Simplify entry management and auditing for Amazon SageMaker Studio utilizing trusted id propagation

AWS helps trusted id propagation, a characteristic that enables AWS providers to securely propagate a consumer’s id throughout service boundaries. With trusted id propagation, you have got fine-grained entry controls primarily based on a bodily consumer’s id moderately than counting on IAM roles. This integration permits for the implementation of entry management via providers corresponding to Amazon S3 Entry Grants and maintains detailed audit logs of consumer actions throughout supported AWS providers corresponding to Amazon EMR. Moreover, it helps long-running consumer background periods for coaching jobs, so you possibly can sign off of your interactive ML utility whereas the background job continues to run.

Amazon SageMaker Studio now helps trusted id propagation, providing a strong resolution for enterprises searching for to boost their ML system safety. By integrating trusted id propagation with SageMaker Studio, organizations can simplify entry administration by granting permissions to present AWS IAM Identification Middle identities.

On this put up, we discover the best way to allow and use trusted id propagation in SageMaker Studio, demonstrating its advantages via sensible use instances and implementation pointers. We stroll via the setup course of, focus on key issues, and showcase how this characteristic can remodel your group’s strategy to safety and entry controls.

Answer overview

On this part, we evaluation the structure for the proposed resolution and the steps to allow trusted id propagation on your SageMaker Studio area.

The next diagram exhibits the interplay between the completely different elements that enable the consumer’s id to propagate from their id supplier and IAM Identification Middle to downstream providers corresponding to Amazon EMR and Amazon Athena.

With a trusted id propagation-enabled SageMaker Studio area, customers can entry information throughout supported AWS providers utilizing their finish consumer id and group membership, along with entry allowed by their area or consumer execution function. As well as, API calls from SageMaker Studio notebooks and supported AWS providers and Amazon SageMaker AI options log the consumer id in AWS CloudTrail. For a listing of supported AWS providers and SageMaker AI options, see Trusted id propagation structure and compatibility. Within the following sections, we present the best way to allow trusted id propagation on your area.

This resolution applies for SageMaker Studio domains arrange utilizing IAM Identification Middle as the strategy of authentication. In case your area is about up utilizing IAM, see Implement user-level entry management for multi-tenant ML platforms on Amazon SageMaker AI for finest practices on managing and scaling entry management.

Conditions

To comply with together with this put up, you should have the next:

• An AWS account with a company occasion of IAM Identification Middle configured via AWS Organizations
• Administrator permissions (or elevated permissions permitting modification of IAM principals, and SageMaker administrator entry to create and replace domains)

Create or replace the SageMaker execution function

For trusted id propagation to work, the SageMaker execution function (area and consumer profile execution function), ought to enable the sts:SetContext permissions, along with sts:AssumeRole, in its belief coverage. For a brand new SageMaker AI area, create a website execution function by following the directions in Create execution function. For present domains, comply with the directions in Get your execution function to search out the consumer or area’s execution function.

Subsequent, to replace the belief coverage for the function, full the next steps:

1. Within the navigation pane of the IAM console, select Roles.
2. Within the listing of roles in your account, select the area or consumer execution function.
3. On the Belief relationships tab, select Edit belief coverage.
4. Replace the belief coverage with the next assertion:

{
  "Model": "2012-10-17",
  "Assertion": [
     .....
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "sagemaker.amazonaws.com",
        ]
      },
      "Motion": [
        "sts:AssumeRole",
        "sts:SetContext"
      ],
      "Situation": {
	"aws:SourceAccount": ""
         }
       }
    }
  ]
}

5. Select Replace coverage to save lots of your modifications.

Trusted id propagation solely works for personal areas on the time of launch.

Create a SageMaker AI area with trusted id propagation enabled

SageMaker AI domains utilizing IAM Identification Middle for authentication can solely be arrange in the identical AWS Area because the IAM Identification Middle occasion. To create a brand new SageMaker area, comply with the steps in Use customized setup for Amazon SageMaker AI. For Trusted id propagation, choose Allow trusted id propagation for all customers on this area, and proceed with the remainder of the setup to create a website and assign customers and teams, selecting the function you created within the earlier step.

