feat(client-sagemaker): SageMaker Ground Truth now supports Virtual Private Cloud. Customers can launch labeling jobs and access to their private workforce in VPC mode.

Author: awstools

clients/client-sagemaker/src/SageMaker.ts

@@ -2385,8 +2385,7 @@ export class SageMaker extends SageMakerClient {
    *                 <code>CreateEndpoint</code> API. SageMaker then deploys all of the containers that you
    *             defined for the model in the hosting environment. </p>
    *         <p>For an example that calls this method when deploying a model to SageMaker hosting services,
-   *             see <a href="https://docs.aws.amazon.com/sagemaker/latest/dg/ex1-deploy-model.html#ex1-deploy-model-boto">Deploy the
-   *                 Model to Amazon SageMaker Hosting Services (Amazon Web Services SDK for Python (Boto
+   *             see <a href="https://docs.aws.amazon.com/sagemaker/latest/dg/realtime-endpoints-deployment.html#realtime-endpoints-deployment-create-model">Create a Model (Amazon Web Services SDK for Python (Boto
    *             3)).</a>
    *          </p>
    *         <p>To run a batch transform using your model, you start a job with the
@@ -9910,13 +9909,19 @@ export class SageMaker extends SageMakerClient {
    * <p>Use this operation to update your workforce. You can use this operation to
    *         require that workers use specific IP addresses to work on tasks
    *         and to update your OpenID Connect (OIDC) Identity Provider (IdP) workforce configuration.</p>
+   *         <p>The worker portal is now supported in VPC and public internet.</p>
+   *
    *
    *         <p> Use <code>SourceIpConfig</code> to restrict worker access to tasks to a specific range of IP addresses.
    *         You specify allowed IP addresses by creating a list of up to ten <a href="https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html">CIDRs</a>.
    *         By default, a workforce isn't restricted to specific IP addresses. If you specify a
    *             range of IP addresses, workers who attempt to access tasks using any IP address outside
    *             the specified range are denied and get a <code>Not Found</code> error message on
    *             the worker portal.</p>
+   *          <p>To restrict access to all the workers in public internet, add the <code>SourceIpConfig</code> CIDR value as "0.0.0.0/0".</p>
+   *         <important>
+   *             <p>Amazon SageMaker does not support Source Ip restriction for worker portals in VPC.</p>
+   *         </important>
    *         <p>Use <code>OidcConfig</code> to update the configuration of a workforce created using
    *             your own OIDC IdP. </p>
    *         <important>

clients/client-sagemaker/src/commands/CreateModelCommand.ts

@@ -34,8 +34,7 @@ export interface CreateModelCommandOutput extends CreateModelOutput, __MetadataB
  *                 <code>CreateEndpoint</code> API. SageMaker then deploys all of the containers that you
  *             defined for the model in the hosting environment. </p>
  *         <p>For an example that calls this method when deploying a model to SageMaker hosting services,
- *             see <a href="https://docs.aws.amazon.com/sagemaker/latest/dg/ex1-deploy-model.html#ex1-deploy-model-boto">Deploy the
- *                 Model to Amazon SageMaker Hosting Services (Amazon Web Services SDK for Python (Boto
+ *             see <a href="https://docs.aws.amazon.com/sagemaker/latest/dg/realtime-endpoints-deployment.html#realtime-endpoints-deployment-create-model">Create a Model (Amazon Web Services SDK for Python (Boto
  *             3)).</a>
  *          </p>
  *         <p>To run a batch transform using your model, you start a job with the

clients/client-sagemaker/src/commands/DescribeLabelingJobCommand.ts

@@ -12,8 +12,7 @@ import {
   SerdeContext as __SerdeContext,
 } from "@aws-sdk/types";
 
-import { DescribeLabelingJobRequest } from "../models/models_1";
-import { DescribeLabelingJobResponse } from "../models/models_2";
+import { DescribeLabelingJobRequest, DescribeLabelingJobResponse } from "../models/models_2";
 import {
   deserializeAws_json1_1DescribeLabelingJobCommand,
   serializeAws_json1_1DescribeLabelingJobCommand,

clients/client-sagemaker/src/commands/ListStudioLifecycleConfigsCommand.ts

@@ -12,7 +12,8 @@ import {
   SerdeContext as __SerdeContext,
 } from "@aws-sdk/types";
 
-import { ListStudioLifecycleConfigsRequest, ListStudioLifecycleConfigsResponse } from "../models/models_2";
+import { ListStudioLifecycleConfigsRequest } from "../models/models_2";
+import { ListStudioLifecycleConfigsResponse } from "../models/models_3";
 import {
   deserializeAws_json1_1ListStudioLifecycleConfigsCommand,
   serializeAws_json1_1ListStudioLifecycleConfigsCommand,

clients/client-sagemaker/src/commands/ListSubscribedWorkteamsCommand.ts

@@ -12,8 +12,7 @@ import {
   SerdeContext as __SerdeContext,
 } from "@aws-sdk/types";
 
