|
54 | 54 | "# Prerequisites\n", |
55 | 55 | "- **IF RUNNING LOCALLY (not SageMaker Studio/Classic)**: An IAM role that gives SageMakerFullAccess. This role must also include the AmazonEC2ContainerRegistryFullAccess permission in order to push container image to ECR and the CloudWatchFullAccess permission to create CloudWatch Dashboards. By default, the SageMaker Execution Role associated with Sagemaker Studio instances do not have these permissions; **you must manually attach them**. For information on how to complete this, see this [documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html)\n", |
56 | 56 | "\n", |
57 | | - "- **IF RUNNING ON SAGEMAKER STUDIO/STUDIO CLASSIC (not locally)**: Please ensure that Docker access is enabled in your domain and that you have downloaded Docker for this notebook instance. Please follow the [guide](#sagemaker-studio-docker-guide) at the end of this notebook to complete Docker setup." |
| 57 | + "- **IF RUNNING ON SAGEMAKER STUDIO/STUDIO CLASSIC (not locally)**: An IAM role that gives SageMakerFullAccess. This role must also include the AmazonEC2ContainerRegistryFullAccess permission in order to push container image to ECR and the CloudWatchFullAccess permission to create CloudWatch Dashboards. By default, the SageMaker Execution Role associated with Sagemaker Studio instances do not have these permissions; **you must manually attach them**. For information on how to complete this, see this [documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html). Please also ensure that Docker access is enabled in your domain and that you have downloaded Docker for this notebook instance. Please follow the [guide](#sagemaker-studio-docker-guide) at the end of this notebook to complete Docker setup." |
58 | 58 | ] |
59 | 59 | }, |
60 | 60 | { |
|
107 | 107 | "\n", |
108 | 108 | "sess = sagemaker.Session()\n", |
109 | 109 | "# sagemaker session bucket -> used for uploading data, models and logs\n", |
110 | | - "# sagemaker will automatically create this bucket if it does not exist\n", |
| 110 | + "# sagemaker will automatically create this bucket if it not exists\n", |
111 | 111 | "sagemaker_session_bucket = None\n", |
112 | 112 | "if sagemaker_session_bucket is None and sess is not None:\n", |
113 | 113 | " sagemaker_session_bucket = sess.default_bucket()\n", |
114 | 114 | "\n", |
115 | | - "iam = boto3.client(\"iam\")\n", |
116 | 115 | "# Here, we create a role for SageMaker. The role ARN must be specified when calling the predict() method. If this fails, you can manually specify the role ARN in the except block.\n", |
117 | 116 | "try:\n", |
118 | 117 | " role = sagemaker.get_execution_role()\n", |
119 | | - " role_name = role.split(\"/\")[-1]\n", |
120 | | - "\n", |
121 | | - " # Attach the required policies to the role\n", |
122 | | - " iam.attach_role_policy(\n", |
123 | | - " RoleName=role_name,\n", |
124 | | - " PolicyArn=\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess\",\n", |
125 | | - " )\n", |
126 | | - " iam.attach_role_policy(\n", |
127 | | - " RoleName=role_name,\n", |
128 | | - " PolicyArn=\"arn:aws:iam::aws:policy/CloudWatchFullAccess\",\n", |
129 | | - " )\n", |
130 | | - "\n", |
131 | | - " role = sagemaker.get_execution_role()\n", |
132 | 118 | "except ValueError:\n", |
133 | | - " # Manually specify the role ARN. Ensure that this role has the 'AmazonSageMakerFullAccess','AmazonEC2ContainerRegistryFullAccess', and 'CloudWatchFullAccess' roles. See the linked documentation for help.\n", |
| 119 | + " iam = boto3.client(\"iam\")\n", |
| 120 | + " # Manually specify the role ARN. Ensure that this role has the 'AmazonSageMakerFullAccess' role. See the linked documentation for help.\n", |
134 | 121 | " role = iam.get_role(RoleName=\"<CustomRoleName>\")[\"Role\"][\"Arn\"]\n", |
135 | 122 | "\n", |
136 | | - "\n", |
137 | 123 | "sess = sagemaker.Session(default_bucket=sagemaker_session_bucket)\n", |
138 | 124 | "\n", |
139 | 125 | "print(f\"sagemaker role arn: {role}\")\n", |
|
0 commit comments