Guide to Exposing an Amazon SageMaker Endpoint via a Custom Domain Name
Introduction:
Are you a DevOps or Cloud Engineer tasked with making an Amazon SageMaker endpoint accessible to the public without directly exposing the endpoint itself? This guide will walk you through creating a public-facing SageMaker endpoint accessible via a custom domain name using AWS services and Namecheap as your DNS manager.
Prerequisites:
- AWS Account
- IAM Administrator Access
- Amazon SageMaker
- API Gateway
- DNS Manager (Namecheap)
Step-by-Step Instructions:
Step 1: Create an Execution Role for the REST API
-
Create the Role:
- Open the IAM console.
- Navigate to Roles and choose Create Role.
- Select AWS Service as the trusted entity and choose API Gateway.
- Continue to Review.
- Name the role (e.g.,
APIGatewayAccessToSageMaker
) and create it.
-
Add Permissions:
- Find and select the role you just created.
- Choose Add Inline Policy.
- Create a policy with the following settings:
- Service: SageMaker
- Action: InvokeEndpoint
- Resources: Specify the ARN of your SageMaker endpoint.
- Name the policy (e.g.,
SageMakerEndpointInvokeAccess
) and create it. - Note the ARN of the role for later use.
Step 2: Build an API Gateway Endpoint
-
Create the API:
- Open the API Gateway console.
- Choose Create API and select REST.
- Choose New API and name it (e.g.,
Invocation-API
). - Select Regional as the endpoint type and create the API.
-
Create a Resource:
- In the Resources section, choose Create Resource.
- Enter a resource name (e.g.,
test-api
) and create it. - Select the created resource.
-
Create a GET Method:
- Select the resource (
test-api
) and choose Create Method. - Choose GET and confirm.
- Configure the method with the following settings:
- Integration Type: AWS Service
- AWS Region: Your region
- AWS Service: SageMaker Runtime
- HTTP Method: POST
- Action Type: Use Path Override
-
Path Override:
endpoints/<sagemaker-endpoint-name>/invocations
- Execution Role: Enter the ARN of the role created earlier
- Content Handling: Passthrough
- Save the method.
- Select the resource (
Step 3: Deploy and Test the API
-
Deploy the API:
- In the Resources section, select your resource (
test-api
) and choose Deploy API. - Select [New Stage], name the stage (e.g.,
test
), and deploy it. - Note the invoke URL from the deployment.
- In the Resources section, select your resource (
-
Test the API:
- Use tools like Postman or
curl
to test the endpoint.
- Use tools like Postman or
Step 4: Create a Custom Domain Name in API Gateway
-
Set Up the Custom Domain:
- In the API Gateway console, navigate to Custom domain names and choose Create Custom Domain Name.
- Enter your custom domain name (e.g.,
example.com
). - Select the endpoint type (Edge-optimized, Regional, or Private).
- Choose or upload an SSL certificate from ACM.
Step 5: Update DNS Settings in Namecheap
-
Configure DNS in Namecheap:
- Log in to Namecheap and navigate to Domain List.
- Select Manage next to your domain.
- Go to the Advanced DNS tab.
- Add a new CNAME record:
- Type: CNAME Record
-
Host: (subdomain or root, e.g.,
www
) -
Value: The domain name provided by API Gateway (e.g.,
d-xxxxxxxxxx.execute-api.region.amazonaws.com
) - TTL: Automatic
Step 6: Map API Gateway Stage to the Custom Domain
-
Configure API Mappings:
- In the API Gateway console, select your custom domain name.
- Under API mappings, choose Configure API mappings and add a new mapping.
- Select the API and stage, and optionally specify a path.
Step 7: Verify DNS Propagation and Test
-
Verify DNS:
- Use tools like
dig
or online DNS checkers to ensure your domain points to the API Gateway endpoint. - Verify that requests to
https://test.example.com
are routed correctly.
- Use tools like
Summary
-
Create Execution Role:
- IAM Console -> Roles -> Create Role -> API Gateway -> Add Inline Policy -> SageMaker -> InvokeEndpoint
-
Build API Gateway Endpoint:
- API Gateway Console -> Create API -> REST -> New API -> Create Resource -> Create Method -> Configure Integration
-
Deploy and Test API:
- Resources -> Deploy API -> New Stage -> Deploy -> Test
-
Create Custom Domain in API Gateway:
- API Gateway Console -> Custom Domain Names -> Create Custom Domain Name -> SSL Certificate
-
Update DNS in Namecheap:
- Domain List -> Manage -> Advanced DNS -> Add CNAME Record
-
Map API Gateway Stage:
- Custom Domain Names -> Select Domain -> Configure API Mappings -> Add New Mapping
-
Verify and Test:
- Use
dig
and test withcurl
or Postman.
- Use
By following these steps, you can expose your Amazon SageMaker endpoint via a custom domain managed by Namecheap.
Top comments (0)