About the connector
AWS SageMaker helps data scientists and developers to prepare, build, train, and deploy high-quality machine learning (ML) models quickly by bringing together a broad set of capabilities purpose-built for ML.
This document provides information about the AWS SageMaker connector, which facilitates automated interactions with AWS SageMaker using FortiSOAR™ playbooks. Add the AWS SageMaker connector as a step in FortiSOAR™ playbooks and perform automated operations using AWS SageMaker such as retrieving lists of actions, artifacts, applications, etc., from your AWS SageMaker account.
Version information
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.2.2-1098
Authored By: Fortinet
Certified: Yes
Release Notes for version 1.1.0
Following enhancements have been made to the AWS SageMaker Connector in version 1.1.0:
- Certified this version of the connector.
- Updated the 'Sort Order' parameter in all the actions from a 'Text Input' field to a 'Dropdown List' field with its values as 'Ascending' and 'Descending'.
Installing the connector
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-aws-sagemaker
NOTE: If post-installation you see the 'Connector Dependencies not installed' error on the Connector Configuration pop-up, you require to restart the uwsgi service using the following command:
# csadm services --restart uwsgi
Prerequisites to configuring the connector
- The FortiSOAR™ server should have outbound connectivity to port 443 on the AWS SageMaker server.
- You must know the configuration type, either IAM Role or Access Credentials, that you will use to connect to AWS. If you select Access Credentials as your configuration type, then you must know your account's AWS region that you will use to access AWS services and possess the AWS Access Key ID and the AWS Secret Access Key to access AWS services.
Minimum Permissions Required
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the AWS SageMaker connector card. On the connector popup, click the Configurations tab to enter the required configuration details:
| Parameter |
Description |
| Configuration Type |
Type of configuration using which you will provide credentials to access AWS SageMaker and perform automated actions. You can choose between IAM Role or Access Credentials.
If you choose 'IAM Role', then in the AWS Instance IAM Role field enter the IAM Role of your AWS instance to access AWS services.
If you choose 'Access Credentials', then you must enter the following details:
- AWS Region: AWS region of your account to access the AWS SageMaker
- AWS Access Key ID: ID of the AWS Access Key to access AWS services.
- AWS Secret Access Key: Key of the AWS Secret Access to access AWS services.
|
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
| Function |
Description |
Annotation and Category |
| Get Actions |
Lists the actions and their properties in your AWS SageMaker account based on the input parameters you have specified. |
get_actions
Investigation |
| Get Algorithms |
Lists the machine learning algorithms that have been created in your AWS SageMaker account based on the input parameters you have specified. |
get_algorithms
Investigation |
| Get Applications |
Lists the applications in your AWS SageMaker account based on the input parameters you have specified. |
get_apps
Investigation |
| Get Artifacts |
Lists the artifacts and their properties in your AWS SageMaker account based on the input parameters you have specified. |
get_artifacts
Investigation |
operation: Get Actions
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the 'Configuration Type'. If you have specified Access Credentials as the 'Configuration Type', then this parameter is optional.
If you select this option, i.e., set it to 'True' then you must specify the following parameters:
- AWS Region: AWS region of your account to access AWS Lambda and retrieve details of your account's limits and usage.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| Source URI |
Specify the source URI using which you want to filter actions retrieved by this operation, i.e., if you specify this parameter, then this operation will return actions with the specified source URI only. |
| Action Type |
Specify the action type using which you want to filter actions retrieved by this operation, i.e., if you specify this parameter, then this operation will return actions of only the specified type. |
| Created After |
Select the DateTime to filter actions retrieved by this operation, i.e., if you specify this parameter, then this operation will return only those actions that are created on or after the specified DateTime. |
| Created Before |
Select the DateTime to filter actions retrieved by this operation, i.e., if you specify this parameter, then this operation will return only those actions that are created on or before the specified DateTime. |
| Sort By |
Specify the name of the field based on which you want to sort the results retrieved by this operation. Choose between CreationTime (default) or Name. |
| Sort Order |
Select the order of sorting the result. Choose between Ascending or Descending (default). |
| Next Token |
If the previous call to ListActions does not return the full set of actions, i.e., it is truncated, then the call returns a token for getting the next set of actions. You can use this token in your next request to receive the next set of results. |
| Max Results |
The maximum number of actions that should be included in the response of this operation. The default value is set as 10. |
Output
The output contains the following populated JSON schema:
{
"ActionSummaries": [],
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
operation: Get Algorithms
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the 'Configuration Type'. If you have specified Access Credentials as the 'Configuration Type', then this parameter is optional.
