcome.html).
The following sections show you how to send your batch predictions to Quick for analysis.
## Before you begin
Your user must have the necessary AWS Identity and Access Management (IAM) permissions to send your predictions to Quick. Your administrator can set up the IAM permissions for your user. For more information, see [Grant Your Users Permissions to Send Predictions to Quick](canvas-quicksight-permissions.md).
Your Quick account must contain the `default` namespace, which is set up when you first create your Quick account. Contact your administrator to help you get access to Quick. For more information, see [Setting up for Quick](https://docs.aws.amazon.com/quicksight/latest/user/setting-up.html) in the *Quick User Guide*.
Your Quick account must be created in the same Region as your Canvas application. If your Quick account’s home Region differs from your Canvas application’s Region, you must either [close](https://docs.aws.amazon.com/quicksight/latest/user/closing-account.html) and recreate your Quick account, or [set up a Canvas application](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-getting-started.html#canvas-prerequisites) in the same Region as your Quick account. You can check your Quick home Region by doing the following (assuming you already have an Quick account):
1. Open your [Quick console](https://quicksight.aws.amazon.com/).
1. When the page loads, your Quick home Region is appended to the URL in the following format: `https://.quicksight.aws.amazon.com/`.
You must know the usernames of the Quick users to whom you want to send your predictions. You can send predictions to yourself or other users who have the right permissions. Any users to whom you send predictions must be in the `default` [namespace](https://docs.aws.amazon.com/quicksight/latest/user/namespaces.html) of your Quick account and have the `Author` or `Admin` role in Quick.
Additionally, Quick must have access to the SageMaker AI default Amazon S3 bucket for your domain, which is named with the following format: `sagemaker-{REGION}-{ACCOUNT_ID}`. The Region should be the same as your Quick account's home Region and your Canvas application’s Region. To learn how to give Quick access to the batch predictions stored in your Amazon S3 bucket, see the topic [I can’t connect to Amazon S3](https://docs.aws.amazon.com/quicksight/latest/user/troubleshoot-connect-S3.html) in the *Quick User Guide*.
## Supported data formats
Before sending your predictions, check that the data format of your batch predictions is compatible with Quick.
+ To learn more about the accepted data formats for timeseries data, see [Supported date formats](https://docs.aws.amazon.com/quicksight/latest/user/supported-date-formats.html) in the *Quick User Guide*.
+ To learn more about data values that might prevent you from sending to Quick, see [Unsupported values in data](https://docs.aws.amazon.com/quicksight/latest/user/unsupported-data-values.html) in the *Quick User Guide*.
Also note that Quick uses the character `"` as a text qualifier, so if your Canvas data contains any `"` characters, make sure that you close all matching quotes. Any mismatching quotes can cause issues with sending your dataset to Quick.
## Send your batch predictions to Quick
Use the following procedure to send your predictions to Quick:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. On the **My models** page, choose your model.
1. Choose the **Predict** tab.
1. Under **Predictions**, select the dataset (or datasets) of batch predictions that you’d like to share. You can share up to 5 datasets of batch predictions at a time.
1. After you select your dataset, choose **Send to Quick**.
**Note**
The **Send to Quick** button doesn’t activate unless you select one or more datasets.
Alternatively, you can preview your predictions by choosing the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) and then **View prediction results**. From the dataset preview, you can choose **Send to Quick**. The following screenshot shows you the **Send to Quick** button in a dataset preview.
![\[Screenshot of a dataset preview with the Send to Quick button at the bottom.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/send-to-quicksight-preview.png)
1. In the **Send to Quick** dialog box, do the following:
1. For **QuickSight users**, enter the name of the Quick users to whom you want to send your predictions. If you want to send them to yourself, enter your own username. You can only send predictions to users in the `default` namespace of the Quick account, and the user must have the `Author` or `Admin` role in Quick.
1. Choose **Send**.
The following screenshot shows the **Send to Quick** dialog box:
![\[The Send to Quick dialog box.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/send-to-quicksight.png)
After you send your batch predictions, the **QuickSight** field for the datasets you sent shows as `Sent`. In the confirmation box that confirms your predictions were sent, you can choose **Open Quick** to open your Quick application. If you’re done using Canvas, you should [log out](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-log-out.html) of the Canvas application.
The Quick users that you’ve sent datasets to can open their Quick application and view the Canvas datasets that have been shared with them. Then, they can create predictive dashboards with the data. For more information, see [Getting started with Quick data analysis](https://docs.aws.amazon.com/quicksight/latest/user/getting-started.html) in the *Quick User Guide*.
By default, all of the users to whom you send predictions have owner permissions for the dataset in Quick. Owners are able to create analyses, refresh, edit, delete, and re-share datasets. The changes that owners make to a dataset change the dataset for all users with access. To change the permissions, go to the dataset in Quick and manage its permissions. For more information, see [Viewing and editing the permissions users that a dataset is shared with](https://docs.aws.amazon.com/quicksight/latest/user/sharing-data-sets.html#view-users-data-set) in the *Quick User Guide*.
# Download a model notebook
**Note**
The model notebook feature is available for quick build and standard build tabular models, and fine-tuned foundation models. Model notebooks aren't supported for image prediction, text prediction, or time series forecasting models.
If you'd like to generate a model notebook for a tabular model built before this feature was launched, you must rebuild the model to generate a notebook.
For eligible models that you successfully build in Amazon SageMaker Canvas, a Jupyter notebook containing a report of all the model building steps is generated. This Jupyter notebook contains Python code that you can run locally or run in an environment like Amazon SageMaker Studio Classic to replicate the steps necessary to build your model. The notebook can be useful if you’d like to experiment with the code or see the backend details of how Canvas builds models.
To access the model notebook, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. Choose the model and version that you built.
1. On the model version’s page, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) in the header.
1. From the dropdown menu, choose **View Notebook**.
1. A popup appears with the notebook content. You can choose **Download** and then do one of the following:
1. Choose **Download** to save the notebook content to your local device.
1. Choose **Copy S3 URI** to copy the Amazon S3 location where the notebook is stored. The notebook is stored in the Amazon S3 bucket specified in your **Canvas storage configuration**, which is configured in the [Prerequisites for setting up Amazon SageMaker Canvas](canvas-getting-started.md#canvas-prerequisites) section.
You should now be able to view the notebook either locally or as an object in Amazon S3. You can upload the notebook to an IDE to edit and run the code, or you can share the notebook with others in your organization to review.
# Send your model to Quick
If you use Quick and want to leverage SageMaker Canvas in your Quick visualizations, you can build an Amazon SageMaker Canvas model and use it as a *predictive field* in your Quick dataset. A *predictive field* is a field in your Quick dataset that can make predictions for a given column in your dataset, similar to how Canvas users make single or batch predictions with a model. To learn more about how to integrate Canvas predictive abilities into your Quick datasets, see [SageMaker Canvas integration](https://docs.aws.amazon.com/quicksight/latest/user/sagemaker-canvas-integration.html) in the [Quick User Guide](https://docs.aws.amazon.com/quicksight/latest/user/welcome.html).
The following steps explain how you can add a predictive field to your Quick dataset using a Canvas model:
1. Open the Canvas application and build a model with your dataset.
1. After building the model in Canvas, send the model to Quick. A schema file automatically downloads to your local machine when you send the model to Quick. You upload this schema file to Quick in the next step.
1. Open Quick and choose a dataset with the same schema as the dataset you used to build your model. Add a predictive field to the dataset and do the following:
1. Specify the model sent from Canvas.
1. Upload the schema file that was downloaded in Step 2.
1. Save and publish your changes, and then generate predictions for the new dataset. Quick uses the model to fill in the target column with predictions.
In order to send a model from Canvas to Quick, you must meet the following prerequisites:
+ You must have both Canvas and Quick set up. Your Quick account must be created in the same AWS Region as your Canvas application. If your Quick account’s home Region differs from your Canvas application’s Region, you must either [close](https://docs.aws.amazon.com/quicksight/latest/user/closing-account.html) and recreate your Quick account, or [set up a Canvas application](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-getting-started.html#canvas-prerequisites) in the same Region as your Quick account. Your Quick account must also contain the default namespace, which you set up when you first create your Quick account. Contact your administrator to help you get access to Quick. For more information, see [Setting up for Quick](https://docs.aws.amazon.com/quicksight/latest/user/setting-up.html) in the *Quick User Guide*.
+ Your user must have the necessary AWS Identity and Access Management (IAM) permissions to send your predictions to Quick. Your administrator can set up the IAM permissions for your user. For more information, see [Grant Your Users Permissions to Send Predictions to Quick](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-quicksight-permissions.html).
+ Quick must have access to the Amazon S3 bucket that you’ve specified for Canvas application storage. For more information, see [Configure your Amazon S3 storage](canvas-storage-configuration.md).
# Time Series Forecasts in Amazon SageMaker Canvas
**Note**
Time series forecasting models are only supported for tabular datasets.
Amazon SageMaker Canvas gives you the ability to use machine learning time series forecasts. Time series forecasts give you the ability to make predictions that can vary with time.
You can make a time series forecast for the following examples:
+ Forecasting your inventory in the coming months.
+ The number of items sold in the next four months.
+ The effect of reducing the price on sales during the holiday season.
+ Item inventory in the next 12 months.
+ The number of customers entering a store in the next several hours.
+ Forecasting how a 10% reduction in the price of a product affects sales over a time period.
To make a time series forecast, your dataset must have the following:
+ A timestamp column with all values having the `datetime` type.
+ A target column that has the values that you're using to forecast future values.
+ An item ID column that contains unique identifiers for each item in your dataset, such as SKU numbers.
The `datetime` values in the timestamp column must use one of the following formats:
+ `YYYY-MM-DD HH:MM:SS`
+ `YYYY-MM-DDTHH:MM:SSZ`
+ `YYYY-MM-DD`
+ `MM/DD/YY`
+ `MM/DD/YY HH:MM`
+ `MM/DD/YYYY`
+ `YYYY/MM/DD HH:MM:SS`
+ `YYYY/MM/DD`
+ `DD/MM/YYYY`
+ `DD/MM/YY`
+ `DD-MM-YY`
+ `DD-MM-YYYY`
You can make forecasts for the following intervals:
+ 1 min
+ 5 min
+ 15 min
+ 30 min
+ 1 hour
+ 1 day
+ 1 week
+ 1 month
+ 1 year
## Future values in your input dataset
Canvas automatically detects columns in your dataset that might potentially contain future values. If present, these values can enhance the accuracy of predictions. Canvas marks these specific columns with a `Future values` label. Canvas infers the relationship between the data in these columns and the target column that you are trying to predict, and utilizes that relationship to generate more accurate forecasts.
For example, you can forecast the amount of ice cream sold by a grocery store. To make a forecast, you must have a timestamp column and a column that indicates how much ice cream the grocery store sold. For a more accurate forecast, your dataset can also include the price, the ambient temperature, the flavor of the ice cream, or a unique identifier for the ice cream.
Ice cream sales might increase when the weather is warmer. A decrease in the price of the ice cream might result in more units sold. Having a column with ambient temperature data and a column with pricing data can improve your ability to forecast the number of units of ice cream the grocery store sells.
While providing future values is optional, it helps you to perform what-if analyses directly in the Canvas application, showing you how changes in future values could alter your predictions.
## Handling missing values
You might have missing data for different reasons. The reason for your missing data might inform how you want Canvas to impute it. For example, your organization might use an automatic system that only tracks when a sale happens. If you're using a dataset that comes from this type of automatic system, you have missing values in the target column.
**Important**
If you have missing values in the target column, we recommend using a dataset that doesn't have them. SageMaker Canvas uses the target column to forecast future values. Missing values in the target column can greatly reduce the accuracy of the forecast.
For missing values in the dataset, Canvas automatically imputes the missing values for you by filling the target column with `0` and other numeric columns with the median value of the column.
However, you can select your own filling logic for the target column and other numeric columns in your datasets. Target columns have different filling guidelines and restrictions than the rest of the numeric columns. Target columns are filled up to the end of the historical period, whereas numeric columns are filled across both historical and future periods all the way to the end of the forecast horizon. Canvas only fills future values in a numeric column if your data has at least one record with a future timestamp and a value for that specific column.
You can choose one of the following filling logic options to impute missing values in your data:
+ `zero` – Fill with `0`.
+ `NaN` – Fill with NaN, or not a number. This is only supported for the target column.
+ `mean` – Fill with the mean value from the data series.
+ `median` – Fill with the median value from the data series.
+ `min` – Fill with the minimum value from the data series.
+ `max` – Fill with the maximum value from the data series.
When choosing a filling logic, you should consider how your model interprets the logic. For example, in a retail scenario, recording zero sales of an available item is different from recording zero sales of an unavailable item, as the latter scenario doesn’t necessarily imply a lack of customer interest in the unavailable item. In this case, filling with `0` in the target column of the dataset might cause the model to be under-biased in its predictions and infer a lack of customer interest in unavailable items. Conversely, filling with `NaN` might cause the model to ignore true occurrences of zero items being sold of available items.
## Types of forecasts
You can make one of the following types of forecasts:
+ **Single item**
+ **All items**
For a forecast on all the items in your dataset, SageMaker Canvas returns a forecast for the future values for each item in your dataset.
For a single item forecast, you specify the item and SageMaker Canvas returns a forecast for the future values. The forecast includes a line graph that plots the predicted values over time.
**Topics**
+ [
## Future values in your input dataset
](#canvas-time-series-future)
+ [
## Handling missing values
](#canvas-time-series-missing)
+ [
## Types of forecasts
](#canvas-time-series-types)
+ [
# Additional options for forecasting insights
](canvas-additional-insights.md)
# Additional options for forecasting insights
In Amazon SageMaker Canvas, you can use the following optional methods to get more insights from your forecast:
+ Group column
+ Holiday schedule
+ What-if scenario
You can specify a column in your dataset as a **Group column**. Amazon SageMaker Canvas groups the forecast by each value in the column. For example, you can group the forecast on columns containing price data or unique item identifiers. Grouping a forecast by a column lets you make more specific forecasts. For example, if you group a forecast on a column containing item identifiers, you can see the forecast for each item.
Overall sales of items might be impacted by the presence of holidays. For example, in the United States, the number of items sold in both November and December might differ greatly from the number of items sold in January. If you use the data from November and December to forecast the sales in January, your results might be inaccurate. Using a holiday schedule prevents you getting inaccurate results. You can use a holiday schedule for 251 countries.
For a forecast on a single item in your dataset, you can use what-if scenarios. A what-if scenario gives you the ability to change values in your data and change the forecast. For example, you can answer the following questions by using a what-if scenario, "What if I lowered prices? How would that affect the number of items sold?"
# Adding model versions in Amazon SageMaker Canvas
In Amazon SageMaker Canvas, you can update the models that you’ve built by adding *versions*. Each model that you build has a version number. The first model is version 1 or `V1`. You can use model versions to see changes in prediction accuracy when you update your data or use [advanced transformations](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-prepare-data.html).
When viewing your model, SageMaker Canvas shows you the model history so that you can compare all of the model versions that you built. You can also delete versions that are no longer useful to you. By creating multiple model versions and evaluating their accuracy, you can iteratively improve your model performance.
**Note**
Text prediction and image prediction models only support one model version.
To add a model version, you can either clone an existing version or create a new version.
Cloning an existing version copies over the current model configuration, including the model recipe and the input dataset. Alternatively, you can create a new version if you want to configure a new model recipe or choose a different dataset.
If you create a new version and select a different dataset, you must choose a dataset with the same target column and schema as the dataset from version 1.
Before you can add a new version, you must successfully build at least one model version. Then, you can [ register a model version in the SageMaker Model Registry](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-register-model.html). Use the registry for tracking model versions and for collaborating with Studio Classic users on production model approvals.
If you did a quick build for your first model version, you have the option to run a standard build when you add a version. Standard builds generally have higher accuracy. Therefore, if you feel confident in your quick build configuration, you can run a standard build to create a final version of your model. To learn more about the differences between quick builds and standard builds, see [How custom models work](canvas-build-model.md).
The following procedures show you how to add model versions; the procedure is different depending on whether you are adding a version of the same build type or a different build type (quick versus standard). Use the procedure **To add a new model version** to add versions of the same build type. To add a standard build model version after running a quick build, follow the procedure **To run a standard build**.
**To add a new model version**
1. Open your SageMaker Canvas application. For more information, see [Getting started with using Amazon SageMaker Canvas](canvas-getting-started.md).
1. In the left navigation pane, choose **My models**.
1. On the **My models** page, choose your model. To find your model, you can choose **Filter by problem type**.
1. After your model opens, choose the **Add version** button in the top panel.
1. From the dropdown menu, select one of the following options:
1. **Add a new version from scratch** – When you select this option, the **Build** tab opens with the draft for a new model version. You can select a different dataset (as long as the schema matches the schema of the first model version’s dataset) and configure a new model recipe. For more information about building a model version, see [Build a model](canvas-build-model-how-to.md).
1. **Clone an existing version with configurations** – A dialog box prompts you to select the version that you want to clone. After you've selected your desired version, choose **Clone**. The **Build** tab opens with the draft for a new model version. Any model recipe configurations are copied over from the cloned version. For more information about building a model version, see [Build a model](canvas-build-model-how-to.md).
**To run a standard build**
1. Open your SageMaker Canvas application. For more information, see [Getting started with using Amazon SageMaker Canvas](canvas-getting-started.md).
1. In the left navigation pane, choose **My models**.
1. On the **My models** page, choose your model. You can choose **Filter by problem type** to find your model more easily.
1. After your model opens, choose the **Analyze** tab.
1. Choose **Standard build**.
![\[The Analyze tab of a Canvas model showing the standard build button.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-add-version-quick-to-standard.png)
On the model draft page that opens to the **Build** tab, you can modify your model configuration and start a build. For more information about building a model version, see [Build a model](canvas-build-model-how-to.md).
You should now have a new model version build in progress. For more information about building a model, see [How custom models work](canvas-build-model.md).
After building a model version, you can return to your model details page at any time to view all of the versions or add more versions. The following image shows the **Versions** page for a model.
![\[The model versions page for a model in Canvas.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/model-versions.png)
On the **Versions** page, you can view the following information for each of your model versions:
+ **Status** – This field tells you whether your model is currently building (`In building`), done building (`Ready`), failed to build (`Failed`), or still being edited (`In draft`).
+ **Model score**, **F1**, **Precision**, **Recall**, and **AUC** – If you turn on the **Show advanced metrics** toggle on this page, you can see these model metrics. These metrics indicate the accuracy and performance of your model. For more information, see [Evaluate your model](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-evaluate-model.html).
+ **Shared** – This field states whether you shared the model version with SageMaker Studio Classic users.
+ **Model registry** – This field states whether you registered the version to a model registry. For more information, see [Register a model version in the SageMaker AI model registry](canvas-register-model.md).
# MLOps
After building a model in SageMaker Canvas that you feel confident about, you might want to integrate your model with the machine learning operations (MLOps) processes in your organization. MLOps includes common tasks such as deploying a model for use in production or setting up continuous integration and continuous deployment (CI/CD) pipelines.
The following topics describe how you can use features within Canvas to use a Canvas-built model in production.
**Topics**
+ [
# Register a model version in the SageMaker AI model registry
](canvas-register-model.md)
+ [
# Deploy your models to an endpoint
](canvas-deploy-model.md)
+ [
# View your deployments
](canvas-deploy-model-view.md)
+ [
# Update a deployment configuration
](canvas-deploy-model-update.md)
+ [
# Test your deployment
](canvas-deploy-model-test.md)
+ [
# Invoke your endpoint
](canvas-deploy-model-invoke.md)
+ [
# Delete a model deployment
](canvas-deploy-model-delete.md)
# Register a model version in the SageMaker AI model registry
With SageMaker Canvas, you can build multiple iterations, or versions, of your model to improve it over time. You might want to build a new version of your model if you acquire better training data or if you want to attempt to improve the model’s accuracy. For more information about adding versions to your model, see [Update a model](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-update-model.html).
After you’ve [built a model](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-build-model.html) that you feel confident about, you might want to evaluate its performance and have it reviewed by a data scientist or MLOps engineer in your organization before using it in production. To do this, you can register your model versions to the [SageMaker Model Registry](https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry.html). The SageMaker Model Registry is a repository that data scientists or engineers can use to catalog machine learning (ML) models and manage model versions and their associated metadata, such as training metrics. They can also manage and log the approval status of a model.
After you register your model versions to the SageMaker Model Registry, a data scientist or your MLOps team can access the SageMaker Model Registry through [SageMaker Studio Classic](https://docs.aws.amazon.com/sagemaker/latest/dg/studio.html), which is a web-based integrated development environment (IDE) for working with machine learning models. In the SageMaker Model Registry interface in Studio Classic, the data scientist or MLOps team can evaluate your model and update its approval status. If the model doesn’t perform to their requirements, the data scientist or MLOps team can update the status to `Rejected`. If the model does perform to their requirements, then the data scientist or MLOps team can update the status to `Approved`. Then, they can [deploy your model to an endpoint](https://docs.aws.amazon.com/sagemaker/latest/dg/deploy-model.html#deploy-model-prereqs) or [automate model deployment](https://aws.amazon.com/blogs/machine-learning/building-automating-managing-and-scaling-ml-workflows-using-amazon-sagemaker-pipelines/) with CI/CD pipelines. You can use the SageMaker AI model registry feature to seamlessly integrate models built in Canvas with the MLOps processes in your organization.
The following diagram summarizes an example of registering a model version built in Canvas to the SageMaker Model Registry for integration into an MLOps workflow.
![\[The steps registering a model version built in Canvas for integration into an MLOps workflow.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-model-registration-diagram.jpg)
You can register tabular, image, and text model versions to the SageMaker Model Registry. This includes time series forecasting models and JumpStart based [fine-tuned foundation models](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-fm-chat-fine-tune.html).
**Note**
Currently, you can't register Amazon Bedrock based fine-tuned foundation models built in Canvas to the SageMaker Model Registry.
The following sections show you how to register a model version to the SageMaker Model Registry from Canvas.
## Permissions management
By default, you have permissions to register model versions to the SageMaker Model Registry. SageMaker AI grants these permissions for all new and existing Canvas user profiles through the [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasFullAccess.html) policy, which is attached to the AWS IAM execution role for the SageMaker AI domain that hosts your Canvas application.
If your Canvas administrator is setting up a new domain or user profile, when they're setting up the domain and following the prerequisite instructions in the [Getting started guide](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-getting-started.html#canvas-prerequisites), SageMaker AI turns on the model registration permissions through the **ML Ops permissions configuration** option, which is enabled by default.
The Canvas administrator can manage model registration permissions at the user profile level as well. For example, if the administrator wants to grant model registration permissions to some user profiles but remove permissions for others, they can edit the permissions for a specific user. The following procedure shows how to turn off model registration permissions for a specific user profile:
1. Open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the user profile’s domain.
1. On the **domain details** page, choose the **User profile** whose permissions you want to edit.
1. On the **User Details** page, choose **Edit**.
1. In the left navigation pane, choose **Canvas settings**.
1. In the **ML Ops permissions configuration** section, turn off the **Enable Model Registry registration permissions** toggle.
1. Choose **Submit** to save the changes to your domain settings.
The user profile should no longer have model registration permissions.
## Register a model version to the SageMaker AI model registry
SageMaker Model Registry tracks all of the model versions that you build to solve a particular problem in a *model group*. When you build a SageMaker Canvas model and register it to SageMaker Model Registry, it gets added to a model group as a new model version. For example, if you build and register four versions of your model, then a data scientist or MLOps team working in the SageMaker Model Registry interface can view the model group and review all four versions of the model in one place.
When registering a Canvas model to the SageMaker Model Registry, a model group is automatically created and named after your Canvas model. Optionally, you can rename it to a name of your choice, or use an existing model group in the SageMaker Model Registry. For more information about creating a model group, see [Create a Model Group](https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-model-group.html).
**Note**
Currently, you can only register models built in Canvas to the SageMaker Model Registry in the same account.
To register a model version to the SageMaker Model Registry from the Canvas application, use the following procedure:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **My models**.
1. On the **My models** page, choose your model. You can **Filter by problem type** to find your model more easily.
1. After choosing your model, the **Versions** page opens, listing all of the versions of your model. You can turn on the **Show advanced metrics** toggle to view the advanced metrics, such as **Recall** and **Precision**, to compare your model versions and determine which one you’d like to register.
1. From the list of model versions, for the the version that you want to register, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)). Alternatively, you can double click on the version that you need to register, and then on the version details page, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)).
1. In the dropdown list, choose **Add to Model Registry**. The **Add to Model Registry** dialog box opens.
1. In the **Add to Model Registry** dialog box, do the following:
1. (Optional) In the **SageMaker Studio Classic model group** section, for the **Model group name** field, enter the name of the model group to which you want to register your version. You can specify the name for a new model group that SageMaker AI creates for you, or you can specify an existing model group. If you don’t specify this field, Canvas registers your version to a default model group with the same name as your model.
1. Choose **Add**.
Your model version should now be registered to the model group in the SageMaker Model Registry. When you register a model version to a model group in the SageMaker Model Registry, all subsequent versions of the Canvas model are registered to the same model group (if you choose to register them). If you register your versions to a different model group, you need to go to the SageMaker Model Registry and [delete the model group](https://docs.aws.amazon.com/sagemaker/latest/dg/model-registry-delete-model-group.html). Then, you can re-register your model versions to the new model group.
To view the status of your models, you can return to the **Versions** page for your model in the Canvas application. This page shows you the **Model Registry** status of each version. If the status is `Registered`, then the model has been successfully registered.
If you want to view the details of your registered model version, for the **Model Registry** status, you can hover over the **Registered** field to see the **Model registry details** pop-up box. These details contain more info, such as the following:
+ The **Model package group name** is the model group that your version is registered to in the SageMaker Model Registry.
+ The **Approval status**, which can be `Pending Approval`, `Approved`, or `Rejected`. If a Studio Classic user approves or rejects your version in the SageMaker Model Registry, then this status is updated on your model versions page when you refresh the page.
The following screenshot shows the **Model registry details** box, along with an **Approval status** of `Approved` for this particular model version.
![\[Screenshot of the SageMaker Model Registry details box in the Canvas application.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/approved-mr.png)
# Deploy your models to an endpoint
In Amazon SageMaker Canvas, you can deploy your models to an endpoint to make predictions. SageMaker AI provides the ML infrastructure for you to host your model on an endpoint with the compute instances that you choose. Then, you can *invoke* the endpoint (send a prediction request) and get a real-time prediction from your model. With this functionality, you can use your model in production to respond to incoming requests, and you can integrate your model with existing applications and workflows.
To get started, you should have a model that you'd like to deploy. You can deploy custom model versions that you've built, Amazon SageMaker JumpStart foundation models, and fine-tuned JumpStart foundation models. For more information about building a model in Canvas, see [How custom models work](canvas-build-model.md). For more information about JumpStart foundation models in Canvas, see [Generative AI foundation models in SageMaker Canvas](canvas-fm-chat.md).
Review the following **Permissions management** section, and then begin creating new deployments in the **Deploy a model** section.
## Permissions management
By default, you have permissions to deploy models to SageMaker AI Hosting endpoints. SageMaker AI grants these permissions for all new and existing Canvas user profiles through the [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSageMakerCanvasFullAccess.html) policy, which is attached to the AWS IAM execution role for the SageMaker AI domain that hosts your Canvas application.
If your Canvas administrator is setting up a new domain or user profile, when they're setting up the domain and following the prerequisite instructions in the [Prerequisites for setting up Amazon SageMaker Canvas](canvas-getting-started.md#canvas-prerequisites), SageMaker AI turns on the model deployment permissions through the **Enable direct deployment of Canvas models** option, which is enabled by default.
The Canvas administrator can manage model deployment permissions at the user profile level as well. For example, if the administrator doesn't want to grant model deployment permissions to all user profiles when setting up a domain, they can grant permissions to specific users after creating the domain.
The following procedure shows how to modify the model deployment permissions for a specific user profile:
1. Open the SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Domains**.
1. From the list of domains, select the user profile’s domain.
1. On the **Domain details** page, select the **User profiles** tab.
1. Choose your **User profile**.
1. On the user profile's page, select the **App Configurations** tab.
1. In the **Canvas** section, choose **Edit**.
1. In the **ML Ops configuration** section, turn on the **Enable direct deployment of Canvas models** toggle to enable deployment permissions.
1. Choose **Submit** to save the changes to your domain settings.
The user profile should now have model deployment permissions.
After granting permissions to the domain or user profile, make sure that the user logs out of their Canvas application and logs back in to apply the permission changes.
## Deploy a model
To get started with deploying your model, you create a new deployment in Canvas and specify the model version that you want to deploy along with the ML infrastructure, such as the type and number of compute instances that you would like to use for hosting the model.
Canvas suggests a default type and number of instances based on your model type, or you can learn more about the various SageMaker AI instance types on the [Amazon SageMaker pricing page](https://aws.amazon.com/sagemaker/pricing/). You are charged based on the SageMaker AI instance pricing while your endpoint is active.
