steampipe plugin install awssteampipe plugin install aws

Table: aws_sagemaker_domain - Query AWS SageMaker Domains using SQL

The AWS SageMaker Domain is a fully managed service that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker removes the heavy lifting from each step of the machine learning process to make it easier to develop high-quality models. It offers a set of tools for developers and data scientists to iteratively develop, tune, and deploy machine learning models.

Table Usage Guide

The aws_sagemaker_domain table in Steampipe provides you with information about domains within AWS SageMaker Studio. This table allows you, as a data scientist, machine learning engineer, or DevOps engineer, to query domain-specific details, including the domain status, creation time, and associated metadata. You can utilize this table to gather insights on domains, such as the status of a domain, the creation time, the associated app network access type, and more. The schema outlines the various attributes of the SageMaker domain, including the domain ID, domain ARN, domain name, and associated tags for you.

Examples

Basic info

Explore which AWS Sagemaker domains are active or inactive and their respective creation times. This can be useful in managing and monitoring the lifecycle of your machine learning environments.

select
  name,
  arn,
  creation_time,
  status
from
  aws_sagemaker_domain;

select
  name,
  arn,
  creation_time,
  status
from
  aws_sagemaker_domain;

List sagemaker domains where EFS volume is unencrypted

Discover the segments that have unencrypted EFS volumes in SageMaker domains. This is useful to identify potential security risks and take necessary corrective actions.

select
  name,
  creation_time,
  home_efs_file_system_id,
  kms_key_id
from
  aws_sagemaker_domain
where
  kms_key_id is null;

select
  name,
  creation_time,
  home_efs_file_system_id,
  kms_key_id
from
  aws_sagemaker_domain
where
  kms_key_id is null;

List publicly accessible sagemaker domains

Discover the segments that have 'PublicInternetOnly' as their network access type to identify publicly accessible domains. This is particularly useful in assessing the security and accessibility of your network resources.

select
  name,
  arn,
  creation_time,
  app_network_access_type
from
  aws_sagemaker_domain
where
  app_network_access_type = 'PublicInternetOnly';

select
  name,
  arn,
  creation_time,
  app_network_access_type
from
  aws_sagemaker_domain
where
  app_network_access_type = 'PublicInternetOnly';

Schema for aws_sagemaker_domain

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
app_network_access_type	text		Specifies the VPC used for non-EFS traffic.
app_security_group_management	text		The entity that creates and manages the required security groups for inter-app communication in VPCOnly mode.
arn	text		The Amazon Resource Name (ARN) of the domain.
auth_mode	text		The domain's authentication mode.
creation_time	timestamp with time zone		A timestamp that indicates when the domain was created.
default_user_settings	jsonb		Settings which are applied to UserProfiles in this domain if settings are not explicitly specified in a given UserProfile.
domain_settings	jsonb		A collection of domain settings.
failure_reason	text		The domain's failure reason.
home_efs_file_system_id	text		The ID of the Amazon Elastic File System (EFS) managed by this domain.
id	text	=	The domain ID.
kms_key_id	text		The Amazon Web Services KMS customer managed key used to encrypt the EFS volume attached to the domain.
last_modified_time	timestamp with time zone		The domain's last modified time.
name	text		The domain name.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text		The AWS Region in which the resource is located.
security_group_id_for_domain_boundary	text		The ID of the security group that authorizes traffic between the RSessionGateway apps and the RStudioServerPro app.
single_sign_on_managed_application_instance_id	text		The SSO managed application instance ID.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
status	text		The domain's status.
subnet_ids	jsonb		The VPC subnets that studio uses for communication.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		The list of tags for the domain.
title	text		Title of the resource.
url	text		The domain's URL.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_sagemaker_domain