Integrations
AWS SageMaker Integration
Audital polls the SageMaker APIs in your AWS account (via a cross-account IAM role) to capture training jobs, endpoint deployments, and model monitoring alerts as immutable audit events.
Architecture
Audital assumes a read-only IAM role in your AWS account using STS AssumeRole with an external ID. It polls SageMaker APIs every 60 seconds (configurable) and converts job state transitions into audit events. No agent is installed in your AWS environment.
Setup
Step 1: Create the IAM policy
Create a new IAM policy in your AWS account with the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AuditalSageMakerReadOnly",
"Effect": "Allow",
"Action": [
"sagemaker:DescribeTrainingJob",
"sagemaker:ListTrainingJobs",
"sagemaker:DescribeEndpoint",
"sagemaker:ListEndpoints",
"sagemaker:DescribeModel",
"sagemaker:ListModels",
"sagemaker:DescribeProcessingJob",
"sagemaker:ListProcessingJobs",
"sagemaker:GetModelQualityJobDefinition",
"sagemaker:DescribeModelBiasJobDefinition",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics"
],
"Resource": "*"
}
]
}Step 2: Create the IAM role
Create an IAM role and attach the policy above. Set the trust policy to allow Audital's AWS account to assume it, using your unique external ID (shown in the dashboard):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::891377069453:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "aud_ext_xxxxxxxxxxxxxxxxxxxx"
}
}
}
]
}External ID
The externalId is a unique token generated per Audital organisation. It prevents confused deputy attacks. Never share it outside your team.
Step 3: Connect to Audital
Once the role is created, register the integration via the API or from Settings → Integrations → AWS SageMaker:
curl -X POST https://api.audital.ai/v1/integrations/sagemaker \
-H "Authorization: Bearer ak_live_xxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"awsAccountId": "123456789012",
"region": "eu-west-2",
"roleArn": "arn:aws:iam::123456789012:role/AuditalSageMakerRole",
"externalId": "aud_ext_xxxxxxxxxxxxxxxxxxxx",
"syncInterval": 60,
"filters": {
"namePrefix": "credit-scorer",
"tags": { "Environment": "production" }
}
}'Captured Events
Training job completion
When a SageMaker training job reaches a terminal state (Completed, Failed, or Stopped), Audital captures the full job spec, hyperparameters, and evaluation metrics.
{
"id": "evt_01HZABCDEF9876543210WXYZ",
"chainPosition": 5103,
"blockHash": "sha256:d4e5f6789abc0123456789abcdef01234567890a",
"timestamp": "2026-03-02T11:00:00.000Z",
"eventType": "TRAINING_COMPLETED",
"source": "AWS_SAGEMAKER",
"modelId": "mdl_abc123",
"payload": {
"trainingJobName": "credit-scorer-xgb-2026-03-02-11-00-00",
"trainingJobArn": "arn:aws:sagemaker:eu-west-2:123456789012:training-job/credit-scorer-xgb-2026-03-02",
"algorithmSpecification": {
"trainingImage": "763104351884.dkr.ecr.eu-west-2.amazonaws.com/xgboost:1.7-1",
"trainingInputMode": "File"
},
"inputDataConfig": [
{
"channelName": "train",
"dataSource": "s3://my-bucket/data/train/",
"contentType": "text/csv"
}
],
"outputDataConfig": {
"s3OutputPath": "s3://my-bucket/output/"
},
"resourceConfig": {
"instanceType": "ml.m5.xlarge",
"instanceCount": 1,
"volumeSizeInGB": 50
},
"metrics": {
"train:rmse": 0.0841,
"validation:rmse": 0.0923,
"train:auc": 0.9612,
"validation:auc": 0.9487
},
"trainingTimeSeconds": 843,
"billableTimeSeconds": 843,
"trainingJobStatus": "Completed",
"hyperParameters": {
"max_depth": "6",
"eta": "0.2",
"gamma": "4",
"min_child_weight": "6",
"subsample": "0.8",
"num_round": "200"
}
},
"verified": true
}Endpoint deployment
When an endpoint transitions to InService, Audital records the model version deployed, instance configuration, and traffic weighting — providing a complete deployment lineage.
{
"eventType": "DEPLOYMENT",
"source": "AWS_SAGEMAKER",
"payload": {
"endpointName": "credit-scorer-prod-v2",
"endpointArn": "arn:aws:sagemaker:eu-west-2:123456789012:endpoint/credit-scorer-prod-v2",
"endpointStatus": "InService",
"productionVariants": [
{
"variantName": "AllTraffic",
"modelName": "credit-scorer-xgb-2026-03-02",
"initialInstanceCount": 2,
"instanceType": "ml.m5.large",
"currentWeight": 1.0
}
],
"previousModelName": "credit-scorer-xgb-2026-02-15",
"environment": "production",
"region": "eu-west-2"
}
}Model monitoring alerts
SageMaker Model Monitor violations (data quality, model quality, feature attribution drift, or bias drift) are captured as ALERT events with severity proportional to the magnitude of the violation.
{
"eventType": "ALERT",
"source": "AWS_SAGEMAKER",
"severity": "HIGH",
"payload": {
"monitoringType": "DATA_QUALITY",
"endpointName": "credit-scorer-prod-v2",
"violationType": "FEATURE_DRIFT",
"details": {
"feature": "credit_score",
"baselineStatistic": { "mean": 682.4, "stddev": 89.2 },
"currentStatistic": { "mean": 721.8, "stddev": 102.7 },
"driftDistance": 0.42,
"threshold": 0.30
},
"monitoringJobName": "credit-scorer-data-quality-2026-03-02"
}
}Sync Configuration
| Parameter | Default | Description |
|---|---|---|
| syncInterval | 60 | Poll interval in seconds (min: 30, max: 3600) |
| filters.namePrefix | null | Only sync jobs/endpoints whose names start with this string |
| filters.tags | {} | Only sync resources tagged with these AWS resource tags |
| captureMetrics | true | Include CloudWatch training metrics in the event payload |
| captureHyperparameters | true | Include hyperparameters in training events |