pulumi-aws-kotlin/com.pulumi.aws.sagemaker.kotlin/Domain

Domain

class Domain : KotlinCustomResource

Provides a SageMaker AI Domain resource.

Example Usage

Basic usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.iam.getPolicyDocument({
    statements: [{
        actions: ["sts:AssumeRole"],
        principals: [{
            type: "Service",
            identifiers: ["sagemaker&#46;amazonaws&#46;com"],
        }],
    }],
});
const exampleRole = new aws.iam.Role("example", {
    name: "example",
    path: "/",
    assumeRolePolicy: example.then(example => example.json),
});
const exampleDomain = new aws.sagemaker.Domain("example", {
    domainName: "example",
    authMode: "IAM",
    vpcId: exampleAwsVpc.id,
    subnetIds: [exampleAwsSubnet&#46;id],
    defaultUserSettings: {
        executionRole: exampleRole.arn,
    },
});

import pulumi
import pulumi_aws as aws
example = aws.iam.get_policy_document(statements=[{
    "actions": ["sts:AssumeRole"],
    "principals": [{
        "type": "Service",
        "identifiers": ["sagemaker&#46;amazonaws&#46;com"],
    }],
}])
example_role = aws.iam.Role("example",
    name="example",
    path="/",
    assume_role_policy=example.json)
example_domain = aws.sagemaker.Domain("example",
    domain_name="example",
    auth_mode="IAM",
    vpc_id=example_aws_vpc["id"],
    subnet_ids=[example_aws_subnet["id"]],
    default_user_settings={
        "execution_role": example_role.arn,
    })

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "Service",
                        Identifiers = new[]
                        {
                            "sagemaker.amazonaws.com",
                        },
                    },
                },
            },
        },
    });
    var exampleRole = new Aws.Iam.Role("example", new()
    {
        Name = "example",
        Path = "/",
        AssumeRolePolicy = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });
    var exampleDomain = new Aws.Sagemaker.Domain("example", new()
    {
        DomainName = "example",
        AuthMode = "IAM",
        VpcId = exampleAwsVpc.Id,
        SubnetIds = new[]
        {
            exampleAwsSubnet.Id,
        },
        DefaultUserSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsArgs
        {
            ExecutionRole = exampleRole.Arn,
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sagemaker"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Actions: []string{
						"sts:AssumeRole",
					},
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "Service",
							Identifiers: []string{
								"sagemaker.amazonaws.com",
							},
						},
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
			Name:             pulumi.String("example"),
			Path:             pulumi.String("/"),
			AssumeRolePolicy: pulumi.String(example.Json),
		})
		if err != nil {
			return err
		}
		_, err = sagemaker.NewDomain(ctx, "example", &sagemaker.DomainArgs{
			DomainName: pulumi.String("example"),
			AuthMode:   pulumi.String("IAM"),
			VpcId:      pulumi.Any(exampleAwsVpc.Id),
			SubnetIds: pulumi.StringArray{
				exampleAwsSubnet.Id,
			},
			DefaultUserSettings: &sagemaker.DomainDefaultUserSettingsArgs{
				ExecutionRole: exampleRole.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.sagemaker.Domain;
import com.pulumi.aws.sagemaker.DomainArgs;
import com.pulumi.aws.sagemaker.inputs.DomainDefaultUserSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions("sts:AssumeRole")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("sagemaker.amazonaws.com")
                    .build())
                .build())
            .build());
        var exampleRole = new Role("exampleRole", RoleArgs.builder()
            .name("example")
            .path("/")
            .assumeRolePolicy(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
        var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
            .domainName("example")
            .authMode("IAM")
            .vpcId(exampleAwsVpc.id())
            .subnetIds(exampleAwsSubnet.id())
            .defaultUserSettings(DomainDefaultUserSettingsArgs.builder()
                .executionRole(exampleRole.arn())
                .build())
            .build());
    }
}

resources:
  exampleDomain:
    type: aws:sagemaker:Domain
    name: example
    properties:
      domainName: example
      authMode: IAM
      vpcId: ${exampleAwsVpc.id}
      subnetIds:
        - ${exampleAwsSubnet.id}
      defaultUserSettings:
        executionRole: ${exampleRole.arn}
  exampleRole:
    type: aws:iam:Role
    name: example
    properties:
      name: example
      path: /
      assumeRolePolicy: ${example.json}
variables:
  example:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - actions:
              - sts:AssumeRole
            principals:
              - type: Service
                identifiers:
                  - sagemaker.amazonaws.com