When deploying JumpStart foundation models, you also have the option to specify the length of the deployment time. You can deploy the model to an endpoint indefinitely (meaning the endpoint is active until you delete the deployment). Or, if you only need the endpoint for a short period of time and would like to reduce costs, you can deploy the model to an endpoint for a specified amount of time, after which SageMaker AI shuts down the endpoint for you.
**Note**
If you deploy a model for a specified amount of time, stay logged in to the Canvas application for the duration of the endpoint. If you log out of or delete the application, then Canvas is unable to shut down the endpoint at the specified time.
After your model is deployed to a SageMaker AI Hosting [real-time inference endpoint](https://docs.aws.amazon.com/sagemaker/latest/dg/realtime-endpoints.html), you can begin making predictions by *invoking* the endpoint.
There are several different ways for you to deploy a model from the Canvas application. You can access the model deployment option through any of the following methods:
+ On the **My models** page of the Canvas application, choose the model that you want to deploy. Then, from the model’s **Versions** page, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) next to a model version and select **Deploy**.
+ When on the details page for a model version, on the **Analyze** tab, choose the **Deploy** option.
+ When on the details page for a model version, on the **Predict** tab, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) at the top of the page and select **Deploy**.
+ On the **ML Ops** page of the Canvas application, choose the **Deployments** tab and then choose **Create deployment**.
+ For JumpStart foundation models and fine-tuned foundation models, go to the **Ready-to-use models** page of the Canvas application. Choose **Generate, extract and summarize content**. Then, find the JumpStart foundation model or fine-tuned foundation model that you want to deploy. Choose the model, and on the model's chat page, choose the **Deploy** button.
All of these methods open the **Deploy model** side panel, where you specify the deployment configuration for your model. To deploy the model from this panel, do the following:
1. (Optional) If you’re creating a deployment from the **ML Ops** page, you’ll have the option to **Select model and version**. Use the dropdown menus to select the model and model version that you want to deploy.
1. Enter a name in the **Deployment name** field.
1. (For JumpStart foundation models and fine-tuned foundation models only) Choose a **Deployment length**. Select **Indefinite** to leave the endpoint active until you shut it down, or select **Specify length** and then enter the period of time for which you want the endpoint to remain active.
1. For **Instance type**, SageMaker AI detects a default instance type and number that is suitable for your model. However, you can change the instance type that you would like to use for hosting your model.
**Note**
If you run out of the instance quota for the chosen instance type on your AWS account, you can request a quota increase. For more information about the default quotas and how to request an increase, see [Amazon SageMaker AI endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/sagemaker.html) in the *AWS General Reference guide*.
1. For **Instance count**, you can set the number of active instances that are used for your endpoint. SageMaker AI detects a default number that is suitable for your model, but you can change this number.
1. When you’re ready to deploy your model, choose **Deploy**.
Your model should now be deployed to an endpoint.
# View your deployments
You might want to check the status or details of a model deployment in Amazon SageMaker Canvas. For example, if your deployment failed, you might want to check the details to troubleshoot.
You can view your Canvas model deployments from the Canvas application or from the Amazon SageMaker AI console.
To view deployment details from Canvas, choose one of the following procedures:
To view your deployment details from the **ML Ops** page, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation pane, choose **ML Ops**.
1. Choose the **Deployments** tab.
1. Choose your deployment by name from the list.
To view your deployment details from a model version’s page, do the following:
1. In the SageMaker Canvas application, go to your model version’s details page.
1. Choose the **Deploy** tab.
1. On the **Deployments ** section that lists all of the deployment configurations associated with that model version, find your deployment.
1. Choose the **More options** icon (![\[More options icon for the output CSV file.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)), and then select **View details** to open the details page.
The details page for your deployment opens, and you can view information such as the time of the most recent prediction, the endpoint’s status and configuration, and the model version that is currently deployed to the endpoint.
You can also view your currently active Canvas workspace instances and active endpoints from the **SageMaker AI dashboard** in the [SageMaker AI console](https://console.aws.amazon.com/sagemaker/). Your Canvas endpoints are listed alongside any other SageMaker AI Hosting endpoints that you’ve created, and you can filter them by searching for endpoints with the Canvas tag.
The following screenshot shows the SageMaker AI dashboard. In the **Canvas** section, you can see that one workspace instance is in service and four endpoints are active.
![\[Screenshot of the SageMaker AI dashboard showing the active Canvas workspace instances and endpoints.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-sagemaker-dashboard.png)
# Update a deployment configuration
You can update the deployment configuration for models that you've deployed to endpoints in Amazon SageMaker Canvas. For example, you can deploy an updated model version to the endpoint, or you can update the instance type or number of instances behind the endpoint based on your capacity needs.
There are several different ways for you to update your deployment from the Canvas application. You can use any of the following methods:
+ On the **ML Ops** page of the Canvas application, you can choose the **Deployments** tab and select the deployment that you want to update. Then, choose **Update configuration**.
+ When on the details page for a model version, on the **Deploy** tab, you can view the deployments for that version. Next to the deployment, choose the **More options** icon (![\[More options icon for the output CSV file.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) and then choose **Update configuration**.
Both of the preceding methods open the **Update configuration** side panel, where you can make changes to your deployment configuration. To update the configuration, do the following:
1. For the **Select version** dropdown menu, you can select a different model version to deploy to the endpoint.
**Note**
When updating a deployment configuration, you can only choose a different model version to deploy. To deploy a different model, create a new deployment.
1. For **Instance type**, you can select a different instance type for hosting your model.
1. For **Instance count**, you can change the number of active instances that are used for your endpoint.
1. Choose **Save**.
Your deployment configuration should now be updated.
# Test your deployment
You can test a model deployment by invoking the endpoint, or making single prediction requests, through the Amazon SageMaker Canvas application. You can use this functionality to confirm that your endpoint responds to requests before invoking your endpoint programmatically in a production environment.
## Test a custom model deployment
You can test a custom model deployment by accessing it through the **ML Ops** page and making a single invocation, which returns a prediction along with the probability that the prediction is correct.
**Note**
Execution length is an estimate of the time taken to invoke and get a response from the endpoint in Canvas. For detailed latency metrics, see [SageMaker AI Endpoint Invocation Metrics](https://docs.aws.amazon.com/sagemaker/latest/dg/monitoring-cloudwatch.html#cloudwatch-metrics-endpoint-invocation).
To test your endpoint through the Canvas application, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation panel, choose **ML Ops**.
1. Choose the **Deployments** tab.
1. From the list of deployments, choose the one with the endpoint that you want to invoke.
1. On the deployment’s details page, choose the **Test deployment** tab.
1. On the deployment testing page, you can modify the **Value** fields to specify a new data point. For time series forecasting models, you specify the **Item ID** for which you want to make a forecast.
1. After modifying the values, choose **Update** to get the prediction result.
The prediction loads, along with the **Invocation result** fields which indicate whether or not the invocation was successful and how long the request took to process.
The following screenshot shows a prediction performed in the Canvas application on the **Test deployment** tab.
![\[The Canvas application showing a test prediction for a deployed model.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/canvas-test-deployments.png)
For all model types except numeric prediction and time series forecasting, the prediction returns the following fields:
+ **predicted\$1label** – the predicted output
+ **probability** – the probability that the predicted label is correct
+ **labels** – the list of all the possible labels
+ **probabilities** – the probabilities corresponding to each label (the order of this list matches the order of the labels)
For numeric prediction models, the prediction only contains the **score** field, which is the predicted output of the model, such as the predicted price of a house.
For time series forecasting models, the prediction is a graph showing the forecasts by quantile. You can choose **Schema view** to see the forecasted numeric values for each quantile.
You can continue making single predictions through the deployment testing page, or you can see the following section [Invoke your endpoint](canvas-deploy-model-invoke.md) to learn how to invoke your endpoint programmatically from applications.
## Test a JumpStart foundation model deployment
You can chat with a deployed JumpStart foundation model through the Canvas application to test its functionality before invoking it through code.
To chat with a deployed JumpStart foundation model, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation panel, choose **ML Ops**.
1. Choose the **Deployments** tab.
1. From the list of deployments, find the one that you want to invoke and choose its **More options** icon (![\[More options icon for a model deployment.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)).
1. From the context menu, choose **Test deployment**.
1. A new **Generate, extract and summarize content** chat opens with the JumpStart foundation model, and you can begin typing prompts. Note that prompts from this chat are sent as requests to your SageMaker AI Hosting endpoint.
# Invoke your endpoint
**Note**
We recommend that you [test your model deployment in Amazon SageMaker Canvas](canvas-deploy-model-test.md) before invoking a SageMaker AI endpoint programmatically.
You can use your Amazon SageMaker Canvas models that you've deployed to a SageMaker AI endpoint in production with your applications. Invoke the endpoint programmatically the same way that you invoke any other [SageMaker AI real-time endpoint](https://docs.aws.amazon.com/sagemaker/latest/dg/realtime-endpoints.html). Invoking an endpoint programmatically returns a response object which contains the same fields described in [Test your deployment](canvas-deploy-model-test.md).
For more detailed information about how to programmatically invoke endpoints, see [Invoke models for real-time inference](realtime-endpoints-test-endpoints.md).
The following Python examples show you how to invoke your endpoint based on the model type.
## JumpStart foundation models
The following example shows you how to invoke a JumpStart foundation model that you've deployed to an endpoint.
```
import boto3
import pandas as pd
client = boto3.client("runtime.sagemaker")
body = pd.DataFrame(
[['feature_column1', 'feature_column2'],
['feature_column1', 'feature_column2']]
).to_csv(header=False, index=False).encode("utf-8")
response = client.invoke_endpoint(
EndpointName="endpoint_name",
ContentType="text/csv",
Body=body,
Accept="application/json"
)
```
## Numeric and categorical prediction models
The following example shows you how to invoke numeric or categorical prediction models.
```
import boto3
import pandas as pd
client = boto3.client("runtime.sagemaker")
body = pd.DataFrame(['feature_column1', 'feature_column2'], ['feature_column1', 'feature_column2']).to_csv(header=False, index=False).encode("utf-8")
response = client.invoke_endpoint(
EndpointName="endpoint_name",
ContentType="text/csv",
Body=body,
Accept="application/json"
)
```
## Time series forecasting models
The following example shows you how to invoke time series forecasting models. For a complete example of how to test invoke a time series forecasting model, see [ Time-Series Forecasting with Amazon SageMaker Autopilot](https://github.com/aws/amazon-sagemaker-examples/blob/eef13dae197a6e588a8bc111aba3244f99ee0fbb/autopilot/autopilot_time_series.ipynb).
```
import boto3
import pandas as pd
csv_path = './real-time-payload.csv'
data = pd.read_csv(csv_path)
client = boto3.client("runtime.sagemaker")
body = data.to_csv(index=False).encode("utf-8")
response = client.invoke_endpoint(
EndpointName="endpoint_name",
ContentType="text/csv",
Body=body,
Accept="application/json"
)
```
## Image prediction models
The following example shows you how to invoke image prediction models.
```
import boto3
client = boto3.client("runtime.sagemaker")
with open("example_image.jpg", "rb") as file:
body = file.read()
response = client.invoke_endpoint(
EndpointName="endpoint_name",
ContentType="application/x-image",
Body=body,
Accept="application/json"
)
```
## Text prediction models
The following example shows you how to invoke text prediction models.
```
import boto3
import pandas as pd
client = boto3.client("runtime.sagemaker")
body = pd.DataFrame([["Example text 1"], ["Example text 2"]]).to_csv(header=False, index=False).encode("utf-8")
response = client.invoke_endpoint(
EndpointName="endpoint_name",
ContentType="text/csv",
Body=body,
Accept="application/json"
)
```
# Delete a model deployment
You can delete your model deployments from the Amazon SageMaker Canvas application. This action also deletes the endpoint from the SageMaker AI console and shuts down any endpoint-related resources.
**Note**
Optionally, you can delete your endpoint through the [SageMaker AI console](https://console.aws.amazon.com/sagemaker/) or using the SageMaker AI `DeleteEndpoint` API. For more information, see [Delete Endpoints and Resources](realtime-endpoints-delete-resources.md). However, when you delete the endpoint through the SageMaker AI console or APIs instead of the Canvas application, the list of deployments in Canvas isn’t automatically updated. You must also delete the deployment from the Canvas application to remove it from the list.
To delete a deployment in Canvas, do the following:
1. Open the SageMaker Canvas application.
1. In the left navigation panel, choose **ML Ops**.
1. Choose the **Deployments** tab.
1. From the list of deployments, choose the one that you want to delete.
1. At the top of the deployment details page, choose the **More options** icon (![\[More options icon for the output CSV file.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)).
1. Choose **Delete deployment**.
1. In the ** Delete deployment** dialog box, choose **Delete**.
Your deployment and SageMaker AI Hosting endpoint should now be deleted from both Canvas and the SageMaker AI console.
# How to manage automations
In SageMaker Canvas, you can create automations that update your dataset or generate predictions from your model on a schedule. For example, you might receive new shipping data on a daily basis. You can set up an automatic update for your dataset and automatic batch predictions that run whenever the dataset is updated. Using these features, you can set up an automated workflow and reduce the amount of time you spend manually updating datasets and making predictions.
**Note**
You can only set up a maximum of 20 automatic configurations in your Canvas application. Automations are only active while you’re logged in to the Canvas application. If you log out of Canvas, your automatic jobs pause until you log back in.
The following sections describe how to view, edit, and delete configurations for existing automations. To learn how to set up automations, see the following topics:
+ To set up automatic dataset updates, see [Update a dataset](canvas-update-dataset.md).
+ To set up automatic batch predictions, see [Batch predictions in SageMaker Canvas](canvas-make-predictions-batch.md).
**Topics**
+ [
# View your automations
](canvas-manage-automations-view.md)
+ [
# Edit your automatic configurations
](canvas-manage-automations-edit.md)
+ [
# Delete an automatic configuration
](canvas-manage-automations-delete.md)
# View your automations
You can also view all of your auto update jobs by going to the left navigation pane of Canvas and choosing **ML Ops**. The **ML Operations** page combines automations for both automatic dataset updates and automatic batch predictions. On the **Automations** tab, you can see the following sub-tabs:
+ **All jobs** – You can see every instance of a **Dataset update** or **Batch prediction** job that Canvas has done. For each job, you can see fields such as the associated **Input dataset**, the **Configuration name** of the associated auto update configuration, and the **Status** showing whether the job was successful or not. You can filter the jobs by configuration name:
+ For dataset update jobs, you can choose the latest version of the dataset, or the most recent job, to preview the dataset.
+ For batch prediction jobs, you can choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) to preview or download the predictions for that job. You can also choose **View details** to see more details about your prediction job. For more information about batch prediction job details, see [View your batch prediction jobs](canvas-make-predictions-batch-auto-view.md).
+ **Configuration** – You can see all of the **Dataset update** and **Batch prediction** configurations you’ve created. For each configuration, you can see fields such as the associated **Input dataset** and the **Frequency** of the jobs. You can also turn off or turn on the **Auto update** toggle to pause or resume automatic updates. If you choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)) for a specific configuration, you can choose to **View all jobs** for the configuration, **Update configuration**, or **Delete configuration**.
# Edit your automatic configurations
After setting up a configuration, you might want to make changes to it. For automatic dataset updates, you can update the Amazon S3 location for Canvas to import data, the frequency of the updates, and the starting time. For automatic batch predictions, you can change the dataset that the configuration tracks for updates. You can also turn off the automation to temporarily pause updates until you choose to resume them.
The following sections show you how to update each type of configuration.
**Note**
You can’t change the frequency for automatic batch predictions because automatic batch predictions run every time the target dataset is updated.
**Topics**
+ [
# Edit your automatic dataset update configuration
](canvas-manage-automations-edit-dataset.md)
+ [
# Edit your automatic batch prediction configuration
](canvas-manage-automations-edit-batch.md)
# Edit your automatic dataset update configuration
You might want to make changes to your auto update configuration for a dataset, such as changing the frequency of the updates. You might also want to turn off your automatic update configuration to pause the updates to your dataset.
To make changes to your auto update configuration for a dataset, do the following:
1. In the left navigation pane of Canvas, choose **ML Ops**.
1. Choose the **Automations** tab.
1. Choose the **Configuration** tab.
1. For your auto update configuration, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)).
1. In the dropdown menu, choose **Update configuration**. You are taken to the **Auto updates** tab of the dataset.
1. Make your changes to the configuration. When you’re done making changes, choose **Save**.
To pause your dataset updates, turn off your automatic configuration. One way to turn off auto updates is by doing the following:
1. In the left navigation pane of Canvas, choose **ML Ops**.
1. Choose the **Automations** tab.
1. Choose the ** Configuration** tab.
1. Find your configuration from the list and turn off the **Auto update** toggle.
Automatic updates for your dataset are now paused. You can turn this toggle back on at any time to resume the update schedule.
# Edit your automatic batch prediction configuration
When you edit a batch prediction configuration, you can change the target dataset but not the frequency (since automatic batch predictions occur whenever the dataset is updated).
To make changes to your automatic batch predictions configuration, do the following:
1. In the left navigation pane of Canvas, choose **ML Ops**.
1. Choose the **Automations** tab.
1. Choose the **Configuration** tab.
1. For your auto update configuration, choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)).
1. In the dropdown menu, choose **Update configuration**. You are taken to the **Auto updates** tab of the dataset.
1. The **Automate batch prediction** dialog box opens. You can select another dataset and choose **Set up** to save your changes.
Your automatic batch predictions configuration is now updated.
To pause your automatic batch predictions, turn off your automatic configuration. Use the following procedure to turn off your configuration:
1. In the left navigation pane of Canvas, choose **ML Ops**.
1. Choose the **Automations** tab.
1. Choose the ** Configuration** tab.
1. Find your configuration from the list and turn off the **Auto update** toggle.
Automatic batch predictions for your dataset are now paused. You can turn this toggle back on at any time to resume the update schedule.
# Delete an automatic configuration
You might want to delete a configuration to stop your automated workflow in SageMaker Canvas.
To delete a configuration for automatic dataset updates or automatic batch predictions, do the following:
1. In the left navigation pane of Canvas, choose **ML Ops**.
1. Choose the **Automations** tab.
1. Choose the **Configuration** tab.
1. Find your auto update configuration, and choose the **More options** icon (![\[Vertical ellipsis icon representing a menu or more options.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/more-options-icon.png)).
1. Choose **Delete configuration**.
1. In the dialog box that pops up, choose **Delete**.
Your auto update configuration is now deleted.
# Logging out of Amazon SageMaker Canvas
After completing your work in Amazon SageMaker Canvas, you can log out or configure your application to automatically terminate the *workspace instance*. A workspace instance is dedicated for your use every time you launch a Canvas application, and you are billed for as long as the instance runs. Logging out or terminating the workspace instance stops the workspace instance billing. For more information, see [SageMaker Pricing](https://aws.amazon.com/sagemaker/pricing/).
The following sections describe how to log out of your Canvas application and how to configure your application to automatically shut down on a schedule.
## Log out of Canvas
When you log out of Canvas, your models and datasets aren't affected. Any quick or standard model builds or [large data processing jobs](canvas-export-data.md#canvas-export-data-s3) continue running even if you log out.
To log out, choose the **Log out** button (![\[Filter icon in the SageMaker Canvas app.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/studio/canvas/logout-icon.png)) on the left panel of the SageMaker Canvas application.
You can also log out from the SageMaker Canvas application by closing your browser tab and then [deleting the application](canvas-manage-apps-delete.md) in the console.
After you log out, SageMaker Canvas tells you to relaunch in a different tab. Logging in takes around 1 minute. If you have an administrator who set up SageMaker Canvas for you, use the instructions they gave you to log back in. If don't have an administrator, see the procedure for accessing SageMaker Canvas in [Prerequisites for setting up Amazon SageMaker Canvas](canvas-getting-started.md#canvas-prerequisites).
## Automatically shut down Canvas
If you’re a Canvas administrator, you might want to regularly shut down applications to reduce costs. You can either create a schedule to shut down active Canvas applications, or you can create an automation to shut down Canvas applications as soon as they’re *idle* (meaning the user hasn’t been active for 2 hours).
You can create these solutions using AWS Lambda functions that call the `DeleteApp` API and delete Canvas applications given certain conditions. For more information about these solutions and access to CloudFormation templates that you can use, see the blog [Optimizing costs for Amazon SageMaker Canvas with automatic shutdown of idle apps ](https://aws.amazon.com/blogs/machine-learning/optimizing-costs-for-amazon-sagemaker-canvas-with-automatic-shutdown-of-idle-apps/).
**Note**
You might experience missing [Amazon CloudWatch](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html) metrics if there was an error when setting up your idle shut down schedule or a CloudWatch error. We recommend that you add a CloudWatch alarm that monitors for missing metrics. If you encounter this issue, reach out to Support for help.
# Limitations and troubleshooting
The following section outlines troubleshooting help and limitations that apply when using Amazon SageMaker Canvas. You can use these this topic to help troubleshoot any issues you encounter.
## Troubleshooting issues with granting permissions through the SageMaker AI console
If you’re having trouble granting Canvas base permissions or Ready-to-use models permissions to your user, your user might have an AWS IAM execution role with more than one trust relationship to other AWS services. A trust relationship is a policy attached to your role that defines which principals (users, roles, accounts, or services) can assume the role. For example, you might encounter an issue granting additional Canvas permissions to your user if their execution role has a trust relationship to both Amazon SageMaker AI and Amazon Forecast.
You can fix this problem by choosing one of the following options.
### 1. Remove all but one trusted service from the role.
This solution requires you to edit the trust relationship for your user profile’s IAM role and remove all AWS services except SageMaker AI.
To edit the trust relationship for your IAM execution role, do the following:
1. Go to the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. In the navigation pane of the IAM console, choose **Roles**. The console displays the roles for your account.
1. Choose the name of the role that you want to modify, and select the **Trust relationships** tab on the details page.
1. Choose **Edit trust policy**.
1. In the **Edit trust policy editor**, paste the following, and then choose **Update Policy**.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"sagemaker.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
```
------
You can also update this policy document using the IAM CLI. For more information, see [update-trust](https://docs.aws.amazon.com/cli/latest/reference/ds/update-trust.html) in the *IAM Command Line Reference*.
You can now retry granting the Canvas base permissions or the Ready-to-use models permissions to your user.
### 2. Use a different role with one or fewer trusted services.
This solution requires you to specify a different IAM role for your user profile. Use this option if you already have an IAM role that you can substitute.
To specify a different execution role for your user, do the following:
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. From the list of domains, select the domain that you want to view a list of user profiles for.
1. On the **domain details** page, choose the **User profiles** tab.
1. Choose the user whose permissions you want to edit. On the **User details** page, choose **Edit**.
1. On the **General settings** page, choose the **Execution role** dropdown list and select the role that you want to use.
1. Choose **Submit** to save your changes to the user profile.
Your user should now be using an execution role with only one trusted service (SageMaker AI).
You can retry granting the Canvas base permissions or the Ready-to-use models permissions to your user.
### 3. Manually attach the AWS managed policy to the execution role instead of using the toggle in the SageMaker AI domain settings.
Instead of using the toggle in the domain or user profile settings, you can manually attach the AWS managed policies that grant a user the correct permissions.
To grant a user Canvas base permissions, attach the [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasFullAccess) policy. To grant a user Ready-to-use models permissions, attach the [AmazonSageMakerCanvasAIServicesAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasAIServicesAccess) policy.
Use the following procedure to attach an AWS managed policy to your role:
1. Go to the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Choose **Roles**.
1. In the search box, search for the user's IAM role by name and select it.
1. On the page for the user's role, under **Permissions**, choose **Add permissions**.
1. From the dropdown menu, choose **Attach policies**.
1. Search for and select the policy or policies that you want to attach to the user’s execution role:
1. To grant the Canvas base permissions, search for and select the [AmazonSageMakerCanvasFullAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasFullAccess) policy.
1. To grant the Ready-to-use models permissions, search for and select the [AmazonSageMakerCanvasAIServicesAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasAIServicesAccess) policy.
1. Choose **Add permissions** to attach the policy to the role.
After attaching an AWS managed policy to the user’s role through the IAM console, your user should now have the Canvas base permissions or Ready-to-use models permissions.
## Troubleshooting issues with creating a Canvas application due to space failure
When creating a new Canvas application, if you encounter an error stating `Unable to create app because space is not in InService state`, this indicates that the underlying Amazon SageMaker Studio space creation has failed. A Studio *space* is the underlying storage that hosts your Canvas application data. For more general information about Studio spaces, see [Amazon SageMaker Studio spaces](studio-updated-spaces.md). For more information about configuring spaces in Canvas, see [Store SageMaker Canvas application data in your own SageMaker AI space](canvas-spaces-setup.md).
To determine the root cause of your why space creation failed, you can use the [DescribeSpace](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeSpace.html) API to check the `FailureReason` field. For more information about the possible statuses of spaces and what they mean, see [Amazon SageMaker AI domain entities and statuses](sm-domain.md).
To resolve this issue, find your domain in the SageMaker AI console and delete the failed space listed in the error message you received. For detailed steps on how to find and delete a space, see the page [Stop and delete your Studio running applications and spaces](studio-updated-running-stop.md) and follow the instructions to **Delete a Studio space**. Deleting the space also deletes any applications associated with the space. After deleting the space, you can try to create your Canvas application again. The space should now provision successfully, allowing Canvas to launch.
# Billing and cost in SageMaker Canvas
To track the costs associated with your SageMaker Canvas application, you can use the AWS Billing and Cost Management service. Billing and Cost Management provides tools to help you gather information related to your cost and usage, analyze your cost drivers and usage trends, and take action to budget your spending. For more information, see [What is AWS Billing and Cost Management?](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-what-is.html)
Billing in SageMaker Canvas consists of the following components:
+ Workspace instance charges – You are charged for the number of hours that you are logged in to or using SageMaker Canvas. We recommend that you log out or create a schedule to shut down any Canvas applications that you’re not actively using to reduce costs. For more information, see [Logging out of Amazon SageMaker Canvas](canvas-log-out.md).
+ AWS service charges – You are charged for building and making predictions with custom models, or for making predictions with Ready-to-use models:
+ Training charges – For all model types, you are charged based on your resource usage while the model builds. These resources include any compute instances that Canvas spins up. You may see these charges on your account as Hosting, Training, Processing, or Batch Transform jobs.
+ Prediction charges – You are charged for the resources used to generate predictions, depending on the type of custom model that you built or the type of Ready-to-use model you used.
The [Ready-to-use models](canvas-ready-to-use-models.md) in Canvas leverage other AWS services to generate predictions. When you use a Ready-to-use model, you are charged by the respective service, and their pricing conditions apply:
+ For sentiment analysis, entities extraction, language detection, and personal information detection, you’re charged with [Amazon Comprehend pricing](https://aws.amazon.com/comprehend/pricing/).
+ For object detection in images and text detection in images, you’re charged with [Amazon Rekognition pricing](https://aws.amazon.com/rekognition/pricing/).
+ For expense analysis, identity document analysis, and document analysis, you’re charged with [Amazon Textract pricing](https://aws.amazon.com/textract/pricing/).
For more information, see [SageMaker Canvas pricing](https://aws.amazon.com/sagemaker/canvas/pricing/).
To help you track your costs in Billing and Cost Management, you can assign custom tags to your SageMaker Canvas app and users. You can track the costs your apps incur, and by tagging individual user profiles, you can track costs based on the user profile. For more information about tags, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html).
You can add tags to your SageMaker Canvas app and users by doing the following:
+ If you are setting up your Amazon SageMaker AI domain and SageMaker Canvas for the first time, follow the [Getting Started](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-getting-started.html) instructions and add tags when creating your domain or users. You can add tags either through the **General settings** in the domain console setup, or through the APIs ([CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html) or [CreateUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html)). SageMaker AI adds the tags specified in your domain or UserProfile to any SageMaker Canvas apps or users you create after you create the domain.
+ If you want to add tags to apps in an existing domain, you must add tags to either the domain or the UserProfile. You can adds tags through either the console or the [AddTags](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_AddTags.html) API. If you add tags through the console, then you must delete and relaunch your SageMaker Canvas app in order for the tags to propagate to the app. If you use the API, the tags are added directly to the app. For more information about deleting and relaunching a SageMaker Canvas app, see [Manage apps](https://docs.aws.amazon.com/sagemaker/latest/dg/canvas-manage-apps.html).
After you add tags to your domain, it might take up to 24 hours for the tags to appear in the AWS Billing and Cost Management console for activation. After they appear in the console, it takes another 24 hours for the tags to activate.
On the **Cost explorer** page, you can group and filter your costs by tags and usage types to separate your Workspace instance charges from your Training charges. The charges for each are listed as the following:
+ Workspace instance charges: Charges show up under the usage type `REGION-Canvas:Session-Hrs (Hrs)`.
+ Training charges: Charges show up under the usage types for SageMaker AI Hosting, Training, Processing, or Batch Transform jobs.
# Amazon SageMaker geospatial capabilities
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. If prior to November 30, 2023 you created a Amazon SageMaker AI domain, Studio Classic remains the default experience. domains created after November 30, 2023 default to the new Studio experience.
