Hello Community, From this blog I would like to share my experience in Multiple Sagemaker Domain with sso auth mode.
Sagemaker Domain:
As aws sagemaker domain document says domain is the first prerequisite to access or launch the sagemaker studio which has all functionality in one UI from processing to inference endpoint in Machine Learning lifecycle.
When it comes to sagemaker domain administration it has two types of authentication mode.
IAM Auth Mode
IAM Idc Mode (SSO)
Here I'm going to explain my experience in SSO Auth Mode.
IAM Identity Center:
For SSO auth mode, IAM Identity Center should be in the same region that you wanted to create sagemaker domain.
When it comes to enterprise company, IAM Idc is utilized in Control Tower where multiple accounts managed with the Organizational Units.
Here, I'm not going to talk about Control Tower, I'm just going to create one IAM Idc in N.Virginia where I will be creating sagemaker domain.
Step 1:
Once the IAM Idc is enabled in us-east-1 I've created 2 groups that I'm part of.
Step 2:
then I've created 2 permission sets
step 3:
Added those groups and permission sets to the account
Once IAM Idc is done create two domain in sagemaker console:
Step 1:
By following the custom wizard you can create domain with sso mode
Step 2:
Add the group that we created earlier by clicking assign user or group
As you can see you can add same group in multiple domain
Finally, you can see the multiple domain in awsapps page like below
Hence, same sso user can access the multiple domain. However, user profile will be prefixed with some random three number and letters so that user profile will be unique across the domain
Application display name can be changed in IAM Idc's Application section
Top comments (0)