Using Custom Images

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sagemaker.Image;
import com.pulumi.aws.sagemaker.ImageArgs;
import com.pulumi.aws.sagemaker.AppImageConfig;
import com.pulumi.aws.sagemaker.AppImageConfigArgs;
import com.pulumi.aws.sagemaker.inputs.AppImageConfigKernelGatewayImageConfigArgs;
import com.pulumi.aws.sagemaker.ImageVersion;
import com.pulumi.aws.sagemaker.ImageVersionArgs;
import com.pulumi.aws.sagemaker.Domain;
import com.pulumi.aws.sagemaker.DomainArgs;
import com.pulumi.aws.sagemaker.inputs.DomainDefaultUserSettingsArgs;
import com.pulumi.aws.sagemaker.inputs.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new Image("example", ImageArgs.builder()
            .imageName("example")
            .roleArn(exampleAwsIamRole.arn())
            .build());
        var exampleAppImageConfig = new AppImageConfig("exampleAppImageConfig", AppImageConfigArgs.builder()
            .appImageConfigName("example")
            .kernelGatewayImageConfig(AppImageConfigKernelGatewayImageConfigArgs.builder()
                .kernelSpecs(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .build())
            .build());
        var exampleImageVersion = new ImageVersion("exampleImageVersion", ImageVersionArgs.builder()
            .imageName(example.id())
            .baseImage("base-image")
            .build());
        var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
            .domainName("example")
            .authMode("IAM")
            .vpcId(exampleAwsVpc.id())
            .subnetIds(exampleAwsSubnet.id())
            .defaultUserSettings(DomainDefaultUserSettingsArgs.builder()
                .executionRole(exampleAwsIamRole.arn())
                .kernelGatewayAppSettings(DomainDefaultUserSettingsKernelGatewayAppSettingsArgs.builder()
                    .customImages(DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs.builder()
                        .appImageConfigName(exampleAppImageConfig.appImageConfigName())
                        .imageName(exampleImageVersion.imageName())
                        .build())
                    .build())
                .build())
            .build());
    }
}

resources:
  example:
    type: aws:sagemaker:Image
    properties:
      imageName: example
      roleArn: ${exampleAwsIamRole.arn}
  exampleAppImageConfig:
    type: aws:sagemaker:AppImageConfig
    name: example
    properties:
      appImageConfigName: example
      kernelGatewayImageConfig:
        kernelSpecs:
          - name: example
  exampleImageVersion:
    type: aws:sagemaker:ImageVersion
    name: example
    properties:
      imageName: ${example.id}
      baseImage: base-image
  exampleDomain:
    type: aws:sagemaker:Domain
    name: example
    properties:
      domainName: example
      authMode: IAM
      vpcId: ${exampleAwsVpc.id}
      subnetIds:
        - ${exampleAwsSubnet.id}
      defaultUserSettings:
        executionRole: ${exampleAwsIamRole.arn}
        kernelGatewayAppSettings:
          customImages:
            - appImageConfigName: ${exampleAppImageConfig.appImageConfigName}
              imageName: ${exampleImageVersion.imageName}

Import

Using pulumi import, import SageMaker AI Domains using the id. For example:

$ pulumi import aws:sagemaker/domain:Domain test_domain d-8jgsjtilstu8

Properties

appNetworkAccessType

val appNetworkAccessType: Output<String>?

Specifies the VPC used for non-EFS traffic. The default value is PublicInternetOnly. Valid values are PublicInternetOnly and VpcOnly.

appSecurityGroupManagement

val appSecurityGroupManagement: Output<String>?

The entity that creates and manages the required security groups for inter-app communication in VPCOnly mode. Valid values are Service and Customer.

arn

val arn: Output<String>

The Amazon Resource Name (ARN) assigned by AWS to this Domain.

authMode

val authMode: Output<String>

The mode of authentication that members use to access the domain. Valid values are IAM and SSO.

defaultSpaceSettings

val defaultSpaceSettings: Output<DomainDefaultSpaceSettings>?

The default space settings. See default_space_settings Block below.

defaultUserSettings

val defaultUserSettings: Output<DomainDefaultUserSettings>

The default user settings. See default_user_settings Block below.

domainName

val domainName: Output<String>

The domain name.

domainSettings

val domainSettings: Output<DomainDomainSettings>?

The domain settings. See domain_settings Block below.

homeEfsFileSystemId

val homeEfsFileSystemId: Output<String>

The ID of the Amazon Elastic File System (EFS) managed by this Domain.

val id: Output<String>

kmsKeyId

val kmsKeyId: Output<String>?

The AWS KMS customer managed CMK used to encrypt the EFS volume attached to the domain.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

retentionPolicy

val retentionPolicy: Output<DomainRetentionPolicy>?

The retention policy for this domain, which specifies whether resources will be retained after the Domain is deleted. By default, all resources are retained. See retention_policy Block below.

securityGroupIdForDomainBoundary

val securityGroupIdForDomainBoundary: Output<String>

The ID of the security group that authorizes traffic between the RSessionGateway apps and the RStudioServerPro app.

singleSignOnApplicationArn

val singleSignOnApplicationArn: Output<String>

The ARN of the application managed by SageMaker AI in IAM Identity Center. This value is only returned for domains created after September 19, 2023.

singleSignOnManagedApplicationInstanceId

val singleSignOnManagedApplicationInstanceId: Output<String>

The SSO managed application instance ID.

subnetIds

val subnetIds: Output<List<String>>

The VPC subnets that Studio uses for communication.

tagPropagation

val tagPropagation: Output<String>?

Indicates whether custom tag propagation is supported for the domain. Defaults to DISABLED. Valid values are: ENABLED and DISABLED.