Amazon SageMaker geospatial features and resources are *only* available in Studio Classic. To learn more about setting up a domain and getting started with Studio, see [Getting started with Amazon SageMaker geospatial](geospatial-getting-started.md).
Amazon SageMaker geospatial capabilities makes it easier for data scientists and machine learning (ML) engineers to build, train, and deploy ML models faster using geospatial data. You have access to open-source and third-party data, processing, and visualization tools to make it more efficient to prepare geospatial data for ML. You can increase your productivity by using purpose-built algorithms and pre-trained ML models to speed up model building and training, and use built-in visualization tools to explore prediction outputs on an interactive map and then collaborate across teams on insights and results.
**Note**
Currently, SageMaker geospatial capabilities are only supported in the US West (Oregon) Region.
If you don't see the SageMaker geospatial UI available in your current Studio Classic instance check to make sure you are currently in the US West (Oregon) Region.
**Why use SageMaker geospatial capabilities?**
You can use SageMaker geospatial capabilities to make predictions on geospatial data faster than do-it-yourself solutions. SageMaker geospatial capabilities make it easier to access geospatial data from your existing customer data lakes, open-source datasets, and other SageMaker geospatial data providers. SageMaker geospatial capabilities minimize the need for building custom infrastructure and data preprocessing functions by offering purpose-built algorithms for efficient data preparation, model training, and inference. You can also create and share custom visualizations and data with your company from Amazon SageMaker Studio Classic. SageMaker geospatial capabilities offer pre-trained models for common uses in agriculture, real estate, insurance, and financial services.
## How can I use SageMaker geospatial capabilities?
You can use SageMaker geospatial capabilities in two ways.
+ Through the SageMaker geospatial UI, as a part of Amazon SageMaker Studio Classic UI.
+ Through a Studio Classic notebook instance that uses the **Geospatial 1.0** image.
**SageMaker AI has the following geospatial capabilities**
+ Use a purpose built SageMaker geospatial image that supports both CPU and GPU-based notebook instances, and also includes commonly used open-source libraries found in geospatial machine learning workflows.
+ Use the Amazon SageMaker Processing and the SageMaker geospatial container to run large-scale workloads with your own datasets, including soil, weather, climate, LiDAR, and commercial aerial and satellite imagery.
+ Run an [Earth Observation job](https://docs.aws.amazon.com/sagemaker/latest/dg/geospatial-eoj.html) for raster data processing.
+ Run a [Vector Enrichment job](https://docs.aws.amazon.com/sagemaker/latest/dg/geospatial-vej.html) to convert latitude and longitude into human readable addresses, and match noisy GPS traces to specific roads.
+ Use built-in [visualization tools right in Studio Classic to interactively view geospatial data or model predictions on a map.](https://docs.aws.amazon.com/sagemaker/latest/dg/geospatial-visualize.html)
You can also use data from a collection of geospatial data providers. Currently, the data collections available include:
+ [https://www.usgs.gov/centers/eros/data-citation?qt-science_support_page_related_con=0#qt-science_support_page_related_con](https://www.usgs.gov/centers/eros/data-citation?qt-science_support_page_related_con=0#qt-science_support_page_related_con)
+ [https://sentinels.copernicus.eu/documents/247904/690755/Sentinel_Data_Legal_Notice](https://sentinels.copernicus.eu/documents/247904/690755/Sentinel_Data_Legal_Notice)
+ [https://sentinel.esa.int/web/sentinel/missions/sentinel-2](https://sentinel.esa.int/web/sentinel/missions/sentinel-2)
+ [https://registry.opendata.aws/copernicus-dem/](https://registry.opendata.aws/copernicus-dem/)
+ [https://registry.opendata.aws/naip/](https://registry.opendata.aws/naip/)
## Are you a first-time user of SageMaker geospatial?
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. New domains created after November 30, 2023 default to the Studio experience. Access to SageMaker geospatial is limited to Studio Classic, to learn more see [Accessing SageMaker geospatial](access-studio-classic-geospatial.md).
If you're a first-time user of AWS or Amazon SageMaker AI, we recommend that you do the following:
1. **Create an AWS account.**
To learn about setting up an AWS account and getting started with SageMaker AI, see [Complete Amazon SageMaker AI prerequisites](gs-set-up.md).
1. **Create a user role and execution role that work with SageMaker geospatial**.
As a managed service, Amazon SageMaker geospatial capabilities performs operations on your behalf on the AWS hardware that SageMaker AI manages. A SageMaker AI execution role an perform only the operations that users grant. To work with SageMaker geospatial capabilities, you must set up a user role and an execution role. For more information, see [SageMaker geospatial capabilities roles](sagemaker-geospatial-roles.md).
1. **Update your trust policy to include SageMaker geospatial**.
SageMaker geospatial defines an additional service principal. To learn how to create or update your SageMaker AI execution role's trust policy, see [Adding the SageMaker geospatial service principal to an existing SageMaker AI execution role](sagemaker-geospatial-roles-pass-role.md).
1. **Set up an Amazon SageMaker AI domain to access Amazon SageMaker Studio Classic.**
To use SageMaker geospatial, a domain is required. For domains created before November 30, 2023 the default experience is Studio Classic. domains created after November 30, 2023 default to the Studio experience. To learn more about accessing Studio Classic from Studio, see [Accessing SageMaker geospatial](access-studio-classic-geospatial.md).
1. **Remember, shut down resources.**
When you have finished using SageMaker geospatial capabilities, shut down the instance it runs on to avoid incurring additional charges. For more information, see [Shut Down Resources from Amazon SageMaker Studio Classic](notebooks-run-and-manage-shut-down.md).
**Topics**
+ [
## How can I use SageMaker geospatial capabilities?
](#how-use-geo)
+ [
## Are you a first-time user of SageMaker geospatial?
](#first-time-geospatial-data)
+ [
# Getting started with Amazon SageMaker geospatial
](geospatial-getting-started.md)
+ [
# Using a processing jobs for custom geospatial workloads
](geospatial-custom-operations.md)
+ [
# Earth Observation Jobs
](geospatial-eoj.md)
+ [
# Vector Enrichment Jobs
](geospatial-vej.md)
+ [
# Visualization Using SageMaker geospatial capabilities
](geospatial-visualize.md)
+ [
# Amazon SageMaker geospatial Map SDK
](geospatial-notebook-sdk.md)
+ [
# SageMaker geospatial capabilities FAQ
](geospatial-faq.md)
+ [
# SageMaker geospatial Security and Permissions
](geospatial-security-general.md)
+ [
# Types of compute instances
](geospatial-instances.md)
+ [
# Data collections
](geospatial-data-collections.md)
# Getting started with Amazon SageMaker geospatial
SageMaker geospatial provides a purpose built **Image** and **Instance type** for Amazon SageMaker Studio Classic notebooks. You can use either CPU or GPU enabled notebooks with the SageMaker geospatial **Image**. You can also visualize your geospatial data using a purpose built visualizer. Furthermore, SageMaker geospatial also provides APIs that allow you to query raster data collections.You can also use pre-trained models to analyze geospatial data, reverse geocoding, and map matching.
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. If prior to November 30, 2023 you created a Amazon SageMaker AI domain, Studio Classic remains the default experience. domains created after November 30, 2023 default to the new Studio experience.
To access and get started using Amazon SageMaker geospatial, do the following:
**Topics**
+ [
# Accessing SageMaker geospatial
](access-studio-classic-geospatial.md)
+ [
# Create an Amazon SageMaker Studio Classic notebook using the geospatial image
](geospatial-launch-notebook.md)
+ [
# Access the Sentinel-2 raster data collection and create an earth observation job to perform land segmentation
](geospatial-demo.md)
# Accessing SageMaker geospatial
**Note**
Currently, SageMaker geospatial capabilities are only supported in the US West (Oregon) Region and in Studio Classic.
If you don't see the SageMaker geospatial UI available in your current Studio Classic instance check to make sure you are currently in the US West (Oregon) Region.
A domain is required to access SageMaker geospatial. If you created a domain prior to November 30, 2023 the default experience is Studio Classic.
If you created a domain after November 30, 2023 or if you have migrated to Studio, then you can use the following procedure to activate Studio Classic from within Studio to use SageMaker geospatial features.
To learn more about creating a domain, see [Onboard to Amazon SageMaker AI domain](https://docs.aws.amazon.com/sagemaker/latest/dg/gs-studio-onboard.html).
**To access Studio Classic from Studio**
1. Launch Amazon SageMaker Studio.
1. Under **Applications**, choose **Studio Classic**.
1. Then, choose **Create Studio Classic space**.
1. On the **Create Studio Classic space** page, enter a **Name**.
1. Disable the **Share with my domain** option. SageMaker geospatial is not available in shared domains.
1. Then choose **Create space**.
When successful the **Status** changes to **Updating**. When your Studio Classic application is ready to be used the status changes to **Stopped**.
To start your Studio Classic application, choose **Run**.
# Create an Amazon SageMaker Studio Classic notebook using the geospatial image
**Important**
As of November 30, 2023, the previous Amazon SageMaker Studio experience is now named Amazon SageMaker Studio Classic. The following section is specific to using the Studio Classic application. For information about using the updated Studio experience, see [Amazon SageMaker Studio](studio-updated.md).
Studio Classic is still maintained for existing workloads but is no longer available for onboarding. You can only stop or delete existing Studio Classic applications and cannot create new ones. We recommend that you [migrate your workload to the new Studio experience](studio-updated-migrate.md).
**Note**
Currently, SageMaker geospatial is only supported in the US West (Oregon) Region.
If you don't see SageMaker geospatial available in your current domain or notebook instance, make sure that you're currently in the US West (Oregon) Region.
Use the following procedure to create Studio Classic notebook with the SageMaker geospatial image. If your default studio experience is Studio, see [Accessing SageMaker geospatial](access-studio-classic-geospatial.md) to learn about starting a Studio Classic application.
**To create a Studio Classic notebook with the SageMaker geospatial image**
1. Launch Studio Classic
1. Choose **Home** in the menu bar.
1. Under **Quick actions**, choose **Open Launcher**.
1. When the **Launcher** dialog box opens. Choose **Change environment** under **Notebooks and compute resources**.
1. When, the **Change environment** dialog box opens. Choose the **Image** dropdown and choose or type **Geospatial 1.0**.
![\[A dialogue boxing showing the correct geospatial image and instance type selected.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/geospatial-environment-dialogue.png)
1. Next, choose an **Instance type** from the dropdown.
SageMaker geospatial supports two types of notebook instances: CPU and GPU. The supported CPU instance is called **ml.geospatial.interactive**. Any of the G5-family of GPU instances can be used with the Geospatial 1.0 image.
**Note**
If you receive a ResourceLimitExceeded error when attempting to start a GPU based instance, you need to request a quota increase. To get started on a Service Quotas quota increase request, see [Requesting a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) in the *Service Quotas User Guide*
1. Choose **Select**.
1. Choose **Create notebook**.
After creating a notebook, to learn more about SageMaker geospatial, try the [SageMaker geospatial tutorial](geospatial-demo.md). It shows you how to process Sentinel-2 image data and perform land segmentation on it using the earth observation jobs API.
# Access the Sentinel-2 raster data collection and create an earth observation job to perform land segmentation
This Python-based tutorial uses the SDK for Python (Boto3) and an Amazon SageMaker Studio Classic notebook. To complete this demo successfully, make sure that you have the required AWS Identity and Access Management (IAM) permissions to use SageMaker geospatial and Studio Classic. SageMaker geospatial requires that you have a user, group, or role which can access Studio Classic. You must also have a SageMaker AI execution role that specifies the SageMaker geospatial service principal, `sagemaker-geospatial.amazonaws.com` in its trust policy.
To learn more about these requirements, see [SageMaker geospatial IAM roles](sagemaker-geospatial-roles.md).
This tutorial shows you how to use SageMaker geospatial API to complete the following tasks:
+ Find the available raster data collections with `list_raster_data_collections`.
+ Search a specified raster data collection by using `search_raster_data_collection`.
+ Create an earth observation job (EOJ) by using `start_earth_observation_job`.
## Using `list_raster_data_collections` to find available data collections
SageMaker geospatial supports multiple raster data collections. To learn more about the available data collections, see [Data collections](geospatial-data-collections.md).
This demo uses satellite data that's collected from [Sentinel-2 Cloud-Optimized GeoTIFF](https://registry.opendata.aws/sentinel-2-l2a-cogs/) satellites. These satellites provide global coverage of Earth's land surface every five days. In addition to collecting surface images of Earth, the Sentinel-2 satellites also collect data across a variety of spectralbands.
To search an area of interest (AOI), you need the ARN that's associated with the Sentinel-2 satellite data. To find the available data collections and their associated ARNs in your AWS Region, use the `list_raster_data_collections` API operation.
Because the response can be paginated, you must use the `get_paginator` operation to return all of the relevant data:
```
import boto3
import sagemaker
import sagemaker_geospatial_map
import json
## SageMaker Geospatial is currently only avaialable in US-WEST-2
session = boto3.Session(region_name='us-west-2')
execution_role = sagemaker.get_execution_role()
## Creates a SageMaker Geospatial client instance
geospatial_client = session.client(service_name="sagemaker-geospatial")
# Creates a resusable Paginator for the list_raster_data_collections API operation
paginator = geospatial_client.get_paginator("list_raster_data_collections")
# Create a PageIterator from the paginator class
page_iterator = paginator.paginate()
# Use the iterator to iterate throught the results of list_raster_data_collections
results = []
for page in page_iterator:
results.append(page['RasterDataCollectionSummaries'])
print(results)
```
This is a sample JSON response from the `list_raster_data_collections` API operation. It's truncated to include only the data collection (Sentinel-2) that's used in this code example. For more details about a specific raster data collection, use `get_raster_data_collection`:
```
{
"Arn": "arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8",
"Description": "Sentinel-2a and Sentinel-2b imagery, processed to Level 2A (Surface Reflectance) and converted to Cloud-Optimized GeoTIFFs",
"DescriptionPageUrl": "https://registry.opendata.aws/sentinel-2-l2a-cogs",
"Name": "Sentinel 2 L2A COGs",
"SupportedFilters": [
{
"Maximum": 100,
"Minimum": 0,
"Name": "EoCloudCover",
"Type": "number"
},
{
"Maximum": 90,
"Minimum": 0,
"Name": "ViewOffNadir",
"Type": "number"
},
{
"Name": "Platform",
"Type": "string"
}
],
"Tags": {},
"Type": "PUBLIC"
}
```
After running the previous code sample, you get the ARN of the Sentinel-2 raster data collection, `arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8`. In the [next section](#demo-search-raster-data), you can query the Sentinel-2 data collection using the `search_raster_data_collection` API.
## Searching the Sentinel-2 raster data collection using `search_raster_data_collection`
In the preceding section, you used `list_raster_data_collections` to get the ARN for the Sentinel-2 data collection. Now you can use that ARN to search the data collection over a given area of interest (AOI), time range, properties, and the available UV bands.
To call the `search_raster_data_collection` API you must pass in a Python dictionary to the `RasterDataCollectionQuery` parameter. This example uses `AreaOfInterest`, `TimeRangeFilter`, `PropertyFilters`, and `BandFilter`. For ease, you can specify the Python dictionary using the variable **search\$1rdc\$1query** to hold the search query parameters:
```
search_rdc_query = {
"AreaOfInterest": {
"AreaOfInterestGeometry": {
"PolygonGeometry": {
"Coordinates": [
[
# coordinates are input as longitute followed by latitude
[-114.529, 36.142],
[-114.373, 36.142],
[-114.373, 36.411],
[-114.529, 36.411],
[-114.529, 36.142],
]
]
}
}
},
"TimeRangeFilter": {
"StartTime": "2022-01-01T00:00:00Z",
"EndTime": "2022-07-10T23:59:59Z"
},
"PropertyFilters": {
"Properties": [
{
"Property": {
"EoCloudCover": {
"LowerBound": 0,
"UpperBound": 1
}
}
}
],
"LogicalOperator": "AND"
},
"BandFilter": [
"visual"
]
}
```
In this example, you query an `AreaOfInterest` that includes [Lake Mead](https://en.wikipedia.org/wiki/Lake_Mead) in Utah. Furthermore, Sentinel-2 supports multiple types of image bands. To measure the change in the surface of the water, you only need the `visual` band.
After you create the query parameters, you can use the `search_raster_data_collection` API to make the request.
The following code sample implements a `search_raster_data_collection` API request. This API does not support pagination using the `get_paginator` API. To make sure that the full API response has been gathered the code sample uses a `while` loop to check that `NextToken` exists. The code sample then uses `.extend()` to append the satellite image URLs and other response metadata to the `items_list`.
To learn more about the `search_raster_data_collection`, see [SearchRasterDataCollection](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_SearchRasterDataCollection.html) in the *Amazon SageMaker AI API Reference*.
```
search_rdc_response = sm_geo_client.search_raster_data_collection(
Arn='arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8',
RasterDataCollectionQuery=search_rdc_query
)
## items_list is the response from the API request.
items_list = []
## Use the python .get() method to check that the 'NextToken' exists, if null returns None breaking the while loop
while search_rdc_response.get('NextToken'):
items_list.extend(search_rdc_response['Items'])
search_rdc_response = sm_geo_client.search_raster_data_collection(
Arn='arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8',
RasterDataCollectionQuery=search_rdc_query, NextToken=search_rdc_response['NextToken']
)
## Print the number of observation return based on the query
print (len(items_list))
```
The following is a JSON response from your query. It has been truncated for clarity. Only the **"BandFilter": ["visual"]** specified in the request is returned in the `Assets` key-value pair:
```
{
'Assets': {
'visual': {
'Href': 'https://sentinel-cogs.s3.us-west-2.amazonaws.com/sentinel-s2-l2a-cogs/15/T/UH/2022/6/S2A_15TUH_20220623_0_L2A/TCI.tif'
}
},
'DateTime': datetime.datetime(2022, 6, 23, 17, 22, 5, 926000, tzinfo = tzlocal()),
'Geometry': {
'Coordinates': [
[
[-114.529, 36.142],
[-114.373, 36.142],
[-114.373, 36.411],
[-114.529, 36.411],
[-114.529, 36.142],
]
],
'Type': 'Polygon'
},
'Id': 'S2A_15TUH_20220623_0_L2A',
'Properties': {
'EoCloudCover': 0.046519,
'Platform': 'sentinel-2a'
}
}
```
Now that you have your query results, in the next section you can visualize the results by using `matplotlib`. This is to verify that results are from the correct geographical region.
## Visualizing your `search_raster_data_collection` using `matplotlib`
Before you start the earth observation job (EOJ), you can visualize a result from our query with`matplotlib`. The following code sample takes the first item, `items_list[0]["Assets"]["visual"]["Href"]`, from the `items_list` variable created in the previous code sample and prints an image using `matplotlib`.
```
# Visualize an example image.
import os
from urllib import request
import tifffile
import matplotlib.pyplot as plt
image_dir = "./images/lake_mead"
os.makedirs(image_dir, exist_ok=True)
image_dir = "./images/lake_mead"
os.makedirs(image_dir, exist_ok=True)
image_url = items_list[0]["Assets"]["visual"]["Href"]
img_id = image_url.split("/")[-2]
path_to_image = image_dir + "/" + img_id + "_TCI.tif"
response = request.urlretrieve(image_url, path_to_image)
print("Downloaded image: " + img_id)
tci = tifffile.imread(path_to_image)
plt.figure(figsize=(6, 6))
plt.imshow(tci)
plt.show()
```
After checking that the results are in the correct geographical region, you can start the Earth Observation Job (EOJ) in the next step. You use the EOJ to identify the water bodies from the satellite images by using a process called land segmentation.
## Starting an earth observation job (EOJ) that performs land segmentation on a series of Satellite images
SageMaker geospatial provides multiple pre-trained models that you can use to process geospatial data from raster data collections. To learn more about the available pre-trained models and custom operations, see [Types of Operations](geospatial-eoj-models.md).
To calculate the change in the water surface area, you need to identify which pixels in the images correspond to water. Land cover segmentation is a semantic segmentation model supported by the `start_earth_observation_job` API. Semantic segmentation models associate a label with every pixel in each image. In the results, each pixel is assigned a label that's based on the class map for the model. The following is the class map for the land segmentation model:
```
{
0: "No_data",
1: "Saturated_or_defective",
2: "Dark_area_pixels",
3: "Cloud_shadows",
4: "Vegetation",
5: "Not_vegetated",
6: "Water",
7: "Unclassified",
8: "Cloud_medium_probability",
9: "Cloud_high_probability",
10: "Thin_cirrus",
11: "Snow_ice"
}
```
To start an earth observation job, use the `start_earth_observation_job` API. When you submit your request, you must specify the following:
+ `InputConfig` (*dict*) – Used to specify the coordinates of the area that you want to search, and other metadata that's associated with your search.
+ `JobConfig` (*dict*) – Used to specify the type of EOJ operation that you performed on the data. This example uses **LandCoverSegmentationConfig**.
+ `ExecutionRoleArn` (*string*) – The ARN of the SageMaker AI execution role with the necessary permissions to run the job.
+ `Name` (*string*) –A name for the earth observation job.
The `InputConfig` is a Python dictionary. Use the following variable **eoj\$1input\$1config** to hold the search query parameters. Use this variable when you make the `start_earth_observation_job` API request. w.
```
# Perform land cover segmentation on images returned from the Sentinel-2 dataset.
eoj_input_config = {
"RasterDataCollectionQuery": {
"RasterDataCollectionArn": "arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8",
"AreaOfInterest": {
"AreaOfInterestGeometry": {
"PolygonGeometry": {
"Coordinates":[
[
[-114.529, 36.142],
[-114.373, 36.142],
[-114.373, 36.411],
[-114.529, 36.411],
[-114.529, 36.142],
]
]
}
}
},
"TimeRangeFilter": {
"StartTime": "2021-01-01T00:00:00Z",
"EndTime": "2022-07-10T23:59:59Z",
},
"PropertyFilters": {
"Properties": [{"Property": {"EoCloudCover": {"LowerBound": 0, "UpperBound": 1}}}],
"LogicalOperator": "AND",
},
}
}
```
The `JobConfig` is a Python dictionary that is used to specify the EOJ operation that you want performed on your data:
```
eoj_config = {"LandCoverSegmentationConfig": {}}
```
With the dictionary elements now specified, you can submit your `start_earth_observation_job` API request using the following code sample:
```
# Gets the execution role arn associated with current notebook instance
execution_role_arn = sagemaker.get_execution_role()
# Starts an earth observation job
response = sm_geo_client.start_earth_observation_job(
Name="lake-mead-landcover",
InputConfig=eoj_input_config,
JobConfig=eoj_config,
ExecutionRoleArn=execution_role_arn,
)
print(response)
```
The start an earth observation job returns an ARN along with other metadata.
To get a list of all ongoing and current earth observation jobs use the `list_earth_observation_jobs` API. To monitor the status of a single earth observation job use the `get_earth_observation_job` API. To make this request, use the ARN created after submitting your EOJ request. To learn more, see [GetEarthObservationJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_GetEarthObservationJob.html) in the *Amazon SageMaker AI API Reference*.
To find the ARNs associated with your EOJs use the `list_earth_observation_jobs` API operation. To learn more, see [ListEarthObservationJobs](https://docs.aws.amazon.com//sagemaker/latest/APIReference/API_geospatial_ListEarthObservationJobs.html) in the *Amazon SageMaker AI API Reference*.
```
# List all jobs in the account
sg_client.list_earth_observation_jobs()["EarthObservationJobSummaries"]
```
The following is an example JSON response:
```
{
'Arn': 'arn:aws:sagemaker-geospatial:us-west-2:111122223333:earth-observation-job/futg3vuq935t',
'CreationTime': datetime.datetime(2023, 10, 19, 4, 33, 54, 21481, tzinfo = tzlocal()),
'DurationInSeconds': 3493,
'Name': 'lake-mead-landcover',
'OperationType': 'LAND_COVER_SEGMENTATION',
'Status': 'COMPLETED',
'Tags': {}
}, {
'Arn': 'arn:aws:sagemaker-geospatial:us-west-2:111122223333:earth-observation-job/wu8j9x42zw3d',
'CreationTime': datetime.datetime(2023, 10, 20, 0, 3, 27, 270920, tzinfo = tzlocal()),
'DurationInSeconds': 1,
'Name': 'mt-shasta-landcover',
'OperationType': 'LAND_COVER_SEGMENTATION',
'Status': 'INITIALIZING',
'Tags': {}
}
```
After the status of your EOJ job changes to `COMPLETED`, proceed to the next section to calculate the change in Lake Mead's surface area.
## Calculating the change in the Lake Mead surface area
To calculate the change in Lake Mead's surface area, first export the results of the EOJ to Amazon S3 by using `export_earth_observation_job`:
```
sagemaker_session = sagemaker.Session()
s3_bucket_name = sagemaker_session.default_bucket() # Replace with your own bucket if needed
s3_bucket = session.resource("s3").Bucket(s3_bucket_name)
prefix = "export-lake-mead-eoj" # Replace with the S3 prefix desired
export_bucket_and_key = f"s3://{s3_bucket_name}/{prefix}/"
eoj_output_config = {"S3Data": {"S3Uri": export_bucket_and_key}}
export_response = sm_geo_client.export_earth_observation_job(
Arn="arn:aws:sagemaker-geospatial:us-west-2:111122223333:earth-observation-job/7xgwzijebynp",
ExecutionRoleArn=execution_role_arn,
OutputConfig=eoj_output_config,
ExportSourceImages=False,
)
```
To see the status of your export job, use `get_earth_observation_job`:
```
export_job_details = sm_geo_client.get_earth_observation_job(Arn=export_response["Arn"])
```
To calculate the changes in Lake Mead's water level, download the land cover masks to the local SageMaker notebook instance and download the source images from our previous query. In the class map for the land segmentation model, the water’s class index is 6.
To extract the water mask from a Sentinel-2 image, follow these steps. First, count the number of pixels marked as water (class index 6) in the image. Second, multiply the count by the area that each pixel covers. Bands can differ in their spatial resolution. For the land cover segmentation model all bands are down sampled to a spatial resolution equal to 60 meters.
```
import os
from glob import glob
import cv2
import numpy as np
import tifffile
import matplotlib.pyplot as plt
from urllib.parse import urlparse
from botocore import UNSIGNED
from botocore.config import Config
# Download land cover masks
mask_dir = "./masks/lake_mead"
os.makedirs(mask_dir, exist_ok=True)
image_paths = []
for s3_object in s3_bucket.objects.filter(Prefix=prefix).all():
path, filename = os.path.split(s3_object.key)
if "output" in path:
mask_name = mask_dir + "/" + filename
s3_bucket.download_file(s3_object.key, mask_name)
print("Downloaded mask: " + mask_name)
# Download source images for visualization
for tci_url in tci_urls:
url_parts = urlparse(tci_url)
img_id = url_parts.path.split("/")[-2]
tci_download_path = image_dir + "/" + img_id + "_TCI.tif"
cogs_bucket = session.resource(
"s3", config=Config(signature_version=UNSIGNED, region_name="us-west-2")
).Bucket(url_parts.hostname.split(".")[0])
cogs_bucket.download_file(url_parts.path[1:], tci_download_path)
print("Downloaded image: " + img_id)
print("Downloads complete.")
image_files = glob("images/lake_mead/*.tif")
mask_files = glob("masks/lake_mead/*.tif")
image_files.sort(key=lambda x: x.split("SQA_")[1])
mask_files.sort(key=lambda x: x.split("SQA_")[1])
overlay_dir = "./masks/lake_mead_overlay"
os.makedirs(overlay_dir, exist_ok=True)
lake_areas = []
mask_dates = []
for image_file, mask_file in zip(image_files, mask_files):
image_id = image_file.split("/")[-1].split("_TCI")[0]
mask_id = mask_file.split("/")[-1].split(".tif")[0]
mask_date = mask_id.split("_")[2]
mask_dates.append(mask_date)
assert image_id == mask_id
image = tifffile.imread(image_file)
image_ds = cv2.resize(image, (1830, 1830), interpolation=cv2.INTER_LINEAR)
mask = tifffile.imread(mask_file)
water_mask = np.isin(mask, [6]).astype(np.uint8) # water has a class index 6
lake_mask = water_mask[1000:, :1100]
lake_area = lake_mask.sum() * 60 * 60 / (1000 * 1000) # calculate the surface area
lake_areas.append(lake_area)
contour, _ = cv2.findContours(water_mask, cv2.RETR_TREE, cv2.CHAIN_APPROX_SIMPLE)
combined = cv2.drawContours(image_ds, contour, -1, (255, 0, 0), 4)
lake_crop = combined[1000:, :1100]
cv2.putText(lake_crop, f"{mask_date}", (10,50), cv2.FONT_HERSHEY_SIMPLEX, 1.5, (0, 0, 0), 3, cv2.LINE_AA)
cv2.putText(lake_crop, f"{lake_area} [sq km]", (10,100), cv2.FONT_HERSHEY_SIMPLEX, 1.5, (0, 0, 0), 3, cv2.LINE_AA)
overlay_file = overlay_dir + '/' + mask_date + '.png'
cv2.imwrite(overlay_file, cv2.cvtColor(lake_crop, cv2.COLOR_RGB2BGR))
# Plot water surface area vs. time.
plt.figure(figsize=(20,10))
plt.title('Lake Mead surface area for the 2021.02 - 2022.07 period.', fontsize=20)
plt.xticks(rotation=45)
plt.ylabel('Water surface area [sq km]', fontsize=14)
plt.plot(mask_dates, lake_areas, marker='o')
plt.grid('on')
plt.ylim(240, 320)
for i, v in enumerate(lake_areas):
plt.text(i, v+2, "%d" %v, ha='center')
plt.show()
```
Using `matplotlib`, you can visualize the results with a graph. The graph shows that the surface area of Lake Mead decreased from January 2021–July 2022.
