ML Governance with Amazon SageMaker

Simplify access control and enhance transparency

Why ML governance

Amazon SageMaker provides purpose-built governance tools to help you implement ML responsibly. With Amazon SageMaker Role Manager, administrators can define minimum permissions in minutes. Amazon SageMaker Model Cards makes it easier to capture, retrieve, and share essential model information, such as intended uses, risk ratings, and training details, from conception to deployment. Amazon SageMaker Model Dashboard keeps you informed on model behavior in production, all in one place. Integration of Amazon SageMaker and Amazon DataZone makes it easier to streamline ML and data governance.

Benefits of SageMaker ML Governance

Provision ML development environments in minutes with enterprise-grade security controls to govern access to ML and data assets in projects.
Generate customized roles that allow machine learning (ML) practitioners to start working with SageMaker faster
Streamline model documentation and provide visibility into key assumptions, characteristics, and artifacts from conception to deployment
Quickly audit and troubleshoot performance for all models, endpoints, and model monitoring jobs through a unified view. Track deviations from expected model behavior, as well as missing or inactive monitoring jobs, with automated alerts

Integrate with Amazon DataZone

  • Setup controls and provision
  • IT Administrators can define infrastructure controls and permissions specific to your enterprise and use case in Amazon DataZone. You can then create an appropriate SageMaker environment in just a few clicks and kick start the development process inside SageMaker Studio.

  • Search and Discover assets
  • In SageMaker Studio, you can efficiently search and discover data and ML assets in your organization’s business catalog. You can also request access to assets that you may need to use in your project by subscribing to them.

  • Consume assets
  • Once your subscription request is approved, you can consume these subscribed assets in ML tasks such as data preparation, model training, and feature engineering within SageMaker Studio using JupyterLab, and SageMaker Canvas.

  • Publish assets
  • Upon completing the ML tasks, you can publish data, models, and feature groups to the business catalog for governance and discoverability by other users.

Define permissions

Simplify permissions for ML activities

SageMaker Role Manager provides a baseline set of permissions for ML activities and personas through a catalog of prebuilt AWS Identity and Access Management (IAM) policies. ML activities can include data prep and training, and personas can include ML engineers and data scientists. You can keep the baseline permissions or customize them further based on your specific needs.

role manager simplifying permissions

Automate IAM policy generation

With a few self-guided prompts, you can quickly input common governance constructs such as network access boundaries and encryption keys. SageMaker Role Manager will then generate the IAM policy automatically. You can discover the generated role and associated policies through the AWS IAM console.

Attach your managed policies

To further tailor the permissions to your use case, attach your managed IAM policies to the IAM role that you create with SageMaker Role Manager. You can also add tags to help identify and organize the roles across AWS services.

attach your managed policies