I have deployed an Endpoint on Amazon SageMaker. Now I am trying to Invoke it.
If I run this code in Sagemaker's Jupyter Notebook:
client = boto3.client('sagemaker-runtime')
endpoint_name = 'DEMO-XGBoostEndpoint'
body = ','.join(['1.0'] * 6)
response = client.invoke_endpoint(EndpointName=endpoint_name,
ContentType='text/csv',
Body=body)
response['Body'].read()
it works properly.
But if I run the same code, with added credentials for boto3 client, from my machine:
client = boto3.client('sagemaker-runtime',
aws_access_key_id=ACCESS_ID,
aws_secret_access_key= ACCESS_KEY)
endpoint_name = 'DEMO-XGBoostEndpoint'
body = ','.join(['1.0'] * 6)
response = client.invoke_endpoint(EndpointName=endpoint_name,
ContentType='text/csv',
Body=body)
response['Body'].read()
I get this error:
ClientError: An error occurred (AccessDeniedException) when calling the InvokeEndpoint operation: User: arn:aws:iam::249707424405:user/yury.logachev is not authorized to perform: sagemaker:InvokeEndpoint on resource: arn:aws:sagemaker:us-east-1:249707424405:endpoint/demo-xgboostendpoint-2018-12-12-22-07-28 with an explicit deny
If I run the latter piece of code (with added credentials as a parameters of client) on Sagemaker's Jupyter Notebook, I also get the same error.
I understand that the solution should be linked with roles, policies etc, but could not find out it.
The problem was with the MFA autharization. When I invoked the model from inside the model, the MFA was passed. But when I tried to invoke the model from my machine, the MFA was not passed, so the access was denied.
I created special user without MFA to debug the model, and that solved my problem.