Sagemaker allows users to host any ML model on their own AWS infrastructure.
With Obiguard you can manage/restrict access, log requests, and more.
Obiguard SDK Integration with AWS Sagemaker
1. Install the Obiguard SDK
Add the Obiguard SDK to your application to interact with Sagemaker’s API through Obiguard’s gateway.
2. Initialize Obiguard with a Virtual Key
There are multiple ways to integrate Sagemaker with Obiguard.
You can use your AWS credentials, or use an assumed role.
In this example we will create a virtual key and use it to interact with Sagemaker.
This helps you restrict access (specific models, few endpoints, etc).
Here’s how to find your AWS credentials:
AWS Access Key
Use your AWS Secret Access Key, AWS Access Key Id, and AWS Region to create your Virtual key.
Integration Guide
AWS Assumed Role
Take your AWS Assumed Role ARN and AWS Region to create the virtual key.
Create a virtual key in the Obiguard dashboard in the virtual keys section.
You can select sagemaker as the provider, and fill in deployment details.
Initialize the Obiguard SDK with the virtual key. (If you are using the REST API, skip to next step)
from obiguard import Obiguard
client = Obiguard(
obiguard_api_key="sk-obg***", # Your Obiguard API key
virtual_key="VIRTUAL_KEY" # Replace with your Sagemaker Virtual Key
)
from obiguard import Obiguard
client = Obiguard(
obiguard_api_key="sk-obg***", # Your Obiguard API key
virtual_key="VIRTUAL_KEY" # Replace with your Sagemaker Virtual Key
)
3. Invoke the Sagemaker model
response = client.post(
url="endpoints/{endpoint_name}/invocations",
# You can pass any key value pair required by the model, apart from `url`, they are passed as kwargs to the Sagemaker endpoint
inputs="my_custom_value",
my_custom_key="my_custom_value",
)
print(response)
response = client.post(
url="endpoints/{endpoint_name}/invocations",
# You can pass any key value pair required by the model, apart from `url`, they are passed as kwargs to the Sagemaker endpoint
inputs="my_custom_value",
my_custom_key="my_custom_value",
)
print(response)
curl --location 'https://gateway.obiguard.ai/v1/endpoints/{endpoint_name}/invocations' \
--header 'x-obiguard-virtual-key: {VIRTUAL_KEY}' \
--header 'x-obiguard-api-key: {OBIGUARD_API_KEY}' \
--header 'Content-Type: application/json' \
--data '{
# You can pass any key value pair required by the model, they are passed as kwargs to the Sagemaker endpoint
"inputs": "my_custom_value",
"my_custom_key": "my_custom_value"
}'
Making Requests without Virtual Keys
If you do not want to add your AWS details to Obiguard vault, you can also directly pass them while instantiating the Obiguard client.
These are the supported headers/parameters for Sagemaker (Not required if you’re using a virtual key):
| Node SDK | Python SDK | REST Headers |
|---|
| awsAccessKeyId | aws_access_key_id | x-obiguard-aws-access-key-id |
| awsSecretAccessKey | aws_secret_access_key | x-obiguard-aws-secret-access-key |
| awsRegion | aws_region | x-obiguard-aws-region |
| awsSessionToken | aws_session_token | x-obiguard-aws-session-token |
| sagemakerCustomAttributes | sagemaker_custom_attributes | x-obiguard-amzn-sagemaker-custom-attributes |
| sagemakerTargetModel | sagemaker_target_model | x-obiguard-amzn-sagemaker-target-model |
| sagemakerTargetVariant | sagemaker_target_variant | x-obiguard-amzn-sagemaker-target-variant |
| sagemakerTargetContainerHostname | sagemaker_target_container_hostname | x-obiguard-amzn-sagemaker-target-container-hostname |
| sagemakerInferenceId | sagemaker_inference_id | x-obiguard-amzn-sagemaker-inference-id |
| sagemakerEnableExplanations | sagemaker_enable_explanations | x-obiguard-amzn-sagemaker-enable-explanations |
| sagemakerInferenceComponent | sagemaker_inference_component | x-obiguard-amzn-sagemaker-inference-component |
| sagemakerSessionId | sagemaker_session_id | x-obiguard-amzn-sagemaker-session-id |
| sagemakerModelName | sagemaker_model_name | x-obiguard-amzn-sagemaker-model-name |
Example
from obiguard import Obiguard
client = Obiguard(
obiguard_api_key="sk-obg***", # Your Obiguard API key
provider="sagemaker",
aws_region="us-east-1", # Replace with your AWS region
aws_access_key_id="AWS_ACCESS_KEY_ID", # Replace with your AWS access key id
aws_secret_access_key="AWS_SECRET_ACCESS_KEY", # Replace with your AWS secret access key
amzn_sagemaker_inference_component="SAGEMAKER_INFERENCE_COMPONENT" # Replace with your Sagemaker inference component
)
response = client.post(
url="endpoints/{endpoint_name}/invocations",
# You can pass any key value pair required by the model, apart from `url`, they are passed as kwargs to the Sagemaker endpoint
inputs="my_custom_value",
my_custom_key="my_custom_value"
)
print(response)
from obiguard import Obiguard
client = Obiguard(
obiguard_api_key="sk-obg***", # Your Obiguard API key
provider="sagemaker",
aws_region="us-east-1", # Replace with your AWS region
aws_access_key_id="AWS_ACCESS_KEY_ID", # Replace with your AWS access key id
aws_secret_access_key="AWS_SECRET_ACCESS_KEY", # Replace with your AWS secret access key
amzn_sagemaker_inference_component="SAGEMAKER_INFERENCE_COMPONENT" # Replace with your Sagemaker inference component
)
response = client.post(
url="endpoints/{endpoint_name}/invocations",
# You can pass any key value pair required by the model, apart from `url`, they are passed as kwargs to the Sagemaker endpoint
inputs="my_custom_value",
my_custom_key="my_custom_value"
)
print(response)
curl "https://gateway.obiguard.ai/v1/chat/completions" \
-H "Content-Type: application/json" \
-H "x-obiguard-api-key: $OBIGUARD_API_KEY" \
-H "x-obiguard-provider: sagemaker" \
-H "x-obiguard-aws-access-key-id: $AWS_ACCESS_KEY_ID" \
-H "x-obiguard-aws-secret-access-key: $AWS_SECRET_ACCESS_KEY" \
-H "x-obiguard-aws-region: $AWS_REGION" \
-H "x-obiguard-amzn-sagemaker-inference-component: $SAGEMAKER_INFERENCE_COMPONENT" \
-d '{
# You can pass any key value pair apart from `url` required by the model, they are passed as kwargs to the Sagemaker endpoint
"inputs": "my_custom_value",
"my_custom_key": "my_custom_value"
}'
Next Steps
The complete list of features supported in the SDK are available on the link below.
