⭐ Add SageMaker clusters, feature groups, model packages, model cards, spaces, user profiles

Add 8 new SageMaker sub-resources and expand existing resources with
typed cross-references and missing fields from the SDK (v1.239.0).

New resources:
- aws.sagemaker.cluster (HyperPod) with nodes sub-resource
- aws.sagemaker.clusterNode
- aws.sagemaker.featureGroup
- aws.sagemaker.modelPackage with modelPackageGroup() cross-ref
- aws.sagemaker.modelPackageGroup
- aws.sagemaker.modelCard
- aws.sagemaker.space with domain() cross-ref
- aws.sagemaker.userProfile with domain() cross-ref

New fields on existing resources:
- notebookinstance: instanceType, lifecycleConfigName, code repos
- notebookinstancedetails: iamRole, securityGroups, ipAddressType,
  platformIdentifier, volumeSizeInGB, failureReason
- domain: subnets, defaultExecutionRole, securityGroupIdForDomainBoundary,
  appSecurityGroupManagement, tagPropagation, singleSignOnApplicationArn,
  failureReason
- inferenceComponent: failureReason
- model/trainingjob/processingjob/cluster: vpcSecurityGroups, vpcSubnets

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: tas50

providers/aws/config/config.go

@@ -14,7 +14,7 @@ import (
 var Config = plugin.Provider{
 	Name:            "aws",
 	ID:              "go.mondoo.com/cnquery/v9/providers/aws",
-	Version:         "13.10.0",
+	Version:         "13.10.1",
 	ConnectionTypes: []string{provider.DefaultConnectionType, string(awsec2ebsconn.EBSConnectionType)},
 	Connectors: []plugin.Connector{
 		{

providers/aws/resources/aws.lr

@@ -1641,6 +1641,20 @@ aws.sagemaker {
   domains() []aws.sagemaker.domain
   // List of SageMaker inference components
   inferenceComponents() []aws.sagemaker.inferenceComponent
+  // List of SageMaker HyperPod clusters
+  clusters() []aws.sagemaker.cluster
+  // List of SageMaker feature groups
+  featureGroups() []aws.sagemaker.featureGroup
+  // List of SageMaker model packages
+  modelPackages() []aws.sagemaker.modelPackage
+  // List of SageMaker model package groups
+  modelPackageGroups() []aws.sagemaker.modelPackageGroup
+  // List of SageMaker model cards
+  modelCards() []aws.sagemaker.modelCard
+  // List of SageMaker spaces
+  spaces() []aws.sagemaker.space
+  // List of SageMaker user profiles
+  userProfiles() []aws.sagemaker.userProfile
 }
 
 // AWS SageMaker notebook instance
@@ -1663,6 +1677,14 @@ private aws.sagemaker.notebookinstance @defaults("arn name") {
   status string
   // URL to connect to the Jupyter notebook
   url string
+  // ML compute instance type
+  instanceType string
+  // Name of the lifecycle configuration associated with the notebook instance
+  lifecycleConfigName string
+  // Default Git repository associated with the notebook instance
+  defaultCodeRepository string
+  // Additional Git repositories associated with the notebook instance
+  additionalCodeRepositories []string
 }
 
 // AWS SageMaker notebook instance details
@@ -1679,6 +1701,18 @@ private aws.sagemaker.notebookinstancedetails @defaults("arn") {
   minimumInstanceMetadataServiceVersion string
   // VPC subnet the notebook instance is deployed in
   subnet() aws.vpc.subnet
+  // IP address type: ipv4 or dualstack
+  ipAddressType string
+  // Platform identifier of the notebook instance runtime environment
+  platformIdentifier string
+  // Size (in GB) of the ML storage volume attached to the instance
+  volumeSizeInGB int
+  // Failure reason if the notebook instance is in a failed state
+  failureReason string
+  // IAM role associated with the instance
+  iamRole() aws.iam.role
+  // VPC security groups associated with the instance
+  securityGroups() []aws.ec2.securitygroup
 }
 
 // AWS SageMaker endpoint
@@ -1721,6 +1755,10 @@ private aws.sagemaker.model @defaults("arn name") {
   primaryContainer() dict
   // VPC configuration
   vpcConfig() dict
+  // VPC security groups from VPC configuration
+  vpcSecurityGroups() []aws.ec2.securitygroup
+  // VPC subnets from VPC configuration
+  vpcSubnets() []aws.vpc.subnet
 }
 
