Book Image

Amazon SageMaker Best Practices

By : Sireesha Muppala, Randy DeFauw, Shelbee Eigenbrode
Book Image

Amazon SageMaker Best Practices

By: Sireesha Muppala, Randy DeFauw, Shelbee Eigenbrode

Overview of this book

Amazon SageMaker is a fully managed AWS service that provides the ability to build, train, deploy, and monitor machine learning models. The book begins with a high-level overview of Amazon SageMaker capabilities that map to the various phases of the machine learning process to help set the right foundation. You'll learn efficient tactics to address data science challenges such as processing data at scale, data preparation, connecting to big data pipelines, identifying data bias, running A/B tests, and model explainability using Amazon SageMaker. As you advance, you'll understand how you can tackle the challenge of training at scale, including how to use large data sets while saving costs, monitoring training resources to identify bottlenecks, speeding up long training jobs, and tracking multiple models trained for a common goal. Moving ahead, you'll find out how you can integrate Amazon SageMaker with other AWS to build reliable, cost-optimized, and automated machine learning applications. In addition to this, you'll build ML pipelines integrated with MLOps principles and apply best practices to build secure and performant solutions. By the end of the book, you'll confidently be able to apply Amazon SageMaker's wide range of capabilities to the full spectrum of machine learning workflows.
Table of Contents (20 chapters)
Section 1: Processing Data at Scale
Section 2: Model Training Challenges
Section 3: Manage and Monitor Models
Section 4: Automate and Operationalize Machine Learning

Security and permissions

While some data is not sensitive, most companies would not want to expose their data to the public during the labeling process. In this section, we'll cover data access control, encryption, and workforce management for data labeling.

You should follow the principle of least-privileged access when using Ground Truth (or any other cloud service). Restrict the users who are allowed to create labeling jobs, and restrict users allowed to create labeling jobs using non-private workforces. In a custom labeling job, explicitly provide invoke permissions to your Lambda functions. Restrict labeling job access to only the appropriate S3 buckets and prefixes.

When you run a labeling job, Ground Truth will always encrypt the output in S3. You can use the S3-managed key or provide your own KMS key. For non-sensitive data, the default S3 managed key is adequate. If you have sensitive data, consider using separate KMS keys for different datasets, as that provides...