Ugly Green Logo

4n6ir.com

Container Registry

GitHub Organization

Grafana Cloud

Slack Workspace

August 04, 2023

Amazon SageMaker Jupyter Notebooks

by John Lukach

Jupyter Notebook end-users only need part of the development environment that AWS Cloud9 or GitHub Codespaces provide. The security operations center (SOC) executes the automation to collect the artifacts to move on quickly, making Amazon SageMaker a good alternative.

Setup access to the public GitHub repository where the Jupyter Notebooks are maintained. GitHub has a fine-grained personal access token (PAT) option allowing storage in AWS Secrets Manager that supports the least privileged usage of private repositories.

github-repository

Creating an Identity Access Management (IAM) role will occur while making the first notebook instance. I will use different permissions sets dependent on the resources accessed, but this will minimally get you started just to run Jupyter Notebooks.

default-iam-role

iam-permissions

Remember, when creating the notebook instance, the requirements for testing are much different than running in production.

create-notebook

grant-permissions

repositories-access

End-users should not have root access, as the lifecycle configuration provides a way to configure the systems without granting this level of permission.

Please attach the notebook instance to a VPC, so it is not on the public Internet, and always use tags.

Watch out for the Jupyter Notebook instances that get left running, as they will not shut off after a period of inactivity hitting the cloud spend.

tags: AWS - Amazon - SageMaker - Jupyter - Notebooks