How to setup AWS sagemaker - Resource limit Error - amazon-web-services

I'm trying to set up my first SageMaker Studio so my team and myself can run some post processing scripts in a shared environment but I'm having issues.
I've followed the steps in this video(https://www.youtube.com/watch?v=wiDHCWVrjCU&ab_channel=AmazonWebServices) which are:
Select Standard setup
Select AWS Identity and Access Management (IAM)
Under permissions - Create and select new execution role
Under Network and storage - Select VPC, Subnet and Security group
Hit the submit button at the bottom of the page.
In the video, he clicks submit and is taken to the control panel where he starts the next phase of adding users, however I'm greeted with this error.
Resource limit Error
I've checked my Registered domains under route 53 and it says No domains to display, I've also checked my S2 and I have no instances so I have no idea where the 2 domains being utilized are.
My dashboard, image and Notebooks are all empty so as far as I know there's nothing setup on this Sage Maker account.
Could anyone tell me how to resolve this error?

AWS Sagemaker now supports multi-domain <announced in the Re-Invent 2022, Tested in US-EAST-1 >
enter image description here

You can have maximum 1 studio domain per region, by the default limits. Though, it seems like you have two domains already provisioned. Try to delete all the domains through the AWS cli and recreate with the AWS Management Console.
Unfortunately, AWS Management Console cannot visualize more than one Studio domain.

Related

GCP API - How could you determine that a VM was created via Marketplace?

I'm trying to make an API call in Python (inside a Cloud Function) to do some various things and as part of the information I'd like to pass along is whether the VM was created from something in the Marketplace.
The use case is this: The user is in the GCP Console in Compute Engine. They click on Marketplace in the left column of the display which then brings up VMs to choose from. The user picks one (say "Ubuntu 20.4 LTS (Focal)"). The display shows information about the VM with a "Launch" button. When they click that, they are then taken to the "Create an instance" page and they continue making choices and eventually create the VM.
This creates a log entry that the client's security group checks inside of a cloud function. When I look at the log entry for beta.compute.instances.insert, I don't see anything about it being created via Marketplace. If I make an API call to get the instance, there's nothing in the object returned that shows that either. Anyone know of any way to determine this?
It depends on what you mean by "via Marketplace". In general, the Marketplace offer is usually a Deployment Manager template and an image in a public project (public projects are available only to partners publishing to Marketplace). So if you deploy a Marketplace VM solution you will have:
a VM with source image in some project outside your org; but this will also match VMs created manually using that image (does it match your "via Marketplace" definition?) and VMs created from custom images your individual users have access to. Hint: your service account assigned to function will also have access to all public images, but usually not to images shared between users.
Deployment Manager deployment - that's a nice one as such deployments have some marketplace-specific labels. The problem is that deployment metadata can be deleted without deleting the deployed resources. And there's the case you mentioned with some marketplace listings being just redirections to deploying a single VM.
I'm afraid there's no way to detect if an Ubuntu VM was deployed after visiting Marketplace, or after clicking add VM button or using CLI or terraform - for the GCE it was simply an API call to insert a new instance.

I can't find and disable AWS resources

My free AWS tier is going to expire in 8 days. I removed every EC2 resource and elastic IP associated with it. Because that is what I recall initializing and experimenting with. I deleted all the roles I created because as I understand it, roles permit AWS to perform actions for AWS services. And yet, when I go to the billing page it shows I have these three services that are in current usage.
[1]: https://i.stack.imgur.com/RvKZc.png
I used the script as recommended by AWS documentation to check for all instances and it shows "no resources found".
Link for script: https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-listec2resources.html
I tried searching for each service using the dashboard and didn't get anywhere. I found an S3 bucket, I don't remember creating it but I deleted it anyway, and still, I get the same output.
Any help is much appreciated.
ok, I was able to get in touch with AWS support via Live chat, and they informed me that those services in my billing were usages generated before the services were terminated. AWS support was much faster than I expected.

List of services used in AWS

Please how can get the list of all services I am using.
I have gone to Service Quotas at
https://ap-east-1.console.aws.amazon.com/servicequotas/home?region=ap-east-1
on the dashboard. I could see a list of Items e.g. EC2, VPC, RDS, Dynamo etc but I did not understand what is there.
As I did not request for some of the services I am seeing I even went into budget at
https://console.aws.amazon.com/billing/home?region=ap-east-1#/budgets
and also credits. Maybe I can get the services I have been given credits to use
https://console.aws.amazon.com/billing/home?region=ap-east-1#/budgets?
Also, how can I stop any service which I do not want?
The Billing service is not giving me tangible information also. I do not want the bill to pile up before I start taking needed steps.
Is there a location where I can see all services I am using or maybe there is a code I can enter somewhere which would produce such result?
You can use AWS Config Resource Inventory feature.
AWS Config will discover resources that exist in your account, record their current configuration, and capture any changes to these configurations. Config will also retain configuration details for resources that have been deleted. A comprehensive snapshot of all resources and their configuration attributes provides a complete inventory of resources in your account.
https://aws.amazon.com/config/
There is not an easy answer on this one, as there is not an AWS service that you can use to do this out of the box (yet).
There are some AWS services that you can use to get you close, like:
AWS Config (as suggested by #kepils)
Another option is to use Resource Groups and Tagging to list all resources within a region within account (as described in this answer).
In both cases however, the issue is that both Config and Resource Groups come with the same limitation - they can't see all AWS services on their own.
Another option would be to use a third party tool to do this, if your end goal is to find what do you currently have running in your account like aws-inventory or cloudmapper
On the second part of your question on how to stop any services which you don't want you can do the following:
Don't grant excessive permissions to your users. If someone needs to work on EC2 instances, then their IAM role and respective policy should allow only that instead of for example full access.
You can limit the scope and services permitted for use within account by creating Service Control Policies which are allowing only the specific resources you plan to use.
Set-up an AWS Budget Notifications and potentially AWS Budget Actions.

How to get Grafana CloudWatch Cross-account / Cross-Region Metrics

I have 4 AWS accounts (DTAP) and I want to be able to create one dashboard in Grafana with the cost per service (for all accounts).
So far I can easily create one dashboard in Dev with the costs for all services (using this dashboard: https://grafana.com/grafana/dashboards/139)
I also enabled cross account cross region in AWS (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html) which works nice (in AWS CloudWatch).
Now the problem which I am having is that I can't specify an account selector in this Grafana dashboad 139, or modify the query in such way that I can get metric from different account than Dev:
REMOVE_EMPTY(SEARCH('Namespace="AWS/Billing" MetricName="EstimatedCharges"', 'Average', 3600))
Does anyone has any idea how to get this or which fields are the ones for account select in AWS? I need a programatic way of running "View data for" from the picture below and graph it in Grafana:
Also, I want to avoid creating multiple data sources for each account (due to other limitations)

Amazon AWS EMR "no" configuration sample application

I registered for aws account yesterday and today i followed couple of videos on youtube to run a sample wordcount on input file in S3.
I tried to do that but i don't see any "configuration sample application" button. I have attached an image. It may be trivial, since i am new i may be missing something.
Process i followed:
Created a bucket in S3
aws-> security credentials, created an access
key aws->EC2, created key pair
AWS->IAM, created new role as EC2 + administrator
AWS->EMR, create cluster
Here i don't see any option for configure sample application button. Please check image for more detail
Amazon EMR used to have a 'Sample Application' button, like this:
However, that button is no longer available in the Amazon EMR interface.
The tutorial is most probably out-of-date. (Things change fast on AWS!)