#### Dockerfile creation
we first create a Dockerfile based on the documentation here https://docs.aws.amazon.com/sagemaker/latest/dg/studio-updated-jl-admin-guide-custom-images.html#studio-updated-jl-custom-images-dockerfile-templates

```
FROM public.ecr.aws/amazonlinux/amazonlinux:2023

ARG NB_USER="sagemaker-user"
ARG NB_UID=1000
ARG NB_GID=100

# Install Python3, pip, and other dependencies
RUN yum install -y \
    python3 \
    python3-pip \
    python3-devel \
    gcc \
    shadow-utils && \
    useradd --create-home --shell /bin/bash --gid "${NB_GID}" --uid ${NB_UID} ${NB_USER} && \
    yum clean all

RUN python3 -m pip install --no-cache-dir \
    'jupyterlab>=4.0.0,<5.0.0' \
    urllib3 \
    jupyter-activity-monitor-extension \
    --ignore-installed

# Verify versions
RUN python3 --version && \
    jupyter lab --version

USER ${NB_UID}
CMD jupyter lab --ip 0.0.0.0 --port 8888 \
    --ServerApp.base_url="/jupyterlab/default" \
    --ServerApp.token='' \
    --ServerApp.allow_origin='*'
```

In [1]:
# we create the ECR repository
!aws ecr create-repository --repository-name smstudio-custom --region us-east-1

{
    "repository": {
        "repositoryArn": "arn:aws:ecr:us-east-1:609009159737:repository/smstudio-custom",
        "registryId": "609009159737",
        "repositoryName": "smstudio-custom",
        "repositoryUri": "609009159737.dkr.ecr.us-east-1.amazonaws.com/smstudio-custom",
        "createdAt": 1753306350.217,
        "imageTagMutability": "MUTABLE",
        "imageScanningConfiguration": {
            "scanOnPush": false
        },
        "encryptionConfiguration": {
            "encryptionType": "AES256"
        }
    }
}


In [2]:
!aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 609009159737.dkr.ecr.us-east-1.amazonaws.com

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


In [3]:
!pip install sagemaker-studio-image-build

Collecting sagemaker-studio-image-build
  Downloading sagemaker_studio_image_build-0.6.0.tar.gz (13 kB)
  Preparing metadata (setup.py) ... [?25ldone
Building wheels for collected packages: sagemaker-studio-image-build
[33m  DEPRECATION: Building 'sagemaker-studio-image-build' using the legacy setup.py bdist_wheel mechanism, which will be removed in a future version. pip 25.3 will enforce this behaviour change. A possible replacement is to use the standardized build interface by setting the `--use-pep517` option, (possibly combined with `--no-build-isolation`), or adding a `pyproject.toml` file to the source tree of 'sagemaker-studio-image-build'. Discussion can be found at https://github.com/pypa/pip/issues/6334[0m[33m
[0m  Building wheel for sagemaker-studio-image-build (setup.py) ... [?25ldone
[?25h  Created wheel for sagemaker-studio-image-build: filename=sagemaker_studio_image_build-0.6.0-py3-none-any.whl size=13558 sha256=e6267b36a007a1ecfc0cf0baa4e328b6d5d9491675b7cfe7b0c

In [6]:
!aws sts get-caller-identity

{
    "UserId": "AROAY3S6GJY4UPLVUSLUU:SageMaker",
    "Account": "609009159737",
    "Arn": "arn:aws:sts::609009159737:assumed-role/SageMaker-ExecutionRole-20250723T112596/SageMaker"
}


make sure to give the proper permissinos and trust policy. An example trust policy is ```{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AssumeRole",
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "sagemaker.amazonaws.com",
                    "codebuild.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}```

In [8]:
!sm-docker build -t smstudio-custom:my-jupyterlab-image .

  from pandas.core.computation.check import NUMEXPR_INSTALLED
sagemaker.config INFO - Not applying SDK defaults from location: /etc/xdg/sagemaker/config.yaml
sagemaker.config INFO - Not applying SDK defaults from location: /home/ec2-user/.config/sagemaker/config.yaml
Created ECR repository sagemaker-studio
.....................[Container] 2025/07/23 21:58:31.828846 Running on CodeBuild On-demand

