Now Secure Your SageMaker Studio Access Using AWS PrivateLink and AWS IAM SourceIP Restrictions
Amazon SageMaker Studio is the first fully integrated development environment (IDE) for machine learning (ML). It provides a single, web-based visual interface where you can perform all ML development steps required to prepare, build, train and tune, deploy and manage models. Starting today, you can secure the connection from your Amazon Virtual Private Cloud (VPC) to SageMaker Studio using AWS PrivateLink. When using PrivateLink, all the traffic flows entirely within the AWS network without traversing the public internet, thus adding an additional layer of security.
Certain compliance requirements such as HIPAA or PCI may mandate preventing information from traversing the internet. Additionally, preventing exposure of data to the public internet reduces the likelihood of threat vectors such as brute force and distributed denial-of-service attacks. AWS PrivateLink enables you to privately access SageMaker Studio from your VPC using interface VPC endpoints. A VPC endpoint is an elastic network interface in your subnet with private IP addresses that serves as an entry point for access to SageMaker Studio. With AWS PrivateLink, your connectivity to SageMaker Studio functions as though it was hosted directly on your private network.
You can also use AWS Identity and Access Management (IAM) roles and policies to restrict access to only connections made from within your VPC. Alternatively, you can also limit access to SageMaker Studio from a range of trusted IP addresses such as your corporate network. You can find examples of such IAM policies in our documentation.
The feature is now available in all AWS regions where Amazon SageMaker Studio is available. Visit the Amazon SageMaker documentation for more details.