Posted On: Dec 14, 2020

Amazon SageMaker Studio is the first fully integrated development environment (IDE) for machine learning (ML). It provides a single, web-based visual interface where you can perform all ML development steps required to prepare, build, train and tune, deploy and manage models. Starting today, you can secure the connection from your Amazon Virtual Private Cloud (VPC) to SageMaker Studio using Amazon PrivateLink. When using PrivateLink, all the traffic flows entirely within the Amazon Web Services network without traversing the public internet, thus adding an additional layer of security. 

Maintaining compliance requirements such as PCI may mandate preventing information from traversing the internet. Additionally, preventing exposure of data to the public internet reduces the likelihood of threat vectors such as brute force and distributed denial-of-service attacks. Amazon PrivateLink enables you to privately access SageMaker Studio from your VPC using interface VPC endpoints. A VPC endpoint is an elastic network interface in your subnet with private IP addresses that serves as an entry point for access to SageMaker Studio. With Amazon PrivateLink, your connectivity to SageMaker Studio functions as though it was hosted directly on your private network. 

You can also use Amazon Identity and Access Management (IAM) roles and policies to restrict access to only connections made from within your VPC. Alternatively, you can also limit access to SageMaker Studio from a range of trusted IP addresses such as your corporate network. You can find examples of such IAM policies in our documentation

The feature is now available in both Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. Visit the Amazon SageMaker documentation for more details.