[HTML payload içeriği buraya]
32.3 C
Jakarta
Tuesday, May 12, 2026
HomeBig Data
Big Data

Use Amazon SageMaker {custom} tags for mission useful resource governance and value monitoring

By Admin
0
17


Amazon SageMaker introduced a brand new function that you should utilize so as to add {custom} tags to sources created by means of an Amazon SageMaker Unified Studio mission. This helps you implement tagging requirements that conform to your group’s service management insurance policies (SCPs) and helps allow value monitoring reporting practices on sources created throughout the group.

As a SageMaker administrator, you’ll be able to configure a mission profile with tag configurations that will likely be pushed all the way down to initiatives that presently use or will use that mission profile. The mission profile is about as much as cross both required key and worth tag pairings or cross the important thing of the tag with a default worth that may be modified throughout mission creation. All tags handed to the mission will outcome within the sources created by that mission being tagged. This gives you with a governance mechanism that enforces that mission sources have the anticipated tags throughout all initiatives of the area.

The primary launch of {custom} tags for mission sources is supported by means of an utility programming interface (API), by means of Amazon DataZone SDKs. On this put up, we take a look at use instances for {custom} tags and how one can use the AWS Command Line Interface (AWS CLI) so as to add tags to mission sources.

What we hear from prospects

As prospects proceed to construct and collaborate utilizing AWS instruments for mannequin improvement, generative AI, information processing, and SQL analytics, they see the necessity to convey management and visibility into the sources being created. To assist connectivity to those AWS instruments from SageMaker Unified Studio initiatives, many several types of sources throughout AWS providers have to be created. These sources are created by means of AWS CloudFormation stacks (by means of mission surroundings deployment) by the Amazon SageMaker service. From prospects we hear the next use instances:

  • Prospects must implement that tagging practices conform to firm insurance policies by means of the usage of AWS controls, comparable to SCPs, for useful resource creation. These controls block the creation of sources except particular tags are positioned on the useful resource.
  • Prospects may begin with insurance policies to implement that the right tags are positioned when sources are created with the extra aim of standardizing on useful resource reporting. By inserting identifiable data on sources when created, they implement consistency and completeness when performing value attribution reporting and observability.

Buyer Swiss Life makes use of SageMaker as a single answer for cataloging, discovery, sharing, and governance of their enterprise information throughout enterprise domains. They require all sources have a set of necessary tags for his or her finance group to invoice organizations throughout their firm for the AWS sources created.

“The launch of mission useful resource tags for Amazon SageMaker permits us to convey visibility to the prices incurred throughout our accounts. With this functionality we’re in a position to meet the useful resource tagging tips of our firm and believe in attributing prices throughout our multi-account setup for the sources created by Amazon SageMaker initiatives.”

– Tim Kopacz, Software program Developer at Swiss Life

Stipulations

To get began with {custom} tags, you will need to have the next sources:

  • A SageMaker Unified Studio area.
  • An AWS Identification and Entry Administration (IAM) entity with privileges to make AWS CLI calls to the area.
  • An IAM entity licensed to make adjustments to the area IAM provisioning function. If SageMaker created this for you, it will likely be known as AmazonSageMakerProvisioning-<accountId>. The provisioning function provisions and manages sources outlined within the chosen blueprints in your account.

Methods to arrange mission useful resource tags

The next steps define how one can configure {custom} tags on your SageMaker Unified Studio mission sources:

  1. (Optionally available) Replace the SageMaker provisioning function to allow particular tag keys.
  2. Create a brand new mission profile with mission useful resource tags configured.
  3. Create a brand new mission with mission useful resource tags.
  4. Replace an current mission with mission useful resource tags.
  5. Validate that the sources are tagged.

(Optionally available) Replace a SageMaker provisioning function to allow tag key values

The AmazonSageMakerProvisioning-<accountId> function has an AWS managed coverage with situation aws:TagKeys permitting tags to be created by this function provided that the tag key begins with AmazonDataZone. For this instance, we are going to change the tag key to start with completely different strings. Skip to Create a brand new mission profile with mission useful resource tags configured in the event you don’t want tag keys to have a distinct construction (comparable to begins with, accommodates, and so forth)

