Configuring Granular Access Control of Models in SageMaker JumpStart Using Private Hub
The Power of Amazon SageMaker JumpStart Private Hubs: A Guide for Administrators and Users
Amazon SageMaker JumpStart is a game-changer in the world of machine learning, offering pre-trained models and pre-built solutions to streamline AI development. With the addition of private hubs, administrators now have the ability to curate and control access to models within their organization, ensuring governance and security.
Configuring Granular Access Control
With the private hub feature in SageMaker JumpStart, administrators can create repositories of models tailored to specific teams, use cases, or license requirements. By using the SageMaker Python SDK, admins can set up multiple private hubs with different lists of models discoverable for different groups of users. This level of control empowers enterprises to consume the latest in AI development while enforcing governance guardrails.
By following a series of steps, administrators can effortlessly configure granular access control for models within the organization. This includes setting up IAM permissions, scoping down permissions for users, creating the private hub, adding model references, managing model metadata, and more.
Interacting with Allowlisted Models
For users, being able to access and utilize allowlisted models is now easier than ever. Whether using SageMaker Studio or the SageMaker Python SDK, users can list available models, identify and deploy models to endpoints, and interact with models through familiar interfaces.
By following step-by-step guides, users can deploy models, modify configurations, invoke endpoints, and even delete model endpoints when they are no longer needed. This seamless process allows data scientists and developers to focus on building AI solutions without the hassle of managing the underlying infrastructure.
Cross-Account Sharing of Private Hubs
One of the key benefits of private hubs is the ability to share curated models across multiple AWS accounts within the organization. This feature enables collaboration and consistency in model governance, allowing different teams or departments to benefit from the curated repository of models.
By using AWS RAM, administrators can securely share private hubs while maintaining control over access. The process involves creating a resource share, associating permissions, specifying AWS account IDs for access, and reviewing the configuration before creating the resource share. This cross-account sharing capability fosters collaboration and ensures that access is granted with explicit consent from both the hub owner and the recipient account.
Conclusion
Amazon SageMaker JumpStart’s private hub feature provides organizations with the tools needed to manage model access and usage effectively. By creating curated repositories of approved models, enterprise admins can align AI initiatives with corporate policies and regulatory requirements.
This post has discussed the private hub feature in SageMaker JumpStart and provided detailed steps for setting up and using a private hub. With minimal additional configuration required, admins can control model access and users can deploy preapproved models, fine-tune them, and integrate them into applications seamlessly.
For more information about SageMaker JumpStart and how to get started, refer to the official documentation. The private hub feature opens up new possibilities for AI development, allowing organizations to leverage the latest in machine learning while maintaining control and governance.
About the Authors
Raju Rangan is a Senior Solutions Architect at AWS, working with government-sponsored entities to build AI/ML solutions.
Sherry Ding is a senior AI/ML specialist solutions architect at AWS, with a PhD in computer science and a focus on helping public sector customers accelerate their machine learning journey.
June Won is a product manager with Amazon SageMaker JumpStart, focused on making foundation models easily discoverable and usable for customers.
Bhaskar Pratap is a Senior Software Engineer with the Amazon SageMaker team, passionate about designing and building systems that bring machine learning to people’s fingertips.