Posted On: Mar 26, 2021

Amazon SageMaker now supports adding authentication to requests for pulling images stored in your private Docker Registry to build containers for real-time inference. Amazon SageMaker makes it easy to deploy your trained models to production with a single click, so you can start generating real-time inferences with low latency. You can bring your own code for performing real-time inference using container images stored in Amazon Elastic Container Registry (Amazon ECR) or a private Docker registry of your choice. SageMaker can now authenticate with your private Docker registry so you can have an additional layer of security and the peace of mind that requests to your container images are serviced only for authorized entities.

To use a private repository for your container image, you need to specify Vpc as the value of the RepositoryAccess field of the ImageConfig setting for the primary container when you call the CreateModel  API function. The default setting is Amazon ECR. For SageMaker to perform authenticated pulls of container images stored in your private Docker registry, you need to create an AWS Lambda function that returns the required credentials and allow SageMaker to invoke this Lambda. You can then provide the ARN of this Lambda Function when specifying the container used to build your ML models in SageMaker. For step by step instructions, please read our documentation.

Private Docker registry authentication is now available in all AWS regions in North America, South America, Europe (except Milan), Asia Pacific, and the Middle East where Amazon SageMaker is available today.