  1. Open the AWS Administration Console and go to IAM.
  2. Within the navigation pane, select Roles.
  3. Within the checklist, select AmazonSageMakerProvisioning-<accountId>.
  4. Select the Permissions tab.
  5. Select Add permissions, after which select Create inline coverage.
  6. Underneath Coverage editor, choose JSON.
  7. Enter the next coverage. Add the strings below the situation aws:TagKeys. On this instance, tag keys starting with ACME or tag keys with the precise match of CostCenter will likely be created by the function.
    {
    "Model": "2012-10-17",
    "Assertion": [
        {
            "Sid": "CustomTagsUnTagPermissions",
            "Effect": "Allow",
            "Action": [
                "codecommit:UntagResource",
                "iam:UntagRole",
                "logs:UntagResource",
                "athena:UntagResource",
                "redshift-serverless:UntagResource",
                "scheduler:UntagResource",
                "bedrock:UntagResource",
                "neptune-graph:UntagResource",
                "quicksight:UntagResource",
                "glue:UntagResource",
                "airflow:UntagResource",
                "secretsmanager:UntagResource",
                "lambda:UntagResource",
                "emr-serverless:UntagResource",
                "elasticmapreduce:RemoveTags",
                "sagemaker:DeleteTags",
                "ec2:DeleteTags"
            ],
            "Useful resource": "*",
            "Situation": {
                "StringEquals": {
                    "aws:ResourceAccount": "${aws:PrincipalAccount}"
                },
                "ForAllValues:StringLike": {
                    "aws:TagKeys": [
                        "AmazonDataZone*",
                        "ACME*",
                        "CostCenter"
                    ]
                },
                "Null": {
                    "aws:ResourceTag/AmazonDataZoneProject": "false"
                }
            }
        },
        {
            "Sid": "CustomTagsTaggingPermissions",
            "Impact": "Enable",
            "Motion": [
                "cloudformation:TagResource",
                "codecommit:TagResource",
                "iam:TagRole",
                "glue:TagResource",
                "athena:TagResource",
                "lambda:TagResource",
                "redshift-serverless:TagResource",
                "logs:TagResource",
                "secretsmanager:TagResource",
                "sagemaker:AddTags",
                "emr-serverless:TagResource",
                "neptune-graph:TagResource",
                "bedrock:TagResource",
                "elasticmapreduce:AddTags",
                "airflow:TagResource",
                "scheduler:TagResource",
                "quicksight:TagResource",
                "emr-containers:TagResource",
                "logs:CreateLogGroup",
                "athena:CreateWorkGroup",
                "scheduler:CreateScheduleGroup",
                "cloudformation:CreateStack",
                "ec2:*"
            ],
            "Useful resource": "*",
            "Situation": {
                "ForAnyValue:StringLike": {
                    "aws:TagKeys": [
                        "AmazonDataZone*",
                        "ACME*",
                        "CostCenter"
                    ]
                },
                "StringEquals": {
                    "aws:ResourceAccount": "${aws:PrincipalAccount}"
                }
            }
        }
    ]
}

It’s attainable to scope down the precise AWS service tag and un-tag permissions primarily based on which blueprints or capabilities are getting used.

Create a brand new mission profile with mission useful resource tags configured

Use the next steps to create a brand new SQL Analytics mission profile with {custom} tags. The instance makes use of AWS CLI instructions.