 // AWS SageMaker training job
@@ -1757,6 +1795,10 @@ private aws.sagemaker.trainingjob @defaults("arn name status") {
   billableTimeInSeconds() int
   // VPC configuration
   vpcConfig() dict
+  // VPC security groups from VPC configuration
+  vpcSecurityGroups() []aws.ec2.securitygroup
+  // VPC subnets from VPC configuration
+  vpcSubnets() []aws.vpc.subnet
   // Output data configuration
   outputDataConfig() dict
   // Resource configuration (instanceType, instanceCount, volumeSizeInGB)
@@ -1795,6 +1837,10 @@ private aws.sagemaker.processingjob @defaults("arn name status") {
   enableInterContainerTrafficEncryption() bool
   // VPC configuration
   vpcConfig() dict
+  // VPC security groups from VPC configuration
+  vpcSecurityGroups() []aws.ec2.securitygroup
+  // VPC subnets from VPC configuration
+  vpcSubnets() []aws.vpc.subnet
   // Processing resources configuration
   processingResources() dict
   // Environment variables
@@ -1863,6 +1909,20 @@ private aws.sagemaker.domain @defaults("arn name status") {
   homeEfsFileSystemId() string
   // Default user settings
   defaultUserSettings() dict
+  // Security group ID for domain boundary
+  securityGroupIdForDomainBoundary() string
+  // Who manages security groups for inter-app communication: Service or Customer
+  appSecurityGroupManagement() string
+  // Whether custom tag propagation is supported
+  tagPropagation() string
+  // IAM Identity Center application ARN
+  singleSignOnApplicationArn() string
+  // Failure reason if the domain is in a failed state
+  failureReason() string
+  // VPC subnets the domain uses for communication
+  subnets() []aws.vpc.subnet
+  // Default execution role from user settings
+  defaultExecutionRole() aws.iam.role
 }
 