[Container] 2025/07/23 21:58:31.828952 Waiting for agent ping
[Container] 2025/07/23 21:58:34.036661 Waiting for DOWNLOAD_SOURCE
[Container] 2025/07/23 21:58:34.294929 Phase is DOWNLOAD_SOURCE
[Container] 2025/07/23 21:58:34.296073 CODEBUILD_SRC_DIR=/codebuild/output/src1144226924/src
[Container] 2025/07/23 21:58:34.296699 YAML location is /codebuild/output/src1144226924/src/buildspec.yml
[Container] 2025/07/23 21:58:34.300503 Setting HTTP client timeout to higher timeout for S3 source
[Container] 2025/07/23 21:58:34.300623 Processing environment variables
[Container] 2025/07/23 21:58:34.37256

In [9]:
# 609009159737.dkr.ecr.us-east-1.amazonaws.com/sagemaker-studio:latest

# Create an AppImageConfig:

```
{
  "AppImageConfigName": "my-custom-image-config",
    "JupyterLabAppImageConfig": { 
        "FileSystemConfig": { 
            "MountPath": "/home/sagemaker-user",
            "DefaultUid": 1000,
            "DefaultGid": 100
      }
   }
}
```

In [40]:
!aws sagemaker create-app-image-config --cli-input-json file://app-image-config-input.json --region us-east-1


An error occurred (ResourceInUse) when calling the CreateAppImageConfig operation: The ID or Name specified is already in use.


In [41]:
# arn:aws:sagemaker:us-east-1:609009159737:app-image-config/my-custom-image-config

In [42]:
!aws sagemaker create-image \
  --image-name my-jupyterlab-image2 \
  --role-arn arn:aws:iam::609009159737:role/service-role/SageMaker-ExecutionRole-20250723T112596 \
  --region us-east-1

{
    "ImageArn": "arn:aws:sagemaker:us-east-1:609009159737:image/my-jupyterlab-image2"
}


In [43]:
# arn:aws:sagemaker:us-east-1:609009159737:image/my-jupyterlab-image

In [44]:
!aws sagemaker create-image-version \
  --image-name my-jupyterlab-image2 \
  --base-image 609009159737.dkr.ecr.us-east-1.amazonaws.com/sagemaker-studio:latest \
  --region us-east-1

{
    "ImageVersionArn": "arn:aws:sagemaker:us-east-1:609009159737:image-version/my-jupyterlab-image2/1"
}


In [45]:
# arn:aws:sagemaker:us-east-1:794038231401:image-version/my-jupyterlab-image/1

In [46]:
!aws sagemaker update-domain \
  --domain-id d-hbzcqghviqax \
  --default-space-settings file://default-space-settings.json \
  --region us-east-1

{
    "DomainArn": "arn:aws:sagemaker:us-east-1:609009159737:domain/d-hbzcqghviqax"
}


In [47]:
!aws sagemaker describe-domain --domain-id d-hbzcqghviqax

{
    "DomainArn": "arn:aws:sagemaker:us-east-1:609009159737:domain/d-hbzcqghviqax",
    "DomainId": "d-hbzcqghviqax",
    "DomainName": "lustre-domain",
    "HomeEfsFileSystemId": "fs-0005be7f0673b1850",
    "SingleSignOnManagedApplicationInstanceId": "ins-66cbfc7e5e43d657",
    "SingleSignOnApplicationArn": "arn:aws:sso::609009159737:application/ssoins-7223fd66a8e838ce/apl-66cbfc7e5e43d657",
    "Status": "InService",
    "CreationTime": 1753291559.228,
    "LastModifiedTime": 1753309635.936,
    "AuthMode": "SSO",
    "DefaultUserSettings": {
        "ExecutionRole": "arn:aws:iam::609009159737:role/service-role/SageMaker-ExecutionRole-20250723T112596",
        "SecurityGroups": [],
        "SharingSettings": {
            "NotebookOutputOption": "Allowed",
            "S3OutputPath": "s3://sagemaker-studio-tkpi4a0pt5o/sharing"
        },
        "JupyterServerAppSettings": {
            "DefaultResourceSpec": {
                "SageMakerImageArn": "arn:aws:sagemaker:us-east-1:081325