createDomain method
Creates a Domain
used by Amazon SageMaker Studio. A domain
consists of an associated Amazon Elastic File System (EFS) volume, a list
of authorized users, and a variety of security, application, policy, and
Amazon Virtual Private Cloud (VPC) configurations. An AWS account is
limited to one domain per region. Users within a domain can share notebook
files and other artifacts with each other.
EFS storage
When a domain is created, an EFS volume is created for use by all of the users within the domain. Each user receives a private home directory within the EFS volume for notebooks, Git repositories, and data files.
SageMaker uses the AWS Key Management Service (AWS KMS) to encrypt the EFS volume attached to the domain with an AWS managed customer master key (CMK) by default. For more control, you can specify a customer managed CMK. For more information, see Protect Data at Rest Using Encryption.
VPC configuration
All SageMaker Studio traffic between the domain and the EFS volume is
through the specified VPC and subnets. For other Studio traffic, you can
specify the AppNetworkAccessType
parameter.
AppNetworkAccessType
corresponds to the network access type
that you choose when you onboard to Studio. The following options are
available:
-
PublicInternetOnly
- Non-EFS traffic goes through a VPC managed by Amazon SageMaker, which allows internet access. This is the default value. -
VpcOnly
- All Studio traffic is through the specified VPC and subnets. Internet access is disabled by default. To allow internet access, you must specify a NAT gateway.When internet access is disabled, you won't be able to run a Studio notebook or to train or host models unless your VPC has an interface endpoint to the SageMaker API and runtime or a NAT gateway and your security groups allow outbound connections.
May throw ResourceLimitExceeded. May throw ResourceInUse.
Parameter authMode
:
The mode of authentication that members use to access the domain.
Parameter defaultUserSettings
:
The default user settings.
Parameter domainName
:
A name for the domain.
Parameter subnetIds
:
The VPC subnets that Studio uses for communication.
Parameter vpcId
:
The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for
communication.
Parameter appNetworkAccessType
:
Specifies the VPC used for non-EFS traffic. The default value is
PublicInternetOnly
.
-
PublicInternetOnly
- Non-EFS traffic is through a VPC managed by Amazon SageMaker, which allows direct internet access -
VpcOnly
- All Studio traffic is through the specified VPC and subnets
Parameter homeEfsFileSystemKmsKeyId
:
This member is deprecated and replaced with KmsKeyId
.
Parameter kmsKeyId
:
SageMaker uses AWS KMS to encrypt the EFS volume attached to the domain
with an AWS managed customer master key (CMK) by default. For more
control, specify a customer managed CMK.
Parameter tags
:
Tags to associated with the Domain. Each tag consists of a key and an
optional value. Tag keys must be unique per resource. Tags are searchable
using the Search API.
Implementation
Future<CreateDomainResponse> createDomain({
required AuthMode authMode,
required UserSettings defaultUserSettings,
required String domainName,
required List<String> subnetIds,
required String vpcId,
AppNetworkAccessType? appNetworkAccessType,
String? homeEfsFileSystemKmsKeyId,
String? kmsKeyId,
List<Tag>? tags,
}) async {
ArgumentError.checkNotNull(authMode, 'authMode');
ArgumentError.checkNotNull(defaultUserSettings, 'defaultUserSettings');
ArgumentError.checkNotNull(domainName, 'domainName');
_s.validateStringLength(
'domainName',
domainName,
0,
63,
isRequired: true,
);
ArgumentError.checkNotNull(subnetIds, 'subnetIds');
ArgumentError.checkNotNull(vpcId, 'vpcId');
_s.validateStringLength(
'vpcId',
vpcId,
0,
32,
isRequired: true,
);
_s.validateStringLength(
'homeEfsFileSystemKmsKeyId',
homeEfsFileSystemKmsKeyId,
0,
2048,
);
_s.validateStringLength(
'kmsKeyId',
kmsKeyId,
0,
2048,
);
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'SageMaker.CreateDomain'
};
final jsonResponse = await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'AuthMode': authMode.toValue(),
'DefaultUserSettings': defaultUserSettings,
'DomainName': domainName,
'SubnetIds': subnetIds,
'VpcId': vpcId,
if (appNetworkAccessType != null)
'AppNetworkAccessType': appNetworkAccessType.toValue(),
if (homeEfsFileSystemKmsKeyId != null)
'HomeEfsFileSystemKmsKeyId': homeEfsFileSystemKmsKeyId,
if (kmsKeyId != null) 'KmsKeyId': kmsKeyId,
if (tags != null) 'Tags': tags,
},
);
return CreateDomainResponse.fromJson(jsonResponse.body);
}