ML Governance with Amazon SageMaker

Simplify access control and enhance transparency

Benefits of SageMaker ML Governance

Govern access to ML and data assets

Provision ML development environments in minutes with enterprise-grade security controls to govern access to ML and data assets in projects.

Quick to get started

Generate customized roles that allow machine learning (ML) practitioners to start working with SageMaker faster

Streamline documentation

Streamline model documentation and provide visibility into key assumptions, characteristics, and artifacts from conception to deployment

Quickly audit and track models

Quickly audit and troubleshoot performance for all models, endpoints, and model monitoring jobs through a unified view. Track deviations from expected model behavior, as well as missing or inactive monitoring jobs, with automated alerts

Integrate with Amazon DataZone

Setup controls and provision

IT Administrators can define infrastructure controls and permissions specific to your enterprise and use case in Amazon DataZone. You can then create an appropriate SageMaker environment in just a few clicks and kick start the development process inside SageMaker Studio.

Search and Discover assets

In SageMaker Studio, you can efficiently search and discover data and ML assets in your organization’s business catalog. You can also request access to assets that you may need to use in your project by subscribing to them.

Consume assets

Once your subscription request is approved, you can consume these subscribed assets in ML tasks such as data preparation, model training, and feature engineering within SageMaker Studio using JupyterLab, and SageMaker Canvas.

Publish assets

Upon completing the ML tasks, you can publish data, models, and feature groups to the business catalog for governance and discoverability by other users.

Define permissions

Simplify permissions for ML activities

SageMaker Role Manager provides a baseline set of permissions for ML activities and personas through a catalog of prebuilt AWS Identity and Access Management (IAM) policies. ML activities can include data prep and training, and personas can include ML engineers and data scientists. You can keep the baseline permissions or customize them further based on your specific needs.

Automate IAM policy generation

With a few self-guided prompts, you can quickly input common governance constructs such as network access boundaries and encryption keys. SageMaker Role Manager will then generate the IAM policy automatically. You can discover the generated role and associated policies through the AWS IAM console.

Attach your managed policies

To further tailor the permissions to your use case, attach your managed IAM policies to the IAM role that you create with SageMaker Role Manager. You can also add tags to help identify and organize the roles across AWS services.