Replace an present SageMaker AI area

You can even replace your present SageMaker AI area to allow trusted id propagation. You may allow trusted id propagation even whereas the area or consumer has lively SageMaker Studio purposes. Nevertheless, for the modifications to be utilized, the lively purposes should be restarted. You should use the EffectiveTrustedIdentityPropagationStatus area within the response to the DescribeApp API for working purposes to find out if the applying has trusted id propagation enabled.

To allow trusted id propagation for the area utilizing the SageMaker AI console, select Edit below Authentication and permissions on the Area settings tab.

For Trusted id propagation, choose Allow trusted id propagation for all customers on this area, and select Submit to save lots of the modifications.

(Non-compulsory) Replace consumer background session configuration in IAM Identification Middle

IAM Identification Middle now helps working consumer background periods, and the session period is about by default to 7 days. With background periods, customers can launch long-running SageMaker coaching jobs that assume the consumer’s id context together with the SageMaker execution function. As an administrator, you possibly can allow or disable consumer background periods, and modify the session period for consumer background periods. As of the time of writing, the utmost session period that you would be able to set for consumer background periods is 90 days. The consumer’s session is stopped on the finish of the desired period, and consequently, the coaching job may even fail on the finish of the session period.

To disable or replace the session period, navigate to the IAM Identification Middle console, select Settings within the navigation pane, and select Configure below Session period.

For Consumer background periods, choose Allow consumer background periods and use the dropdown to vary the session period. If consumer background periods are disabled, the consumer should be logged in at some point of the coaching job; in any other case, the coaching job will fail as soon as the consumer logs out. Updating this configuration doesn’t have an effect on present working periods and solely applies to newly created consumer background periods. Select Save to save lots of your settings.

Use instances

Think about you’re an enterprise with a whole bunch and even hundreds of customers, every requiring various ranges of entry to information throughout a number of groups. You’re liable for sustaining an AI/ML system on SageMaker AI and managing entry permissions throughout various information sources corresponding to Amazon Easy Storage Service (Amazon S3), Amazon Redshift, and AWS Lake Formation. Historically, this has concerned sustaining complicated IAM insurance policies for customers, providers, and assets, together with bucket insurance policies the place relevant. This strategy will not be solely tedious but additionally makes it difficult to trace and audit information entry with out sustaining a separate function for every consumer.

That is exactly the situation that trusted id propagation goals to deal with. With trusted id propagation help, now you can keep service-specific roles with minimal permissions, corresponding to s3:GetDataAccess or LakeFormation:GetDataAccess, together with further permissions to begin jobs, view job statuses, and carry out different essential duties. For information entry, you possibly can assign fine-grained insurance policies on to particular person customers. As an example, Jane may need learn entry to buyer information and full entry to gross sales and pricing information, whereas Laura may solely have learn entry to gross sales tendencies. Each Jane and Laura can assume the identical SageMaker AI function to entry their SageMaker Studio purposes, whereas sustaining separate information entry permissions primarily based on their particular person identities.Within the following sections, we discover how this may be achieved for frequent use instances, demonstrating the facility and adaptability of trusted id propagation in simplifying information entry administration whereas sustaining sturdy safety and auditability.

State of affairs 1: Experiment with Amazon S3 information in notebooks

S3 Entry Grants present a simplified approach to handle information entry at scale. In contrast to conventional IAM roles and insurance policies that require an in depth data of IAM ideas, and frequent coverage updates as new assets are added, with S3 Entry Grants, you possibly can outline entry to information primarily based on acquainted database-like grants that mechanically scale along with your information. This strategy considerably reduces the operational overhead of managing hundreds of IAM insurance policies and bucket insurance policies, and overcomes the constraints of IAM permissions, whereas strengthening safety via entry patterns. In case you don’t have S3 Entry Grants arrange, see Create an S3 Entry Grant occasion to get began. For detailed structure and use instances, you may also seek advice from Scaling information entry with Amazon S3 Entry Grants. After you have got arrange S3 Entry Grants, you possibly can grant entry to your datasets to customers primarily based on their id in IAM Identification Middle.

To make use of S3 Entry Grants from SageMaker Studio, replace the next IAM roles with insurance policies and belief insurance policies.

