Set up Staging Construct Examples

To set up stage constructs, an admin will need to grant the relevant permissions to the intended users. The following provides an example on how to set up a stage construct.

To get Amazon EventBridge notifications on any model status update, see Model package state change.

Stages are defined by the ModelLifeCycle parameter and have the following structure.


ModelLifeCycle {
    stage: String # Required (e.g. Development/Staging/Production)
    stageStatus: String # Required (e.g. PendingApproval/Approved/Rejected)  
    stageDescription: String # Optional
}

The ModelLifeCycle parameter can be invoked by the following APIs:

Policy for a data scientist role

In the following example policy, the role that the policy is attached to has permissions to:

Create or update a model with the stage "Development" and status "Approved".
Update a model package with the stage "Staging" and status "PendingApproval".


{
    Action : [UpdateModelPackage,CreateModelPackage]
    Resource: *,
    Condition: {
        StringEquals: {
            sagemaker:ModelLifeCycle:stage : "Development"
            sagemaker:ModelLifeCycle:stageStatus : "Approved"       
        }
    }
},
{
    Action : [UpdateModelPackage]
    Resource: *,
    Condition: {
        StringEquals: {
            sagemaker:ModelLifeCycle:stage : "Staging"
            sagemaker:ModelLifeCycle:stageStatus : "PendingApproval"       
        }
    }
}

Policy for a quality assurance specialist

In the following example policy, the role that the policy is attached to has permissions to:

Update a model package with:
- The stage "Staging" and status "Approved" or "Rejected".
- The stage "Production" and status "PendingApproval".


{
    Action : UpdateModelPackage,
    Resource: *,
    Condition: {
        StringEquals: {
            sagemaker:ModelLifeCycle:stage : "Staging"
            sagemaker:ModelLifeCycle:stageStatus : "Approved"
        }
    }
},
{
    Action : UpdateModelPackage,
    Resource: *,
    Condition: {
        StringEquals: {
            sagemaker:ModelLifeCycle:stage : "Staging"
            sagemaker:ModelLifeCycle:stageStatus : "Rejected"
        }
    }
},
{
    Action : UpdateModelPackage,
    Resource: *,
    Condition: {
        StringEquals: {
            sagemaker:ModelLifeCycle:stage : "Production"
            sagemaker:ModelLifeCycle:stageStatus : "PendingApproval"
        }
    }
}

Policy for lead engineer role

In the following example policy, the role that the policy is attached to has permissions to:

Update a model package with:
- The stage "Production" and status "Approved" or "Rejected".
- The stage "Development" and status "PendingApproval".


{
    Action : UpdateModelPackage,
    Resource: *,
    Condition: {
        ForAnyvalue:StringEquals: {
            sagemaker:ModelLifeCycle:stage : "Production",
            sagemaker:ModelLifeCycle:stageStatus : "Approved"
        }
    }
},
{
    Action : UpdateModelPackage,
    Resource: *,
    Condition: {
        StringEquals: {
            sagemaker:ModelLifeCycle:stage : "Production"
            sagemaker:ModelLifeCycle:stageStatus : "Rejected"
        }
    }
},
{
    Action : UpdateModelPackage,
    Resource: *,
    Condition: {
        StringEquals: {
            sagemaker:ModelLifeCycle:stage : "Development"
            sagemaker:ModelLifeCycle:stageStatus : "PendingApproval"
        }
    }
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Staging Construct

Update a model package stage and status example (boto3)