![\[A bar graph showing the surface area of Lake Mead decreased from January 2021-July 2022\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/lake-mead-decrease.png)
# Using a processing jobs for custom geospatial workloads
With [Amazon SageMaker Processing](processing-job.md), you can use a simplified, managed experience on SageMaker AI to run your data processing workloads with the purpose-built geospatial container.
The underlying infrastructure for a Amazon SageMaker Processing job is fully managed by SageMaker AI. During a processing job, cluster resources are provisioned for the duration of your job, and cleaned up when a job completes.
![\[Running a processing job.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/Processing-1.png)
The preceding diagram shows how SageMaker AI spins up a geospatial processing job. SageMaker AI takes your geospatial workload script, copies your geospatial data from Amazon Simple Storage Service(Amazon S3), and then pulls the specified geospatial container. The underlying infrastructure for the processing job is fully managed by SageMaker AI. Cluster resources are provisioned for the duration of your job, and cleaned up when a job completes. The output of the processing job is stored in the bucket you specified.
**Path naming constraints**
The local paths inside a Processing jobs container must begin with **/opt/ml/processing/**.
SageMaker geospatial provides a purpose-built container, `081189585635.dkr.ecr.us-west-2.amazonaws.com/sagemaker-geospatial-v1-0:latest` that can be specified when running a processing job.
**Topics**
+ [
# Overview: Run processing jobs using `ScriptProcessor` and a SageMaker geospatial container
](geospatial-custom-operations-overview.md)
+ [
# Using `ScriptProcessor` to calculate the Normalized Difference Vegetation Index (NDVI) using Sentinel-2 satellite data
](geospatial-custom-operations-procedure.md)
# Overview: Run processing jobs using `ScriptProcessor` and a SageMaker geospatial container
SageMaker geospatial provides a purpose-built processing container, `081189585635.dkr.ecr.us-west-2.amazonaws.com/sagemaker-geospatial-v1-0:latest`. You can use this container when running a job with Amazon SageMaker Processing. When you create an instance of the [https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ScriptProcessor](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ScriptProcessor) class that is available through the *Amazon SageMaker Python SDK for Processing*, specify this `image_uri`.
**Note**
If you receive a ResourceLimitExceeded error when attempting to start a processing job, you need to request a quota increase. To get started on a Service Quotas quota increase request, see [Requesting a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) in the *Service Quotas User Guide*
**Prerequisites for using `ScriptProcessor`**
1. You have created a Python script that specifies your geospatial ML workload.
1. You have granted the SageMaker AI execution role access to any Amazon S3 buckets that are needed.
1. Prepare your data for import into the container. Amazon SageMaker Processing jobs support either setting the `s3_data_type` equal to `"ManifestFile"` or to `"S3Prefix"`.
The following procedure show you how to create an instance of `ScriptProcessor` and submit a Amazon SageMaker Processing job using the SageMaker geospatial container.
**To create a `ScriptProcessor` instance and submit a Amazon SageMaker Processing job using a SageMaker geospatial container**
1. Instantiate an instance of the `ScriptProcessor` class using the SageMaker geospatial image:
```
from sagemaker.processing import ScriptProcessor, ProcessingInput, ProcessingOutput
sm_session = sagemaker.session.Session()
execution_role_arn = sagemaker.get_execution_role()
# purpose-built geospatial container
image_uri = '081189585635.dkr.ecr.us-west-2.amazonaws.com/sagemaker-geospatial-v1-0:latest'
script_processor = ScriptProcessor(
command=['python3'],
image_uri=image_uri,
role=execution_role_arn,
instance_count=4,
instance_type='ml.m5.4xlarge',
sagemaker_session=sm_session
)
```
Replace *execution\$1role\$1arn* with the ARN of the SageMaker AI execution role that has access to the input data stored in Amazon S3 and any other AWS services that you want to call in your processing job. You can update the `instance_count` and the `instance_type` to match the requirements of your processing job.
1. To start a processing job, use the `.run()` method:
```
# Can be replaced with any S3 compliant string for the name of the folder.
s3_folder = geospatial-data-analysis
# Use .default_bucket() to get the name of the S3 bucket associated with your current SageMaker session
s3_bucket = sm_session.default_bucket()
s3_manifest_uri = f's3://{s3_bucket}/{s3_folder}/manifest.json'
s3_prefix_uri = f's3://{s3_bucket}/{s3_folder}/image-prefix
script_processor.run(
code='preprocessing.py',
inputs=[
ProcessingInput(
source=s3_manifest_uri | s3_prefix_uri ,
destination='/opt/ml/processing/input_data/',
s3_data_type= "ManifestFile" | "S3Prefix",
s3_data_distribution_type= "ShardedByS3Key" | "FullyReplicated"
)
],
outputs=[
ProcessingOutput(
source='/opt/ml/processing/output_data/',
destination=s3_output_prefix_url
)
]
)
```
+ Replace *preprocessing.py* with the name of your own Python data processing script.
+ A processing job supports two methods for formatting your input data. You can either create a manifest file that points to all of the input data for your processing job, or you can use a common prefix on each individual data input. If you created a manifest file set `s3_manifest_uri` equal to `"ManifestFile"`. If you used a file prefix set `s3_manifest_uri` equal to `"S3Prefix"`. You specify the path to your data using `source`.
+ You can distribute your processing job data two ways:
+ Distribute your data to all processing instances by setting `s3_data_distribution_type` equal to `FullyReplicated`.
+ Distribute your data in shards based on the Amazon S3 key by setting `s3_data_distribution_type` equal to `ShardedByS3Key`. When you use `ShardedByS3Key` one shard of data is sent to each processing instance.
You can use a script to process SageMaker geospatial data. That script can be found in [Step 3: Writing a script that can calculate the NDVI](geospatial-custom-operations-procedure.md#geospatial-custom-operations-script-mode). To learn more about the `.run()` API operation, see [https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ScriptProcessor.run](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ScriptProcessor.run) in the *Amazon SageMaker Python SDK for Processing*.
To monitor the progress of your processing job, the `ProcessingJobs` class supports a [https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ProcessingJob.describe](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ProcessingJob.describe) method. This method returns a response from the `DescribeProcessingJob` API call. To learn more, see [`DescribeProcessingJob` in the *Amazon SageMaker AI API Reference*](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeProcessingJob.html).
The next topic show you how to create an instance of the `ScriptProcessor` class using the SageMaker geospatial container, and then how to use it to calculate the Normalized Difference Vegetation Index (NDVI) with Sentinel-2 images.
# Using `ScriptProcessor` to calculate the Normalized Difference Vegetation Index (NDVI) using Sentinel-2 satellite data
The following code samples show you how to calculate the normalized difference vegetation index of a specific geographical area using the purpose-built geospatial image within a Studio Classic notebook and run a large-scale workload with Amazon SageMaker Processing using [https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ScriptProcessor](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ScriptProcessor) from the SageMaker AI Python SDK.
This demo also uses an Amazon SageMaker Studio Classic notebook instance that uses the geospatial kernel and instance type. To learn how to create a Studio Classic geospatial notebook instance, see [Create an Amazon SageMaker Studio Classic notebook using the geospatial image](geospatial-launch-notebook.md).
You can follow along with this demo in your own notebook instance by copying and pasting the following code snippets:
1. [Use `search_raster_data_collection` to query a specific area of interest (AOI) over a given a time range using a specific raster data collection, Sentinel-2.](#geospatial-custom-operations-procedure-search)
1. [Create a manifest file that specifies what data will be processed during the processing job.](#geospatial-custom-operations-procedure-manifest)
1. [Write a data processing Python script calculating the NDVI.](#geospatial-custom-operations-script-mode)
1. [Create a `ScriptProcessor` instance and start the Amazon SageMaker Processing job](#geospatial-custom-operations-create).
1. [Visualizing the results of your processing job](#geospatial-custom-operations-visual).
## Query the Sentinel-2 raster data collection using `SearchRasterDataCollection`
With `search_raster_data_collection` you can query supported raster data collections. This example uses data that's pulled from Sentinel-2 satellites. The area of interest (`AreaOfInterest`) specified is rural northern Iowa, and the time range (`TimeRangeFilter`) is January 1, 2022 to December 30, 2022. To see the available raster data collections in your AWS Region use `list_raster_data_collections`. To see a code example using this API, see [`ListRasterDataCollections`](geospatial-data-collections.md) in the *Amazon SageMaker AI Developer Guide*.
In following code examples you use the ARN associated with Sentinel-2 raster data collection, `arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8`.
A `search_raster_data_collection` API request requires two parameters:
+ You need to specify an `Arn` parameter that corresponds to the raster data collection that you want to query.
+ You also need to specify a `RasterDataCollectionQuery` parameter, which takes in a Python dictionary.
The following code example contains the necessary key-value pairs needed for the `RasterDataCollectionQuery` parameter saved to the `search_rdc_query` variable.
```
search_rdc_query = {
"AreaOfInterest": {
"AreaOfInterestGeometry": {
"PolygonGeometry": {
"Coordinates": [[
[
-94.50938680498298,
43.22487436936203
],
[
-94.50938680498298,
42.843474642037194
],
[
-93.86520004156142,
42.843474642037194
],
[
-93.86520004156142,
43.22487436936203
],
[
-94.50938680498298,
43.22487436936203
]
]]
}
}
},
"TimeRangeFilter": {"StartTime": "2022-01-01T00:00:00Z", "EndTime": "2022-12-30T23:59:59Z"}
}
```
To make the `search_raster_data_collection` request, you must specify the ARN of the Sentinel-2 raster data collection: `arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8`. You also must need to pass in the Python dictionary that was defined previously, which specifies query parameters.
```
## Creates a SageMaker Geospatial client instance
sm_geo_client= session.create_client(service_name="sagemaker-geospatial")
search_rdc_response1 = sm_geo_client.search_raster_data_collection(
Arn='arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8',
RasterDataCollectionQuery=search_rdc_query
)
```
The results of this API can not be paginated. To collect all the satellite images returned by the `search_raster_data_collection` operation, you can implement a `while` loop. This checks for`NextToken` in the API response:
```
## Holds the list of API responses from search_raster_data_collection
items_list = []
while search_rdc_response1.get('NextToken') and search_rdc_response1['NextToken'] != None:
items_list.extend(search_rdc_response1['Items'])
search_rdc_response1 = sm_geo_client.search_raster_data_collection(
Arn='arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8',
RasterDataCollectionQuery=search_rdc_query,
NextToken=search_rdc_response1['NextToken']
)
```
The API response returns a list of URLs under the `Assets` key corresponding to specific image bands. The following is a truncated version of the API response. Some of the image bands were removed for clarity.
```
{
'Assets': {
'aot': {
'Href': 'https://sentinel-cogs.s3.us-west-2.amazonaws.com/sentinel-s2-l2a-cogs/15/T/UH/2022/12/S2A_15TUH_20221230_0_L2A/AOT.tif'
},
'blue': {
'Href': 'https://sentinel-cogs.s3.us-west-2.amazonaws.com/sentinel-s2-l2a-cogs/15/T/UH/2022/12/S2A_15TUH_20221230_0_L2A/B02.tif'
},
'swir22-jp2': {
'Href': 's3://sentinel-s2-l2a/tiles/15/T/UH/2022/12/30/0/B12.jp2'
},
'visual-jp2': {
'Href': 's3://sentinel-s2-l2a/tiles/15/T/UH/2022/12/30/0/TCI.jp2'
},
'wvp-jp2': {
'Href': 's3://sentinel-s2-l2a/tiles/15/T/UH/2022/12/30/0/WVP.jp2'
}
},
'DateTime': datetime.datetime(2022, 12, 30, 17, 21, 52, 469000, tzinfo = tzlocal()),
'Geometry': {
'Coordinates': [
[
[-95.46676936182894, 43.32623760511659],
[-94.11293433656887, 43.347431265475954],
[-94.09532154452742, 42.35884880571144],
[-95.42776890002203, 42.3383710796791],
[-95.46676936182894, 43.32623760511659]
]
],
'Type': 'Polygon'
},
'Id': 'S2A_15TUH_20221230_0_L2A',
'Properties': {
'EoCloudCover': 62.384969,
'Platform': 'sentinel-2a'
}
}
```
In the [next section](#geospatial-custom-operations-procedure-manifest), you create a manifest file using the `'Id'` key from the API response.
## Create an input manifest file using the `Id` key from the `search_raster_data_collection` API response
When you run a processing job, you must specify a data input from Amazon S3. The input data type can either be a manifest file, which then points to the individual data files. You can also add a prefix to each file that you want processed. The following code example defines the folder where your manifest files will be generated.
Use SDK for Python (Boto3) to get the default bucket and the ARN of the execution role that is associated with your Studio Classic notebook instance:
```
sm_session = sagemaker.session.Session()
s3 = boto3.resource('s3')
# Gets the default excution role associated with the notebook
execution_role_arn = sagemaker.get_execution_role()
# Gets the default bucket associated with the notebook
s3_bucket = sm_session.default_bucket()
# Can be replaced with any name
s3_folder = "script-processor-input-manifest"
```
Next, you create a manifest file. It will hold the URLs of the satellite images that you wanted processed when you run your processing job later in step 4.
```
# Format of a manifest file
manifest_prefix = {}
manifest_prefix['prefix'] = 's3://' + s3_bucket + '/' + s3_folder + '/'
manifest = [manifest_prefix]
print(manifest)
```
The following code sample returns the S3 URI where your manifest files will be created.
```
[{'prefix': 's3://sagemaker-us-west-2-111122223333/script-processor-input-manifest/'}]
```
All the response elements from the search\$1raster\$1data\$1collection response are not needed to run the processing job.
The following code snippet removes the unnecessary elements `'Properties'`, `'Geometry'`, and `'DateTime'`. The `'Id'` key-value pair, `'Id': 'S2A_15TUH_20221230_0_L2A'`, contains the year and the month. The following code example parses that data to create new keys in the Python dictionary **dict\$1month\$1items**. The values are the assets that are returned from the `SearchRasterDataCollection` query.
```
# For each response get the month and year, and then remove the metadata not related to the satelite images.
dict_month_items = {}
for item in items_list:
# Example ID being split: 'S2A_15TUH_20221230_0_L2A'
yyyymm = item['Id'].split("_")[2][:6]
if yyyymm not in dict_month_items:
dict_month_items[yyyymm] = []
# Removes uneeded metadata elements for this demo
item.pop('Properties', None)
item.pop('Geometry', None)
item.pop('DateTime', None)
# Appends the response from search_raster_data_collection to newly created key above
dict_month_items[yyyymm].append(item)
```
This code example uploads the `dict_month_items` to Amazon S3 as a JSON object using the [https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3/client/upload_file.html](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3/client/upload_file.html) API operation:
```
## key_ is the yyyymm timestamp formatted above
## value_ is the reference to all the satellite images collected via our searchRDC query
for key_, value_ in dict_month_items.items():
filename = f'manifest_{key_}.json'
with open(filename, 'w') as fp:
json.dump(value_, fp)
s3.meta.client.upload_file(filename, s3_bucket, s3_folder + '/' + filename)
manifest.append(filename)
os.remove(filename)
```
This code example uploads a parent `manifest.json` file that points to all the other manifests uploaded to Amazon S3. It also saves the path to a local variable: **s3\$1manifest\$1uri**. You'll use that variable again to specify the source of the input data when you run the processing job in step 4.
```
with open('manifest.json', 'w') as fp:
json.dump(manifest, fp)
s3.meta.client.upload_file('manifest.json', s3_bucket, s3_folder + '/' + 'manifest.json')
os.remove('manifest.json')
s3_manifest_uri = f's3://{s3_bucket}/{s3_folder}/manifest.json'
```
Now that you created the input manifest files and uploaded them, you can write a script that processes your data in the processing job. It processes the data from the satellite images, calculates the NDVI, and then returns the results to a different Amazon S3 location.
## Write a script that calculates the NDVI
Amazon SageMaker Studio Classic supports the use of the `%%writefile` cell magic command. After running a cell with this command, its contents will be saved to your local Studio Classic directory. This is code specific to calculating NDVI. However, the following can be useful when you write your own script for a processing job:
+ In your processing job container, the local paths inside the container must begin with `/opt/ml/processing/`. In this example, **input\$1data\$1path = '/opt/ml/processing/input\$1data/' ** and **processed\$1data\$1path = '/opt/ml/processing/output\$1data/'** are specified in that way.
+ With Amazon SageMaker Processing, a script that a processing job runs can upload your processed data directly to Amazon S3. To do so, make sure that the execution role associated with your `ScriptProcessor` instance has the necessary requirements to access the S3 bucket. You can also specify an outputs parameter when you run your processing job. To learn more, see the [`.run()` API operation ](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ScriptProcessor.run) in the *Amazon SageMaker Python SDK*. In this code example, the results of the data processing are uploaded directly to Amazon S3.
+ To manage the size of the Amazon EBScontainer attached to your processing jobuse the `volume_size_in_gb` parameter. The containers's default size is 30 GB. You can aslo optionally use the Python library [Garbage Collector](https://docs.python.org/3/library/gc.html) to manage storage in your Amazon EBS container.
The following code example loads the arrays into the processing job container. When arrays build up and fill in the memory, the processing job crashes. To prevent this crash, the following example contains commands that remove the arrays from the processing job’s container.
```
%%writefile compute_ndvi.py
import os
import pickle
import sys
import subprocess
import json
import rioxarray
if __name__ == "__main__":
print("Starting processing")
input_data_path = '/opt/ml/processing/input_data/'
input_files = []
for current_path, sub_dirs, files in os.walk(input_data_path):
for file in files:
if file.endswith(".json"):
input_files.append(os.path.join(current_path, file))
print("Received {} input_files: {}".format(len(input_files), input_files))
items = []
for input_file in input_files:
full_file_path = os.path.join(input_data_path, input_file)
print(full_file_path)
with open(full_file_path, 'r') as f:
items.append(json.load(f))
items = [item for sub_items in items for item in sub_items]
for item in items:
red_uri = item["Assets"]["red"]["Href"]
nir_uri = item["Assets"]["nir"]["Href"]
red = rioxarray.open_rasterio(red_uri, masked=True)
nir = rioxarray.open_rasterio(nir_uri, masked=True)
ndvi = (nir - red)/ (nir + red)
file_name = 'ndvi_' + item["Id"] + '.tif'
output_path = '/opt/ml/processing/output_data'
output_file_path = f"{output_path}/{file_name}"
ndvi.rio.to_raster(output_file_path)
print("Written output:", output_file_path)
```
You now have a script that can calculate the NDVI. Next, you can create an instance of the ScriptProcessor and run your Processing job.
## Creating an instance of the `ScriptProcessor` class
This demo uses the [ScriptProcessor](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ScriptProcessor) class that is available via the Amazon SageMaker Python SDK. First, you need to create an instance of the class, and then you can start your Processing job by using the `.run()` method.
```
from sagemaker.processing import ScriptProcessor, ProcessingInput, ProcessingOutput
image_uri = '081189585635.dkr.ecr.us-west-2.amazonaws.com/sagemaker-geospatial-v1-0:latest'
processor = ScriptProcessor(
command=['python3'],
image_uri=image_uri,
role=execution_role_arn,
instance_count=4,
instance_type='ml.m5.4xlarge',
sagemaker_session=sm_session
)
print('Starting processing job.')
```
When you start your Processing job, you need to specify a [https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ProcessingInput](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ProcessingInput) object. In that object, you specify the following:
+ The path to the manifest file that you created in step 2, **s3\$1manifest\$1uri**. This is the source of the input data to the container.
+ The path to where you want the input data to be saved in the container. This must match the path that you specified in your script.
+ Use the `s3_data_type` parameter to specify the input as `"ManifestFile"`.
```
s3_output_prefix_url = f"s3://{s3_bucket}/{s3_folder}/output"
processor.run(
code='compute_ndvi.py',
inputs=[
ProcessingInput(
source=s3_manifest_uri,
destination='/opt/ml/processing/input_data/',
s3_data_type="ManifestFile",
s3_data_distribution_type="ShardedByS3Key"
),
],
outputs=[
ProcessingOutput(
source='/opt/ml/processing/output_data/',
destination=s3_output_prefix_url,
s3_upload_mode="Continuous"
)
]
)
```
The following code example uses the [`.describe()` method](https://sagemaker.readthedocs.io/en/stable/api/training/processing.html#sagemaker.processing.ProcessingJob.describe) to get details of your Processing job.
```
preprocessing_job_descriptor = processor.jobs[-1].describe()
s3_output_uri = preprocessing_job_descriptor["ProcessingOutputConfig"]["Outputs"][0]["S3Output"]["S3Uri"]
print(s3_output_uri)
```
## Visualizing your results using `matplotlib`
With the [Matplotlib](https://matplotlib.org/stable/index.html) Python library, you can plot raster data. Before you plot the data, you need to calculate the NDVI using sample images from the Sentinel-2 satellites. The following code example opens the image arrays using the `.open_rasterio()` API operation, and then calculates the NDVI using the `nir` and `red` image bands from the Sentinel-2 satellite data.
```
# Opens the python arrays
import rioxarray
red_uri = items[25]["Assets"]["red"]["Href"]
nir_uri = items[25]["Assets"]["nir"]["Href"]
red = rioxarray.open_rasterio(red_uri, masked=True)
nir = rioxarray.open_rasterio(nir_uri, masked=True)
# Calculates the NDVI
ndvi = (nir - red)/ (nir + red)
# Common plotting library in Python
import matplotlib.pyplot as plt
f, ax = plt.subplots(figsize=(18, 18))
ndvi.plot(cmap='viridis', ax=ax)
ax.set_title("NDVI for {}".format(items[25]["Id"]))
ax.set_axis_off()
plt.show()
```
The output of the preceding code example is a satellite image with the NDVI values overlaid on it. An NDVI value near 1 indicates lots of vegetation is present, and values near 0 indicate no vegetation is presentation.
![\[A satellite image of northern Iowa with the NDVI overlaid on top\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/ndvi-iowa.png)
This completes the demo of using `ScriptProcessor`.
# Earth Observation Jobs
Using an Earth Observation job (EOJ), you can acquire, transform, and visualize geospatial data to make predictions. You can choose an operation based on your use case from a wide range of operations and models. You get the flexibility of choosing your area of interest, selecting the data providers, and setting time-range based and cloud-cover-percentage-based filters. After SageMaker AI creates an EOJ for you, you can visualize the inputs and outputs of the job using the visualization functionality. An EOJ has various use cases that include comparing deforestation over time and diagnosing plant health. You can create an EOJ by using a SageMaker notebook with a SageMaker geospatial image. You can also access the SageMaker geospatial UI as a part of Amazon SageMaker Studio Classic UI to view the list of all your jobs. You can also use the UI to pause or stop an ongoing job. You can choose a job from the list of available EOJ to view the **Job summary**, the **Job details** as well as visualize the **Job output**.
**Topics**
+ [
# Create an Earth Observation Job Using a Amazon SageMaker Studio Classic Notebook with a SageMaker geospatial Image
](geospatial-eoj-ntb.md)
+ [
# Types of Operations
](geospatial-eoj-models.md)
# Create an Earth Observation Job Using a Amazon SageMaker Studio Classic Notebook with a SageMaker geospatial Image
**To use a SageMaker Studio Classic notebook with a SageMaker geospatial image:**
1. From the **Launcher**, choose **Change environment** under **Notebooks and compute resources**.
1. Next, the **Change environment** dialog opens.
1. Select the **Image** dropdown and choose **Geospatial 1.0**. The **Instance type** should be **ml.geospatial.interactive**. Do not change the default values for other settings.
1. Choose **Select**.
1. Choose **Create notebook**.
You can initiate an EOJ using a Amazon SageMaker Studio Classic notebook with a SageMaker geospatial image using the code provided below.
```
import boto3
import sagemaker
import sagemaker_geospatial_map
session = boto3.Session()
execution_role = sagemaker.get_execution_role()
sg_client = session.client(service_name="sagemaker-geospatial")
```
The following is an example showing how to create an EOJ in the in the US West (Oregon) Region.
```
#Query and Access Data
search_rdc_args = {
"Arn": "arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8", # sentinel-2 L2A COG
"RasterDataCollectionQuery": {
"AreaOfInterest": {
"AreaOfInterestGeometry": {
"PolygonGeometry": {
"Coordinates": [
[
[-114.529, 36.142],
[-114.373, 36.142],
[-114.373, 36.411],
[-114.529, 36.411],
[-114.529, 36.142],
]
]
}
}
},
"TimeRangeFilter": {
"StartTime": "2021-01-01T00:00:00Z",
"EndTime": "2022-07-10T23:59:59Z",
},
"PropertyFilters": {
"Properties": [{"Property": {"EoCloudCover": {"LowerBound": 0, "UpperBound": 1}}}],
"LogicalOperator": "AND",
},
"BandFilter": ["visual"],
},
}
tci_urls = []
data_manifests = []
while search_rdc_args.get("NextToken", True):
search_result = sg_client.search_raster_data_collection(**search_rdc_args)
if search_result.get("NextToken"):
data_manifests.append(search_result)
for item in search_result["Items"]:
tci_url = item["Assets"]["visual"]["Href"]
print(tci_url)
tci_urls.append(tci_url)
search_rdc_args["NextToken"] = search_result.get("NextToken")
# Perform land cover segmentation on images returned from the sentinel dataset.
eoj_input_config = {
"RasterDataCollectionQuery": {
"RasterDataCollectionArn": "arn:aws:sagemaker-geospatial:us-west-2:378778860802:raster-data-collection/public/nmqj48dcu3g7ayw8",
"AreaOfInterest": {
"AreaOfInterestGeometry": {
"PolygonGeometry": {
"Coordinates": [
[
[-114.529, 36.142],
[-114.373, 36.142],
[-114.373, 36.411],
[-114.529, 36.411],
[-114.529, 36.142],
]
]
}
}
},
"TimeRangeFilter": {
"StartTime": "2021-01-01T00:00:00Z",
"EndTime": "2022-07-10T23:59:59Z",
},
"PropertyFilters": {
"Properties": [{"Property": {"EoCloudCover": {"LowerBound": 0, "UpperBound": 1}}}],
"LogicalOperator": "AND",
},
}
}
eoj_config = {"LandCoverSegmentationConfig": {}}
response = sg_client.start_earth_observation_job(
Name="lake-mead-landcover",
InputConfig=eoj_input_config,
JobConfig=eoj_config,
ExecutionRoleArn=execution_role,
)
```
After your EOJ is created, the `Arn` is returned to you. You use the `Arn` to identify a job and perform further operations. To get the status of a job, you can run `sg_client.get_earth_observation_job(Arn = response['Arn'])`.
The following example shows how to query the status of an EOJ until it is completed.
```
eoj_arn = response["Arn"]
job_details = sg_client.get_earth_observation_job(Arn=eoj_arn)
{k: v for k, v in job_details.items() if k in ["Arn", "Status", "DurationInSeconds"]}
# List all jobs in the account
sg_client.list_earth_observation_jobs()["EarthObservationJobSummaries"]
```
After the EOJ is completed, you can visualize the EOJ outputs directly in the notebook. The following example shows you how an interactive map can be rendered.
```
map = sagemaker_geospatial_map.create_map({
'is_raster': True
})
map.set_sagemaker_geospatial_client(sg_client)
# render the map
map.render()
```
The following example shows how the map can be centered on an area of interest and the input and output of the EOJ can be rendered as separate layers within the map.
```
# visualize the area of interest
config = {"label": "Lake Mead AOI"}
aoi_layer = map.visualize_eoj_aoi(Arn=eoj_arn, config=config)
# Visualize input.
time_range_filter = {
"start_date": "2022-07-01T00:00:00Z",
"end_date": "2022-07-10T23:59:59Z",
}
config = {"label": "Input"}
input_layer = map.visualize_eoj_input(
Arn=eoj_arn, config=config, time_range_filter=time_range_filter
)
# Visualize output, EOJ needs to be in completed status.
time_range_filter = {
"start_date": "2022-07-01T00:00:00Z",
"end_date": "2022-07-10T23:59:59Z",
}
config = {"preset": "singleBand", "band_name": "mask"}
output_layer = map.visualize_eoj_output(
Arn=eoj_arn, config=config, time_range_filter=time_range_filter
)
```
You can use the `export_earth_observation_job` function to export the EOJ results to your Amazon S3 bucket. The export function makes it convenient to share results across teams. SageMaker AI also simplifies dataset management. We can simply share the EOJ results using the job ARN, instead of crawling thousands of files in the S3 bucket. Each EOJ becomes an asset in the data catalog, as results can be grouped by the job ARN. The following example shows how you can export the results of an EOJ.