For the area or consumer execution function, add the next inline coverage:

{
    "Model": "2012-10-17",
    "Assertion": [
        {
            "Sid": "AllowDataAccessAPI",
            "Effect": "Allow",
            "Action": [
                "s3:GetDataAccess"
            ],
            "Useful resource": [
                "arn:aws:s3:::access-grants/default"
            ]
        },
        {
            "Sid": "RequiredForTIP",
            "Impact": "Permit",
            "Motion": "sts:SetContext",
            "Useful resource": "arn:aws:iam:::function/"
        }
    ]
}

Be sure that the S3 Entry Grants function’s belief coverage permits the sts:SetContext motion along with sts:AssumeRole. The next is a pattern belief coverage:

{
    "Model": "2012-10-17",
    "Assertion": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "access-grants.s3.amazonaws.com"
                ]
            },
            "Motion": [
                "sts:AssumeRole",
                "sts:SetContext"
            ],
            "Situation": {
                "StringEquals": {
                    "aws:SourceArn": "arn:aws:s3:::access-grants/default"
                }
            }
        }
    ]

import boto3
from botocore.config import Config

def get_access_grant_credentials(account_id: str, goal: str, 
                                 permission: str="READ"):
    s3control = boto3.consumer('s3control')
    response = s3control.get_data_access(
        AccountId=account_id,
        Goal=goal,
        Permission=permission
    )
    return response['Credentials']

def create_s3_client_from_credentials(credentials) -> boto3.consumer:
    return boto3.consumer(
        's3',
        aws_access_key_id=credentials['AccessKeyId'],
        aws_secret_access_key=credentials['SecretAccessKey'],
        aws_session_token=credentials['SessionToken']
    )

# Create consumer
credentials = get_access_grant_credentials('',
                                        "s3:////")
s3 = create_s3_client_from_credentials(credentials)

# Will succeed
s3.list_objects(Bucket="", Prefix="")

# Will fail
s3.list_objects(Bucket="", Prefix="")

State of affairs 2: Entry Lake Formation via Athena

Lake Formation offers centralized governance and fine-grained entry management administration for information saved in Amazon S3 and metadata within the AWS Glue Knowledge Catalog. The Lake Formation permission mannequin operates together with IAM permissions, providing granular controls on the database, desk, column, row, and cell ranges. This dual-layer safety mannequin offers complete information governance whereas sustaining flexibility in entry patterns.

Knowledge ruled via Lake Formation could be accessed via varied AWS analytics providers. On this situation, we display utilizing Athena, a serverless question engine that integrates seamlessly with Lake Formation’s permission mannequin. For different providers like Amazon EMR on EC2, ensure that the useful resource is configured to help trusted id propagation, together with establishing safety configurations and ensuring the EMR cluster is configured with IAM roles that help trusted id propagation.

The next directions assume that you’ve already arrange Lake Formation. If not, see Arrange AWS Lake Formation and comply with the AWS Lake Formation tutorials to arrange Lake Formation and usher in your information.

Full the next steps to entry your ruled information in trusted id propagation-enabled SageMaker Studio notebooks utilizing Athena:

1. Combine Lake Formation with IAM Identification Middle by following the directions in Integrating IAM Identification Middle. At a excessive stage, this consists of creating an IAM function permitting creating and updating utility configurations in Lake Formation and IAM Identification Middle, and offering the one sign-on (SSO) occasion ID.
2. Grant permissions to the IAM Identification Middle consumer to the related assets (database, desk, row or column) utilizing Lake Formation. See Granting permissions on Knowledge Catalog assets directions.
3. Create an Athena workgroup that helps trusted id propagation by following directions in Create a workgroup and selecting IAM Identification Middle as the strategy of authentication. Be sure that the consumer has entry to put in writing to the question outcomes location offered right here utilizing S3 Entry Grants, as a result of Athena makes use of entry grants by default when selecting IAM Identification Middle because the authentication methodology.
4. Replace the Athena workgroup’s IAM function with the next belief coverage (add sts:SetContext to the present belief coverage). You could find the IAM function by selecting the workgroup you created earlier and searching for Position title.

