Sagemaker allows users to host any ML model on their own AWS infrastructure. With Obiguard you can manage/restrict access, log requests, and more.
Provider Slug. sagemaker

Obiguard SDK Integration with AWS Sagemaker

1. Install the Obiguard SDK

Add the Obiguard SDK to your application to interact with Sagemaker’s API through Obiguard’s gateway. 
pip install obiguard

2. Initialize Obiguard with a Virtual Key

There are multiple ways to integrate Sagemaker with Obiguard. You can use your AWS credentials, or use an assumed role. In this example we will create a virtual key and use it to interact with Sagemaker. This helps you restrict access (specific models, few endpoints, etc).
Here’s how to find your AWS credentials:

AWS Access Key


Use your AWS Secret Access Key, AWS Access Key Id, and AWS Region to create your Virtual key.

Integration Guide

AWS Assumed Role


Take your AWS Assumed Role ARN and AWS Region to create the virtual key.


Create a virtual key in the Obiguard dashboard in the virtual keys section. You can select sagemaker as the provider, and fill in deployment details. Initialize the Obiguard SDK with the virtual key. (If you are using the REST API, skip to next step) 
from obiguard import Obiguard

client = Obiguard(
  obiguard_api_key="sk-obg***", # Your Obiguard API key
  virtual_key="VIRTUAL_KEY" # Replace with your Sagemaker Virtual Key
)

3. Invoke the Sagemaker model

response = client.post(
  url="endpoints/{endpoint_name}/invocations",
  # You can pass any key value pair required by the model, apart from `url`, they are passed as kwargs to the Sagemaker endpoint
  inputs="my_custom_value",
  my_custom_key="my_custom_value",
)

print(response)

Making Requests without Virtual Keys

If you do not want to add your AWS details to Obiguard vault, you can also directly pass them while instantiating the Obiguard client. These are the supported headers/parameters for Sagemaker (Not required if you’re using a virtual key):
Node SDKPython SDKREST Headers
awsAccessKeyIdaws_access_key_idx-obiguard-aws-access-key-id
awsSecretAccessKeyaws_secret_access_keyx-obiguard-aws-secret-access-key
awsRegionaws_regionx-obiguard-aws-region
awsSessionTokenaws_session_tokenx-obiguard-aws-session-token
sagemakerCustomAttributessagemaker_custom_attributesx-obiguard-amzn-sagemaker-custom-attributes
sagemakerTargetModelsagemaker_target_modelx-obiguard-amzn-sagemaker-target-model
sagemakerTargetVariantsagemaker_target_variantx-obiguard-amzn-sagemaker-target-variant
sagemakerTargetContainerHostnamesagemaker_target_container_hostnamex-obiguard-amzn-sagemaker-target-container-hostname
sagemakerInferenceIdsagemaker_inference_idx-obiguard-amzn-sagemaker-inference-id
sagemakerEnableExplanationssagemaker_enable_explanationsx-obiguard-amzn-sagemaker-enable-explanations
sagemakerInferenceComponentsagemaker_inference_componentx-obiguard-amzn-sagemaker-inference-component
sagemakerSessionIdsagemaker_session_idx-obiguard-amzn-sagemaker-session-id
sagemakerModelNamesagemaker_model_namex-obiguard-amzn-sagemaker-model-name

Example

from obiguard import Obiguard

client = Obiguard(
  obiguard_api_key="sk-obg***", # Your Obiguard API key
  provider="sagemaker",
  aws_region="us-east-1", # Replace with your AWS region
  aws_access_key_id="AWS_ACCESS_KEY_ID", # Replace with your AWS access key id
  aws_secret_access_key="AWS_SECRET_ACCESS_KEY", # Replace with your AWS secret access key
  amzn_sagemaker_inference_component="SAGEMAKER_INFERENCE_COMPONENT" # Replace with your Sagemaker inference component
)

response = client.post(
  url="endpoints/{endpoint_name}/invocations",
  # You can pass any key value pair required by the model, apart from `url`, they are passed as kwargs to the Sagemaker endpoint
  inputs="my_custom_value",
  my_custom_key="my_custom_value"
)

print(response)

Next Steps

The complete list of features supported in the SDK are available on the link below.

SDK