-import { ListSubscribedWorkteamsRequest } from "../models/models_2";
-import { ListSubscribedWorkteamsResponse } from "../models/models_3";
+import { ListSubscribedWorkteamsRequest, ListSubscribedWorkteamsResponse } from "../models/models_3";
 import {
   deserializeAws_json1_1ListSubscribedWorkteamsCommand,
   serializeAws_json1_1ListSubscribedWorkteamsCommand,

clients/client-sagemaker/src/commands/UpdateWorkforceCommand.ts

@@ -26,13 +26,19 @@ export interface UpdateWorkforceCommandOutput extends UpdateWorkforceResponse, _
  * <p>Use this operation to update your workforce. You can use this operation to
  *         require that workers use specific IP addresses to work on tasks
  *         and to update your OpenID Connect (OIDC) Identity Provider (IdP) workforce configuration.</p>
+ *         <p>The worker portal is now supported in VPC and public internet.</p>
+ *
  *
  *         <p> Use <code>SourceIpConfig</code> to restrict worker access to tasks to a specific range of IP addresses.
  *         You specify allowed IP addresses by creating a list of up to ten <a href="https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html">CIDRs</a>.
  *         By default, a workforce isn't restricted to specific IP addresses. If you specify a
  *             range of IP addresses, workers who attempt to access tasks using any IP address outside
  *             the specified range are denied and get a <code>Not Found</code> error message on
  *             the worker portal.</p>
+ *          <p>To restrict access to all the workers in public internet, add the <code>SourceIpConfig</code> CIDR value as "0.0.0.0/0".</p>
+ *         <important>
+ *             <p>Amazon SageMaker does not support Source Ip restriction for worker portals in VPC.</p>
+ *         </important>
  *         <p>Use <code>OidcConfig</code> to update the configuration of a workforce created using
  *             your own OIDC IdP. </p>
  *         <important>

clients/client-sagemaker/src/models/models_0.ts

@@ -4547,6 +4547,23 @@ export enum AutoMLS3DataType {
 export interface AutoMLS3DataSource {
   /**
    * <p>The data type.</p>
+   *          <p>A ManifestFile should have the format shown below:</p>
+   *          <p>
+   *             <code>[ {"prefix": "s3://DOC-EXAMPLE-BUCKET/DOC-EXAMPLE-FOLDER/DOC-EXAMPLE-PREFIX/"}, </code>
+   *          </p>
+   *          <p>
+   *             <code>"DOC-EXAMPLE-RELATIVE-PATH/DOC-EXAMPLE-FOLDER/DATA-1",</code>
+   *          </p>
+   *          <p>
+   *             <code>"DOC-EXAMPLE-RELATIVE-PATH/DOC-EXAMPLE-FOLDER/DATA-2",</code>
+   *          </p>
+   *          <p>
+   *             <code>... "DOC-EXAMPLE-RELATIVE-PATH/DOC-EXAMPLE-FOLDER/DATA-N" ]</code>
+   *          </p>
+   *          <p>An S3Prefix should have the following format: </p>
+   *          <p>
+   *             <code>s3://DOC-EXAMPLE-BUCKET/DOC-EXAMPLE-FOLDER-OR-FILE</code>
+   *          </p>
    */
   S3DataType: AutoMLS3DataType | string | undefined;
 
@@ -4571,9 +4588,6 @@ export namespace AutoMLS3DataSource {
 export interface AutoMLDataSource {
   /**
    * <p>The Amazon S3 location of the input data.</p>
-   *          <note>
-   *             <p>The input data must be in CSV format and contain at least 500 rows.</p>
-   *          </note>
    */
   S3DataSource: AutoMLS3DataSource | undefined;
 }
@@ -4642,7 +4656,7 @@ export namespace AutoMLChannel {
 }
 
 /**
- * <p>This structure specifies how to split the data into train and test datasets. The
+ * <p>This structure specifies how to split the data into train and validation datasets. The
  *          validation and training datasets must contain the same headers. The validation dataset must
  *          be less than 2 GB in size.</p>
  */
@@ -6989,7 +7003,11 @@ export interface ResourceSpec {
   /**
    * <p>The instance type that the image version runs on.</p>
    *          <note>
-   *             <p>JupyterServer Apps only support the <code>system</code> value. KernelGateway Apps do not support the <code>system</code> value, but support all other values for available instance types.</p>
+   *             <p>
+   *                <b>JupyterServer apps</b> only support the <code>system</code> value.</p>
+   *             <p>For <b>KernelGateway apps</b>, the <code>system</code>
+   *              value is translated to <code>ml.t3.medium</code>. KernelGateway apps also support all other values for available
+   *             instance types.</p>
    *          </note>
    */
   InstanceType?: AppInstanceType | string;
@@ -7039,6 +7057,11 @@ export interface CreateAppRequest {
 