{
    "Model": "2012-10-17",
    "Assertion": [
        {
            "Sid": "AthenaTrustPolicy",
            "Effect": "Allow",
            "Principal": {
                "Service": "athena.amazonaws.com"
            },
            "Action": [
                "sts:AssumeRole",
                "sts:SetContext"
            ],
            "Situation": {
                "StringEquals": {
                    "aws:SourceAccount": ""
                },
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:athena:::workgroup/"
                }
            }
        }
    ]
}

The setup is now full. Now you can launch SageMaker Studio utilizing an IAM Identification Middle consumer, launch a JupyterLab or Code Editor utility, and question the database. See the next instance code to get began:

import time
import boto3
import pandas as pd
athena_client = boto3.consumer("athena")

database = ""
desk = ""
question = f"SELECT * FROM {database}.{desk}"
output_location = "s3:///queries"  # bucket title and placement from Step 3

response = athena_client.start_query_execution(
    QueryString=question,
    QueryExecutionContext={'Database': database},
    ResultConfiguration={'OutputLocation': output_location}
)

# Get the question execution ID
query_execution_id = response['QueryExecutionId']

# look forward to question to finish
whereas True:
    query_status = athena_client.get_query_execution(QueryExecutionId=query_execution_id)
    standing = query_status['QueryExecution']['Status']['State']
    if standing in ['SUCCEEDED', 'FAILED', 'CANCELLED']:
        break
    time.sleep(1)

# If the question succeeded, fetch and show outcomes
if standing == 'SUCCEEDED':
    outcomes = athena_client.get_query_results(QueryExecutionId=query_execution_id)
    
    # Extract column names and information
    columns = [col['Name'] for col in outcomes['ResultSet']['ResultSetMetadata']['ColumnInfo']]
    information = []
    for row in outcomes['ResultSet']['Rows'][1:]:  # Skip the header row
        information.append([field.get('VarCharValue', '') for field in row['Data']])
    
    # Create a pandas DataFrame
    df = pd.DataFrame(information, columns=columns)
    
    # Show the primary few rows
    print(df.head())
else:
    print(f"Question failed with standing: {standing}")

State of affairs 3: Create a coaching job supported with consumer background periods

For a trusted id propagation-enabled area, a consumer background session is a session that continues to run even when the end-user has logged out of their interactive session corresponding to JupyterLab purposes in SageMaker Studio. For instance, the consumer can provoke a coaching job from their SageMaker Studio area, and the job can run within the background for days or even weeks whatever the consumer’s exercise, and use the consumer’s id to entry information and log audit trails. In case your area doesn’t have trusted id propagation enabled, you possibly can proceed to run coaching jobs and processing jobs as earlier than; nonetheless, if trusted id propagation is enabled, ensure that your consumer background session time is up to date to replicate the period of your coaching jobs, as a result of the default is about mechanically to 7 days. In case you have enabled consumer background periods, replace your SageMaker Studio area or consumer’s execution function with the next permissions to supply a seamless expertise for information scientists:

{
    "Model": "2012-10-17",
    "Assertion": [
        {
            "Sid": "AllowDataAccessAPI",
            "Effect": "Allow",
            "Action": [
                "s3:GetDataAccess",
                "s3:GetAccessGrantsInstanceForPrefix"
            ],
            "Useful resource": [
                "arn:aws:s3:::access-grants/default"
            ]
        },
        {
            "Sid": "RequiredForTIP",
            "Impact": "Permit",
            "Motion": "sts:SetContext",
            "Useful resource": "arn:aws:iam:::function/"
        }
    ]
}

With this setup, an information scientist can use an Amazon S3 location that they’ve entry to via S3 Entry Grants. SageMaker mechanically seems for information entry utilizing S3 Entry Grants and falls again to the job’s IAM function in any other case. For instance, within the following SDK name to create the coaching job, the consumer offers the S3 Amazon URI the place the info is saved, they’ve entry to it via S3 Entry Grants, and so they can run this job with out further setup:

    response = sm.create_training_job(
        TrainingJobName=training_job_name,
        AlgorithmSpecification={
            'TrainingImage': '763104351884.dkr.ecr.us-west-2.amazonaws.com/huggingface-pytorch-training:2.0.0-transformers4.28.1-gpu-py310-cu118-ubuntu20.04',
            'TrainingInputMode': 'File',
            ...
                    RoleArn='arn:aws:iam:::function/tip-domain-role',
        InputDataConfig=[
            {
                'ChannelName': 'training',
                'DataSource': {
                    'S3DataSource': {
                        'S3DataType': 'S3Prefix',
                        'S3Uri': 's3:///',
                        'S3DataDistributionType': 'FullyReplicated'
                    }
                },
                'CompressionType': 'None',
                'RecordWrapperType': 'None'
            },
            ...
        }

(Optional) View and manage user background sessions on IAM Identity Center

When training jobs are run as user background sessions, you can view these sessions as user background sessions on IAM Identity Center. The administrator can view a list of all user background sessions and optionally stop a session if the user has left the team, for example. When the user background session is ended, the training job subsequently fails.

