AWS sagemaker documentation change
Summary
Added documentation about Restricted Instance Group (RIG) support including network isolation compliance and security constraint adaptations
Security assessment
Documents security feature implementation (boundary-aware deployments, network isolation compliance) but does not indicate resolution of a security vulnerability. Explains existing security controls rather than addressing new threats.
Diff
diff --git a/sagemaker/latest/dg/sagemaker-hyperpod-observability-addon.md b/sagemaker/latest/dg/sagemaker-hyperpod-observability-addon.md index c95495aac..384230c2a 100644 --- a//sagemaker/latest/dg/sagemaker-hyperpod-observability-addon.md +++ b//sagemaker/latest/dg/sagemaker-hyperpod-observability-addon.md @@ -4,0 +5,2 @@ +Restricted Instance Group (RIG) support + @@ -8,0 +11,6 @@ Amazon SageMaker HyperPod (SageMaker HyperPod) provides a comprehensive, out-of- +## Restricted Instance Group (RIG) support + +The observability add-on also supports clusters that contain Restricted Instance Groups. In RIG clusters, the add-on automatically adapts its deployment strategy to comply with the network isolation and security constraints of restricted nodes. DaemonSet components (node exporter, DCGM exporter, EFA exporter, Neuron monitor, and node collector) run on both standard and restricted nodes. Deployment components (central collector, Kube State Metrics, and Training Metrics Agent) are scheduled with boundary-aware logic to respect network isolation between instance groups. Container log collection with Fluent Bit is not available on restricted nodes. + +For information about setting up the add-on on clusters with Restricted Instance Groups, see [Setting up the SageMaker HyperPod observability add-on](./hyperpod-observability-addon-setup.html). +