If you select this option, i.e., set it to 'True' then you must specify the following parameters:
- AWS Region: AWS region of your account to access AWS Lambda and retrieve details of your account's limits and usage.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| Creation Time After |
Select the DateTime to filter algorithms retrieved by this operation, i.e., if you specify this parameter, then this operation will return only those algorithms that are created on or after the specified DateTime (timestamp). |
| Creation Time Before |
Select the DateTime to filter algorithms retrieved by this operation, i.e., if you specify this parameter, then this operation will return only those algorithms that are created on or before the specified DateTime (timestamp). |
| Name Contains |
Specify a string in the algorithm name to filter algorithms retrieved by this operation, i.e., if you specify this parameter, then this operation will return only those algorithms whose name contains the specified string. |
| Sort By |
Specify the name of the field based on which you want to sort the results retrieved by this operation. Choose between CreationTime (default) or Name. |
| Sort Order |
Select the order of sorting the result. Choose between Ascending (default) or Descending. |
| Max Results |
The maximum number of algorithms that should be included in the response of this operation. |
| Next Token |
If the previous call to ListAlgorithms does not return the full set of actions, i.e., it is truncated, then the call returns a token for getting the next set of algorithms. You can use this token in your next request to receive the next set of results. |
Output
The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
},
"AlgorithmSummaryList": []
}
operation: Get Applications
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the 'Configuration Type'. If you have specified Access Credentials as the 'Configuration Type', then this parameter is optional.
If you select this option, i.e., set it to 'True' then you must specify the following parameters:
- AWS Region: AWS region of your account to access AWS Lambda and retrieve details of your account's limits and usage.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| Max Results |
The maximum number of applications that should be included in the response of this operation. |
| Sort Order |
Select the order of sorting the result. Choose between Ascending (default) or Descending. |
| Sort By |
Specify the name of the field based on which you want to sort the results retrieved by this operation. The default value is CreationTime. |
| Domain ID Equals |
Specify the domain ID using which you want to filter applications retrieved by this operation, i.e., if you specify this parameter, then this operation will return only those applications whose domain ID matches the specified domain ID. |
| User Profile Name Equals |
Specify the user profile name using which you want to filter applications retrieved by this operation, i.e., if you specify this parameter, then this operation will return only those applications whose user profile name matches the specified user profile name. |
| Next Token |
If the previous call to ListApplications does not return the full set of applications, i.e., it is truncated, then the call returns a token for getting the next set of applications. You can use this token in your next request to receive the next set of results. |
Output
The output contains the following populated JSON schema:
{
"Apps": [],
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
}
}
operation: Get Artifacts
Input parameters
| Parameter |
Description |
| Assume a Role |
Select this option to assume a role.
Note: You must enable this option, i.e., this parameter is required, if you have specified IAM Role as the 'Configuration Type'. If you have specified Access Credentials as the 'Configuration Type', then this parameter is optional.
If you select this option, i.e., set it to 'True' then you must specify the following parameters:
- AWS Region: AWS region of your account to access AWS Lambda and retrieve details of your account's limits and usage.
- Role ARN: ARN of the role that you want to assume to execute this action on AWS.
- Session Name: Name of the session that will be created to execute this action on AWS.
|
| Source URI |
Specify the source URI using which you want to filter artifacts retrieved by this operation, i.e., if you specify this parameter, then this operation will return artifacts with the specified source URI only. |
| Artifact Type |
Specify the action type using which you want to filter artifacts retrieved by this operation, i.e., if you specify this parameter, then this operation will return artifacts of only the specified type. |
| Created After |
Select the DateTime to filter artifacts retrieved by this operation, i.e., if you specify this parameter, then this operation will return only those artifacts that are created on or after the specified DateTime. |
| Created Before |
Select the DateTime to filter artifacts retrieved by this operation, i.e., if you specify this parameter, then this operation will return only those artifacts that are created on or before the specified DateTime. |
| Sort By |
Specify the name of the field based on which you want to sort the results retrieved by this operation. The default value is CreationTime. |
| Sort Order |
Select the order of sorting the result. Choose between Ascending or Descending (default). |
| Next Token |
If the previous call to ListArtifacts does not return the full set of artifacts, i.e., it is truncated, then the call returns a token for getting the next set of artifacts. You can use this token in your next request to receive the next set of results. |
| Max Results |
The maximum number of artifacts that should be included in the response of this operation. The default value is set as 10. |
Output
The output contains the following populated JSON schema:
{
"ResponseMetadata": {
"RequestId": "",
"HTTPHeaders": {
"date": "",
"content-type": "",
"content-length": "",
"x-amzn-requestid": ""
},
"RetryAttempts": "",
"HTTPStatusCode": ""
},
"ArtifactSummaries": []
}
Included playbooks
The Sample - AWS-SageMaker - 1.1.0 playbook collection comes bundled with the AWS SageMaker connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS SageMaker connector.
- Get Actions
- Get Algorithms
- Get Applications
- Get Artifacts
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