```
sagemaker_session = sagemaker.Session()
s3_bucket_name = sagemaker_session.default_bucket() # Replace with your own bucket if needed
s3_bucket = session.resource("s3").Bucket(s3_bucket_name)
prefix = "eoj_lakemead" # Replace with the S3 prefix desired
export_bucket_and_key = f"s3://{s3_bucket_name}/{prefix}/"
eoj_output_config = {"S3Data": {"S3Uri": export_bucket_and_key}}
export_response = sg_client.export_earth_observation_job(
Arn=eoj_arn,
ExecutionRoleArn=execution_role,
OutputConfig=eoj_output_config,
ExportSourceImages=False,
)
```
You can monitor the status of your export job using the following snippet.
```
# Monitor the export job status
export_job_details = sg_client.get_earth_observation_job(Arn=export_response["Arn"])
{k: v for k, v in export_job_details.items() if k in ["Arn", "Status", "DurationInSeconds"]}
```
You are not charged the storage fees after you delete the EOJ.
For an example that showcases how to run an EOJ, see this [blog post](https://aws.amazon.com/blogs/machine-learning/monitoring-lake-mead-drought-using-the-new-amazon-sagemaker-geospatial-capabilities/).
For more example notebooks on SageMaker geospatial capabilities, see this [GitHub repository](https://github.com/aws/amazon-sagemaker-examples/tree/main/sagemaker-geospatial).
# Types of Operations
When you create an EOJ, you select an operation based on your use case. Amazon SageMaker geospatial capabilities provide a combination of purpose-built operations and pre-trained models. You can use these operations to understand the impact of environmental changes and human activities over time or identify cloud and cloud-free pixels.
**Cloud Masking**
Identify clouds in satellite images is an essential pre-processing step in producing high-quality geospatial data. Ignoring cloud pixels can lead to errors in analysis, and over-detection of cloud pixels can decrease the number of valid observations. Cloud masking has the ability to identify cloudy and cloud-free pixels in satellite images. An accurate cloud mask helps get satellite images for processing and improves data generation. The following is the class map for cloud masking.
```
{
0: "No_cloud",
1: "cloud"
}
```
**Cloud Removal**
Cloud removal for Sentinel-2 data uses an ML-based semantic segmentation model to identify clouds in the image. Cloudy pixels can be replaced by with pixels from other timestamps. USGS Landsat data contains landsat metadata that is used for cloud removal.
**Temporal Statistics**
Temporal statistics calculate statistics for geospatial data through time. The temporal statistics currently supported include mean, median, and standard deviation. You can calculate these statistics by using `GROUPBY` and set it to either `all` or `yearly`. You can also mention the `TargetBands`.
**Zonal Statistics**
Zonal statistics performs statistical operations over a specified area on the image.
**Resampling**
Resampling is used to upscale and downscale the resolution of a geospatial image. The `value` attribute in resampling represents the length of a side of the pixel.
**Geomosaic**
Geomosaic allows you to stitch smaller images into a large image.
**Band Stacking**
Band stacking takes more than one image band as input and stacks them into a single GeoTIFF. The `OutputResolution` attribute determines the resolution of the output image. Based on the resolutions of the input images, you can set it to `lowest`, `highest` or `average`.
**Band Math**
Band Math, also known as Spectral Index, is a process of transforming the observations from multiple spectral bands to a single band, indicating the relative abundance of features of interests. For instance, Normalized Difference Vegetation Index (NDVI) and Enhanced Vegetation Index (EVI) are helpful for observing the presence of green vegetation features.
**Land Cover Segmentation**
Land Cover segmentation is a semantic segmentation model that has the capability to identify the physical material, such as vegetation, water, and bare ground, at the earth surface. Having an accurate way to map the land cover patterns helps you understand the impact of environmental change and human activities over time. Land Cover segmentation is often used for region planning, disaster response, ecological management, and environmental impact assessment. The following is the class map for Land Cover segmentation.
```
{
0: "No_data",
1: "Saturated_or_defective",
2: "Dark_area_pixels",
3: "Cloud_shadows",
4: "Vegetation",
5: "Not_vegetated",
6: "Water",
7: "Unclassified",
8: "Cloud_medium_probability",
9: "Cloud_high_probability",
10: "Thin_cirrus",
11: "Snow_ice"
}
```
## Availability of EOJ Operations
The availability of operations depends on whether you are using the SageMaker geospatial UI or the Amazon SageMaker Studio Classic notebooks with a SageMaker geospatial image. Currently, notebooks support all functionalities. To summarize, the following geospatial operations are supported by SageMaker AI:
| Operations | Description | Availability |
| --- | --- | --- |
| Cloud Masking | Identify cloud and cloud-free pixels to get improved and accurate satellite imagery. | UI, Notebook |
| Cloud Removal | Remove pixels containing parts of a cloud from satellite imagery. | Notebook |
| Temporal Statistics | Calculate statistics through time for a given GeoTIFF. | Notebook |
| Zonal Statistics | Calculate statistics on user-defined regions. | Notebook |
| Resampling | Scale images to different resolutions. | Notebook |
| Geomosaic | Combine multiple images for greater fidelity. | Notebook |
| Band Stacking | Combine multiple spectral bands to create a single image. | Notebook |
| Band Math / Spectral Index | Obtain a combination of spectral bands that indicate the abundance of features of interest. | UI, Notebook |
| Land Cover Segmentation | Identify land cover types such as vegetation and water in satellite imagery. | UI, Notebook |
# Vector Enrichment Jobs
A Vector Enrichment Job (VEJ) performs operations on your vector data. Currently, you can use a VEJ to do reverse geocoding or map matching.
**Reverse Geocoding**
With a reverse geocoding VEJ, you can convert geographic coordinates (latitude, longitude) to human-readable addresses powered by Amazon Location Service. When you upload a CSV file containing the longitude and latitude coordinates, a it returns the address number, country, label, municipality, neighborhood, postal code and region of that location. The output file consists of your input data along with columns containing these the values appended at the end. These jobs are optimized to accept tens of thousands of GPS traces.
**Map Matching**
Map matching allows you to snap GPS coordinates to road segments. The input should be a CSV file containing the trace ID (route), longitude, latitude and the timestamp attributes. There can be multiple GPS co-ordinates per route. The input can contain multiple routes too. The output is a GeoJSON file that contains links of the predicted route. It also has the snap points provided in the input. These jobs are optimized to accept tens of thousands of drives in one request. Map matching is supported by [OpenStreetMap](https://www.openstreetmap.org/). Map matching fails if the names in the input source field don't match the ones in `MapMatchingConfig`. The error message you receive contains the the field names present in the input file and the expected field name that is not found in `MapMatchingConfig`.
The input CSV file for a VEJ must contain the following:
+ A header row
+ Latitude and longitude in separate columns
+ The ID and Timestamp columns can be in numeric or string format. All other column data must be in numeric format only
+ No miss matching quotes
For the timestamp column, SageMaker geospatial capabilities supports epoch time in seconds and milliseconds (long integer). The string formats supported are as follows:
+ "dd.MM.yyyy HH:mm:ss z"
+ "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"
+ "yyyy-MM-dd'T'HH:mm:ss"
+ "yyyy-MM-dd hh:mm:ss a"
+ "yyyy-MM-dd HH:mm:ss"
+ "yyyyMMddHHmmss"
While you need to use an Amazon SageMaker Studio Classic notebook to execute a VEJ, you can view all the jobs you create using the UI. To use the visualization in the notebook, you first need to export your output to your S3 bucket. The VEJ actions you can perform are as follows.
+ [StartVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StartVectorEnrichmentJob.html)
+ [GetVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_GetVectorEnrichmentJob.html)
+ [ListVectorEnrichmentJobs](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListVectorEnrichmentJobs.html)
+ [StopVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_StopVectorEnrichmentJob.html)
+ [DeleteVectorEnrichmentJob](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_DeleteVectorEnrichmentJob.html)
# Visualization Using SageMaker geospatial capabilities
Using the visualization functionalities provided by Amazon SageMaker geospatial you can visualize geospatial data, the inputs to your EOJ or VEJ jobs as well as the outputs exported from your Amazon S3 bucket. The visualization tool is powered by [Foursquare Studio](https://studio.foursquare.com/home). The following image depicts the visualization tool supported by SageMaker geospatial capabilities.
![\[Visualization tool using SageMaker geospatial capabilities shows a map of the California coast.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/geospatial_vis.png)
You can use the left navigation panel to add data, layers, filters, and columns. You can also make modifications to how you interact with the map.
**Dataset**
The source of data used for visualization is called a **Dataset**. To add data for visualization, choose **Add Data** in the left navigation panel. You can either upload the data from your Amazon S3 bucket or your local machine. The data formats supported are CSV, JSON and GeoJSON. You can add multiple datasets to your map. After you upload the dataset, you can see it loaded on the map screen.
**Layers**
In the layer panel, a layer is created and populated automatically when you add a dataset. If your map consists of more than one dataset, you can select which dataset belongs to a layer. You can create new layers and group them. SageMaker SageMaker geospatial capabilities support various layer types, including point, arc, icon, and polygon.
You can choose any data point in a layer to have an **Outline**. You can also further customize the data points. For example, you can choose the layer type as **Point** and then **Fill Color** based on any column of your dataset. You can also change the radius of the points.
The following image shows the layers panel supported by SageMaker geospatial capabilities.
![\[The layers panel with data points on a USA map, supported by SageMaker geospatial capabilities.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/geospatial_vis_layer.png)
**Columns**
You can view the columns present in your dataset by using the **Columns** tab in the left navigation panel.
**Filters**
You can use filters to limit the data points that display on the map.
**Interactions**
In the **Interactions** panel, you can customize how you interact with the map. For example, you can choose what metrics to display when you hover the tooltip over a data point.
**Base map**
Currently, SageMaker AI only supports the Amazon Dark base map.
**Split Map Modes**
You can have a **Single Map**, **Dual Maps** or **Swipe Maps**. With **Dual Maps**, you can compare the same map side-by-side using different layers. Use **Swipe Maps** to overlay two maps on each other and use the sliding separator to compare them. You can choose the split map mode by choosing the **Split Mode** button on the top right corner of your map.
## Legends for EOJ in the SageMaker geospatial UI
The output visualization of an EOJ depends on the operation you choose to create it. The legend is based on the default color scale. You can view the legend by choosing the **Show legend** button on the top right corner of your map.
**Spectral Index**
When you visualize the output for an EOJ that uses the spectral index operation, you can map the category based on the color from the legend as shown.
![\[The legend for spectral index mapping.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/geo_spectral_index.png)
**Cloud Masking**
When you visualize the output for an EOJ that uses the cloud masking operation, you can map the category based on the color from the legend as shown.
![\[The legend for cloud masking mapping.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/geo_cloud_masking.png)
**Land Cover Segmentation**
When you visualize the output for an EOJ that uses the Land Cover Segmentation operation, you can map the category based on the color from the legend as shown.
![\[The legend for land cover segmentation mapping.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/geo_landcover_ss.png)
# Amazon SageMaker geospatial Map SDK
You can use Amazon SageMaker geospatial capabilities to visualize maps within the SageMaker geospatial UI as well as SageMaker notebooks with a geospatial image. These visualizations are supported by the map visualization library called [Foursquare Studio](https://studio.foursquare.com/home)
You can use the APIs provided by the SageMaker geospatial map SDK to visualize your geospatial data, including the input, output, and AoI for EOJ.
**Topics**
+ [
## add\$1dataset API
](#geo-add-dataset)
+ [
## update\$1dataset API
](#geo-update-dataset)
+ [
## add\$1layer API
](#geo-add-layer)
+ [
## update\$1layer API
](#geo-update-layer)
+ [
## visualize\$1eoj\$1aoi API
](#geo-visualize-eoj-aoi)
+ [
## visualize\$1eoj\$1input API
](#geo-visualize-eoj-input)
+ [
## visualize\$1eoj\$1output API
](#geo-visualize-eoj-output)
## add\$1dataset API
Adds a raster or vector dataset object to the map.
**Request syntax**
```
Request =
add_dataset(
self,
dataset: Union[Dataset, Dict, None] = None,
*,
auto_create_layers: bool = True,
center_map: bool = True,
**kwargs: Any,
) -> Optional[Dataset]
```
**Request parameters**
The request accepts the following parameters.
Positional arguments
| Argument | Type | Description |
| --- | --- | --- |
| `dataset` | Union[Dataset, Dict, None] | Data used to create a dataset, in CSV, JSON, or GeoJSON format (for local datasets) or a UUID string. |
Keyword arguments
| Argument | Type | Description |
| --- | --- | --- |
| `auto_create_layers` | Boolean | Whether to attempt to create new layers when adding a dataset. Default value is `False`. |
| `center_map` | Boolean | Whether to center the map on the created dataset. Default value is `True`. |
| `id` | String | Unique identifier of the dataset. If you do not provide it, a random ID is generated. |
| `label` | String | Dataset label which is displayed. |
| `color` | Tuple[float, float, float] | Color label of the dataset. |
| `metadata` | Dictionary | Object containing tileset metadata (for tiled datasets). |
**Response**
This API returns the [Dataset](https://location.foursquare.com/developer/docs/studio-map-sdk-types#dataset) object that was added to the map.
## update\$1dataset API
Updates an existing dataset's settings.
**Request syntax**
```
Request =
update_dataset(
self,
dataset_id: str,
values: Union[_DatasetUpdateProps, dict, None] = None,
**kwargs: Any,
) -> Dataset
```
**Request parameters**
The request accepts the following parameters.
Positional arguments
| Argument | Type | Description |
| --- | --- | --- |
| `dataset_id` | String | The identifier of the dataset to be updated. |
| `values` | Union[[\$1DatasetUpdateProps](https://location.foursquare.com/developer/docs/studio-map-sdk-types#datasetupdateprops), dict, None] | The values to update. |
Keyword arguments
| Argument | Type | Description |
| --- | --- | --- |
| `label` | String | Dataset label which is displayed. |
| `color` | [RGBColor](https://location.foursquare.com/developer/docs/studio-map-sdk-types#rgbcolor) | Color label of the dataset. |
**Response**
This API returns the updated dataset object for interactive maps, or `None` for non-interactive HTML environments.
## add\$1layer API
Adds a new layer to the map. This function requires at least one valid layer configuration.
**Request syntax**
```
Request =
add_layer(
self,
layer: Union[LayerCreationProps, dict, None] = None,
**kwargs: Any
) -> Layer
```
**Request parameters**
The request accepts the following parameters.
Arguments
| Argument | Type | Description |
| --- | --- | --- |
| `layer` | Union[[LayerCreationProps](https://location.foursquare.com/developer/docs/studio-map-sdk-types#layercreationprops), dict, None] | A set of properties used to create a layer. |
**Response**
The layer object that was added to the map.
## update\$1layer API
Update an existing layer with given values.
**Request syntax**
```
Request =
update_layer(
self,
layer_id: str,
values: Union[LayerUpdateProps, dict, None],
**kwargs: Any
) -> Layer
```
**Request parameters**
The request accepts the following parameters.
Arguments
| Positional argument | Type | Description |
| --- | --- | --- |
| `layer_id` | String | The ID of the layer to be updated. |
| `values` | Union[[LayerUpdateProps](https://location.foursquare.com/developer/docs/studio-map-sdk-types#layerupdateprops), dict, None] | The values to update. |
Keyword arguments
| Argument | Type | Description |
| --- | --- | --- |
| `type` | [LayerType](https://location.foursquare.com/developer/docs/studio-map-sdk-types#layertype) | The type of layer. |
| `data_id` | String | Unique identifier of the dataset this layer visualizes. |
| `fields` | Dict [string, Optional[string]] | Dictionary that maps fields that the layer requires for visualization to appropriate dataset fields. |
| `label` | String | Canonical label of this layer. |
| `is_visible` | Boolean | Whether the layer is visible or not. |
| `config` | [LayerConfig](https://location.foursquare.com/developer/docs/studio-map-sdk-types#layerconfig) | Layer configuration specific to its type. |
**Response**
Returns the updated layer object.
## visualize\$1eoj\$1aoi API
Visualize the AoI of the given job ARN.
**Request parameters**
The request accepts the following parameters.
Arguments
| Argument | Type | Description |
| --- | --- | --- |
| `Arn` | String | The ARN of the job. |
| `config` | Dictionary config = \$1 label: custom label of the added AoI layer, default AoI \$1 | An option to pass layer properties. |
**Response**
Reference of the added input layer object.
## visualize\$1eoj\$1input API
Visualize the input of the given EOJ ARN.
**Request parameters**
The request accepts the following parameters.
Arguments
| Argument | Type | Description |
| --- | --- | --- |
| `Arn` | String | The ARN of the job. |
| `time_range_filter` | Dictionary time\$1range\$1filter = \$1 start\$1date: date in ISO format end\$1date: date in ISO format \$1 | An option to provide the start and end time. Defaults to the raster data collection search start and end date. |
| `config` | Dictionary config = \$1 label: custom label of the added output layer, default Input \$1 | An option to pass layer properties. |
**Response**
Reference of the added input layer object.
## visualize\$1eoj\$1output API
Visualize the output of the given EOJ ARN.
**Request parameters**
The request accepts the following parameters.
Arguments
| Argument | Type | Description |
| --- | --- | --- |
| `Arn` | String | The ARN of the job. |
| `time_range_filter` | Dictionary time\$1range\$1filter = \$1 start\$1date: date in ISO format end\$1date: date in ISO format \$1 | An option to provide the start and end time. Defaults to the raster data collection search start and end date. |
| `config` | Dictionary config = \$1 label: custom label of the added output layer, default Output preset: singleBand or trueColor, band\$1name: , only required for 'singleBand' preset. Allowed bands for a EOJ \$1 | An option to pass layer properties. |
**Response**
Reference of the added output Layer object.
To learn more about visualizing your geospatial data, refer to [Visualization Using Amazon SageMaker geospatial](https://docs.aws.amazon.com/sagemaker/latest/dg/geospatial-visualize.html).
# SageMaker geospatial capabilities FAQ
Use the following FAQ items to find answers to commonly asked questions about SageMaker geospatial capabilities.
1. **What regions are Amazon SageMaker geospatial capabilities available in?**
Currently, SageMaker geospatial capabilities are only supported in the US West (Oregon) Region. To view SageMaker geospatial, choose the name of the currently displayed Region in the navigation bar of the console. Then choose the US West (Oregon) Region.
1. ** What AWS Identity and Access Management permissions and policies are required to use SageMaker geospatial?**
To use SageMaker geospatial you need a user, group, or role that can access SageMaker AI. You also need to create a SageMaker AI execution role so that SageMaker geospatial can perform operations on your behalf. To learn more, see [SageMaker geospatial capabilities roles](https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-geospatial-roles.html).
1. **I have an existing SageMaker AI execution role. Do I need to update it?**
Yes. To use SageMaker geospatial you must specify an additional service principal in your IAM trust policy: `sagemaker-geospatial.amazonaws.com`. To learn about specifying a service principal in a trust relationship, see [Adding the SageMaker geospatial service principal to an existing SageMaker AI execution role](sagemaker-geospatial-roles-pass-role.md) in the *Amazon SageMaker AI Developer Guide*.
1. **Can I use SageMaker geospatial capabilities through my VPC environment?**
Yes, you can use SageMaker geospatial through a VPN. To learn more, see [Use Amazon SageMaker geospatial capabilities in Your Amazon Virtual Private Cloud](geospatial-notebooks-and-internet-access-vpc-requirements.md).
1. **Why can't I see the SageMaker geospatial map visualizer, image or instance type when I navigate to Amazon SageMaker Studio Classic?**
Verify that you are launching Amazon SageMaker Studio Classic in the US West (Oregon) Region and that you are not using a shared space.
1. **Why can't I see the SageMaker geospatial image or instance type when I try to create a notebook instance in Studio Classic?**
Verify that you are launching Amazon SageMaker Studio Classic in the US West (Oregon) Region and that you are not using a shared space. To learn more, see [Create an Amazon SageMaker Studio Classic notebook using the geospatial image](geospatial-launch-notebook.md).
1. **What bands supported for various raster data collections?**
Use the `GetRasterDataCollection` API response and refer to the `ImageSourceBands` field to find the bands supported for that particular data collection.
# SageMaker geospatial Security and Permissions
Use the topics on this page to learn about SageMaker geospatial capabilities security features. Additionally, learn how to use SageMaker geospatial capabilities in an Amazon Virtual Private Cloud as well as protect your data at rest using encryption.
For more information about IAM users and roles, see [Identities (Users, Groups, and Roles)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html) in the IAM User Guide.
To learn more about using IAM with SageMaker AI, see [AWS Identity and Access Management for Amazon SageMaker AI](security-iam.md).
**Topics**
+ [
# Configuration and Vulnerability Analysis in SageMaker geospatial
](geospatial-config-vulnerability.md)
+ [
# Security Best Practices for SageMaker geospatial capabilities
](geospatial-sec-best-practices.md)
+ [
# Use Amazon SageMaker geospatial capabilities in Your Amazon Virtual Private Cloud
](geospatial-notebooks-and-internet-access-vpc-requirements.md)
+ [
# Use AWS KMS Permissions for Amazon SageMaker geospatial capabilities
](geospatial-kms.md)
# Configuration and Vulnerability Analysis in SageMaker geospatial
Configuration and IT controls are a shared responsibility between AWS and you, our customer. AWS handles basic security tasks like guest operating system (OS) and database patching, firewall configuration, and disaster recovery. These procedures have been reviewed and certified by the appropriate third parties. For more details, see the following resources:
+ [Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/).
+ [Amazon Web Services: Overview of Security Processes](https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf).
# Security Best Practices for SageMaker geospatial capabilities
Amazon SageMaker geospatial capabilities provide a number of security features to consider as you develop and implement your own security policies. The following best practices are general guidelines and don't represent a complete security solution. Because these best practices might not be appropriate or sufficient for your environment, treat them as helpful considerations rather than prescriptions.
**Apply principle of least privilege**
Amazon SageMaker geospatial capabilities provide granular access policy for applications using IAM roles. We recommend that the roles be granted only the minimum set of privileges required by the job. We also recommend auditing the jobs for permissions on a regular basis and upon any change to your application.
**Role-based access control (RBAC) permissions**
Administrators should strictly control Role-based access control (RBAC) permissions for Amazon SageMaker geospatial capabilities.
**Use temporary credentials whenever possible**
Where possible, use temporary credentials instead of long-term credentials, such as access keys. For scenarios in which you need IAM users with programmatic access and long-term credentials, we recommend that you rotate access keys. Regularly rotating long-term credentials helps you familiarize yourself with the process. This is useful in case you are ever in a situation where you must rotate credentials, such as when an employee leaves your company. We recommend that you use IAM access last used information to rotate and remove access keys safely. For more information, see [Rotating access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_RotateAccessKey) and [Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html).
**Use AWS CloudTrail to view and log API calls**
AWS CloudTrail tracks anyone making API calls in your AWS account. API calls are logged whenever anyone uses the Amazon SageMaker geospatial capabilities API, the Amazon SageMaker geospatial capabilities console or Amazon SageMaker geospatial capabilities AWS CLI commands. Enable logging and specify an Amazon S3 bucket to store the logs.
Your trust, privacy, and the security of your content are our highest priorities. We implement responsible and sophisticated technical and physical controls designed to prevent unauthorized access to, or disclosure of, your content and ensure that our use complies with our commitments to you. For more information, see [AWS Data Privacy FAQ](https://aws.amazon.com/compliance/data-privacy-faq/).
# Use Amazon SageMaker geospatial capabilities in Your Amazon Virtual Private Cloud
The following topic gives information on how to use SageMaker notebooks with a SageMaker geospatial image in a Amazon SageMaker AI domain with VPC only mode. For more information on VPCs in Amazon SageMaker Studio Classic see [Choose an Amazon VPC](https://docs.aws.amazon.com/sagemaker/latest/dg/onboard-vpc.html).
## `VPC only` communication with the internet
By default, SageMaker AI domain uses two Amazon VPC. One of the Amazon VPC is managed by Amazon SageMaker AI and provides direct internet access. You specify the other Amazon VPC, which provides encrypted traffic between the domain and your Amazon Elastic File System (Amazon EFS) volume.
You can change this behavior so that SageMaker AI sends all traffic over your specified Amazon VPC. If `VPC only` has been choosen as the network access mode during the SageMaker AI domain creation, the following requirements need to be considered to still allow usage of SageMaker Studio Classic notebooks within the created SageMaker AI domain.
## Requirements to use `VPC only` mode
**Note**
In order to use the visualization components of SageMaker geospatial capabilities, the browser you use to access the SageMaker Studio Classic UI needs to be connected to the internet.
When you choose `VpcOnly`, follow these steps:
1. You must use private subnets only. You cannot use public subnets in `VpcOnly` mode.
1. Ensure your subnets have the required number of IP addresses needed. The expected number of IP addresses needed per user can vary based on use case. We recommend between 2 and 4 IP addresses per user. The total IP address capacity for a Studio Classic domain is the sum of available IP addresses for each subnet provided when the domain is created. Ensure that your estimated IP address usage does not exceed the capacity supported by the number of subnets you provide. Additionally, using subnets distributed across many availability zones can aid in IP address availability. For more information, see [VPC and subnet sizing for IPv4](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#vpc-sizing-ipv4).
**Note**
You can configure only subnets with a default tenancy VPC in which your instance runs on shared hardware. For more information on the tenancy attribute for VPCs, see [Dedicated Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html).
1. Set up one or more security groups with inbound and outbound rules that together allow the following traffic:
+ [NFS traffic over TCP on port 2049](https://docs.aws.amazon.com/efs/latest/ug/network-access.html) between the domain and the Amazon EFS volume.
+ [TCP traffic within the security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-other-instances). This is required for connectivity between the JupyterServer app and the KernelGateway apps. You must allow access to at least ports in the range `8192-65535`.
1. If you want to allow internet access, you must use a [NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-working-with) with access to the internet, for example through an [internet gateway](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html).
1. If you don't want to allow internet access, [create interface VPC endpoints](https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html) (AWS PrivateLink) to allow Studio Classic to access the following services with the corresponding service names. You must also associate the security groups for your VPC with these endpoints.
**Note**
Currently, SageMaker geospatial capabilities are only supported in the US West (Oregon) Region.
+ SageMaker API : `com.amazonaws.us-west-2.sagemaker.api`
+ SageMaker AI runtime: `com.amazonaws.us-west-2.sagemaker.runtime`. This is required to run Studio Classic notebooks with a SageMaker geospatial image.
+ Amazon S3: `com.amazonaws.us-west-2.s3`.
+ To use SageMaker Projects: `com.amazonaws.us-west-2.servicecatalog`.
+ SageMaker geospatial capabilities: `com.amazonaws.us-west-2.sagemaker-geospatial`
If you use the [SageMaker Python SDK](https://sagemaker.readthedocs.io/en/stable/) to run remote training jobs, you must also create the following Amazon VPC endpoints.
+ AWS Security Token Service: `com.amazonaws.region.sts`
+ Amazon CloudWatch: `com.amazonaws.region.logs`. This is required to allow SageMaker Python SDK to get the remote training job status from Amazon CloudWatch.
**Note**
For a customer working within VPC mode, company firewalls can cause connection issues with SageMaker Studio Classic or between JupyterServer and the KernelGateway. Make the following checks if you encounter one of these issues when using SageMaker Studio Classic from behind a firewall.
Check that the Studio Classic URL is in your networks allowlist.
Check that the websocket connections are not blocked. Jupyter uses websocket under the hood. If the KernelGateway application is InService, JupyterServer may not be able to connect to the KernelGateway. You should see this problem when opening System Terminal as well.
# Use AWS KMS Permissions for Amazon SageMaker geospatial capabilities
You can protect your data at rest using encryption for SageMaker geospatial capabilities. By default, it uses server-side encryption with an Amazon SageMaker geospatial owned key. SageMaker geospatial capabilities also supports an option for server-side encryption with a customer managed KMS key.
## Server-Side Encryption with Amazon SageMaker geospatial managed key (Default)
SageMaker geospatial capabilities encrypts all your data, including computational results from your Earth Observation jobs (EOJ) and Vector Enrichment jobs (VEJ) along with all your service metadata. There is no data that is stored within SageMaker geospatial capabilities unencrypted. It uses a default AWS owned key to encrypt all your data.
## Server-Side Encryption with customer managed KMS key (Optional)
SageMaker geospatial capabilities supports the use of a symmetric customer managed key that you create, own, and manage to add a second layer of encryption over the existing AWS owned encryption. Because you have full control of this layer of encryption, you can perform such tasks as:
+ Establishing and maintaining key policies
+ Establishing and maintaining IAM policies and grants
+ Enabling and disabling key policies
+ Rotating key cryptographic material
+ Adding tags
+ Creating key aliases
+ Scheduling keys for deletion
For more information, see [Customer managed keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) in the *AWS Key Management Service Developer Guide*.
