Exposing an Amazon SageMaker Endpoint via a Custom Domain Name

Samuel Ajisafe - Jun 11 - - Dev Community

Guide to Exposing an Amazon SageMaker Endpoint via a Custom Domain Name

Are you a DevOps or Cloud Engineer tasked with making an Amazon SageMaker endpoint accessible to the public without directly exposing the endpoint itself? This guide will walk you through creating a public-facing SageMaker endpoint accessible via a custom domain name using AWS services and Namecheap as your DNS manager.


  • AWS Account
  • IAM Administrator Access
  • Amazon SageMaker
  • API Gateway
  • DNS Manager (Namecheap)

Step-by-Step Instructions:

Step 1: Create an Execution Role for the REST API

  1. Create the Role:

    • Open the IAM console.
    • Navigate to Roles and choose Create Role.
    • Select AWS Service as the trusted entity and choose API Gateway.
    • Continue to Review.
    • Name the role (e.g., APIGatewayAccessToSageMaker) and create it.
  2. Add Permissions:

    • Find and select the role you just created.
    • Choose Add Inline Policy.
    • Create a policy with the following settings:
      • Service: SageMaker
      • Action: InvokeEndpoint
      • Resources: Specify the ARN of your SageMaker endpoint.
    • Name the policy (e.g., SageMakerEndpointInvokeAccess) and create it.
    • Note the ARN of the role for later use.

Step 2: Build an API Gateway Endpoint

  1. Create the API:
    • Open the API Gateway console.
    • Choose Create API and select REST.
    • Choose New API and name it (e.g., Invocation-API).
    • Select Regional as the endpoint type and create the API.

Image description

Image description

  1. Create a Resource:
    • In the Resources section, choose Create Resource.
    • Enter a resource name (e.g., test-api) and create it.
    • Select the created resource.

Image description

  1. Create a GET Method:
    • Select the resource (test-api) and choose Create Method.
    • Choose GET and confirm.
    • Configure the method with the following settings:
      • Integration Type: AWS Service
      • AWS Region: Your region
      • AWS Service: SageMaker Runtime
      • HTTP Method: POST
      • Action Type: Use Path Override
      • Path Override: endpoints/<sagemaker-endpoint-name>/invocations
      • Execution Role: Enter the ARN of the role created earlier
      • Content Handling: Passthrough
    • Save the method.

Image description

Image description

Image description

Image description

Step 3: Deploy and Test the API

  1. Deploy the API:
    • In the Resources section, select your resource (test-api) and choose Deploy API.
    • Select [New Stage], name the stage (e.g., test), and deploy it.
    • Note the invoke URL from the deployment.

Image description

Image description

Image description

  1. Test the API:
    • Use tools like Postman or curl to test the endpoint.

Step 4: Create a Custom Domain Name in API Gateway

  1. Set Up the Custom Domain:
    • In the API Gateway console, navigate to Custom domain names and choose Create Custom Domain Name.
    • Enter your custom domain name (e.g., example.com).
    • Select the endpoint type (Edge-optimized, Regional, or Private).
    • Choose or upload an SSL certificate from ACM.

Image description

Image description

Step 5: Update DNS Settings in Namecheap

  1. Configure DNS in Namecheap:
    • Log in to Namecheap and navigate to Domain List.
    • Select Manage next to your domain.
    • Go to the Advanced DNS tab.
    • Add a new CNAME record:
      • Type: CNAME Record
      • Host: (subdomain or root, e.g., www)
      • Value: The domain name provided by API Gateway (e.g., d-xxxxxxxxxx.execute-api.region.amazonaws.com)
      • TTL: Automatic

Step 6: Map API Gateway Stage to the Custom Domain

  1. Configure API Mappings:
    • In the API Gateway console, select your custom domain name.
    • Under API mappings, choose Configure API mappings and add a new mapping.
    • Select the API and stage, and optionally specify a path.

Image description

Image description

Step 7: Verify DNS Propagation and Test

  1. Verify DNS:
    • Use tools like dig or online DNS checkers to ensure your domain points to the API Gateway endpoint.
    • Verify that requests to https://test.example.com are routed correctly.


  1. Create Execution Role:
    • IAM Console -> Roles -> Create Role -> API Gateway -> Add Inline Policy -> SageMaker -> InvokeEndpoint
  2. Build API Gateway Endpoint:
    • API Gateway Console -> Create API -> REST -> New API -> Create Resource -> Create Method -> Configure Integration
  3. Deploy and Test API:
    • Resources -> Deploy API -> New Stage -> Deploy -> Test
  4. Create Custom Domain in API Gateway:
    • API Gateway Console -> Custom Domain Names -> Create Custom Domain Name -> SSL Certificate
  5. Update DNS in Namecheap:
    • Domain List -> Manage -> Advanced DNS -> Add CNAME Record
  6. Map API Gateway Stage:
    • Custom Domain Names -> Select Domain -> Configure API Mappings -> Add New Mapping
  7. Verify and Test:
    • Use dig and test with curl or Postman.

By following these steps, you can expose your Amazon SageMaker endpoint via a custom domain managed by Namecheap.

Cloud #AWS #DevOps #SRE #AI #API #Automation

. . . . . . . . . . .
Terabox Video Player