For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Ask AIPlaygroundLoginFree API Key
HomeAPI ReferenceVoice AgentSpeech-to-TextText-to-SpeechIntelligenceSelf-Hosted Deployments
HomeAPI ReferenceVoice AgentSpeech-to-TextText-to-SpeechIntelligenceSelf-Hosted Deployments
    • Introduction
    • Deployment Environments
  • Amazon SageMaker
      • Observability for Amazon SageMaker
      • Security and Compliance
  • Docker/Podman
    • Drivers and Container Orchestration Tools
  • Kubernetes
    • Securing Your Cluster
    • Troubleshooting
  • Deployment
    • Self Service Licensing & Credentials
    • Deploy STT Services
    • Deploy Flux Model (STT)
    • Deploy TTS Services
    • Deploy Voice Agent
    • Status Endpoint
    • Certificate Status
  • Partner Deployment
  • Scaling and Deployment Strategies
    • System Maintenance
    • Blue-Green Deployment
    • Auto-Scaling
    • Metrics Guide
    • Ingress Authentication
    • Redact Usage
    • Log Formats
    • Using Private Container Registries
  • Features
    • Smart Formatting
  • Self-Hosted Add Ons
    • License Proxy
    • Prometheus Integration
    • Deepgram UniMRCP Plugin
    • Using SDKs with Self-Hosted
LogoLogo
Ask AIPlaygroundLoginFree API Key
On this page
  • API access requirements
  • Network isolation for AWS Marketplace containers
  • Endpoint access: public internet or VPC
  • Compliance
  • Related resources
Amazon SageMakerMonitor & secure

Security and Compliance

Understand how Amazon SageMaker AI protects Deepgram deployments through AWS infrastructure security, network isolation, and VPC controls.
Was this page helpful?
Previous

Docker/Podman

Docker and are popular container runtimes that allows you to run applications in isolated environments. This guide section discusses running Deepgram products in a self-hosted environment using Docker or Podman.

Next
Built with

As a managed service, Amazon SageMaker AI is protected by AWS global network security. For information about AWS security services and how AWS protects infrastructure, see AWS Cloud Security. To design your AWS environment using the best practices for infrastructure security, see Infrastructure Protection in Security Pillar AWS Well-Architected Framework.

For more information, review the AWS documentation Infrastructure security in Amazon SageMaker AI.

API access requirements

You use AWS published API calls to access Amazon SageMaker AI through the network. Clients must support the following:

  • Transport Layer Security (TLS). AWS requires TLS 1.2 and recommends TLS 1.3.
  • Cipher suites with perfect forward secrecy (PFS) such as DHE (Ephemeral Diffie-Hellman) or ECDHE (Elliptic Curve Ephemeral Diffie-Hellman). Most modern systems such as Java 7 and later support these modes.

Network isolation for AWS Marketplace containers

Network isolation is required to run models using resources from AWS Marketplace. For additional security, AWS Marketplace images run within an Amazon VPC. They only have access to data within their local file systems. For details, see No internet access for Marketplace algorithm and model package containers.

Because network isolation is enabled, Deepgram Marketplace containers cannot make any outbound network calls to any service, including Amazon S3 or Deepgram infrastructure. No AWS credentials are made available to the container runtime environment.

Endpoint access: public internet or VPC

A SageMaker Endpoint can be accessible over the public internet or restricted to access only from within your Amazon VPC. To restrict access to your endpoint to a VPC, create an interface VPC endpoint for SageMaker Runtime. Traffic between your VPC and SageMaker then travels over the AWS network and never traverses the public internet.

Use a VPC endpoint when you want to:

  • Keep all inference traffic on the AWS network.
  • Apply VPC security groups and route tables to control which clients reach the endpoint.
  • Meet compliance requirements that prohibit public internet exposure of inference traffic.

Compliance

Deepgram models running on Amazon SageMaker AI real-time endpoints are eligible for most common compliance frameworks, including but not limited to SOC 1/2/3, HIPAA, PCI DSS, FedRAMP Moderate (US East/West), GDPR, and ISO 27001/27017/27018. For specific compliance details for Amazon SageMaker AI, see AWS Services in Scope by Compliance Program.

Related resources

  • Deploy Deepgram on Amazon SageMaker
  • Configure Amazon SageMaker Deployments
  • Observability for Amazon SageMaker