v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_sagemaker_domain - Query AWS SageMaker Domains using SQL

The AWS SageMaker Domain is a fully managed service that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker removes the heavy lifting from each step of the machine learning process to make it easier to develop high-quality models. It offers a set of tools for developers and data scientists to iteratively develop, tune, and deploy machine learning models.

Table Usage Guide

The aws_sagemaker_domain table in Steampipe provides you with information about domains within AWS SageMaker Studio. This table allows you, as a data scientist, machine learning engineer, or DevOps engineer, to query domain-specific details, including the domain status, creation time, and associated metadata. You can utilize this table to gather insights on domains, such as the status of a domain, the creation time, the associated app network access type, and more. The schema outlines the various attributes of the SageMaker domain, including the domain ID, domain ARN, domain name, and associated tags for you.

Examples

Basic info

Explore which AWS Sagemaker domains are active or inactive and their respective creation times. This can be useful in managing and monitoring the lifecycle of your machine learning environments.

select
  name,
  arn,
  creation_time,
  status
from
  aws_sagemaker_domain;
select
  name,
  arn,
  creation_time,
  status
from
  aws_sagemaker_domain;

List sagemaker domains where EFS volume is unencrypted

Discover the segments that have unencrypted EFS volumes in SageMaker domains. This is useful to identify potential security risks and take necessary corrective actions.

select
  name,
  creation_time,
  home_efs_file_system_id,
  kms_key_id
from
  aws_sagemaker_domain
where
  kms_key_id is null;
select
  name,
  creation_time,
  home_efs_file_system_id,
  kms_key_id
from
  aws_sagemaker_domain
where
  kms_key_id is null;

List publicly accessible sagemaker domains

Discover the segments that have 'PublicInternetOnly' as their network access type to identify publicly accessible domains. This is particularly useful in assessing the security and accessibility of your network resources.

select
  name,
  arn,
  creation_time,
  app_network_access_type
from
  aws_sagemaker_domain
where
  app_network_access_type = 'PublicInternetOnly';
select
  name,
  arn,
  creation_time,
  app_network_access_type
from
  aws_sagemaker_domain
where
  app_network_access_type = 'PublicInternetOnly';

Schema for aws_sagemaker_domain

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
app_network_access_typetextSpecifies the VPC used for non-EFS traffic.
app_security_group_managementtextThe entity that creates and manages the required security groups for inter-app communication in VPCOnly mode.
arntextThe Amazon Resource Name (ARN) of the domain.
auth_modetextThe domain's authentication mode.
creation_timetimestamp with time zoneA timestamp that indicates when the domain was created.
default_space_settingsjsonbThe default settings used to create a space.
default_user_settingsjsonbSettings which are applied to UserProfiles in this domain if settings are not explicitly specified in a given UserProfile.
domain_settingsjsonbA collection of domain settings.
failure_reasontextThe domain's failure reason.
home_efs_file_system_idtextThe ID of the Amazon Elastic File System (EFS) managed by this domain.
idtext=The domain ID.
kms_key_idtextThe Amazon Web Services KMS customer managed key used to encrypt the EFS volume attached to the domain.
last_modified_timetimestamp with time zoneThe domain's last modified time.
nametextThe domain name.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
security_group_id_for_domain_boundarytextThe ID of the security group that authorizes traffic between the RSessionGateway apps and the RStudioServerPro app.
single_sign_on_application_arntextThe ARN of the application managed by SageMaker in IAM Identity Center.
single_sign_on_managed_application_instance_idtextThe SSO managed application instance ID.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextThe domain's status.
subnet_idsjsonbThe VPC subnets that studio uses for communication.
tagsjsonbA map of tags for the resource.
tags_srcjsonbThe list of tags for the domain.
titletextTitle of the resource.
urltextThe domain's URL.
vpc_idtextThe ID of the Amazon Virtual Private Cloud (VPC) that the domain uses for communication.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_sagemaker_domain