AWS for Industries

Deploy embedded services with privacy-safe controls on AWS

Amazon Web Services (AWS) customers across the advertising and marketing industry are seeking to further protect their customers’ information by limiting the movement and sharing of data outside of their control. For example, customers with first-party customer data often want to keep that data securely stored inside their own AWS account.

This creates a challenge for customers who typically collaborate with ISV Partners for needed services, such as identity resolution and transcoding, data enrichment, contextual metadata extraction, fraud detection, and brand-safety analysis. These services have traditionally required moving data outside of a customer’s cloud infrastructure and might require complex contracts, security compliance checklists, and customized integrations. Customers might also face additional challenges when exchanging high volumes of data and trying to keep data costs in control while also achieving low data latency.

To address these challenges, industry Partners are increasingly seeking to deploy embedded services within trusted compute environments to offer more capabilities for their customers’ AWS data. These compute environments use isolated containers to protect the ISV’s intellectual property, proprietary algorithms, and foundational data assets.

For example, in December 2021, LiveRamp launched a service on AWS Marketplace that helps AWS customers to deploy LiveRamp identity services into the client’s own Amazon Virtual Private Cloud (Amazon VPC), which gives customers full control over their virtual networking environment. This service works in network isolation mode and manages interactions between LiveRamp’s technology service—an embedded transcoder to help manage customer identifiers for partner collaboration—and the customer’s Amazon VPC through a proxy service so that the customer’s own first-party data and LiveRamp’s service and data aren’t viewable by either party. By using Amazon SageMaker, which can be used to build, train, and deploy machine learning (ML) models, LiveRamp can perform identity translation services directly within the customer’s Amazon VPC, empowering measurement use cases without necessitating additional data movement.

Similarly, there are many other commercial use cases for deploying such an embedded service, including fraud detection and brand-safety analysis, where clients need to share information safely between customers and Partners.

This post will walk you through how to create privacy-safe embedded services using Amazon SageMaker on AWS Marketplace. This architecture helps you to create an environment where AWS customers can consume an ISV Partner’s application within their own Amazon VPC, protecting the customer’s data while also protecting the Partner application’s implementation assets through isolated network access controls and subscription authorization.

Amazon SageMaker on AWS Marketplace

Amazon SageMaker integrates with AWS Marketplace, providing the capability for ISV Partners to easily sell their applications and services using proprietary algorithms or models to Amazon SageMaker users. As per AWS Marketplace terminology, a “Partner” is a seller who is publishing their application on the AWS Marketplace, and a “customer” is a buyer who is purchasing or subscribing a seller’s application. Through Amazon SageMaker’s curated digital catalog, AWS customers can easily find, buy, deploy, and integrate a Partner’s application inside their own Amazon VPC. AWS Marketplace simplifies the licensing and procurement of a Partner’s application with flexible pricing options and multiple available deployment methods. For a Partner to register as a seller, one can use the self-registration process following the Getting Started as a Seller documentation. Let’s review the steps to package a Partner’s application for customers to use within their Amazon VPC.


Figure 1

As shown in the diagram, the registered AWS Marketplace Partner packages its algorithm-based application into a Docker container image. The Partner then uploads the container image as a product into the AWS Marketplace by pushing the image into a repository in Amazon Elastic Container Registry (Amazon ECR), a fully managed container registry offering high-performance hosting. The Partner’s product container image and the artifacts are encrypted in transit and at rest and scanned for vulnerabilities so that there are virtually no security weaknesses prior to being published in the catalog. The Partner can choose the pricing model for its product, such as per-inference or per-batch hour pricing. Partners can also customize the number of inferences the customer is charged for in a single invocation. Refer to the Machine learning product pricing for a complete list of available options.

Once a Partner’s product is deployed and available in the AWS Marketplace, the customer can review the product description, documentation, customer reviews, pricing, and support information through the Amazon SageMaker console or AWS Marketplace.

When AWS customers subscribe to a Partner’s product, it is added to their product lists within the Amazon SageMaker console. Partners’ customers can use AWS SDKs, the AWS Command Line Interface (AWS CLI), or the Amazon SageMaker console to access a Partner’s product REST endpoint.