  1. Open the AWS CloudShell console.
  2. Create a mission profile utilizing the next CLI command.
    1. The project-resource-tags parameter consists of key (tag key), worth (tag worth), and isValueEditable (boolean indicating if the tag worth will be modified throughout mission creation or replace).
    2. The allow-custom-project-resource-tags parameter set to true permits the mission creator to create extra key-value pairs. The important thing wants to evolve to the inline coverage of the AmazonSageMakerProvisioning-<accountId> function.
    3. The project-resource-tags-description parameter is an outline discipline for mission useful resource tags. The max character restrict is 2,048. The outline must be handed in each time create-project-profile or update-project-profile is named.
    aws datazone create-project-profile 
  --name "SQL Analytics with Mission Useful resource Tags" 
  --description "Analyze your information in SageMaker Lakehouse utilizing SQL" 
  --domain-identifier "$DOMAIN_ID" 
  --region "$REGION" 
  --status ENABLED 
  --project-resource-tags '[
    {
        "key": "ACME-Application",
        "value": "SageMaker",
        "isValueEditable": false
    },
    {
        "key": "CostCenter",
        "value": "123",
        "isValueEditable": true
    }
  ]' 
  --allow-custom-project-resource-tags 
  --environment-configurations '[
    {
        "name": "Tooling",
        "description": "Configuration for the Tooling Environment",
        "environmentBlueprintId": "",
        "deploymentMode": "ON_CREATE",
        "deploymentOrder": 0,
        "awsAccount": {
        "awsAccountId": "$ACCOUNT"
    },
    "awsRegion": {
        "regionName": "$REGION"
    },
        "configurationParameters": {
            "parameterOverrides": [
                {
                    "name": "enableSpaces",
                    "value": "false",
                    "isEditable": false
                },
                {
                    "name": "maxEbsVolumeSize",
                    "isEditable": false
                },
                {
                    "name": "idleTimeoutInMinutes",
                    "isEditable": false
                },
                {
                    "name": "lifecycleManagement",
                    "isEditable": false
                },
                {
                    "name": "enableNetworkIsolation",
                    "isEditable": false
                }
            ]
        }
    },
    {
        "identify": "Lakehouse Database",
        "description": "Creates databases in Amazon SageMaker Lakehouse for storing tables in S3 and Amazon Athena sources on your SQL workloads",
        "environmentBlueprintId": "",
        "deploymentMode": "ON_CREATE",
        "deploymentOrder": 1,
        "awsAccount": {
            "awsAccountId": "$ACCOUNT"
        },
        "awsRegion": {
        "regionName": "$REGION"
        },
        "configurationParameters": {
            "parameterOverrides": [
                {
                    "name": "glueDbName",
                    "value": "glue_db",
                    "isEditable": true
                }
            ]
        }
    },
    {
        "identify": "OnDemand RedshiftServerless",
        "description": "Allows you to create an extra Amazon Redshift Serverless workgroup on your SQL workloads",
        "environmentBlueprintId": "",
        "deploymentMode": "ON_DEMAND",
        "awsAccount": {
        "awsAccountId": "$ACCOUNT"
        },
        "awsRegion": {
            "regionName": "$REGION"
        },
        "configurationParameters": {
            "parameterOverrides": [
                {
                    "name": "redshiftDbName",
                    "value": "dev",
                    "isEditable": true
                    },
                    {
                    "name": "redshiftMaxCapacity",
                    "value": "512",
                    "isEditable": true
                    },
                    {
                    "name": "redshiftWorkgroupName",
                    "value": "redshift-serverless-workgroup",
                    "isEditable": true
                    },
                    {
                    "name": "redshiftBaseCapacity",
                    "value": "128",
                    "isEditable": true
                    },
                    {
                    "name": "connectionName",
                    "value": "redshift.serverless",
                    "isEditable": true
                    },
                    {
                    "name": "connectToRMSCatalog",
                    "value": "false",
                    "isEditable": false
                    }
                ]
            }
        },
        {
            "identify": "OnDemand Catalog for Redshift Managed Storage",
            "description": "Allows you to create extra catalogs in Amazon SageMaker Lakehouse for storing information in Redshift Managed Storage",
            "environmentBlueprintId": "",
            "deploymentMode": "ON_DEMAND",
            "awsAccount": {
            "awsAccountId": "$ACCOUNT"
            },
            "awsRegion": {
                "regionName": "$REGION"
            },
            "configurationParameters": {
                "parameterOverrides": [
                    {
                        "name": "catalogName",
                        "isEditable": true
                    },
                    {
                        "name": "catalogDescription",
                        "value": "RMS catalog",
                        "isEditable": true
                    }
                ]
            }
        }
  ]'

This mission profile may have the tag ACME-Software = SageMaker positioned on all initiatives related to the mission profile and can’t be modified by the mission creator. The tag CostCenter = 123 can have the worth modified by the mission creator as a result of the isValueEditable property is about to true.

Grant permissions for customers to make use of the mission profile throughout mission creation. Within the Authorization part of the mission profile set both Chosen customers or teams or Enable all customers and teams.

The usage of the allow-custom-project-resource-tags parameter means the mission creator can add their very own tags (key-value pair). The important thing should conform to the situation verify within the coverage of the provisioning function (AmazonSageMakerProvisioning-<accountId>). If the allow-custom-project-resource-tagsparameter is modified to false after a mission created tags, tags created by the mission will likely be eliminated in the course of the subsequent mission replace.

Updates to the mission profile

Updates to mission useful resource tags are attainable by means of the update-project-profile command. The command will substitute all values within the project-resource-tags part so make sure you embody the exhaustive set of tags. Updates to the mission profile are mirrored in initiatives after operating the update-project command or when a brand new mission is created utilizing the mission profile. The next instance provides a brand new tag, ACME-BusinessUnit = Retail.

There are 3 ways to work with the project-resource-tags parameter when updating the mission profile.