To view a list of all user background sessions, on the IAM Identity Center console, choose Users and choose the user you want view the user background sessions for. Choose the Active sessions tab to view a list of sessions. The user background session can be identified by the Session type column, which shows if the session is interactive or a user background session. The list also shows the job’s Amazon Resource Name (ARN) under the Used by column.

To end a session, select the session and choose End sessions.

You will be prompted to confirm the action. Enter confirm to confirm that you want to end the session and choose End sessions to stop the user background session.

Scenario 4: Auditing using CloudTrail

After trusted identity propagation is enabled for your domain, you can now track the user that performed specific actions through CloudTrail. To try this out, log in to SageMaker Studio, and create and open a JupyterLab space. Open a terminal and enter aws s3 ls to list the available buckets in your Region.

On the CloudTrail console, choose Event history in the navigation pane. Update the Lookup attributes to Event name and in the search box, enter ListBuckets. You should see a list of events, as shown in the following screenshot (it might take up to 5 minutes for the logs to be available in CloudTrail).

Choose the event to view its details (verify the user name is SageMaker if you have also listed buckets through the AWS console or APIs). In the event details, you should be able to see an additional field called onBehalfOf that has the user’s identity.

Supported services and SageMaker AI features called from a trusted identity propagation-enabled SageMaker Studio domain will have the OnBehalfOf field in CloudTrail.

Clean up

If you have created a SageMaker Studio domain for the purposes of trying out trusted identity propagation, delete the domain and its associated Amazon Elastic File System (Amazon EFS) volume to avoid incurring additional charges. Before deleting a domain, you must delete all the users and their associated spaces and applications. For detailed instructions, see Stop and delete your Studio running applications and spaces.

If you created a SageMaker training job, they are ephemeral, and the compute is shut down automatically when the job is complete.

Athena is a serverless analytics service that charges per query billing. No cleanup is necessary, but for best practices, delete the workgroup to remove unused resources.

Conclusion

In this post, we showed you how to enable trusted identity propagation for SageMaker AI domains that use IAM Identity Center as the mode of authentication. With trusted identity propagation, administrators can manage user authorization to other AWS services through the user’s physical identity in conjunction with IAM roles. Administrators can streamline permissions management by maintaining a single domain execution role and manage granular access to other AWS services and data sources through the user’s identity. In addition, trusted identity propagation supports auditing, so administrators can track user activity without the need for managing a role for each user profile.

To learn more about enabling this feature and its use cases, see Trusted identity propagation use cases and Trusted identity propagation with Studio. This post covered a subset of supported applications; we encourage you to check out the documentation and choose the services that best serve your use case and share your feedback!

About the authors

Amit Shyam Jaisinghani is a Software Engineer on the SageMaker Studio team at Amazon Web Services, and he earned his Master’s degree in Computer Science from Rochester Institute of Technology. Since joining Amazon in 2019, he has built and enhanced several AWS services, including AWS WorkSpaces and Amazon SageMaker Studio. Outside of work, he explores hiking trails, plays with his two cats, Missy and Minnie, and enjoys playing Age of Empire.

Durga Sury is a Senior Solutions Architect at Amazon SageMaker, where she helps enterprise customers build secure and scalable AI/ML systems. When she’s not architecting solutions, you can find her enjoying sunny walks with her dog, immersing herself in murder mystery books, or catching up on her favorite Netflix shows.

Khushboo Srivastava is a Senior Product Manager for Amazon SageMaker. She enjoys building products that simplify machine learning workflows for customers, and loves playing with her 1-year old daughter.

Krishnan Manivannan is a Senior Software Engineer at Amazon Web Services and a founding member of the SageMaker AI API team. He has 8 years of experience in the architecture and security of large-scale machine learning services. His specialties include API design, service scalability, identity and access management, and inventing new approaches for building and operating distributed systems. Krishnan has led multiple engineering efforts from design through global launch, delivering reliable and secure systems for customers worldwide.