As the Partner’s application is deployed to the customer’s Amazon SageMaker, the container deployed on the instance cannot make outbound API calls to VPC endpoints or any other AWS services on the internet because the container is running in the network isolation mode, protecting customers’ data from ever leaving their Amazon VPC.

Although Amazon SageMaker cannot access the internet, customers can make calls to an external Partner service prior to calling the SageMaker endpoint. For example, the Partner can provide the customer with a custom activation service to support use cases, such as subscription activation or obtaining dynamic configuration.

In the following Architecture section, we will demonstrate how the Partner’s application is deployed into AWS customers’ Amazon VPC within their AWS account and how a proxy based in AWS Lambda, a serverless, event-driven compute service, can authorize and validate a customer’s subscription prior to calling the Amazon SageMaker endpoint.


Figure 2. Reference architecture

In the architecture above, the flow begins (Step 1) when an AWS customer (or a buyer) subscribes to the listing on AWS Marketplace using AWS Management Console, which has everything customers need to access and manage the AWS Cloud. When the customer subscribes to the product, an Amazon SageMaker instance is provisioned into the customer’s Amazon VPC, including the Partner’s application image. An Amazon SageMaker endpoint is created for the customer’s client application to consume the service.

The Partner can provide a stack in AWS CloudFormation—which lets customers model, provision, and manage AWS and third-party resources—to customers so that they can easily deploy the authorizer AWS Lambda and a proxy AWS Lambda function into their Amazon VPC. For additional authentication requirements, the Partner can use a proxy AWS Lambda function to call the Partner’s authentication endpoint and validate a customer’s subscription prior to calling the service. Once authorized, the endpoint can issue an AuthToken to the customer-client application to be passed along to Amazon SageMaker for processing.

Along with the AuthToken, the customer will pass the data to be processed to the Amazon SageMaker application running in network isolation mode. After Amazon SageMaker has processed the request, the endpoint returns the response back to the client application along with the processed data. To reduce the number of authorization requests, the AuthToken can be cached in the authorizer AWS Lambda function.


As mentioned previously, when a Partner deploys the algorithm package on AWS Marketplace, the Amazon SageMaker container will not have an internet connection to download external public resources, such as dependencies and packages. In order for a Partner to update a product in the AWS Marketplace, the Partner can add a new version of the updated product container image. This will send a notification to the customer that a new version is available. When customers relaunch a Partner’s product from the Amazon SageMaker console, only the latest version of the updated product is visible.

There is currently a 500 GB storage limit on the container image, so resource files might need to be compressed or reduced to meet the size limitation.
Review the Develop Algorithms and Models in Amazon SageMaker documentation for supported operating system versions. The following operating system versions are currently supported:

  • Debian: 6.0, 7, 8, 9, 10
  • Ubuntu: 12.04, 12.10, 13.04, 14.04, 14.10, 15.04, 15.10, 16.04, 16.10, 17.04, 17.10, 18.04, 18.10
  • CentOS: 5, 6, 7
  • Oracle Linux: 5, 6, 7
  • Alpine: 3.3, 3.4, 3.5
  • Amazon Linux

Estimated costs

Customers’ costs will include the subscribed AWS Marketplace software and the Amazon SageMaker instance infrastructure costs. If the custom activation service is required for the offering, costs will include usage-based costs for Amazon ECR and AWS Lambda. For more information, see the following pricing pages:


In this post, we walked you through how to create an embedded collaboration environment with privacy-safe controls using Amazon SageMaker on AWS Marketplace. Now, you can deploy truly local solutions that can enhance a client’s data with powerful services while protecting both your own solution’s intellectual property and keeping your client’s data at rest in their own Amazon VPC.


Power Identity Translation with LiveRamp in Your VPC
Automating updates to your container listings in AWS Marketplace with Catalog API

Sunit Randhawa

Sunit Randhawa

Sunit is Principal Solutions Architect at AWS focusing in the Financial Services Industry. He has a strong background in designing and building scalable distributed systems. He enjoys helping customers innovate and transform their business in AWS.

Brian Maguire

Brian Maguire

Brian Maguire is a Principal Solutions Architect at Amazon Web Services, where he is focused on helping customers build their ideas in the cloud. He is a technologist, writer, teacher, and student who loves learning. Brian is the co-author of the book Scalable Data Streaming with Amazon Kinesis.