   /**
    * <p>The instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.</p>
+   *          <note>
+   *             <p>The value of <code>InstanceType</code> passed as part of the <code>ResourceSpec</code> in the <code>CreateApp</code> call overrides the value passed as part of the <code>ResourceSpec</code> configured for
+   *           the user profile or the domain. If <code>InstanceType</code> is not specified in any of those three <code>ResourceSpec</code> values for a
+   *           <code>KernelGateway</code> app, the <code>CreateApp</code> call fails with a request validation error.</p>
+   *          </note>
    */
   ResourceSpec?: ResourceSpec;
 }

clients/client-sagemaker/src/models/models_1.ts

@@ -2489,6 +2489,14 @@ export interface LabelingJobResourceConfig {
    *          </ul>
    */
   VolumeKmsKeyId?: string;
+
+  /**
+   * <p>Specifies a VPC that your training jobs and hosted models have access to. Control
+   *             access to and from your training and model containers by configuring the VPC. For more
+   *             information, see <a href="https://docs.aws.amazon.com/sagemaker/latest/dg/host-vpc.html">Protect Endpoints by Using an Amazon Virtual Private Cloud</a> and <a href="https://docs.aws.amazon.com/sagemaker/latest/dg/train-vpc.html">Protect Training Jobs
+   *                 by Using an Amazon Virtual Private Cloud</a>. </p>
+   */
+  VpcConfig?: VpcConfig;
 }
 
 export namespace LabelingJobResourceConfig {
@@ -2985,7 +2993,7 @@ export interface ModelBiasAppSpecification {
 
   /**
    * <p>JSON formatted S3 file that defines bias parameters. For more information on this JSON
-   *          configuration file, see <a href="https://docs.aws.amazon.com/sagemaker/latest/json-bias-parameter-config.html">Configure bias
+   *          configuration file, see <a href="https://docs.aws.amazon.com/sagemaker/latest/dg/clarify-config-json-monitor-bias-parameters.html">Configure bias
    *          parameters</a>.</p>
    */
   ConfigUri: string | undefined;
@@ -3163,7 +3171,7 @@ export interface ModelExplainabilityAppSpecification {
 
   /**
    * <p>JSON formatted S3 file that defines explainability parameters. For more information on
-   *          this JSON configuration file, see <a href="https://docs.aws.amazon.com/sagemaker/latest/json-model-explainability-parameter-config.html">Configure model
+   *          this JSON configuration file, see <a href="https://docs.aws.amazon.com/sagemaker/latest/dg/clarify-config-json-monitor-model-explainability-parameters.html">Configure model
    *             explainability parameters</a>.</p>
    */
   ConfigUri: string | undefined;
@@ -6877,6 +6885,35 @@ export namespace SourceIpConfig {
   });
 }
 
+/**
+ * <p>The VPC object you use to create or update a workforce.</p>
+ */
+export interface WorkforceVpcConfigRequest {
+  /**
+   * <p>The ID of the VPC that the workforce uses for communication.</p>
+   */
+  VpcId?: string;
+
+  /**
+   * <p>The VPC security group IDs, in the form sg-xxxxxxxx. The security groups must be for the same VPC as specified in the subnet.</p>
+   */
+  SecurityGroupIds?: string[];
+
+  /**
+   * <p>The ID of the subnets in the VPC that you want to connect.</p>
+   */
+  Subnets?: string[];
+}
+
+export namespace WorkforceVpcConfigRequest {
+  /**
+   * @internal
+   */
+  export const filterSensitiveLog = (obj: WorkforceVpcConfigRequest): any => ({
+    ...obj,
+  });
+}
+
 export interface CreateWorkforceRequest {
   /**
    * <p>Use this parameter to configure an Amazon Cognito private workforce.
@@ -6914,6 +6951,11 @@ export interface CreateWorkforceRequest {
    *       both of which you define.</p>
    */
   Tags?: Tag[];
+
+  /**
+   * <p>Use this parameter to configure a workforce using VPC.</p>
+   */
+  WorkforceVpcConfig?: WorkforceVpcConfigRequest;
 }
 
 export namespace CreateWorkforceRequest {
@@ -11326,19 +11368,3 @@ export namespace DescribeInferenceRecommendationsJobResponse {
     ...obj,
   });
 }
-
-export interface DescribeLabelingJobRequest {
-  /**
-   * <p>The name of the labeling job to return information for.</p>
-   */
-  LabelingJobName: string | undefined;
-}
-
-export namespace DescribeLabelingJobRequest {
-  /**
-   * @internal
-   */
-  export const filterSensitiveLog = (obj: DescribeLabelingJobRequest): any => ({
-    ...obj,
-  });
-}