Local mode support in Amazon SageMaker Studio
Important
Custom IAM policies that allow Amazon SageMaker Studio or Amazon SageMaker Studio Classic to create Amazon SageMaker resources must also grant permissions to add tags to those resources. The permission to add tags to resources is required because Studio and Studio Classic automatically tag any resources they create. If an IAM policy allows Studio and Studio Classic to create resources but does not allow tagging, "AccessDenied" errors can occur when trying to create resources. For more information, see Provide permissions for tagging SageMaker AI resources.
AWS managed policies for Amazon SageMaker AI that give permissions to create SageMaker resources already include permissions to add tags while creating those resources.
Amazon SageMaker Studio applications support the use of local mode to create estimators, processors, and pipelines, then deploy them to a local environment. With local mode, you can test machine learning scripts before running them in Amazon SageMaker AI managed training or hosting environments. Studio supports local mode in the following applications:
-
Amazon SageMaker Studio Classic
-
JupyterLab
-
Code Editor, based on Code-OSS, Visual Studio Code - Open Source
Local mode in Studio applications is invoked using the SageMaker Python SDK. In Studio
applications, local mode functions similarly to how it functions in Amazon SageMaker notebook instances,
with some differences. For more information about using local mode with the SageMaker Python SDK,
see Local
Mode
Note
Studio applications do not support multi-container jobs in local mode. Local mode jobs
are limited to a single instance for training, inference, and processing jobs. When creating a
local mode job, the instance count configuration must be 1
.
Docker support
As part of local mode support, Studio applications support limited Docker access capabilities. With this support, users can interact with the Docker API from Jupyter notebooks or the image terminal of the application. Customers can interact with Docker using one of the following:
-
Language specific Docker SDK clients
Studio also supports limited Docker access capabilities with the following restrictions:
-
Usage of Docker networks is not supported.
-
Docker volume
usage is not supported during container run. Only volume bind mount inputs are allowed during container orchestration. The volume bind mount inputs must be located on the Amazon Elastic File System (Amazon EFS) volume for Studio Classic. For JupyterLab and Code Editor applications, it must be located on the Amazon Elastic Block Store (Amazon EBS) volume. -
Container inspect operations are allowed.
-
Container port to host mapping is not allowed. However, you can specify a port for hosting. The endpoint is then accessible from Studio using the following URL:
http://localhost:
port
Docker operations supported
The following table lists all of the Docker API endpoints that are supported in Studio, including any support limitations. If an API endpoint is missing from the table, Studio doesn't support it.
API Documentation | Limitations |
---|---|
SystemAuth |
|
SystemEvents |
|
SystemVersion |
|
SystemPing |
|
SystemPingHead |
|
ContainerCreate |
|
ContainerStart |
|
ContainerStop |
|
ContainerKill |
|
ContainerDelete |
|
ContainerList |
|
ContainerLogs |
|
ContainerInspect |
|
ContainerWait |
|
ContainerAttach |
|
ContainerPrune |
|
ContainerResize |
|
ImageCreate |
VPC-only mode support is limited to Amazon ECR images in allowlisted
accounts. |
ImagePrune |
|
ImagePush |
VPC-only mode support is limited to Amazon ECR images in allowlisted
accounts. |
ImageList |
|
ImageInspect |
|
ImageGet |
|
ImageDelete |
|
ImageBuild |
|