# 01 - Validate that a SageMaker job can connect to RDS PostgreSQL database (Cost Optimized)

In [1]:
%pip install -q psycopg2-binary 2> /dev/null
%pip install -q flake8 2> /dev/null

Note: you may need to restart the kernel to use updated packages.
Note: you may need to restart the kernel to use updated packages.


In [2]:
import json
import os

import boto3
import psycopg2

In [3]:
ssm = boto3.client("ssm")
secretsmanager = boto3.client("secretsmanager")
region = boto3.session.Session().region_name

In [4]:
security_group_parameter = "/AgenticLLMAssistant/SMProcessingJobSecurityGroupId"
dbsecret_arn_parameter = "/AgenticLLMAssistant/DBSecretARN"
subnet_ids_parameter = "/AgenticLLMAssistant/SubnetIds"

security_group = ssm.get_parameter(Name=security_group_parameter)
security_group = security_group["Parameter"]["Value"]

db_secret_arn = ssm.get_parameter(Name=dbsecret_arn_parameter)
db_secret_arn = db_secret_arn["Parameter"]["Value"]

subnet_ids = ssm.get_parameter(Name=subnet_ids_parameter)
# Updated for cost optimization: using public subnets instead of private with NAT Gateway
public_subnets_ids = json.loads(subnet_ids["Parameter"]["Value"])

In [5]:
!mkdir -p scripts

In [6]:
%%writefile scripts/check_connection_to_aurora_postgres.py
import json
import os

import boto3
import psycopg2

secretsmanager = boto3.client("secretsmanager")

secret_response = secretsmanager.get_secret_value(
    SecretId=os.environ["SQL_DB_SECRET_ID"]
)

database_secrets = json.loads(secret_response["SecretString"])

# Extract credentials
host = database_secrets['host']
dbname = database_secrets['dbname']
username = database_secrets['username']
password = database_secrets['password']


def test_db_connection():
    # Connect to the database
    conn = psycopg2.connect(
        host=host,
        database=dbname,
        user=username,
        password=password
    )
    # Get cursor
    cur = conn.cursor()

    # Query to get all tables
    cur.execute("SELECT table_name FROM information_schema.tables WHERE table_schema='public';")

    # Fetch all the tables
    tables = cur.fetchall()

    # Print the table names
    print(f"SQL tables: {tables}")

    # Close connection
    conn.close()


if __name__ == "__main__":
    test_db_connection()

Writing scripts/check_connection_to_aurora_postgres.py


In [7]:
!flake8 --ignore=E501 scripts/check_connection_to_aurora_postgres.py

## Attempt the same in a SageMaker processing job with VPC network config

In [8]:
from sagemaker.network import NetworkConfig

# Note if you enable network isolation, with enable_network_isolation=True
# the pip installation of the dependencies
# under scripts/requirements.txt won't work.
# Cost optimization: using public subnets to avoid NAT Gateway costs
current_network_config = NetworkConfig(
    subnets=public_subnets_ids, security_group_ids=[security_group]
)

sagemaker.config INFO - Not applying SDK defaults from location: /etc/xdg/sagemaker/config.yaml
sagemaker.config INFO - Not applying SDK defaults from location: /home/sagemaker-user/.config/sagemaker/config.yaml


In [9]:
%%time
from sagemaker.xgboost import XGBoostProcessor
from sagemaker.processing import ProcessingInput, ProcessingOutput
from sagemaker import get_execution_role

# Initialize the XGBoostProcessor
xgb = XGBoostProcessor(
    framework_version="1.7-1",
    role=get_execution_role(),
    instance_type="ml.t3.medium",  # Cost optimized: using cheaper t3.medium instead of m5.large
    instance_count=1,
    base_job_name="frameworkprocessor-XGB",
    env={"SQL_DB_SECRET_ID": db_secret_arn, "AWS_DEFAULT_REGION": region},
    network_config=current_network_config,
)

# Run the processing job
xgb.run(code="check_connection_to_aurora_postgres.py", source_dir="scripts")