## How SageMaker geospatial capabilities uses grants in AWS KMS
SageMaker geospatial capabilities requires a grant to use your customer managed key. When you create an EOJ or an VEJ encrypted with a customer managed key, SageMaker geospatial capabilities creates a grant on your behalf by sending a `CreateGrant` request to AWS KMS. Grants in AWS KMS are used to give SageMaker geospatial capabilities access to a KMS key in a customer account. You can revoke access to the grant, or remove the service's access to the customer managed key at any time. If you do, SageMaker geospatial capabilities won't be able to access any of the data encrypted by the customer managed key, which affects operations that are dependent on that data.
## Create a customer managed key
You can create a symmetric customer managed key by using the AWS Management Console, or the AWS KMS APIs.
**To create a symmetric customer managed key**
Follow the steps for [Creating symmetric encryption KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html#create-symmetric-cmk) in the AWS Key Management Service Developer Guide.
**Key policy**
Key policies control access to your customer managed key. Every customer managed key must have exactly one key policy, which contains statements that determine who can use the key and how they can use it. When you create your customer managed key, you can specify a key policy. For more information, see [Determining access to AWS KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/determining-access.html) in the *AWS Key Management Service Developer Guide*.
To use your customer managed key with your SageMaker geospatial capabilities resources, the following API operations must be permitted in the key policy. The principal for these operations should be the Execution Role you provide in the SageMaker geospatial capabilities request. SageMaker geospatial capabilities assumes the provided Execution Role in the request to perform these KMS operations.
+ `[kms:CreateGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html)`
+ `kms:GenerateDataKey`
+ `kms:Decrypt`
+ `kms:GenerateDataKeyWithoutPlaintext`
The following are policy statement examples you can add for SageMaker geospatial capabilities:
**CreateGrant**
```
"Statement" : [
{
"Sid" : "Allow access to Amazon SageMaker geospatial capabilities",
"Effect" : "Allow",
"Principal" : {
"AWS" : ""
},
"Action" : [
"kms:CreateGrant",
"kms:Decrypt",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlaintext"
],
"Resource" : "*",
},
]
```
For more information about specifying permissions in a policy, see [AWS KMS permissions](https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) in the *AWS Key Management Service Developer Guide*. For more information about troubleshooting, see [Troubleshooting key access](https://docs.aws.amazon.com/kms/latest/developerguide/policy-evaluation.html) in the *AWS Key Management Service Developer Guide*.
If your key policy does not have your account root as key administrator, you need to add the same KMS permissions on your execution role ARN. Here is a sample policy you can add to the execution role:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Action": [
"kms:CreateGrant",
"kms:Decrypt",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlaintext"
],
"Resource": [
"arn:aws:kms:us-east-1:111122223333:key/key-id"
],
"Effect": "Allow"
}
]
}
```
------
## Monitoring your encryption keys for SageMaker geospatial capabilities
When you use an AWS KMS customer managed key with your SageMaker geospatial capabilities resources, you can use AWS CloudTrail or Amazon CloudWatch Logs to track requests that SageMaker geospatial sends to AWS KMS.
Select a tab in the following table to see examples of AWS CloudTrail events to monitor KMS operations called by SageMaker geospatial capabilities to access data encrypted by your customer managed key.
------
#### [ CreateGrant ]
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAIGDTESTANDEXAMPLE:SageMaker-Geospatial-StartEOJ-KMSAccess",
"arn": "arn:aws:sts::111122223333:assumed-role/SageMakerGeospatialCustomerRole/SageMaker-Geospatial-StartEOJ-KMSAccess",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE3",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAIOSFODNN7EXAMPLE3",
"arn": "arn:aws:sts::111122223333:assumed-role/SageMakerGeospatialCustomerRole",
"accountId": "111122223333",
"userName": "SageMakerGeospatialCustomerRole"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-03-17T18:02:06Z",
"mfaAuthenticated": "false"
}
},
"invokedBy": "arn:aws:iam::111122223333:root"
},
"eventTime": "2023-03-17T18:02:06Z",
"eventSource": "kms.amazonaws.com",
"eventName": "CreateGrant",
"awsRegion": "us-west-2",
"sourceIPAddress": "172.12.34.56",
"userAgent": "ExampleDesktop/1.0 (V1; OS)",
"requestParameters": {
"retiringPrincipal": "sagemaker-geospatial.us-west-2.amazonaws.com",
"keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-123456SAMPLE",
"operations": [
"Decrypt"
],
"granteePrincipal": "sagemaker-geospatial.us-west-2.amazonaws.com"
},
"responseElements": {
"grantId": "0ab0ac0d0b000f00ea00cc0a0e00fc00bce000c000f0000000c0bc0a0000aaafSAMPLE",
"keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-123456SAMPLE"
},
"requestID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE",
"eventID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-123456SAMPLE"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
------
#### [ GenerateDataKey ]
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AWSService",
"invokedBy": "sagemaker-geospatial.amazonaws.com"
},
"eventTime": "2023-03-24T00:29:45Z",
"eventSource": "kms.amazonaws.com",
"eventName": "GenerateDataKey",
"awsRegion": "us-west-2",
"sourceIPAddress": "sagemaker-geospatial.amazonaws.com",
"userAgent": "sagemaker-geospatial.amazonaws.com",
"requestParameters": {
"encryptionContext": {
"aws:s3:arn": "arn:aws:s3:::axis-earth-observation-job-378778860802/111122223333/napy9eintp64/output/consolidated/32PPR/2022-01-04T09:58:03Z/S2B_32PPR_20220104_0_L2A_msavi.tif"
},
"keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-123456SAMPLE",
"keySpec": "AES_256"
},
"responseElements": null,
"requestID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE",
"eventID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE",
"readOnly": true,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-123456SAMPLE"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
------
#### [ Decrypt ]
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AWSService",
"invokedBy": "sagemaker-geospatial.amazonaws.com"
},
"eventTime": "2023-03-28T22:04:24Z",
"eventSource": "kms.amazonaws.com",
"eventName": "Decrypt",
"awsRegion": "us-west-2",
"sourceIPAddress": "sagemaker-geospatial.amazonaws.com",
"userAgent": "sagemaker-geospatial.amazonaws.com",
"requestParameters": {
"encryptionAlgorithm": "SYMMETRIC_DEFAULT",
"encryptionContext": {
"aws:s3:arn": "arn:aws:s3:::axis-earth-observation-job-378778860802/111122223333/napy9eintp64/output/consolidated/32PPR/2022-01-04T09:58:03Z/S2B_32PPR_20220104_0_L2A_msavi.tif"
},
},
"responseElements": null,
"requestID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE",
"eventID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE",
"readOnly": true,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-123456SAMPLE"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
------
#### [ GenerateDataKeyWithoutPlainText ]
```
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAIGDTESTANDEXAMPLE:SageMaker-Geospatial-StartEOJ-KMSAccess",
"arn": "arn:aws:sts::111122223333:assumed-role/SageMakerGeospatialCustomerRole/SageMaker-Geospatial-StartEOJ-KMSAccess",
"accountId": "111122223333",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE3",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAIOSFODNN7EXAMPLE3",
"arn": "arn:aws:sts::111122223333:assumed-role/SageMakerGeospatialCustomerRole",
"accountId": "111122223333",
"userName": "SageMakerGeospatialCustomerRole"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-03-17T18:02:06Z",
"mfaAuthenticated": "false"
}
},
"invokedBy": "arn:aws:iam::111122223333:root"
},
"eventTime": "2023-03-28T22:09:16Z",
"eventSource": "kms.amazonaws.com",
"eventName": "GenerateDataKeyWithoutPlaintext",
"awsRegion": "us-west-2",
"sourceIPAddress": "172.12.34.56",
"userAgent": "ExampleDesktop/1.0 (V1; OS)",
"requestParameters": {
"keySpec": "AES_256",
"keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-123456SAMPLE"
},
"responseElements": null,
"requestID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE",
"eventID": "ff000af-00eb-00ce-0e00-ea000fb0fba0SAMPLE",
"readOnly": true,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-123456SAMPLE"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management"
}
```
------
# Types of compute instances
SageMaker geospatial capabilities offer three types of compute instances.
+ **SageMaker Studio Classic geospatial notebook instances** – SageMaker geospatial supports both CPU and GPU-based notebook instances in Studio Classic. Notebook instances are used to build, train, and deploy ML models. For a list of available notebook instance types that work with the geospatial image, see [Supported notebook instance types](#supported-geospatial-instances).
+ **SageMaker geospatial jobs instances** – Run processing jobs to transform satellite image data.
+ **SageMaker geospatial model inference types** – Make predictions by using pre-trained ML models on satellite imagery.
The instance type is determined by the operations that you run.
The following table shows the available SageMaker geospatial specific operations and instance types that you can use.
| Operations | Instance |
| --- | --- |
| Temporal Statistics | ml.geospatial.jobs |
| Zonal Statistics | ml.geospatial.jobs |
| Resampling | ml.geospatial.jobs |
| Geomosaic | ml.geospatial.jobs |
| Band Stacking | ml.geospatial.jobs |
| Band Math | ml.geospatial.jobs |
| Cloud Removal with Landsat8 | ml.geospatial.jobs |
| Cloud Removal with Sentinel-2 | ml.geospatial.models |
| Cloud Masking | ml.geospatial.models |
| Land Cover Segmentation | ml.geospatial.models |
## SageMaker geospatial supported notebook instance types
SageMaker geospatial supports both CPU and GPU-based notebook instances in Studio Classic. If when starting a GPU enabled notebook instance you receive a ResourceLimitExceeded error, you need to request a quota increase. To get started on a Service Quotas quota increase request, see [Requesting a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) in the *Service Quotas User Guide*.
Supported Studio Classic notebook instance types
| Name | Instance type |
| --- | --- |
| ml.geospatial.interactive | CPU |
| ml.g5.xlarge | GPU |
| ml.g5.2xlarge | GPU |
| ml.g5.4xlarge | GPU |
| ml.g5.8xlarge | GPU |
| ml.g5.16xlarge | GPU |
| ml.g5.12xlarge | GPU |
| ml.g5.24xlarge | GPU |
| ml.g5.48xlarge | GPU |
You are charged different rates for each type of compute instance that you use. For more information about pricing, see [Geospatial ML with Amazon SageMaker AI](https://aws.amazon.com/sagemaker/geospatial).
## SageMaker geospatial libraries
The SageMaker geospatial specific **Instance type**, **ml.geospatial.interactive** contains the following Python libraries.
Geospatial libraries available on the geospatial instance type
| Library name | Version available |
| --- | --- |
| numpy | 1.23.4 |
| scipy | 1.11.2 |
| pandas | 1.4.4 |
| gdal | 3.2.2 |
| fiona | 1.8.22 |
| geopandas | 0.11.1 |
| shapley | 1.8.4 |
| seaborn | 0.11.2 |
| notebook | 1.8.22 |
| scikit-image | 0.11.2 |
| rasterio | 6.4.12 |
| scikit-learn | 0.19.2 |
| ipyleaflet | 1.0.1 |
| rtree | 0.17.2 |
| opencv | 4.6.0.66 |
| supy | 2022.4.7 |
| SNAP toolbox | 9.0 |
| cdsapi | 0.6.1 |
| arosics | 1.8.1 |
| rasterstats | 0.18.0 |
| rioxarray | 0.14.1 |
| pyroSAR | 0.20.0 |
| eo-learn | 1.4.1 |
| deepforest | 1.2.7 |
| scrapy | 2.8.0 |
| netCDF4 | 1.6.3 |
| xarray[complete] | 0.20.1 |
| Orfeotoolbox | OTB-8.1.1 |
| pytorch | 2.0.1 |
| pytorch-cuda | 11.8 |
| torchvision | 0.15.2 |
| torchaudio | 2.0.2 |
| pytorch-lightning | 2.0.6 |
| tensorflow | 2.13.0 |
# Data collections
Amazon SageMaker geospatial supports the following raster data collections. Of the following data collections, you can use the USGS Landsat and the Sentinel-2 Cloud-Optimized GeoTIFF data collections when starting an Earth Observation Job (EOJ). To learn more about the EOJs, see [Earth Observation Jobs](geospatial-eoj.md).
+ [Copernicus Digital Elevation Model (DEM) – GLO-30](https://registry.opendata.aws/copernicus-dem/)
+ [Copernicus Digital Elevation Model (DEM) – GLO-90](https://registry.opendata.aws/copernicus-dem/)
+ [https://registry.opendata.aws/sentinel-2-l2a-cogs/](https://registry.opendata.aws/sentinel-2-l2a-cogs/)
+ [https://registry.opendata.aws/sentinel-1/](https://registry.opendata.aws/sentinel-1/)
+ [National Agriculture Imagery Program (NAIP) on AWS](https://registry.opendata.aws/naip/)
+ [https://registry.opendata.aws/usgs-landsat/](https://registry.opendata.aws/usgs-landsat/)
To find the list of available raster data collections in your AWS Regions, use `ListRasterDataCollections`. In the [`ListRasterDataCollections` response](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListRasterDataCollections.html#API_geospatial_ListRasterDataCollections_ResponseSyntax), you get a [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListRasterDataCollections.html#API_geospatial_ListRasterDataCollections_ResponseSyntax](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_geospatial_ListRasterDataCollections.html#API_geospatial_ListRasterDataCollections_ResponseSyntax) object that contains details about the available raster data collections.
**Example – Calling the `ListRasterDataCollections` API using the AWS SDK for Python (Boto3)**
When you use the SDK for Python (Boto3) and SageMaker geospatial, you must create a geospatial client, `geospatial_client`. Use the following Python snippet to make a call to the `list_raster_data_collections` API:
```
import boto3
import sagemaker
import sagemaker_geospatial_map
import json
## SageMaker Geospatial Capabilities is currently only avaialable in US-WEST-2
session = boto3.Session(region_name='us-west-2')
execution_role = sagemaker.get_execution_role()
## Creates a SageMaker Geospatial client instance
geospatial_client = session.client(service_name="sagemaker-geospatial")
# Creates a resusable Paginator for the list_raster_data_collections API operation
paginator = geospatial_client.get_paginator("list_raster_data_collections")
# Create a PageIterator from the Paginator
page_iterator = paginator.paginate()
# Use the iterator to iterate throught the results of list_raster_data_collections
results = []
for page in page_iterator:
results.append(page['RasterDataCollectionSummaries'])
print (results)
```
In the JSON response, you will receive the following, which has been truncated for clarity:
```
{
"Arn": "arn:aws:sagemaker-geospatial:us-west-2:555555555555:raster-data-collection/public/dxxbpqwvu9041ny8",
"Description": "Copernicus DEM is a Digital Surface Model which represents the surface of the Earth including buildings, infrastructure, and vegetation. GLO-30 is instance of Copernicus DEM that provides limited worldwide coverage at 30 meters.",
"DescriptionPageUrl": "https://registry.opendata.aws/copernicus-dem/",
"Name": "Copernicus DEM GLO-30",
"Tags": {},
"Type": "PUBLIC"
}
```
## Image band information from the USGS Landsat and Sentinel-2 data collections
Image band information from the USGS Landsat 8 and Sentinel-2 data collections are provided in the following table.
USGS Landsat
| Band name | Wave length range (nm) | Units | Valid range | Fill value | Spatial resolution |
| --- | --- | --- | --- | --- | --- |
| coastal | 435 - 451 | Unitless | 1 - 65455 | 0 (No Data) | 30m |
| blue | 452 - 512 | Unitless | 1 - 65455 | 0 (No Data) | 30m |
| green | 533 - 590 | Unitless | 1 - 65455 | 0 (No Data) | 30m |
| red | 636 - 673 | Unitless | 1 - 65455 | 0 (No Data) | 30m |
| nir | 851 - 879 | Unitless | 1 - 65455 | 0 (No Data) | 30m |
| swir16 | 1566 - 1651 | Unitless | 1 - 65455 | 0 (No Data) | 30m |
| swir22 | 2107 - 2294 | Unitless | 1 - 65455 | 0 (No Data) | 30m |
| qa\$1aerosol | NA | Bit Index | 0 - 255 | 1 | 30m |
| qa\$1pixel | NA | Bit Index | 1 - 65455 | 1 (bit 0) | 30m |
| qa\$1radsat | NA | Bit Index | 1 - 65455 | NA | 30m |
| t | 10600 - 11190 | Scaled Kelvin | 1 - 65455 | 0 (No Data) | 30m (scaled from 100m) |
| atran | NA | Unitless | 0 - 10000 | -9999 (No Data) | 30m |
| cdist | NA | Kilometers | 0 - 24000 | -9999 (No Data) | 30m |
| drad | NA | W/(m^2 sr µm)/DN | 0 - 28000 | -9999 (No Data) | 30m |
| urad | NA | W/(m^2 sr µm)/DN | 0 - 28000 | -9999 (No Data) | 30m |
| trad | NA | W/(m^2 sr µm)/DN | 0 - 28000 | -9999 (No Data) | 30m |
| emis | NA | Emissivity coefficient | 1 - 10000 | -9999 (No Data) | 30m |
| emsd | NA | Emissivity coefficient | 1 - 10000 | -9999 (No Data) | 30m |
Sentinel-2
| Band name | Wave length range (nm) | Scale | Valid range | Fill value | Spatial resolution |
| --- | --- | --- | --- | --- | --- |
| coastal | 443 | 0.0001 | NA | 0 (No Data) | 60m |
| blue | 490 | 0.0001 | NA | 0 (No Data) | 10m |
| green | 560 | 0.0001 | NA | 0 (No Data) | 10m |
| red | 665 | 0.0001 | NA | 0 (No Data) | 10m |
| rededge1 | 705 | 0.0001 | NA | 0 (No Data) | 20m |
| rededge2 | 740 | 0.0001 | NA | 0 (No Data) | 20m |
| rededge3 | 783 | 0.0001 | NA | 0 (No Data) | 20m |
| nir | 842 | 0.0001 | NA | 0 (No Data) | 10m |
| nir08 | 865 | 0.0001 | NA | 0 (No Data) | 20m |
| nir08 | 865 | 0.0001 | NA | 0 (No Data) | 20m |
| nir09 | 940 | 0.0001 | NA | 0 (No Data) | 60m |
| swir16 | 1610 | 0.0001 | NA | 0 (No Data) | 20m |
| swir22 | 2190 | 0.0001 | NA | 0 (No Data) | 20m |
| aot | Aerosol optical thickness | 0.001 | NA | 0 (No Data) | 10m |
| wvp | Scene-average water vapor | 0.001 | NA | 0 (No Data) | 10m |
| scl | Scene classification data | NA | 1 - 11 | 0 (No Data) | 20m |
# RStudio on Amazon SageMaker AI
RStudio is an integrated development environment for R, with a console, syntax-highlighting editor that supports direct code execution, and tools for plotting, history, debugging and workspace management. Amazon SageMaker AI supports RStudio as a fully-managed integrated development environment (IDE) integrated with Amazon SageMaker AI domain through Posit Workbench. RStudio allows customers to create data science insights using an R environment. With RStudio integration, you can launch an RStudio environment in the domain to run your RStudio workflows on SageMaker AI resources. For more information about Posit Workbench, see the [Posit website](https://posit.co/products/enterprise/workbench/). This page gives information about important RStudio concepts.
SageMaker AI integrates RStudio through the creation of a RStudioServerPro app.
The following are supported by RStudio on SageMaker AI.
+ R developers use the RStudio IDE interface with popular developer tools from the R ecosystem. Users can launch new RStudio sessions, write R code, install dependencies from RStudio Package Manager, and publish Shiny apps using RStudio Connect.
+ R developers can quickly scale underlying compute resources to run large scale data processing and statistical analysis.
+ Platform administrators can set up user identities, authorization, networking, storage, and security for their data science teams through AWS IAM Identity Center and AWS Identity and Access Management integration. This includes connection to private Amazon Virtual Private Cloud (Amazon VPC) resources and internet-free mode with AWS PrivateLink.
+ Integration with AWS License Manager.
For information on the onboarding steps to create a domain with RStudio enabled, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
## Region availability
The following table gives information about the AWS Regions that RStudio on SageMaker AI is supported in.
| Region name | Region |
| --- | --- |
| US East (Ohio) | us-east-2 |
| US East (N. Virginia) | us-east-1 |
| US West (N. California) | us-west-1 |
| US West (Oregon) | us-west-2 |
| Asia Pacific (Mumbai) | ap-south-1 |
| Asia Pacific (Seoul) | ap-northeast-2 |
| Asia Pacific (Singapore) | ap-southeast-1 |
| Asia Pacific (Sydney) | ap-southeast-2 |
| Asia Pacific (Tokyo) | ap-northeast-1 |
| Canada (Central) | ca-central-1 |
| Europe (Frankfurt) | eu-central-1 |
| Europe (Ireland) | eu-west-1 |
| Europe (London) | eu-west-2 |
| Europe (Paris) | eu-west-3 |
| Europe (Stockholm) | eu-north-1 |
| South America (São Paulo) | sa-east-1 |
## RStudio components
+ *RStudioServerPro*: The RStudioServerPro app is a multiuser app that is a shared resource among all user profiles in the domain. Once an RStudio app is created in a domain, the admin can give permissions to users in the domain.
+ *RStudio user*: RStudio users are users within the domain that are authorized to use the RStudio license.
+ *RStudio admin*: An RStudio on Amazon SageMaker AI admin can access the RStudio administrative dashboard. RStudio on Amazon SageMaker AI admins differ from "stock" Posit Workbench admins because they do not have root access to the instance running the RStudioServerPro app and can't modify the RStudio configuration file.
+ *RStudio Server*: The RStudio Server instance is responsible for serving the RStudio UI to all authorized Users. This instance is launched on an Amazon SageMaker AI instance.
+ *RSession*: An RSession is a browser-based interface to the RStudio IDE running on an Amazon SageMaker AI instance. Users can create and interact with their RStudio projects through the RSession.
+ *RSessionGateway*: The RSessionGateway app is used to support an RSession.
+ *RStudio administrative dashboard*: This dashboard gives information on the RStudio users in the Amazon SageMaker AI domain and their sessions. This dashboard can only be accessed by users that have RStudio admin authorization.
## Differences from Posit Workbench
RStudio on Amazon SageMaker AI has some significant differences from [Posit Workbench](https://posit.co/products/enterprise/workbench/).
+ When using RStudio on SageMaker AI, users don’t have access to the RStudio configuration files. Amazon SageMaker AI manages the configuration file and sets defaults. You can modify the RStudio Connect and RStudio Package Manager URLs when creating your RStudio-enabled Amazon SageMaker AI domain.
+ Project sharing, realtime collaboration, and Job Launcher are not currently supported when using RStudio on Amazon SageMaker AI.
+ When using RStudio on SageMaker AI, the RStudio IDE runs on Amazon SageMaker AI instances for on-demand containerized compute resources.
+ RStudio on SageMaker AI only supports the RStudio IDE and does not support other IDEs supported by a Posit Workbench installation.
+ RStudio on SageMaker AI only supports the RStudio version specified in [RStudio Versioning](rstudio-version.md).
# RStudio on Amazon SageMaker AI management
The following topics give information on managing RStudio on Amazon SageMaker AI. This includes information about your RStudio environment configuration, user sessions, and necessary resources. For information on how to use RStudio on SageMaker AI, see [RStudio on Amazon SageMaker AI user guide](rstudio-use.md).
For information about creating a Amazon SageMaker AI domain with RStudio enabled, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
For information about the AWS Regions that RStudio on SageMaker AI is supported in, see [Supported Regions and Quotas](regions-quotas.md).
**Topics**
+ [
# Get an RStudio license
](rstudio-license.md)
+ [
# RStudio Versioning
](rstudio-version.md)
+ [
# Network and Storage
](rstudio-network.md)
+ [
# RStudioServerPro instance type
](rstudio-select-instance.md)
+ [
# Add an RStudio Connect URL
](rstudio-configure-connect.md)
+ [
# Update the RStudio Package Manager URL
](rstudio-configure-pm.md)
+ [
# Create an Amazon SageMaker AI domain with RStudio using the AWS CLI
](rstudio-create-cli.md)
+ [
# Add RStudio support to an existing domain
](rstudio-add-existing.md)
+ [
# Custom images with RStudio on SageMaker AI
](rstudio-byoi.md)
+ [
# Create a user to use RStudio
](rstudio-create-user.md)
+ [
# Log in to RStudio as another user
](rstudio-login-another.md)
+ [
# Terminate sessions for another user
](rstudio-terminate-another.md)
+ [
# Use the RStudio administrative dashboard
](rstudio-admin.md)
+ [
# Shut down RStudio
](rstudio-shutdown.md)
+ [
# Billing and cost
](rstudio-billing.md)
+ [
# Diagnose issues and get support
](rstudio-troubleshooting.md)
# Get an RStudio license
RStudio on Amazon SageMaker AI is a paid product and requires that each user is appropriately licensed. Licenses for RStudio on Amazon SageMaker AI may be obtained from RStudio PBC directly, or by purchasing a subscription to Posit Workbench on AWS Marketplace. For existing customers of Posit Workbench Enterprise, licenses are issued at no additional cost. To use an RStudio license with Amazon SageMaker AI, you must first have a valid RStudio license registered with AWS License Manager. For licenses purchased directly through Rstudio PBC, a licenses grant for your AWS Account must be created. Contact RStudio for direct license purchases or to enable existing licenses in AWS License Manager. For more information about registering a license with AWS License Manager, see [Seller issued licenses in AWS License Manager](https://docs.aws.amazon.com/license-manager/latest/userguide/seller-issued-licenses.html).
The following topics show how to acquire and validate a license granted by RStudio PBC.
**Get an RStudio license**
1. If you don't have an RStudio license, you may purchase one from the AWS Marketplace or from RStudio PBC directly.
+ To purchase a subscription from the AWS Marketplace, complete the steps to [subscribe with a SaaS contract](https://docs.aws.amazon.com/marketplace/latest/buyerguide/buyer-saas-products.html) by searching for **Posit Team**. To fulfill the license, you will be redirected to an external form outside the AWS Marketplace. You must provide additional information, including your company name and email address. If you can’t access that form to provide a company name and a contact email, create a ticket with Posit Support at [https://support.posit.co/hc/en-us/requests/new](https://support.posit.co/hc/en-us/requests/new) with details about your purchase.
+ To purchase from RStudio PBC directly, navigate to [RStudio Pricing](https://www.rstudio.com/pricing/) or contact [sales@rstudio.com](mailto:sales@rstudio.com). When buying or updating an RStudio license, you must provide the AWS Account that will host your Amazon SageMaker AI domain.
If you have an existing RStudio license, contact your RStudio Sales representative or [sales@rstudio.com](mailto:sales@rstudio.com) to add RStudio on Amazon SageMaker AI to your existing Posit Workbench Enterprise license, or to convert your Posit Workbench Standard license. The RStudio Sales representative will send you the appropriate electronic order form.
1. RStudio grants a Posit Workbench license to your AWS Account through AWS License Manager in the US East (N. Virginia) Region. Although the RStudio license is granted in the US East (N. Virginia) Region, your license can be consumed in any AWS Region that RStudio on Amazon SageMaker AI is supported in. You can expect the license grant process to complete within three business days after you share your AWS account ID with RStudio.
1. When this license is granted, you receive an email from your RStudio Sales representative with instructions to accept your license grant.
**Validate your RStudio license to be used with Amazon SageMaker AI**
1. Log into the AWS License Manager console in the same region as your Amazon SageMaker AI domain. If you are using AWS License Manager for the first time, AWS License Manager prompts you to grant permission to use AWS License Manager.
1. Select **Start using AWS License manager**.
1. Select `I grant AWS License Manager the required permissions` and select **Grant Permissions**.
1. Navigate to **Granted Licenses** on the left panel.
1. Select the license grant with `RSW-SageMaker` as the `Product name` and select **View**.
1. From the license detail page, select **Accept & activate license**.
**RStudio administrative dashboard**
You can use the RStudio administrative dashboard to see the number of users on the license following the steps in [Use the RStudio administrative dashboard](rstudio-admin.md).
# RStudio Versioning
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
This guide provides information about the `2025.05.1+513.pro3` version update for RStudio on SageMaker AI. Starting October 31, 2025, new domains with RStudio support are created with Posit Workbench version `2025.05.1+513.pro3`. This applies to the `RStudioServerPro` applications and default `RSessionGateway` applications.
The following sections provide information about the `2025.05.1+513.pro3` release.
## Latest version updates
The latest RStudio version is `2025.05.1+513.pro3`.
+ R versions supported:
+ 4.5.1
+ 4.4.3
+ 4.4.0
+ 4.3.3
+ 4.2.3
+ 4.2.1
+ 4.1.3
+ 4.0.2
For more information about the changes in this release, see [https://docs.posit.co/ide/news/](https://docs.posit.co/ide/news/).
