Amazon SageMaker domain overview - Amazon SageMaker
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon SageMaker domain overview

To have access to most Amazon SageMaker environments and resources, you must complete the Amazon SageMaker domain onboarding process using the SageMaker console or the Amazon CLI. For a guide describing how to get started using SageMaker based on how you wish to access SageMaker, and if necessary how to set up a domain, see Get started.

An Amazon SageMaker domain consists of the following:

  • An associated Amazon Elastic File System (Amazon EFS) volume

  • A list of authorized users

  • A variety of security, application, policy, and Amazon Virtual Private Cloud (Amazon VPC) configurations

The following diagram provides an overview of private apps and shared spaces within each domain.

When onboarding, you can choose to use either Amazon Identity and Access Management (IAM) or Amazon IAM Identity Center for authentication methods. When you use IAM authentication, you can choose either the Set up for single users or the Set up for organizations procedure. RStudio setup is only available when using the Set up for organizations procedure.

Note

If you onboard using IAM authentication and want to switch to authentication using IAM Identity Center later, you must delete the domain that you created. Then, you need to manually re-import all notebooks and other user data that you created. For more information, see Delete an Amazon SageMaker domain.

The simplest way to create an Amazon SageMaker domain is to follow the Set up for single users procedure from the SageMaker console. Set up for single users uses default settings. These settings include shareable notebooks and public internet access. For information on the default settings, see Default settings.

For more control, including the option of using authentication using IAM Identity Center and RStudio, use the Set up for organizations procedures.

Authentication using IAM Identity Center

To use authentication using IAM Identity Center with domain, you must onboard to an organization in Amazon Organizations.

Note

The Amazon Organizations account must be in the same Amazon Web Services Region as the domain.

Authentication using IAM Identity Center provides the following benefits over IAM authentication:

  • Members given access to domain have a unique sign-in URL that directly opens the domain, and they sign in with their IAM Identity Center credentials. When you use IAM authentication, you must sign in through the SageMaker console.

    For more information on how to access your domain with IAM Identity Center authentication, see Access the domain after onboarding.

  • Organizations manage their members in IAM Identity Center instead of the domain. You can assign multiple members access to the domain at the same time. When you use IAM authentication, you must add and manage members manually, one at time, using the domain control panel.

Topics