  • Passing a non-empty checklist of mission useful resource tags will substitute the tags presently configured on the mission profile.
  • Passing an empty checklist of mission useful resource tags will filter all beforehand configured tags:
    • --project-resource-tags '[]'
  • Not together with the mission useful resource tag parameter will maintain beforehand configured tags as-is.
aws datazone update-project-profile 
  --domain-identifier "$DOMAIN_ID" 
  --identifier "$PROJECT_PROFILE_ID" 
  --region "$REGION" 
  --project-resource-tags '[
    {
        "key": "ACME-Application",
        "value": "SageMaker",
        "isValueEditable": false
    },
    {
        "key": "CostCenter",
        "value": "123",
        "isValueEditable": true
    },
    {
        "key": "ACME-BusinessUnit",
        "value": "Retail",
        "isValueEditable": false
    }
  ]'

Create a brand new mission with mission useful resource tags

The next steps stroll you thru creating a brand new mission that inherits tags from the mission profile and lets the mission creator modify one of many tag values.

  1. Create a mission utilizing the next instance CLI command.
  2. Modify the CostCenter tag worth utilizing the --resource-tags parameter. Tags configured on the mission profile the place the isValueEditable attribute is false will likely be pushed to the mission mechanically.
    aws datazone create-project 
  --domain-identifier "$DOMAIN_ID" 
  --region "$REGION" 
  --name "$PROJECT_NAME" 
  --description "New mission with tags" 
  --project-profile-id "$PROJECT_PROFILE_ID" 
  --resource-tags '{
        "CostCenter": "456"
    }'

Replace current mission with mission useful resource tags

For current initiatives related to the mission profile, you will need to replace the mission for the brand new tags to be utilized.

  1. Replace the mission utilizing the next instance CLI command.
  2. On this state of affairs, an editable worth must be up to date and a brand new tag added. Tag CostCenter may have its default worth overwritten as “789” and the brand new ACME-Division = Finance tag will likely be added.
    aws datazone update-project 
  --domain-identifier "$DOMAIN_ID" 
  --identifier "$PROJECT_ID" 
  --project-profile-version "newest" 
  --region "$REGION" 
  --resource-tags '{
        "CostCenter": "789",
        "ACME-Division": "Finance"
    }' 

Mission degree tags (these not configured from the mission profile) have to be handed throughout mission replace to be preserved. For tags with isValueEditable = true configured from the mission profile, any override beforehand set must be utilized or the worth will revert to the default from the mission profile.

Validating sources are tagged

Validate that tags are positioned accurately. An instance useful resource that’s created by the mission is the mission IAM function. Viewing the tags for this function ought to present the tags configured from the mission profile.

  1. Open SageMaker Unified Studio to get the mission function from the Mission particulars part of the mission. The function identify begins with datazone_usr_role_.
  2. Open the IAM console.
  3. Within the navigation pane, select Roles.
  4. Seek for the mission IAM function.
  5. Choose the Tags tab.

Conclusion

On this put up, we mentioned tagging associated use instances from prospects and walked by means of getting began with {custom} tags in Amazon SageMaker to put tags on the sources created by the mission. By giving directors a option to configure mission profiles with standardized tag configurations, now you can assist guarantee constant tagging practices throughout all SageMaker Unified Studio initiatives whereas sustaining compliance with SCPs. This function addresses two vital buyer wants: imposing organizational tagging requirements by means of automated governance mechanisms and enabling correct value attribution reporting throughout multi-service deployments.

To study extra, go to Amazon SageMaker, then get began with Mission useful resource tags.

Concerning the authors

David Victoria

David Victoria

David is a Senior Technical Product Supervisor with Amazon SageMaker at AWS. He focuses on bettering administration and governance capabilities wanted for purchasers to assist their analytics techniques. He’s obsessed with serving to prospects notice essentially the most worth from their information in a safe, ruled method.

Rohit Srikanta

Rohit Srikanta

Rohit is a Senior Software program Engineer at AWS. He works on constructing and scaling providers inside Amazon SageMaker. He focuses on creating strong and scalable distributed techniques and is obsessed with fixing complicated engineering challenges to ship most buyer worth.

Ahan Malli

Ahan Malli

Ahan is a Software program Improvement Engineer at AWS. He works on the core information and governance layer behind Amazon SageMaker. He’s obsessed with constructing scalable distributed techniques and streamlining developer workflows. When he’s not coding, you’ll find him touring or climbing Pacific Northwest trails.

Previous articleSpeed up AI growth utilizing Amazon SageMaker AI with serverless MLflow
Next articleAI and the Subsequent Economic system
Adminhttps://dwipanks.xyz

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Load more

ABOUT US

Dwipanks is your Technology, Nanotechnology, Telecom, Cloud Computing, Artificial Intelligence, Mobile, Robotics, Drone, Big Data and 3D Printing related news website. We provide you with the latest breaking news and videos straight from the Tech industry. For more latest updates keep visiting us, Thankyou.

Copyright © 2024 - dwipanks.xyz. All rights reserved.