**Note**
To ensure compatibility, we recommend using RSessions with a prefix that matches the current Posit Workbench version.
If you see the following warning, there is a version mismatch between the `RSession` and the Posit Workbench version used in RStudio on SageMaker AI. To resolve this issue, update the RStudio version for the domain. For information about updating the RStudio version, see [Upgrade to the new version](rstudio-version-upgrade.md).
```
Session version 2024.04.2+764.pro1 does not match server version 2025.05.1+513.pro3 - this is an unsupported configuration, and you may experience unexpected issues as a result.
```
## Versioning
There are currently two versions of Posit Workbench supported by SageMaker AI.
+ Latest version: `2025.05.1+513.pro3`
Deprecation Date: December 5, 2026
+ Previous version: `2024.04.2+764.pro1`
Deprecation Date: April 30, 2026
**Note**
While you can continue creating new domains with the older version `2024.04.2+764.pro1` until 04/30/2026 by explicitly pinning the version when you create the domain using CLI, we strongly recommend customers to begin using the `2025.05` version in all domains. POSIT has ceased providing vulnerability fixes for `2024.04.2+764.pro1`.
Versions `2023.03.2-547.pro5` and `2022.02.2-485.pro2` are deprecated and are no longer supported. We recommend updating to the latest version.
The default Posit Workbench version that SageMaker AI selects depends on the creation date of the domain.
+ For domains created after October 31, 2025, version `2025.05.1+513.pro3` is the default selected version.
+ For domains created after September 04, 2024 and before October 31, 2025, version `2024.04.2+764.pro1` is the default selected version. You can update your domains to the latest version (`2025.05.1+513.pro3`) by setting it as the default version for the domain. For more information, see [Upgrade to the new version](rstudio-version-upgrade.md).
**Note**
The default `RSessionGateway` application version matches the current version of the `RStudioServerPro` application.
The following table lists the image ARNs for both versions for each AWS Region. These ARNs are passed as part of an `update-domain` command to set the desired version.
| Region | `2024.04.2+764.pro1` Image ARN | `2025.05.1+513.pro3` Image ARN |
| --- | --- | --- |
| us-east-1 | arn:aws:sagemaker:us-east-1:081325390199:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:us-east-1:081325390199:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| us-east-2 | arn:aws:sagemaker:us-east-2:429704687514:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:us-east-2:429704687514:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| us-west-1 | arn:aws:sagemaker:us-west-1:742091327244:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:us-west-1:742091327244:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| us-west-2 | arn:aws:sagemaker:us-west-2:236514542706:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:us-west-2:236514542706:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| af-south-1 | arn:aws:sagemaker:af-south-1:559312083959:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:af-south-1:559312083959:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| ap-east-1 | arn:aws:sagemaker:ap-east-1:493642496378:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:ap-east-1:493642496378:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| ap-south-1 | arn:aws:sagemaker:ap-south-1:394103062818:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:ap-south-1:394103062818:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| ap-northeast-2 | arn:aws:sagemaker:ap-northeast-2:806072073708:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:ap-northeast-2:806072073708:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| ap-southeast-1 | arn:aws:sagemaker:ap-southeast-1:492261229750:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:ap-southeast-1:492261229750:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| ap-southeast-2 | arn:aws:sagemaker:ap-southeast-2:452832661640:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:ap-southeast-2:452832661640:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| ap-northeast-1 | arn:aws:sagemaker:ap-northeast-1:102112518831:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:ap-northeast-1:102112518831:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| ca-central-1 | arn:aws:sagemaker:ca-central-1:310906938811:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:ca-central-1:310906938811:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| eu-central-1 | arn:aws:sagemaker:eu-central-1:936697816551:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:eu-central-1:936697816551:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| eu-west-1 | arn:aws:sagemaker:eu-west-1:470317259841:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:eu-west-1:470317259841:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| eu-west-2 | arn:aws:sagemaker:eu-west-2:712779665605:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:eu-west-2:712779665605:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| eu-west-3 | arn:aws:sagemaker:eu-west-3:615547856133:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:eu-west-3:615547856133:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| eu-north-1 | arn:aws:sagemaker:eu-north-1:243637512696:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:eu-north-1:243637512696:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| eu-south-1 | arn:aws:sagemaker:eu-south-1:592751261982:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:eu-south-1:592751261982:image/rstudio-workbench-2025.05-sagemaker-1.0 |
| sa-east-1 | arn:aws:sagemaker:sa-east-1:782484402741:image/rstudio-workbench-2024.04-sagemaker-1.1 | arn:aws:sagemaker:sa-east-1:782484402741:image/rstudio-workbench-2025.05-sagemaker-1.0 |
### Changes to BYOI Images
If you use a BYOI image with RStudio and update your `RStudioServerPro` version to `2025.05.1+513.pro3`, you must upgrade your custom images to use the `2025.05.1+513.pro3` release and redeploy your existing RSessions. If you attempt to load a non-compatible image in an RSession of a domain using the `2025.05.1+513.pro3` version, the RSession fails because it cannot parse parameters that it receives. To prevent failure, update all of the deployed custom images in your existing `RStudioServerPro` application.
The `RSW_VERSION` in the Dockerfile must be consistent with the Posit Workbench version used in RStudio on SageMaker AI. You can validate the current version in Posit Workbench. To do so, use the version name that's located in the lower left corner of the Posit Workbench launcher page.
```
ARG RSW_VERSION=2025.05.1+513.pro3
ENV RSTUDIO_FORCE_NON_ZERO_EXIT_CODE="1"
ARG RSW_NAME=rstudio-workbench
ARG OS_CODE_NAME=jammy
ARG RSW_DOWNLOAD_URL=https://s3.amazonaws.com/rstudio-ide-build/server/${OS_CODE_NAME}/amd64
RUN RSW_VERSION_URL=`echo -n "${RSW_VERSION}" | sed 's/+/-/g'` \
&& curl -o rstudio-workbench.deb ${RSW_DOWNLOAD_URL}/${RSW_NAME}-${RSW_VERSION_URL}-amd64.deb \
&& gdebi -n ./rstudio-workbench.deb
```
# Upgrade to the new version
Existing domains using version `2024.04.2+764.pro1` can upgrade to `2025.05.1+513.pro3` version in one of two ways:
+ Create a new domain from the AWS CLI with RStudio enabled.
+ Update an existing domain to use the `2025.05.1+513.pro3` version.
The following procedure shows how to delete the RStudio application for an existing domain, set the default version to `2025.05.1+513.pro3`, and then create an RStudio application.
1. Delete the `RStudioServerPro` application and all `RSessionGateway` applications associated with your existing domain. For information about how to find your domain ID, see [View domains](domain-view.md). For more information about deleting applications, see [Shut down RStudio](rstudio-shutdown.md).
```
aws sagemaker delete-app \
--region region \
--domain-id domainId \
--user-profile-name domain-shared \
--app-type RStudioServerPro \
--app-name default
```
1. If your domain is using RStudio version `2024.04.2+764.pro1`, update the domain to set `2025.05.1+513.pro3` as the default Posit Workbench version. The `SageMakerImageArn` value in the following `update-domain` command specifies the RStudio `2025.05.1+513.pro3` version as the default. This ARN must match the Region that your domain is in. For a list of all available ARNs, see [Versioning](rstudio-version.md#rstudio-version-new).
Pass an execution role ARN for the domain that provides permissions to update the domain.
```
aws sagemaker update-domain \
--region region \
--domain-id domainId \
--domain-settings-for-update "{\"RStudioServerProDomainSettingsForUpdate\":{\"DefaultResourceSpec\": {\"SageMakerImageArn\": \"arn-for-2025.05.1+513.pro3-version\", \"InstanceType\": \"system\"}, \"DomainExecutionRoleArn\": \"execution-role-arn\"}}"
```
1. Create a new `RStudioServerPro` application in the existing domain.
```
aws sagemaker create-app \
--region region
--domain-id domainId \
--user-profile-name domain-shared \
--app-type RStudioServerPro \
--app-name default
```
Your `RStudioServerPro` application is now updated to version `2025.05.1+513.pro3`. You can now relaunch your `RSessionGateway` applications.
# Downgrade to a previous version
You can manually downgrade the version of your existing RStudio application to the `2024.04.2+764.pro1` version.
**To downgrade to a previous version**
1. Delete the `RStudioServerPro` application that's associated with your existing domain. For information about how to find your domain ID, see [View domains](domain-view.md).
```
aws sagemaker delete-app \
--domain-id domainId \
--user-profile-name domain-shared \
--app-type RStudioServerPro \
--app-name default
```
1. Pass the corresponding `2024.04.2+764.pro1` ARN for your Region as part of the `update-domain` command. For a list of all available ARNs, see [Versioning](rstudio-version.md#rstudio-version-new). You must also pass an execution role ARN for the domain that provides permissions to update the domain.
```
aws sagemaker update-domain \
--region region \
--domain-id domainId \
--domain-settings-for-update "{\"RStudioServerProDomainSettingsForUpdate\":{\"DefaultResourceSpec\": {\"SageMakerImageArn\": \"arn-for-2024.04.2+764.pro1-version\", \"InstanceType\": \"system\"}, \"DomainExecutionRoleArn\": \"execution-role-arn\"}}"
```
1. Create a new `RStudioServerPro` application in the existing domain. The RStudio version defaults to `2024.04.2+764.pro1`.
```
aws sagemaker create-app \
--domain-id domainId \
--user-profile-name domain-shared \
--app-type RStudioServerPro \
--app-name default
```
Your `RStudioServerPro` application is now downgraded to version `2024.04.2+764.pro1`.
# Network and Storage
The following topic describes network access and data storage considerations for your RStudio instance. For general information about network access and data storage when using Amazon SageMaker AI, see [Data Protection in Amazon SageMaker AI](data-protection.md).
**Amazon EFS volume**
RStudio on Amazon SageMaker AI shares an Amazon EFS volume with the Amazon SageMaker Studio Classic application in the domain. When the RStudio application is added to a domain, SageMaker AI creates a folder named `shared` in the Amazon EFS directory. If this `shared` folder is deleted or changed manually, then the RStudio application may no longer function. For more information about the Amazon EFS volume, see [Manage Your Amazon EFS Storage Volume in Amazon SageMaker Studio Classic](studio-tasks-manage-storage.md).
**Installed packages and scripts**
Packages that you install from within RStudio are scoped to the user profile level. This means that the installed package persists through RSession shut down, restarts, and across RSessions for each user profile that they are installed in. R Scripts that are saved in RSessions behave the same way. Both packages and R Scripts are saved in the user's Amazon EFS volume.
**Encryption**
RStudio on Amazon SageMaker AI supports encryption at rest.
**Use RStudio in VPC-only mode**
RStudio on Amazon SageMaker AI supports [AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-overview.html) integration. With this integration, you can use RStudio on SageMaker AI in VPC-only mode without direct access to the internet. When you use RStudio in VPC-only mode, your security groups are automatically managed by the service. This includes connectivity between your RServer and your RSessions.
The following are required to use RStudio in VPC-only mode. For more information on selecting a VPC, see [Choose an Amazon VPC](onboard-vpc.md).
+ A private subnet with either access the internet to make a call to Amazon SageMaker AI & License Manager, or Amazon Virtual Private Cloud (Amazon VPC) endpoints for both Amazon SageMaker AI & License Manager.
+ The domain cannot have any more than two associated Security Groups.
+ A Security Group ID for use with the domain in domain Settings. This must allow all outbound access.
+ A Security Group ID for use with the Amazon VPC endpoint. This security group must allow inbound traffic from the domain Security Group ID.
+ Amazon VPC Endpoint for `sagemaker.api` and AWS License Manager. This must be in the same Amazon VPC as the private subnet.
# RStudioServerPro instance type
When deciding which Amazon EC2 instance type to use for your RStudioServerPro app, the main factor to consider is bandwidth. Bandwidth is important because the RStudioServerPro instance is responsible for serving the RStudio UI to all users. This includes UI heavy workflows, such as generating figures, animations, and displaying many data rows. Therefore, there may be some UI performance degradation depending on the workload across all users. The following are the available instance types to use for your RStudioServerPro. For pricing information about these instances, see [Amazon SageMaker Pricing](https://aws.amazon.com/sagemaker/pricing/).
+ `system`: This instance type is recommended for Domains with low UI use.
**Note**
The `system` value is translated to `ml.t3.medium`.
+ `ml.c5.4xlarge`: This instance type is recommended for Domains with moderate UI use.
+ `ml.c5.9xlarge`: This instance type is recommended for Domains with heavy UI use.
**Changing RStudio instance type**
To change the instance type of your RStudioServerPro, pass the new instance type as part of a call to the `update-domain` CLI command. You then need to delete the existing RStudioServerPro app using the `delete-app` CLI command and create a new RStudioServerPro app using the `create-app` CLI command.
# Add an RStudio Connect URL
RStudio Connect is a publishing platform for Shiny applications, R Markdown reports, dashboards, plots, and more. RStudio Connect makes it easy to surface machine learning and data science insights by making hosting content simple and scalable. If you have an RStudio Connect server, then you can set the server as the default place where apps are published. For more information about RStudio Connect, see [RStudio Connect](https://www.rstudio.com/products/connect/).
When you onboard to RStudio on Amazon SageMaker AI domain, an RStudio Connect server is not created. You can create an RStudio Connect server on an Amazon EC2 instance to use Connect with Amazon SageMaker AI domain. For information about how to set up your RStudio Connect server, see [Host RStudio Connect and Package Manager for ML development in RStudio on Amazon SageMaker AI](https://aws.amazon.com/blogs/machine-learning/host-rstudio-connect-and-package-manager-for-ml-development-in-rstudio-on-amazon-sagemaker/).
**Add an RStudio Connect URL**
If you have an RStudio Connect URL, you can update the default URL so that your RStudio Users can publish to it.
1. Navigate to the **domains** page.
1. Select the desired domain.
1. Choose **domain Settings**.
1. Under **General Settings**, select **Edit**.
1. From the new page, select **RStudio Settings** on the left side.
1. Under **RStudio Connect URL**, enter the RStudio Connect URL to add.
1. Select **Submit**.
**CLI**
You can set a default RStudio Connect URL when you create your domain. The only way to update your RStudio Connect URL from the AWS CLI is to delete your domain and create a new one with the updated RStudio Connect URL.
# Update the RStudio Package Manager URL
RStudio Package Manager is a repository management server used to organize and centralize packages across your organization. For more information on RStudio Package Manager, see [RStudio Package Manager](https://www.rstudio.com/products/package-manager/). If you don't supply your own Package Manager URL, Amazon SageMaker AI domain uses the default Package Manager repository when you onboard RStudio following the steps in [Amazon SageMaker AI domain overview](gs-studio-onboard.md). For more information, see [Host RStudio Connect and Package Manager for ML development in RStudio on Amazon SageMaker AI](https://aws.amazon.com/blogs/machine-learning/host-rstudio-connect-and-package-manager-for-ml-development-in-rstudio-on-amazon-sagemaker/). The following procedure shows how to update the Package Manager URL.
**Update Package Manager URL**
You can update the Package Manager URL used for your RStudio-enabled domain as follows.
1. Navigate to the **domains** page.
1. Select the desired domain.
1. Choose **domain Settings**.
1. Under **General Settings**, select **Edit**.
1. From the new page, select **RStudio Settings** on the left side.
1. Under **RStudio Package Manager**, enter your RStudio Package Manager URL.
1. Select **Submit**.
**CLI**
The only way to update your Package Manager URL from the AWS CLI is to delete your domain and create a new one with the updated Package Manager URL.
# Create an Amazon SageMaker AI domain with RStudio using the AWS CLI
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
The following topic shows how to onboard to Amazon SageMaker AI domain with RStudio enabled using the AWS CLI. To onboard using the AWS Management Console, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
## Prerequisites
+ Install and configure [AWS CLI version 2](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
+ Configure the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config) with IAM credentials
## Create `DomainExecution` role
To launch the RStudio App, you must provide a `DomainExecution` role. This role is used to determine whether RStudio needs to be launched as part of Amazon SageMaker AI domain creation. This role is also used by Amazon SageMaker AI to access the RStudio License and push RStudio logs.
**Note**
The `DomainExecution` role should have at least AWS License Manager permissions to access RStudio License, and CloudWatch permissions to push logs in your account.
The following procedure shows how to create the `DomainExecution` role with the AWS CLI.
1. Create a file named `assume-role-policy.json` with the following content.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"sagemaker.amazonaws.com"
]
}
}
]
}
```
------
1. Create the `DomainExecution` role. `` should be the AWS Region to launch your domain in.
```
aws iam create-role --region --role-name DomainExecution --assume-role-policy-document file://assume-role-policy.json
```
1. Create a file named `domain-setting-policy.json` with the following content. This policy allows the RStudioServerPro app to access necessary resources and allows Amazon SageMaker AI to automatically launch an RStudioServerPro app when the existing RStudioServerPro app is in a `Deleted` or `Failed` status.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"license-manager:ExtendLicenseConsumption",
"license-manager:ListReceivedLicenses",
"license-manager:GetLicense",
"license-manager:CheckoutLicense",
"license-manager:CheckInLicense",
"logs:CreateLogDelivery",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogDelivery",
"logs:Describe*",
"logs:GetLogDelivery",
"logs:GetLogEvents",
"logs:ListLogDeliveries",
"logs:PutLogEvents",
"logs:PutResourcePolicy",
"logs:UpdateLogDelivery",
"sagemaker:CreateApp"
],
"Resource": "*"
}
]
}
```
------
1. Create the domain setting policy that is attached to the `DomainExecution` role. Be aware of the `PolicyArn` from the response, you will need to enter that ARN in the following steps.
```
aws iam create-policy --region --policy-name domain-setting-policy --policy-document file://domain-setting-policy.json
```
1. Attach `domain-setting-policy` to the `DomainExecution` role. Use the `PolicyArn` returned in the previous step.
```
aws iam attach-role-policy --role-name DomainExecution --policy-arn
```
## Create Amazon SageMaker AI domain with RStudio App
The RStudioServerPro app is launched automatically when you create a Amazon SageMaker AI domain using the `create-domain` CLI command with the `RStudioServerProDomainSettings` parameter specified. When launching the RStudioServerPro App, Amazon SageMaker AI checks for a valid RStudio license in the account and fails domain creation if the license is not found.
The creation of a Amazon SageMaker AI domain differs based on the authentication method and the network type. These options must be used together, with one authentication method and one network connection type selected. For more information about the requirements to create a new domain, see [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html).
The following authentication methods are supported.
+ `IAM Auth`
+ `SSO Auth`
The following network connection types are supported:
+ `PublicInternet`
+ `VPCOnly`
### Authentication methods
**IAM Auth Mode**
The following shows how to create a Amazon SageMaker AI domain with RStudio enabled and an `IAM Auth` Network Type. For more information about AWS Identity and Access Management, see [What is IAM?](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html).
+ `DomainExecutionRoleArn` should be the ARN for the role created in the previous step.
+ `ExecutionRole` is the ARN of the role given to users in the Amazon SageMaker AI domain.
+ `vpc-id` should be the ID of your Amazon Virtual Private Cloud. `subnet-ids` should be a space-separated list of subnet IDs. For information about `vpc-id` and `subnet-ids`, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html).
+ `RStudioPackageManagerUrl` and `RStudioConnectUrl` are optional and should be set to the URLs of your RStudio Package Manager and RStudio Connect server, respectively.
+ `app-network-access-type` should be either `PublicInternetOnly` or `VPCOnly`.
```
aws sagemaker create-domain --region --domain-name \
--auth-mode IAM \
--default-user-settings ExecutionRole= \
--domain-settings RStudioServerProDomainSettings={RStudioPackageManagerUrl=<,RStudioConnectUrl=<,DomainExecutionRoleArn=} \
--vpc-id \
--subnet-ids \
--app-network-access-type
```
**Authentication using IAM Identity Center**
The following shows how to create a Amazon SageMaker AI domain with RStudio enabled and an `SSO Auth` Network Type. AWS IAM Identity Center must be enabled for the region that the domain is launched on. For more information about IAM Identity Center, see [What is AWS IAM Identity Center?](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html).
+ `DomainExecutionRoleArn` should be the ARN for the role created in the previous step.
+ `ExecutionRole` is the ARN of the role given to users in the Amazon SageMaker AI domain.
+ `vpc-id` should be the ID of your Amazon Virtual Private Cloud. `subnet-ids` should be a space-separated list of subnet IDs. For information about `vpc-id` and `subnet-ids`, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html).
+ `RStudioPackageManagerUrl` and `RStudioConnectUrl` are optional and should be set to the URLs of your RStudio Package Manager and RStudio Connect server, respectively.
+ `app-network-access-type` should be either `PublicInternetOnly` or `VPCOnly`.
```
aws sagemaker create-domain --region --domain-name \
--auth-mode SSO \
--default-user-settings ExecutionRole= \
--domain-settings RStudioServerProDomainSettings={RStudioPackageManagerUrl=<,RStudioConnectUrl=<,DomainExecutionRoleArn=} \
--vpc-id \
--subnet-ids \
--app-network-access-type
```
### Connection types
**PublicInternet/Direct Internet network type**
The following shows how to create a Amazon SageMaker AI domain with RStudio enabled and a `PublicInternet` Network Type.
+ `DomainExecutionRoleArn` should be the ARN for the role created in the previous step.
+ `ExecutionRole` is the ARN of the role given to users in the Amazon SageMaker AI domain.
+ `vpc-id` should be the ID of your Amazon Virtual Private Cloud. `subnet-ids` should be a space-separated list of subnet IDs. For information about `vpc-id` and `subnet-ids`, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html).
+ `RStudioPackageManagerUrl` and `RStudioConnectUrl` are optional and should be set to the URLs of your RStudio Package Manager and RStudio Connect server, respectively.
+ `auth-mode` should be either `SSO` or `IAM`.
```
aws sagemaker create-domain --region --domain-name \
--auth-mode \
--default-user-settings ExecutionRole= \
--domain-settings RStudioServerProDomainSettings={RStudioPackageManagerUrl=<,RStudioConnectUrl=<,DomainExecutionRoleArn=} \
--vpc-id \
--subnet-ids \
--app-network-access-type PublicInternetOnly
```
**VPCOnly mode**
The following shows how to launch a Amazon SageMaker AI domain with RStudio enabled and a `VPCOnly` Network Type. For more information about using the `VPCOnly` network access type, see [Connect Studio notebooks in a VPC to external resources](studio-notebooks-and-internet-access.md).
+ `DomainExecutionRoleArn` should be the ARN for the role created in the previous step.
+ `ExecutionRole` is the ARN of the role given to users in the Amazon SageMaker AI domain.
+ `vpc-id` should be the ID of your Amazon Virtual Private Cloud. `subnet-ids` should be a space-separated list of subnet IDs. Your private subnet must be able to either access the internet to make a call to Amazon SageMaker AI, and AWS License Manager or have Amazon VPC endpoints for both Amazon SageMaker AI and AWS License Manager. For information about Amazon VPC endpoints, see [Interface Amazon VPC endpoints ](https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html)For information about `vpc-id` and `subnet-ids`, see [VPCs and subnets](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html).
+ `SecurityGroups` must allow outbound access to the Amazon SageMaker AI and AWS License Manager endpoints.
+ `auth-mode` should be either `SSO` or `IAM`.
**Note**
When using Amazon Virtual Private Cloud endpoints, the security group attached to your Amazon Virtual Private Cloud endpoints must allow inbound traffic from the security group you pass as part of the `domain-setting` parameter of the `create-domain` CLI call.
With RStudio, Amazon SageMaker AI manages security groups for you. This means that Amazon SageMaker AI manages security group rules to ensure RSessions can access RStudioServerPro Apps. Amazon SageMaker AI creates one security group rule per user profile.
```
aws sagemaker create-domain --region --domain-name \
--auth-mode \
--default-user-settings SecurityGroups=,ExecutionRole= \
--domain-settings SecurityGroupIds=,RStudioServerProDomainSettings={DomainExecutionRoleArn=} \
--vpc-id \
--subnet-ids "" \
--app-network-access-type VPCOnly --app-security-group-management Service
```
Note: The RStudioServerPro app is launched by a special user profile named `domain-shared`. As a result, this app is not returned as part of `list-app` API calls by any other user profiles.
You may have to increase the Amazon VPC quota in your account to increase the number of users. For more information, see [Amazon VPC quotas](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-security-groups).
## Verify domain creation
Use the following command to verify that your domain has been created with a `Status` of `InService`. Your `domain-id` is appended to the domains ARN. For example, `arn:aws:sagemaker:::domain/`.
```
aws sagemaker describe-domain --domain-id --region
```
# Add RStudio support to an existing domain
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
If you have added an RStudio License through AWS License Manager, you can create a new Amazon SageMaker AI domain with support for RStudio on SageMaker AI. If you have an existing domain that does not support RStudio, you can add RStudio support to that domain without having to delete and recreate the domain.
The following topic outlines how to add this support.
## Prerequisites
You must complete the following steps before you update your current domain to add support for RStudio on SageMaker AI.
+ Install and configure [AWS CLI version 2](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
+ Configure the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config) with IAM credentials
+ Create a domain execution role following the steps in [Create a SageMaker AI Domain with RStudio using the AWS CLI](https://docs.aws.amazon.com/sagemaker/latest/dg/rstudio-create-cli.html#rstudio-create-cli-domainexecution). This domain-level IAM role is required by the RStudioServerPro app. The role requires access to AWS License Manager for verifying a valid Posit Workbench license and Amazon CloudWatch Logs for publishing server logs.
+ Bring your RStudio license to AWS License Manager following the steps in [RStudio license](https://docs.aws.amazon.com/sagemaker/latest/dg/rstudio-license.html).
+ (Optional) If you want to use RStudio in `VPCOnly` mode, complete the steps in [RStudio in VPC-Only](https://docs.aws.amazon.com/sagemaker/latest/dg/rstudio-network.html).
+ Ensure that the security groups you have configured for each [UserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html) in your domain meet the account-level quotas. When configuring the default user profile during domain creation, you can use the `DefaultUserSettings` parameter of the [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html) API to add `SecurityGroups` that are inherited by all the user profiles created in the domain. You can also provide additional security groups for a specific user as part of the `UserSettings` parameter of the [CreateUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateUserProfile.html) API. If you have added security groups this way, you must ensure that the total number of security groups per user profile doesn’t exceed the maximum quota of 2 in `VPCOnly` mode and 4 in `PublicInternetOnly` mode. If the resulting total number of security groups for any user profile exceeds the quota, you can combine multiple security groups’ rules into one security group.
## Add RStudio support to an existing domain
After you have completed the prerequisites, you can add RStudio support to your existing domain. The following steps outline how to update your existing domain to add support for RStudio.
### Step 1: Delete all apps in the domain
To add support for RStudio in your domain, SageMaker AI must update the underlying security groups for all existing user profiles. To complete this, you must delete and recreate all existing apps in the domain. The following procedure shows how to delete all of the apps.
1. List all of the apps in the domain.
```
aws sagemaker \
list-apps \
--domain-id-equals
```
1. Delete each app for each user profile in the domain.
```
// JupyterServer apps
aws sagemaker \
delete-app \
--domain-id \
--user-profile-name \
--app-type JupyterServer \
--app-name
// KernelGateway apps
aws sagemaker \
delete-app \
--domain-id \
--user-profile-name \
--app-type KernelGateway \
--app-name
```
### Step 2 - Update all user profiles with the new list of security groups
This is a one-time action that you must complete for all of the existing user profiles in your domain when you have refactored your existing security groups. This prevents you from hitting the quota for the maximum number of security groups. The `UpdateUserProfile` API call fails if the user has any apps that are in [InService](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_DescribeApp.html#sagemaker-DescribeApp-response-Status) status. Delete all apps, then call `UpdateUserProfile` API to update the security groups.
**Note**
The following requirement for `VPCOnly` mode outlined in [Connect Amazon SageMaker Studio Classic Notebooks in a VPC to External Resources](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-and-internet-access.html#studio-notebooks-and-internet-access-vpc-only) is no longer needed when adding RStudio support because `AppSecurityGroupManagement` is managed by the SageMaker AI service:
“[TCP traffic within the security group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-other-instances). This is required for connectivity between the JupyterServer app and the KernelGateway apps. You must allow access to at least ports in the range `8192-65535`.”
```
aws sagemaker \
update-user-profile \
--domain-id \
--user-profile-name \
--user-settings "{\"SecurityGroups\": [\"\", \"\"]}"
```
### Step 3 - Activate RStudio by calling the UpdateDomain API
1. Call the [UpdateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateDomain.html) API to add support for RStudio on SageMaker AI. The `defaultusersettings` parameter is only needed if you have refactored the default security groups for your user profiles.
+ For `VPCOnly` mode:
```
aws sagemaker \
update-domain \
--domain-id \
--app-security-group-management Service \
--domain-settings-for-update RStudioServerProDomainSettingsForUpdate={DomainExecutionRoleArn=} \
--default-user-settings "{\"SecurityGroups\": [\"\", \"\"]}"
```
+ For `PublicInternetOnly` mode:
```
aws sagemaker \
update-domain \
--domain-id \
--domain-settings-for-update RStudioServerProDomainSettingsForUpdate={DomainExecutionRoleArn=} \
--default-user-settings "{\"SecurityGroups\": [\"\", \"\"]}"
```
1. Verify that the domain status is `InService`. After the domain status is `InService`, support for RStudio on SageMaker AI is added.
