A data science project team have requested a cloud environment to begin their project. As the project administrator you will use the Service Catalog portfolio, managed by the Cloud Platform Engineering team, to provision a secure VPC and related resources for the data science team. In this lab, you will use Amazon Service Catalog to provision this data science environment. Following the steps below create an environment which contains:
In the previous lab you deployed a CloudFormation template which created a project administrator role. Details of this role can be found in the CloudFormation Outputs for the stack you deployed.
After assuming the project administrator role, visit the AWS Service Catalog console and provision a project environment for the data science team.
Environment creation will take approximately 10 minutes.
Outputstab on the stack’s detail page and notice the
AssumeProjectAdminRolehyperlink to assume the project administrator role created by the stack.
As the project administrator:
Data Science Project Environmentand click
Nextthrough the next few screens to get to the
If you wish to see the contents of these CloudFormation templates you can view them on the CloudFormation console or copy them locally for review using a command such as the below.
aws s3 sync s3://sagemaker-workshop-cloudformation-us-east-1/quickstart ./sagemaker-workshop-cloudformation
After the CloudFormation stack has been successfully created review the Resources tab of the CloudFormation stack and the resources that were created. You’ll notice that it has provisioned:
Service Catalog Portfolio
A service catalog portfolio and products have been configured to give the data science teams tailored products they can deploy easily.
Roles and permissions have been created so that the data science teams can manage themselves and create the resources they need.
A collection of parameters have been stored so they can be referenced by the data science teams. Visit the console, what parameters have been created?
A KMS key to encrypt data at rest in the data science environment. Visit the console, what is the KMS key being used to encrypt?
Virtual Private Cloud (VPC)
The template has created a VPC with no Internet connectivity but with VPC endpoints for accessing AWS services like Amazon S3 and Amazon SageMaker. Visit the console, what services are accessible from within the VPC? Do any endpoints have Endpoint Policies governing them?
You have now created a secure environment for the data science team. Lets now hand things back to the project team and let them support themselves.