How to set up an air-gapped VPC for Amazon SageMaker Unified Studio
Big Data Blog
This article provides a comprehensive guide for setting up an air-gapped VPC for Amazon SageMaker Unified Studio, enabling organizations to meet strict security and compliance requirements while maintaining operational efficiency.
- Air-gapped architecture uses AWS PrivateLink and VPC endpoints for secure, private connectivity without public internet exposure
- Solution requires custom VPC with private subnets across multiple Availability Zones for high availability
- Mandatory VPC endpoints include S3 Gateway, DataZone, STS, SageMaker, Glue, Secrets Manager, KMS, EC2, and Athena
- Best practices: use bring-your-own VPC approach, enable DNS support, plan IP capacity for 5+ years growth
- Optional endpoints available for EMR, Redshift, Bedrock, RDS, CodeCommit based on specific service needs
- Production environments should implement private networking with at least two private subnets across different AZs
- Step-by-step setup includes VPC creation, SageMaker domain configuration, and interface endpoint provisioning
- External data source access requires network administrator coordination for secure connections and firewall rules
This guide enables organizations to deploy SageMaker Unified Studio securely within isolated networks while maintaining full functionality for data cataloging, queries, and ML workflows.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
2026
2024
2025
2025
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.