7

Is it possible to get the public-ip of an amazon sagemaker notebook instance?

I was wondering if I can ssh into it using the public ip for remote debugging purposes.

I tried getting the public ip using the below curl command

$curl http://169.254.169.254/latest/meta-data

This just lists the local ip and not the public ip.

I also tried the below command.

$curl ifconfig.me

This returns an ip address like 13.232.96.15. If I try ssh into this it doesnt work.

Is there any other way we can do this?

Note : The ssh port 22 is open already in the security group

DineshKumar
  • 1,599
  • 2
  • 16
  • 30

3 Answers3

5

I don't think you can ssh to notebook instances. You can either use open them from the console, or grab the url with an API, re: https://docs.aws.amazon.com/sagemaker/latest/dg/howitworks-access-ws.html

If you need a terminal, then you can open one from Jupyter.

Julien Simon
  • 2,605
  • 10
  • 20
2

You can run this in sagemaker notebook instance to get public/external IP

from requests import get

ip = get('https://api.ipify.org').content.decode('utf8')
print('My public IP address is: {}'.format(ip))

Notebook can either have "Default communication with the internet" (this allows the notebook to communicate with the internet through a VPC managed by SageMaker) or "VPC communication with the internet" (You can create new/use existing VPC with NAT gateway and all the external traffic will go via NAT gateway IP controlled by you)

P.S. you are getting correct public IP but as mentioned in other answers sagemaker doesn't provide SSH access.

References:

Abdul Rauf
  • 5,798
  • 5
  • 50
  • 70
1

Though I have accepted Julien's answer, am pasting the reply I got from aws so that it may be helpful.

Question : Can we ssh into a sagemaker notebook instance?

Answer : No.

Question : Why not?

Answer : The notebook instance is formed as part of SageMaker's fully managed architecture. This means that all the underlying instances for any of the components of the service are deployed in a SageMaker managed environment and access to them is ONLY through SageMaker's API. For the notebook instance, the ONLY access that a customer has is through the Jupyter notebook ( or Jupyter lab ),for which you have to use the CreatePresignedNotebookInstanceUrl API in order to get an authorized URL and this does not include access via SSH .

The URL is public yes, but a customer will still be able to restrict access to only specific IP addresses[1] or connect to it through a VPC endpoint [2] .

[1] https://docs.aws.amazon.com/sagemaker/latest/dg/API_CreatePresignedNotebookInstanceUrl.html

[2] https://docs.aws.amazon.com/sagemaker/latest/dg/notebook-interface-endpoint.html

DineshKumar
  • 1,599
  • 2
  • 16
  • 30