```
aws sagemaker \
describe-domain \
--domain-id
```
1. Verify that the RStudioServerPro app’s status is `InService` using the following command.
```
aws sagemaker list-apps --user-profile-name domain-shared
```
### Step 4 - Add RStudio access for existing users
As part of the update in Step 3, SageMaker AI marks the RStudio [AccessStatus](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_RStudioServerProAppSettings.html#sagemaker-Type-RStudioServerProAppSettings-AccessStatus) of all existing user profiles in the domain as `DISABLED` by default. This prevents exceeding the number of users allowed by your current license. To add access for existing users, there is a one-time opt-in step. Perform the opt-in by calling the [UpdateUserProfile](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UpdateUserProfile.html) API with the following [RStudioServerProAppSettings](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_UserSettings.html#sagemaker-Type-UserSettings-RStudioServerProAppSettings):
+ `AccessStatus` = `ENABLED`
+ *Optional* - `UserGroup` = `R_STUDIO_USER` or `R_STUDIO_ADMIN`
```
aws sagemaker \
update-user-profile \
--domain-id \
--user-profile-name \
--user-settings "{\"RStudioServerProAppSettings\": {\"AccessStatus\": \"ENABLED\"}}"
```
**Note**
By default, the number of users that can have access to RStudio is 60.
### Step 5 – Deactivate RStudio access for new users
Unless otherwise specified when calling `UpdateDomain`, RStudio support is added by default for all new user profiles created after you have added support for RStudio on SageMaker AI. To deactivate access for a new user profile, you must explicitly set the `AccessStatus` parameter to `DISABLED` as part of the `CreateUserProfile` API call. If the `AccessStatus` parameter is not specified as part of the `CreateUserProfile` API, the default access status is `ENABLED`.
```
aws sagemaker \
create-user-profile \
--domain-id \
--user-profile-name \
--user-settings "{\"RStudioServerProAppSettings\": {\"AccessStatus\": \"DISABLED\"}}"
```
# Custom images with RStudio on SageMaker AI
A SageMaker image is a file that identifies language packages and other dependencies that are required to run RStudio on Amazon SageMaker AI. SageMaker AI uses these images to create an environment where you run RStudio. Amazon SageMaker AI provides a built-in RStudio image for you to use. If you need different functionality, you can bring your own custom images. This page gives information about key concepts for using custom images with RStudio on SageMaker AI. The process to bring your own image to use with RStudio on SageMaker AI takes three steps:
1. Build a custom image from a Dockerfile and push it to a repository in Amazon Elastic Container Registry (Amazon ECR).
1. Create a SageMaker image that points to a container image in Amazon ECR and attach it to your Amazon SageMaker AI domain.
1. Launch a new session in RStudio with your custom image.
You can create images and image versions, and attach image versions to your domain, using the SageMaker AI control panel, the [AWS SDK for Python (Boto3)](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sagemaker.html), and the [AWS Command Line Interface (AWS CLI)](https://docs.aws.amazon.com/cli/latest/reference/sagemaker/). You can also create images and image versions using the SageMaker AI console, even if you haven't onboarded to a domain.
The following topics show how to bring your own image to RStudio on SageMaker AI by creating, attaching, and launching a custom image.
## Key terminology
The following section defines key terms for bringing your own image to use with RStudio on SageMaker AI.
+ **Dockerfile:** A Dockerfile is a file that identifies the language packages and other dependencies for your Docker image.
+ **Docker image:** The Docker image is a built Dockerfile. This image is checked into Amazon ECR and serves as the basis of the SageMaker AI image.
+ **SageMaker image:** A SageMaker image is a holder for a set of SageMaker image versions based on Docker images.
+ **Image version:** An image version of a SageMaker image represents a Docker image that is compatible with RStudio and stored in an Amazon ECR repository. Each image version is immutable. These image versions can be attached to a domain and used with RStudio on SageMaker AI.
# Complete prerequisites
You must complete the following prerequisites before bringing your own image to use with RStudio on Amazon SageMaker AI.
+ If you have an existing domain with RStudio that was created before April 7, 2022, you must delete your RStudioServerPro application and recreate it. For information about how to delete an application, see [Shut Down and Update Amazon SageMaker Studio Classic](studio-tasks-update-studio.md).
+ Install the Docker application. For information about setting up Docker, see [Orientation and setup](https://docs.docker.com/get-started/).
+ Create a local copy of an RStudio-compatible Dockerfile that works with SageMaker AI. For information about creating a sample RStudio dockerfile, see [Use a custom image to bring your own development environment to RStudio on Amazon SageMaker AI](https://aws.amazon.com/blogs/machine-learning/use-a-custom-image-to-bring-your-own-development-environment-to-rstudio-on-amazon-sagemaker/).
+ Use an AWS Identity and Access Management execution role that has the [AmazonSageMakerFullAccess](https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/AmazonSageMakerFullAccess) policy attached. If you have onboarded to domain, you can get the role from the **domain Summary** section of the SageMaker AI control panel.
Add the following permissions to access the Amazon Elastic Container Registry (Amazon ECR) service to your execution role.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement":[
{
"Sid": "VisualEditor0",
"Effect":"Allow",
"Action":[
"ecr:CreateRepository",
"ecr:BatchGetImage",
"ecr:CompleteLayerUpload",
"ecr:DescribeImages",
"ecr:DescribeRepositories",
"ecr:UploadLayerPart",
"ecr:ListImages",
"ecr:InitiateLayerUpload",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage"
],
"Resource": "*"
}
]
}
```
------
+ Install and configure AWS CLI with the following (or higher) version. For information about installing the AWS CLI, see [Installing or updating the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
```
AWS CLI v1 >= 1.23.6
AWS CLI v2 >= 2.6.2
```
# Custom RStudio image specifications
In this guide, you'll learn custom RStudio image specifications to use when you bring your own image. There are two sets of requirements that you must satisfy with your custom RStudio image to use it with Amazon SageMaker AI. These requirements are imposed by RStudio PBC and the Amazon SageMaker Studio Classic platform. If either of these sets of requirements aren't satisfied, then your custom image won't function properly.
## RStudio PBC requirements
RStudio PBC requirements are laid out in the [Using Docker images with RStudio Workbench / RStudio Server Pro, Launcher, and Kubernetes](https://support.rstudio.com/hc/en-us/articles/360019253393-Using-Docker-images-with-RStudio-Server-Pro-Launcher-and-Kubernetes) article. Follow the instructions in this article to create the base of your custom RStudio image.
For instructions about how to install multiple R versions in your custom image, see [Installing multiple versions of R on Linux](https://support.rstudio.com/hc/en-us/articles/215488098).
## Amazon SageMaker Studio Classic requirements
Amazon SageMaker Studio Classic imposes the following set of installation requirements for your RStudio image.
+ You must use an RStudio base image of at least `2025.05.1+513.pro3`. For more information, see [RStudio Versioning](rstudio-version.md).
+ You must install the following packages:
```
yum install -y sudo \
openjdk-11-jdk \
libpng-dev \
&& yum clean all \
&& /opt/R/${R_VERSION}/bin/R -e "install.packages('reticulate', repos='https://packagemanager.rstudio.com/cran/__linux__/centos7/latest')" \
&& /opt/python/${PYTHON_VERSION}/bin/pip install --upgrade \
'boto3>1.0<2.0' \
'awscli>1.0<2.0' \
'sagemaker[local]<3'
```
+ You must provide default values for the `RSTUDIO_CONNECT_URL` and `RSTUDIO_PACKAGE_MANAGER_URL` environment values.
```
ENV RSTUDIO_CONNECT_URL "YOUR_CONNECT_URL"
ENV RSTUDIO_PACKAGE_MANAGER_URL "YOUR_PACKAGE_MANAGER_URL"
ENV RSTUDIO_FORCE_NON_ZERO_EXIT_CODE 1
```
The following general specifications apply to the image that is represented by an RStudio image version.
**Running the image**
`ENTRYPOINT` and `CMD` instructions are overridden so that the image is run as an RSession application.
**Stopping the image**
The `DeleteApp` API issues the equivalent of a `docker stop` command. Other processes in the container won’t get the SIGKILL/SIGTERM signals.
**File system**
The `/opt/.sagemakerinternal` and `/opt/ml` directories are reserved. Any data in these directories might not be visible at runtime.
**User data**
Each user in a SageMaker AI domain gets a user directory on a shared Amazon Elastic File System volume in the image. The location of the current user’s directory on the Amazon Elastic File System volume is `/home/sagemaker-user`.
**Metadata**
A metadata file is located at `/opt/ml/metadata/resource-metadata.json`. No additional environment variables are added to the variables defined in the image. For more information, see [Get App Metadata](notebooks-run-and-manage-metadata.md#notebooks-run-and-manage-metadata-app).
**GPU**
On a GPU instance, the image is run with the `--gpus` option. Only the CUDA toolkit should be included in the image, not the NVIDIA drivers. For more information, see [NVIDIA User Guide](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/user-guide.html).
**Metrics and logging**
Logs from the RSession process are sent to Amazon CloudWatch in the customer’s account. The name of the log group is `/aws/sagemaker/studio`. The name of the log stream is `$domainID/$userProfileName/RSession/$appName`.
**Image size**
Image size is limited to 25 GB. To view the size of your image, run `docker image ls`.
# Create a custom RStudio image
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
This topic describes how you can create a custom RStudio image using the SageMaker AI console and the AWS CLI. If you use the AWS CLI, you must run the steps from your local machine. The following steps do not work from within Amazon SageMaker Studio Classic.
When you create an image, SageMaker AI also creates an initial image version. The image version represents a container image in [Amazon Elastic Container Registry (ECR)](https://console.aws.amazon.com/ecr/). The container image must satisfy the requirements to be used in RStudio. For more information, see [Custom RStudio image specifications](rstudio-byoi-specs.md).
For information about testing your image locally and resolving common issues, see the [SageMaker Studio Custom Image Samples repo](https://github.com/aws-samples/sagemaker-studio-custom-image-samples/blob/main/DEVELOPMENT.md).
**Topics**
+ [
## Add a SageMaker AI-compatible RStudio Docker container image to Amazon ECR
](#rstudio-byoi-sdk-add-container-image)
+ [
## Create a SageMaker image from the console
](#rstudio-byoi-create-console)
+ [
## Create an image from the AWS CLI
](#rstudio-byoi-create-cli)
## Add a SageMaker AI-compatible RStudio Docker container image to Amazon ECR
Use the following steps to add a Docker container image to Amazon ECR:
+ Create an Amazon ECR repository.
+ Authenticate to Amazon ECR.
+ Build a SageMaker AI-compatible RStudio Docker image.
+ Push the image to the Amazon ECR repository.
**Note**
The Amazon ECR repository must be in the same AWS Region as your domain.
**To build and add a Docker image to Amazon ECR**
1. Create an Amazon ECR repository using the AWS CLI. To create the repository using the Amazon ECR console, see [Creating a repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html).
```
aws ecr create-repository \
--repository-name rstudio-custom \
--image-scanning-configuration scanOnPush=true
```
Response:
```
{
"repository": {
"repositoryArn": "arn:aws:ecr:us-east-2:acct-id:repository/rstudio-custom",
"registryId": "acct-id",
"repositoryName": "rstudio-custom",
"repositoryUri": "acct-id.dkr.ecr.us-east-2.amazonaws.com/rstudio-custom",
...
}
}
```
1. Authenticate to Amazon ECR using the repository URI returned as a response from the `create-repository` command. Make sure that the Docker application is running. For more information, see [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth).
```
aws ecr get-login-password | \
docker login --username AWS --password-stdin
```
Response:
```
Login Succeeded
```
1. Build the Docker image. Run the following command from the directory that includes your Dockerfile.
```
docker build .
```
1. Tag your built image with a unique tag.
```
docker tag ":"
```
1. Push the container image to the Amazon ECR repository. For more information, see [ImagePush](https://docs.docker.com/engine/api/v1.40/#operation/ImagePush) and [Pushing an image](https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-push-ecr-image.html).
```
docker push :
```
Response:
```
The push refers to repository [.dkr.ecr.us-east-2.amazonaws.com/rstudio-custom]
r: digest: size: 3066
```
## Create a SageMaker image from the console
**To create an image**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **Images**.
1. On the **Custom images** page, choose **Create image**.
1. For **Image source**, enter the registry path to the container image in Amazon ECR. The path is in the following format:
` acct-id.dkr.ecr.region.amazonaws.com/repo-name[:tag] or [@digest] `
1. Choose **Next**.
1. Under **Image properties**, enter the following:
+ Image name – The name must be unique to your account in the current AWS Region.
+ (Optional) Image display name – The name displayed in the domain user interface. When not provided, `Image name` is displayed.
+ (Optional) Description – A description of the image.
+ IAM role – The role must have the [AmazonSageMakerFullAccess](https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/AmazonSageMakerFullAccess) policy attached. Use the dropdown menu to choose one of the following options:
+ Create a new role – Specify any additional Amazon Simple Storage Service (Amazon S3) buckets that you want your notebooks users to access. If you don't want to allow access to additional buckets, choose **None**.
SageMaker AI attaches the `AmazonSageMakerFullAccess` policy to the role. The role allows your notebook users to access the Amazon S3 buckets listed next to the check marks.
+ Enter a custom IAM role ARN – Enter the Amazon Resource Name (ARN) of your IAM role.
+ Use existing role – Choose one of your existing roles from the list.
+ (Optional) Image tags – Choose **Add new tag**. You can add up to 50 tags. Tags are searchable using the SageMaker AI console or the SageMaker AI `Search` API.
1. Under **Image type**, select RStudio image.
1. Choose **Submit**.
The new image is displayed in the **Custom images** list and briefly highlighted. After the image has been successfully created, you can choose the image name to view its properties or choose **Create version** to create another version.
**To create another image version**
1. Choose **Create version** on the same row as the image.
1. For **Image source**, enter the registry path to the Amazon ECR image. The image shouldn't be the same image as used in a previous version of the SageMaker AI image.
To use the custom image in RStudio, you must attach it to your domain. For more information, see [Attach a custom SageMaker image](rstudio-byoi-attach.md).
## Create an image from the AWS CLI
This section shows how to create a custom Amazon SageMaker image using the AWS CLI.
Use the following steps to create a SageMaker image:
+ Create an `Image`.
+ Create an `ImageVersion`.
+ Create a configuration file.
+ Create an `AppImageConfig`.
**To create the SageMaker image entities**
1. Create a SageMaker image. The role ARN must have at least the `AmazonSageMakerFullAccessPolicy` policy attached.
```
aws sagemaker create-image \
--image-name rstudio-custom-image \
--role-arn arn:aws:iam:::role/service-role/
```
Response:
```
{
"ImageArn": "arn:aws:sagemaker:us-east-2:acct-id:image/rstudio-custom-image"
}
```
1. Create a SageMaker image version from the image. Pass the unique tag value that you chose when you pushed the image to Amazon ECR.
```
aws sagemaker create-image-version \
--image-name rstudio-custom-image \
--base-image :
```
Response:
```
{
"ImageVersionArn": "arn:aws:sagemaker:us-east-2:acct-id:image-version/rstudio-image/1"
}
```
1. Check that the image version was successfully created.
```
aws sagemaker describe-image-version \
--image-name rstudio-custom-image \
--version 1
```
Response:
```
{
"ImageVersionArn": "arn:aws:sagemaker:us-east-2:acct-id:image-version/rstudio-custom-image/1",
"ImageVersionStatus": "CREATED"
}
```
**Note**
If the response is `"ImageVersionStatus": "CREATED_FAILED"`, the response also includes the failure reason. A permissions issue is a common cause of failure. You also can check your Amazon CloudWatch Logs. The name of the log group is `/aws/sagemaker/studio`. The name of the log stream is `$domainID/$userProfileName/KernelGateway/$appName`.
1. Create a configuration file, named `app-image-config-input.json`. The app image config is used to configuration for running a SageMaker image as a Kernel Gateway application.
```
{
"AppImageConfigName": "rstudio-custom-config"
}
```
1. Create the AppImageConfig using the file that you created in the previous step.
```
aws sagemaker create-app-image-config \
--cli-input-json file://app-image-config-input.json
```
Response:
```
{
"AppImageConfigArn": "arn:aws:sagemaker:us-east-2:acct-id:app-image-config/r-image-config"
}
```
# Attach a custom SageMaker image
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
This guide shows how to attach a custom RStudio image to your Amazon SageMaker AI domain using the SageMaker AI console or the AWS Command Line Interface (AWS CLI).
To use a custom SageMaker image, you must attach a custom RStudio image to your domain. When you attach an image version, it appears in the RStudio Launcher and is available in the **Select image** dropdown list. You use the dropdown to change the image used by RStudio.
There is a limit to the number of image versions that you can attach. After you reach the limit, you must first detach a version so that you can attach a different version of the image.
**Topics**
+ [
## Attach an image version to your domain using the console
](#rstudio-byoi-attach-console)
+ [
## Attach an existing image version to your domain using the AWS CLI
](#rstudio-byoi-attach-cli)
## Attach an image version to your domain using the console
You can attach a custom SageMaker image version to your domain using the SageMaker AI console's control panel. You can also create a custom SageMaker image, and an image version, and then attach that version to your domain.
**To attach an existing image**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Select the desired domain.
1. Choose **Environment**.
1. Under **Custom SageMaker Studio Classic images attached to domain**, choose **Attach image**.
1. For **Image source**, choose **Existing image** or **New image**.
If you select **Existing image**, choose an image from the Amazon SageMaker image store.
If you select **New image**, provide the Amazon ECR registry path for your Docker image. The path must be in the same AWS Region as the domain. The Amazon ECR repo must be in the same account as your domain, or cross-account permissions for SageMaker AI must be enabled.
1. Choose an existing image from the list.
1. Choose a version of the image from the list.
1. Choose **Next**.
1. Enter values for **Image name**, **Image display name**, and **Description**.
1. Choose the IAM role. For more information, see [Create a custom RStudio image](rstudio-byoi-create.md).
1. (Optional) Add tags for the image.
1. (Optional) Choose **Add new tag**, then add a configuration tag.
1. For **Image type**, select **RStudio Image**.
1. Choose **Submit**.
Wait for the image version to be attached to the domain. After the version is attached, it appears in the **Custom images** list and is briefly highlighted.
## Attach an existing image version to your domain using the AWS CLI
Two methods are presented to attach the image version to your domain using the AWS CLI. In the first method, you create a new domain with the version attached. This method is simpler but you must specify the Amazon Virtual Private Cloud (Amazon VPC) information and execution role that's required to create the domain.
If you have already onboarded to the domain, you can use the second method to attach the image version to your current domain. In this case, you don't need to specify the Amazon VPC information and execution role. After you attach the version, delete all of the applications in your domain and relaunch RStudio.
### Attach the SageMaker image to a new domain
To use this method, you must specify an execution role that has the [AmazonSageMakerFullAccess](https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/AmazonSageMakerFullAccess) policy attached.
Use the following steps to create the domain and attach the custom SageMaker AI image:
+ Get your default VPC ID and subnet IDs.
+ Create the configuration file for the domain, which specifies the image.
+ Create the domain with the configuration file.
**To add the custom SageMaker image to your domain**
1. Get your default VPC ID.
```
aws ec2 describe-vpcs \
--filters Name=isDefault,Values=true \
--query "Vpcs[0].VpcId" --output text
```
Response:
```
vpc-xxxxxxxx
```
1. Get your default subnet IDs using the VPC ID from the previous step.
```
aws ec2 describe-subnets \
--filters Name=vpc-id,Values= \
--query "Subnets[*].SubnetId" --output json
```
Response:
```
[
"subnet-b55171dd",
"subnet-8a5f99c6",
"subnet-e88d1392"
]
```
1. Create a configuration file named `create-domain-input.json`. Insert the VPC ID, subnet IDs, `ImageName`, and `AppImageConfigName` from the previous steps. Because `ImageVersionNumber` isn't specified, the latest version of the image is used, which is the only version in this case. Your execution role must satisfy the requirements in [Complete prerequisites](rstudio-byoi-prerequisites.md).
```
{
"DomainName": "domain-with-custom-r-image",
"VpcId": "",
"SubnetIds": [
""
],
"DomainSettings": {
"RStudioServerProDomainSettings": {
"DomainExecutionRoleArn": ""
}
},
"DefaultUserSettings": {
"ExecutionRole": "",
"RSessionAppSettings": {
"CustomImages": [
{
"AppImageConfigName": "rstudio-custom-config",
"ImageName": "rstudio-custom-image"
}
]
}
},
"AuthMode": "IAM"
}
```
1. Create the domain with the attached custom SageMaker image.
```
aws sagemaker create-domain \
--cli-input-json file://create-domain-input.json
```
Response:
```
{
"DomainArn": "arn:aws:sagemaker:region:acct-id:domain/domain-id",
"Url": "https://domain-id.studio.region.sagemaker.aws/..."
}
```
### Attach the SageMaker image to an existing domain
This method assumes that you've already onboarded to domain. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md).
**Note**
You must delete all of the applications in your domain to update the domain with the new image version. For information about deleting these applications, see [Delete an Amazon SageMaker AI domain](gs-studio-delete-domain.md).
Use the following steps to add the SageMaker image to your current domain.
+ Get your `DomainID` from the SageMaker AI console.
+ Use the `DomainID` to get the `DefaultUserSettings` for the domain.
+ Add the `ImageName` and `AppImageConfig` as a `CustomImage` to the `DefaultUserSettings`.
+ Update your domain to include the custom image.
**To add the custom SageMaker image to your domain**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Select the desired domain.
1. Choose **domain settings**.
1. Under **General Settings**, find the **domain ID**. The ID is in the following format: `d-xxxxxxxxxxxx`.
1. Use the domain ID to get the description of the domain.
```
aws sagemaker describe-domain \
--domain-id
```
Response:
```
{
"DomainId": "d-xxxxxxxxxxxx",
"DefaultUserSettings": {
"KernelGatewayAppSettings": {
"CustomImages": [
],
...
}
}
}
```
1. Save the `DefaultUserSettings` section of the response to a file named `update-domain-input.json`.
1. Insert the `ImageName` and `AppImageConfigName` from the previous steps as a custom image. Because `ImageVersionNumber` isn't specified, the latest version of the image is used, which is the only version in this case.
```
{
"DefaultUserSettings": {
"RSessionAppSettings": {
"CustomImages": [
{
"ImageName": "rstudio-custom-image",
"AppImageConfigName": "rstudio-custom-config"
}
]
}
}
}
```
1. Use the domain ID and default user settings file to update your domain.
```
aws sagemaker update-domain \
--domain-id \
--cli-input-json file://update-domain-input.json
```
Response:
```
{
"DomainArn": "arn:aws:sagemaker:region:acct-id:domain/domain-id"
}
```
1. Delete the `RStudioServerPro` application. You must restart the `RStudioServerPro` domain-shared application for the RStudio Launcher UI to pick up the latest changes.
```
aws sagemaker delete-app \
--domain-id --user-profile-name domain-shared \
--app-type RStudioServerPro --app-name default
```
1. Create a new `RStudioServerPro` application. You must create this application using the AWS CLI.
```
aws sagemaker create-app \
--domain-id --user-profile-name domain-shared \
--app-type RStudioServerPro --app-name default
```
# Launch a custom SageMaker image in RStudio
You can use your custom image when launching an RStudio applicaton from the console. After you create your custom SageMaker image and attach it to your domain, the image appears in the image selector dialog box of the RStudio Launcher. To launch a new RStudio app, follow the steps in [Launch RSessions from the RStudio Launcher](rstudio-launcher.md) and select your custom image as shown in the following image.
![\[Screenshot of the RStudio launcher with image dropdown.\]](http://docs.aws.amazon.com/sagemaker/latest/dg/images/rstudio-launcher-custom.png)
# Clean up image resources
This guide shows how to clean up RStudio image resources that you created in the previous sections. To delete an image, complete the following steps using either the SageMaker AI console or the AWS CLI, as shown in this guide.
+ Detach the image and image versions from your Amazon SageMaker AI domain.
+ Delete the image, image version, and app image config.
After you've completed these steps, you can delete the container image and repository from Amazon ECR. For more information about how to delete the container image and repository, see [Deleting a repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-delete.html).
## Clean up resources from the SageMaker AI console
When you detach an image from a domain, all versions of the image are detached. When an image is detached, all users of the domain lose access to the image versions.
**To detach an image**
1. Open the Amazon SageMaker AI console at [https://console.aws.amazon.com/sagemaker/](https://console.aws.amazon.com/sagemaker/).
1. On the left navigation pane, choose **Admin configurations**.
1. Under **Admin configurations**, choose **domains**.
1. Select the desired domain.
1. Choose **Environment**.
1. Under **Custom images attached to domain**, choose the image and then choose **Detach**.
1. (Optional) To delete the image and all versions from SageMaker AI, select **Also delete the selected images ...**. This does not delete the associated images from Amazon ECR.
1. Choose **Detach**.
## Clean up resources from the AWS CLI
**To clean up resources**
1. Detach the image and image versions from your domain by passing an empty custom image list to the domain. Open the `update-domain-input.json` file that you created in [Attach the SageMaker image to your current domain](studio-byoi-attach.md#studio-byoi-sdk-attach-current-domain).
1. Delete the `RSessionAppSettings` custom images and then save the file. Do not modify the `KernelGatewayAppSettings` custom images.
```
{
"DomainId": "d-xxxxxxxxxxxx",
"DefaultUserSettings": {
"KernelGatewayAppSettings": {
"CustomImages": [
],
...
},
"RSessionAppSettings": {
"CustomImages": [
],
"DefaultResourceSpec": {
}
...
}
}
}
```
1. Use the domain ID and default user settings file to update your domain.
```
aws sagemaker update-domain \
--domain-id \
--cli-input-json file://update-domain-input.json
```
Response:
```
{
"DomainArn": "arn:aws:sagemaker:us-east-2:acct-id:domain/d-xxxxxxxxxxxx"
}
```
1. Delete the app image config.
```
aws sagemaker delete-app-image-config \
--app-image-config-name rstudio-image-config
```
1. Delete the SageMaker image, which also deletes all image versions. The container images in Amazon ECR that are represented by the image versions are not deleted.
```
aws sagemaker delete-image \
--image-name rstudio-image
```
# Create a user to use RStudio
**Important**
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see [Provide permissions for tagging SageMaker AI resources](security_iam_id-based-policy-examples.md#grant-tagging-permissions).
[AWS managed policies for Amazon SageMaker AI](security-iam-awsmanpol.md) that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
After your RStudio-enabled Amazon SageMaker AI domain is running, you can add user profiles (UserProfiles) to the domain. The following topics show how to create user profiles that are authorized to use RStudio, as well as update an existing user profile. For information on how to delete an RStudio App, UserProfile, or domain, follow the steps in [Delete an Amazon SageMaker AI domain](https://docs.aws.amazon.com/sagemaker/latest/dg/gs-studio-delete-domain.html).
**Note**
The limit for the total number of UserProfiles in a Amazon SageMaker AI domain is 60.
There are two types of users:
+ Unauthorized: This user cannot access the RStudio app.
+ Authorized: This user can access the RStudio app and use one of the RStudio license seats. By default, a new user is `Authorized` if the domain is enabled for RStudio.
Changing a user's authorization status is only valid from `Unauthorized` to `Authorized`. If a user is authorized, they can be given one of the following levels of access to RStudio.
+ RStudio User: This is a standard RStudio user and can access RStudio.
+ RStudio Admin: The admin of your Amazon SageMaker AI domain has the ability to create users, add existing users, and update the permissions of existing users. Admins can also access the RStudio Administrative dashboard. However, this admin is not able to update parameters that are managed by Amazon SageMaker AI.
## Methods to create a user
The following topics show how to create a user in your RStudio-enabled Amazon SageMaker AI domain.
**Create user console**
To create a user in your RStudio-enabled Amazon SageMaker AI domain from the console, complete the steps in [Add user profiles](domain-user-profile-add.md).
**Create user CLI**
The following command shows how to add users to a Amazon SageMaker AI domain with IAM authentication. A User can belong to either the `R_STUDIO_USER` or `R_STUDIO_ADMIN` User group.
```
aws sagemaker create-user-profile --region \
--domain-id \
--user-profile-name \
--user-settings RStudioServerProAppSettings={UserGroup=}
```
The following command shows how to add users to a Amazon SageMaker AI domain with authentication using IAM Identity Center. A user can belong to either the `R_STUDIO_USER` or `R_STUDIO_ADMIN` User group.
```
aws sagemaker create-user-profile --region \
--domain-id \
--user-profile-name \
--user-settings RStudioServerProAppSettings={UserGroup=} \
--single-sign-on-user-identifier UserName \
--single-sign-on-user-value
```
# Log in to RStudio as another user