Exposing an Amazon SageMaker Endpoint via a Custom Domain Name

Guide to Exposing an Amazon SageMaker Endpoint via a Custom Domain Name

Introduction:
Are you a DevOps or Cloud Engineer tasked with making an Amazon SageMaker endpoint accessible to the public without directly exposing the endpoint itself? This guide will walk you through creating a public-facing SageMaker endpoint accessible via a custom domain name using AWS services and Namecheap as your DNS manager.

Prerequisites:

• AWS Account
• IAM Administrator Access
• Amazon SageMaker
• API Gateway
• DNS Manager (Namecheap)

Step-by-Step Instructions:

Step 1: Create an Execution Role for the REST API

1. Create the Role:

   • Open the IAM console.
   • Navigate to Roles and choose Create Role.
   • Select AWS Service as the trusted entity and choose API Gateway.
   • Continue to Review.
   • Name the role (e.g., APIGatewayAccessToSageMaker) and create it.

2. Add Permissions:

   • Find and select the role you just created.
   • Choose Add Inline Policy.
   • Create a policy with the following settings:
     • Service: SageMaker
     • Action: InvokeEndpoint
     • Resources: Specify the ARN of your SageMaker endpoint.
   • Name the policy (e.g., SageMakerEndpointInvokeAccess) and create it.
   • Note the ARN of the role for later use.

Step 2: Build an API Gateway Endpoint

1. Create the API:
   • Open the API Gateway console.
   • Choose Create API and select REST.
   • Choose New API and name it (e.g., Invocation-API).
   • Select Regional as the endpoint type and create the API.

1. Create a Resource:
   • In the Resources section, choose Create Resource.
   • Enter a resource name (e.g., test-api) and create it.
   • Select the created resource.

1. Create a GET Method:
   • Select the resource (test-api) and choose Create Method.
   • Choose GET and confirm.
   • Configure the method with the following settings:
     • Integration Type: AWS Service
     • AWS Region: Your region
     • AWS Service: SageMaker Runtime
     • HTTP Method: POST
     • Action Type: Use Path Override
     • Path Override: endpoints/<sagemaker-endpoint-name>/invocations
     • Execution Role: Enter the ARN of the role created earlier
     • Content Handling: Passthrough
   • Save the method.

Step 3: Deploy and Test the API

1. Deploy the API:
   • In the Resources section, select your resource (test-api) and choose Deploy API.
   • Select [New Stage], name the stage (e.g., test), and deploy it.
   • Note the invoke URL from the deployment.

1. Test the API:
   • Use tools like Postman or curl to test the endpoint.

Step 4: Create a Custom Domain Name in API Gateway

1. Set Up the Custom Domain:
   • In the API Gateway console, navigate to Custom domain names and choose Create Custom Domain Name.
   • Enter your custom domain name (e.g., example.com).
   • Select the endpoint type (Edge-optimized, Regional, or Private).
   • Choose or upload an SSL certificate from ACM.

Step 5: Update DNS Settings in Namecheap

1. Configure DNS in Namecheap:
   • Log in to Namecheap and navigate to Domain List.
   • Select Manage next to your domain.
   • Go to the Advanced DNS tab.
   • Add a new CNAME record:
     • Type: CNAME Record
     • Host: (subdomain or root, e.g., www)
     • Value: The domain name provided by API Gateway (e.g., d-xxxxxxxxxx.execute-api.region.amazonaws.com)
     • TTL: Automatic

Step 6: Map API Gateway Stage to the Custom Domain

1. Configure API Mappings:
   • In the API Gateway console, select your custom domain name.
   • Under API mappings, choose Configure API mappings and add a new mapping.
   • Select the API and stage, and optionally specify a path.

Step 7: Verify DNS Propagation and Test

1. Verify DNS:
   • Use tools like dig or online DNS checkers to ensure your domain points to the API Gateway endpoint.
   • Verify that requests to https://test.example.com are routed correctly.

Summary

1. Create Execution Role:
   • IAM Console -> Roles -> Create Role -> API Gateway -> Add Inline Policy -> SageMaker -> InvokeEndpoint
2. Build API Gateway Endpoint:
   • API Gateway Console -> Create API -> REST -> New API -> Create Resource -> Create Method -> Configure Integration
3. Deploy and Test API:
   • Resources -> Deploy API -> New Stage -> Deploy -> Test
4. Create Custom Domain in API Gateway:
   • API Gateway Console -> Custom Domain Names -> Create Custom Domain Name -> SSL Certificate
5. Update DNS in Namecheap:
   • Domain List -> Manage -> Advanced DNS -> Add CNAME Record
6. Map API Gateway Stage:
   • Custom Domain Names -> Select Domain -> Configure API Mappings -> Add New Mapping
7. Verify and Test:
   • Use dig and test with curl or Postman.

By following these steps, you can expose your Amazon SageMaker endpoint via a custom domain managed by Namecheap.

Cloud #AWS #DevOps #SRE #AI #API #Automation