 // AWS SageMaker inference component
@@ -1897,6 +1957,248 @@ private aws.sagemaker.inferenceComponent @defaults("arn name status") {
   runtimeConfig() dict
   // Compute resource requirements specification
   specification() dict
+  // Failure reason if the inference component is in a failed state
+  failureReason() string
+}
+
+// AWS SageMaker HyperPod cluster
+private aws.sagemaker.cluster @defaults("arn name status") {
+  // ARN of the cluster
+  arn string
+  // Name of the cluster
+  name string
+  // Region where the cluster exists
+  region string
+  // Status: InService, Creating, Updating, Failed, Deleting, RollingBack, SystemUpdating
+  status string
+  // Time when the cluster was created
+  createdAt time
+  // Tags for the cluster
+  tags() map[string]string
+  // IAM role used for cluster operations
+  iamRole() aws.iam.role
+  // Cluster instance groups
+  instanceGroups() []dict
+  // Orchestrator type (EKS or Slurm configuration)
+  orchestrator() dict
+  // VPC configuration (security groups and subnets)
+  vpcConfig() dict
+  // VPC security groups from VPC configuration
+  vpcSecurityGroups() []aws.ec2.securitygroup
+  // VPC subnets from VPC configuration
+  vpcSubnets() []aws.vpc.subnet
+  // Node recovery mode
+  nodeRecovery() string
+  // Node provisioning mode
+  nodeProvisioningMode() string
+  // Failure message if the cluster is in a failed state
+  failureMessage() string
+  // Nodes in the cluster
+  nodes() []aws.sagemaker.clusterNode
+}
+
+// AWS SageMaker HyperPod cluster node
+private aws.sagemaker.clusterNode @defaults("instanceId instanceGroupName instanceType") {
+  // Instance ID of the node
+  instanceId string
+  // Instance group name the node belongs to
+  instanceGroupName string
+  // Instance type of the node
+  instanceType string
+  // Status of the node
+  status string
+  // Status message for the node
+  statusMessage string
+  // Time when the node was launched
+  launchTime time
+  // Private DNS hostname of the node
+  privateDnsHostname string
+  // Private primary IP address
+  privatePrimaryIp string
+  // Region where the node exists
+  region string
+}
+
+// AWS SageMaker feature group
+private aws.sagemaker.featureGroup @defaults("arn name status") {
+  // ARN of the feature group
+  arn string
+  // Name of the feature group
+  name string
+  // Region where the feature group exists
+  region string
+  // Status: Creating, Created, CreateFailed, Deleting, DeleteFailed
+  status string
+  // Time when the feature group was created
+  createdAt time
+  // Tags for the feature group
+  tags() map[string]string
+  // IAM execution role for offline store persistence
+  iamRole() aws.iam.role
+  // Description of the feature group
+  description() string
+  // Feature definitions (name, type pairs)
+  featureDefinitions() []dict
+  // Name of the feature used as event time
+  eventTimeFeatureName() string
+  // Name of the feature used as record identifier
+  recordIdentifierFeatureName() string
+  // Offline store configuration (S3, Glue catalog, encryption)
+  offlineStoreConfig() dict
+  // Online store configuration (encryption, storage type, TTL)
+  onlineStoreConfig() dict
+  // Failure reason if the feature group failed
+  failureReason() string
+  // Offline store replication status: Active or Blocked
+  offlineStoreStatus() string
+  // Size of the online store in bytes
+  onlineStoreTotalSizeBytes() int
+}
+
+// AWS SageMaker model package
+private aws.sagemaker.modelPackage @defaults("arn name approvalStatus") {
+  // ARN of the model package
+  arn string
+  // Name of the model package
+  name string
+  // Region where the model package exists
+  region string
+  // Status: Pending, InProgress, Completed, Failed, Deleting
+  status string
+  // Approval status: Approved, Rejected, PendingManualApproval
+  approvalStatus string
+  // Time when the model package was created
+  createdAt time
+  // Tags for the model package
+  tags() map[string]string
+  // Description of the model package
+  description string
+  // Name of the model package group this belongs to
+  modelPackageGroupName string
+  // Model package group this belongs to
+  modelPackageGroup() aws.sagemaker.modelPackageGroup
+  // Version number within the model package group
+  modelPackageVersion int
+  // Whether the model package is certified for AWS Marketplace
+  certifyForMarketplace() bool
+  // KMS key used for encryption
+  kmsKey() aws.kms.key
+  // Inference specification (containers, supported instance types)
+  inferenceSpecification() dict
+  // Approval description
+  approvalDescription() string
+  // Model metrics
+  modelMetrics() dict
+  // Source URI
+  sourceUri() string
+  // Customer metadata properties
+  customerMetadataProperties() map[string]string
+  // Whether to skip model validation: All or None
+  skipModelValidation() string
+  // Time when the model package was last modified
+  lastModifiedTime() time
+}
+
+// AWS SageMaker model package group
+private aws.sagemaker.modelPackageGroup @defaults("arn name status") {
+  // ARN of the model package group
+  arn string
+  // Name of the model package group
+  name string
+  // Region where the model package group exists
+  region string
+  // Status: Pending, InProgress, Completed, Failed, Deleting, DeleteFailed
+  status string
+  // Time when the group was created
+  createdAt time
+  // Tags for the model package group
+  tags() map[string]string
+  // Description of the model package group
+  description() string
+}
+
+// AWS SageMaker model card
+private aws.sagemaker.modelCard @defaults("arn name modelCardStatus") {
+  // ARN of the model card
+  arn string
+  // Name of the model card
+  name string
+  // Region where the model card exists
+  region string
+  // Approval status: Draft, PendingReview, Approved, Archived
+  modelCardStatus string
+  // Time when the model card was created
+  createdAt time
+  // Time when the model card was last modified
+  lastModifiedAt time
+  // Tags for the model card
+  tags() map[string]string
+  // KMS key used for encryption
+  kmsKey() aws.kms.key
+  // Model card content (JSON string)
+  content() string
+  // Model card version number
+  modelCardVersion() int
+  // Processing status of model card deletion
+  modelCardProcessingStatus() string
+}
+
+// AWS SageMaker space
+private aws.sagemaker.space @defaults("arn name status") {
+  // ARN of the space
+  arn string
+  // Name of the space
+  name string
+  // Region where the space exists
+  region string
+  // Status: Creating, Created, Deleting, Failed, Updating, Pending
+  status string
+  // Display name of the space
+  displayName string
+  // Time when the space was created
+  createdAt time
+  // Time when the space was last modified
+  lastModifiedAt time
+  // Tags for the space
+  tags() map[string]string
+  // Domain the space belongs to
+  domain() aws.sagemaker.domain
+  // Owner user profile name
+  ownerUserProfileName() string
+  // Sharing type of the space
+  sharingType() string
+  // URL of the space
+  spaceUrl() string
+  // Space settings (app type, storage, app configurations)
+  settings() dict
+  // Failure reason if the space is in a failed state
+  failureReason() string
+}
+
+// AWS SageMaker user profile
+private aws.sagemaker.userProfile @defaults("arn name status") {
+  // ARN of the user profile
+  arn string
+  // Name of the user profile
+  name string
+  // Region where the user profile exists
+  region string
+  // Status: Deleting, Failed, InService, Pending, Updating, Update_Failed, Delete_Failed
+  status string
+  // Time when the user profile was created
+  createdAt time
+  // Time when the user profile was last modified
+  lastModifiedAt time
+  // Tags for the user profile
+  tags() map[string]string
+  // Domain the user profile belongs to
+  domain() aws.sagemaker.domain
+  // Failure reason if the user profile is in a failed state
+  failureReason() string
+  // IAM Identity Center user identifier
+  singleSignOnUserIdentifier() string
+  // IAM Identity Center user value
+  singleSignOnUserValue() string
 }
 
 // AWS Simple Notification Service (SNS)