问题
这是SageMaker在us-west-1区域中使用亚马逊SageMaker内置算法的XGBoost所需的ECR IAM权限吗?
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": [
"arn:aws:ecr:us-west-1:632365934929:repository/632365934929.dkr.ecr.us-west-1.amazonaws.com/xgboost:1"
]
背景
AWS文档Amazon SageMaker角色告诉指定CreateTrainingJobAPI的TrainingImage值。
Scope ecr permissions as follows:
- Scope to the AlgorithmSpecification.TrainingImage value that you specify in a CreateTrainingJob request.
- Scope to the PrimaryContainer.Image value that you specify in a CreateModel request:
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Resource": [
"arn:aws:ecr:::repository/my-repo1",
"arn:aws:ecr:::repository/my-repo2",
"arn:aws:ecr:::repository/my-repo3"
]
AWS SageMaker API文档TrainingImage告诉我们指定算法docker图像注册表路径作为值。
TrainingImage
包含训练的Docker镜像的注册表路径算法。有关内置的docker注册表路径的信息算法,请参阅AmazonSageMaker提供的算法:通用参数。AmazonSageMaker同时支持registry/repository[:tag]和registry/reportory[@digest]图像路径格式。
AWS文档内置算法的通用参数指示XGBoost注册表路径为632365934929.dkr.ecr.us-west-1.amazonaws.com/xgboost:1。
|算法名称|训练图像和推理图像注册表路径|
|XGBoost|ecr_path/XGBoost:标签|
ecr_path(算法:BlazingText、…、Seq2Seq和XGBoost(0.72(
|| us-west-1|632365934929.dkr.ecr.us-west-1.amazonaws.com |对于"训练图像和推理图像注册表路径"列,使用:1版本标记以确保使用的是稳定版本的算法。您可以在具有:1标记的推理图像上可靠地承载使用具有:1标签的图像训练的模型。
根据第页的注释https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-algo-docker-registry-paths.html
For XGBoost, do not use :latest or :1. Use the specific version you require, such as :0.90-1-cpu-py3, :0.90-2-cpu-py3, :1.0-1-cpu-py3, or :1.2-1.