AWS prescriptive-guidance documentation change
Summary
Updated section headers to markdown level 2 format, standardized apostrophes, corrected product names (SageMaker AI to SageMaker), and updated a blog reference link.
Security assessment
Changes involve formatting improvements and product name corrections without introducing new security content or addressing vulnerabilities. Existing security recommendations (like account separation and encryption) remain unchanged in substance.
Diff
diff --git a/prescriptive-guidance/latest/strategy-unlock-value-data-financial-services/best-practices-ml-ops.md b/prescriptive-guidance/latest/strategy-unlock-value-data-financial-services/best-practices-ml-ops.md index e4c536317..22c795a2d 100644 --- a//prescriptive-guidance/latest/strategy-unlock-value-data-financial-services/best-practices-ml-ops.md +++ b//prescriptive-guidance/latest/strategy-unlock-value-data-financial-services/best-practices-ml-ops.md @@ -6,0 +7,2 @@ +Account management and separationSecurity standardsUse case capabilitiesMLOps maturity journey + @@ -11 +13 @@ This section provides an overview of AWS best practices for MLOps. -**Account management and separation** +## Account management and separation @@ -13 +15 @@ This section provides an overview of AWS best practices for MLOps. -[AWS best practices](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/aws-account-management-and-separation.html) for account management recommend that you divide your accounts into four accounts for each use case: experimentation, dev, test, and prod. It’s also a best practice to have a governance account for providing shared MLOps resources across the organization and a data lake account for providing centralized data access. The rationale for this is to completely separate the development, test, and production environments, avoid delays caused by service limits being hit through multiple use cases and data science teams sharing the same set of accounts, and provide a complete overview of the costs for each use case. Finally, it’s a best practice to separate account-level data, as each use case has its own set of accounts. +[AWS best practices](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/aws-account-management-and-separation.html) for account management recommend that you divide your accounts into four accounts for each use case: experimentation, dev, test, and prod. It's also a best practice to have a governance account for providing shared MLOps resources across the organization and a data lake account for providing centralized data access. The rationale for this is to completely separate the development, test, and production environments, avoid delays caused by service limits being hit through multiple use cases and data science teams sharing the same set of accounts, and provide a complete overview of the costs for each use case. Finally, it's a best practice to separate account-level data, as each use case has its own set of accounts. @@ -15 +17 @@ This section provides an overview of AWS best practices for MLOps. -**Security standards** +## Security standards @@ -17 +19 @@ This section provides an overview of AWS best practices for MLOps. -To meet security requirements, it’s a best practice to turn off public internet access and encrypt all data with custom keys. Then, you can deploy a secure instance of Amazon SageMaker AI Studio to the development account in a matter of minutes by using Service Catalog. You can also get auditing and model monitoring capabilities for each use case by using SageMaker AI through templates deployed with SageMaker AI Projects. +To meet security requirements, it's a best practice to turn off public internet access and encrypt all data with custom keys. Then, you can deploy a secure instance of Amazon SageMaker Studio to the development account in a matter of minutes by using Service Catalog. You can also get auditing and model monitoring capabilities for each use case by using SageMaker through templates deployed with SageMaker Projects. @@ -19 +21 @@ To meet security requirements, it’s a best practice to turn off public interne -**Use case capabilities** +## Use case capabilities @@ -21 +23 @@ To meet security requirements, it’s a best practice to turn off public interne -After the account setup is complete, your organization’s data scientists can request a new use case template by using SageMaker AI Projects in SageMaker AI Studio. This process deploys the necessary infrastructure to have MLOps capabilities in the development account (with minimal support required from central teams), such as CI/CD pipelines, unit testing, model testing, and model monitoring. +After the account setup is complete, your organization's data scientists can request a new use case template by using SageMaker Projects in SageMaker Studio. This process deploys the necessary infrastructure to have MLOps capabilities in the development account (with minimal support required from central teams), such as CI/CD pipelines, unit testing, model testing, and model monitoring. @@ -23 +25 @@ After the account setup is complete, your organization’s data scientists can r -Each use case is then developed (or refactored in the case of an existing application code base) to run in a SageMaker AI architecture by using SageMaker AI capabilities such as experiment tracking, model explainability, bias detection, and data/model quality monitoring. You can add these capabilities to each use case pipeline by using [pipelines steps](https://docs.aws.amazon.com/sagemaker/latest/dg/build-and-manage-steps.html) in SageMaker AI Pipelines. +Each use case is then developed (or refactored in the case of an existing application code base) to run in a SageMaker architecture by using SageMaker capabilities such as experiment tracking, model explainability, bias detection, and data/model quality monitoring. You can add these capabilities to each use case pipeline by using [pipelines steps](https://docs.aws.amazon.com/sagemaker/latest/dg/build-and-manage-steps.html) in SageMaker Pipelines. @@ -25 +27 @@ Each use case is then developed (or refactored in the case of an existing applic -**MLOps maturity journey** +## MLOps maturity journey @@ -31 +33 @@ The MLOps maturity journey defines the necessary MLOps capabilities made availab - 2. **Repeatable** – In this stage, you standardize code repositories and the ML solution development. You also adopt a multi-account implementation approach, and standardize your code repositories to support model governance and model audits as you scale out the offering. It’s a best practice to adopt a production-ready model development approach with standard solutions that are provided by a governance account. The data is stored in a data lake account and use cases are developed in two accounts. The first account is for experimentation during the data science exploration period. In this account, data scientists discover models for solving the business problem and experiment with multiple possibilities. The other account is for development, which takes place after the best model has been identified and the data science team is ready to work in the inference pipeline. + 2. **Repeatable** – In this stage, you standardize code repositories and the ML solution development. You also adopt a multi-account implementation approach, and standardize your code repositories to support model governance and model audits as you scale out the offering. It's a best practice to adopt a production-ready model development approach with standard solutions that are provided by a governance account. The data is stored in a data lake account and use cases are developed in two accounts. The first account is for experimentation during the data science exploration period. In this account, data scientists discover models for solving the business problem and experiment with multiple possibilities. The other account is for development, which takes place after the best model has been identified and the data science team is ready to work in the inference pipeline. @@ -40 +42 @@ The MLOps maturity journey defines the necessary MLOps capabilities made availab -For more information on the MLOps maturity model, see [MLOps foundation roadmap for enterprises with Amazon SageMaker AI](https://aws.amazon.com/blogs/machine-learning/mlops-foundation-roadmap-for-enterprises-with-amazon-sagemaker/) on the AWS Machine Learning Blog. +For more information on the MLOps maturity models, see [MLOps foundation roadmap for enterprises with Amazon SageMaker](https://aws.amazon.com/blogs/machine-learning/mlops-foundation-roadmap-for-enterprises-with-amazon-sagemaker/) on the AWS Machine Learning Blog.