Skip to content

Update encrypted bucket custom template #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
acere wants to merge 40 commits into
base: main
Choose a base branch
from
Open

Update encrypted bucket custom template #94

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
1e8532b
DO NOT MERGE YET: multi set of account for basic project. Will still …
ViktorMalesevic Jan 25, 2023
ac82c76
Shorten project bucket names
ViktorMalesevic Jan 25, 2023
8465ad0
Code Pipelines names consistency
ViktorMalesevic Jan 26, 2023
3f7e30c
Revert config set requirements from pipeline_constructs and enable dy…
ViktorMalesevic Feb 15, 2023
c656364
Move SSM to be created with SM Project and not with Service Catalog P…
ViktorMalesevic Feb 15, 2023
02f1fb5
Typo in SSM construct
ViktorMalesevic Feb 15, 2023
9cb6ca5
Add necessary ssm:PutParameter policy to product launch role
ViktorMalesevic Feb 15, 2023
5e33283
More SSM actions for mlops parameters
ViktorMalesevic Feb 16, 2023
7f4958b
Revert create SM Studio from accounts.json due to dependency for Serv…
ViktorMalesevic Mar 2, 2023
131c941
Merge pull request #2 from ViktorMalesevic/feature/ssm-in-mlops-stacks
ViktorMalesevic Mar 2, 2023
69ad6d9
Merge branch 'aws-samples:main' into main
ViktorMalesevic Mar 2, 2023
087c16a
CICD prep work for batch inference in build repo
ViktorMalesevic Mar 3, 2023
679e35f
Bugfixes setup.py + buildspec in deploy
ViktorMalesevic Mar 8, 2023
33b2b4c
Project CodePipelines modification to access s3 mlops, ssm, and trigg…
ViktorMalesevic Mar 8, 2023
ec2b34d
Merge branch 'aws-samples:main' into main
ViktorMalesevic Mar 8, 2023
cdddd88
Comment for SM Studio creation
ViktorMalesevic Apr 19, 2023
cdd9252
Merge branch 'feature/ssm-in-mlops-stacks' of github.com:ViktorMalese…
ViktorMalesevic Apr 19, 2023
9b8edb6
Merge pull request #6 from ViktorMalesevic/feature/ssm-in-mlops-stacks
ViktorMalesevic Apr 19, 2023
efbd0d6
bugfix typos
ViktorMalesevic Apr 19, 2023
0d46c0f
Merge branch 'aws-samples:main' into main
ViktorMalesevic Apr 21, 2023
35b9478
Merge branch 'aws-samples:main' into main
ViktorMalesevic May 16, 2023
bc80b92
improved readmes and added dev guide
Jun 21, 2023
b83a892
fixed links
Jun 21, 2023
f4a9e5f
Merge pull request #8 from ViktorMalesevic/feature/improve-readmes
ViktorMalesevic Jun 21, 2023
b65c019
Merge pull request #5 from ViktorMalesevic/feature/improvement-to-cic…
fotinosk Jun 21, 2023
8f8d04e
Batch inference project template - Batch pipeline def (json) created …
ViktorMalesevic Mar 8, 2023
4d06c64
Fix Inference pipeline: added preprocess step + modif buildspec + pre…
ViktorMalesevic Mar 17, 2023
098c428
missing cdk.json for batch deploy app
ViktorMalesevic Mar 20, 2023
3e9c34a
Update templates descriptions
ViktorMalesevic Jun 19, 2023
c6a38b3
Deploy apps README update
ViktorMalesevic Jun 19, 2023
ab5c4bb
Merge branch 'aws-samples:main' into main
ViktorMalesevic Jun 22, 2023
e3cd4d1
Merge branch 'aws-samples:main' into main
ViktorMalesevic Aug 22, 2023
40cf3c6
mlops_infra python version set to 3.11, ruby to 3.2, codebuild image …
Sep 7, 2023
536ca9f
project-template python version set to 3.11, ruby to 3.2, codebuild i…
Sep 7, 2023
0bcb82f
build image updated to STANDARD_7_0 for pipeline for deply of byoc
Sep 7, 2023
901b5a4
cross account role import bug fix using mutable to False
Oct 13, 2023
95f7009
Merge branch 'aws-samples:main' into main
ViktorMalesevic Dec 13, 2023
549f4ed
Merge branch 'main' into feature/improvement-cicd-runtimes
ViktorMalesevic Dec 13, 2023
d4ffc48
Merge pull request #17 from ViktorMalesevic/feature/improvement-cicd-…
ViktorMalesevic Dec 13, 2023
69fdf66
Updated encrypted-bucket custom template
acere Jun 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 20 additions & 3 deletions encrypted-buckets/create-encrypted-buckets-product.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -369,7 +369,10 @@ Resources:
StringEquals:
's3:ExistingObjectTag/servicecatalog:provisioning': 'true'
- Effect: Allow
Action: 's3:GetObject'
Action:
- 's3:GetObject'
- 's3:GetObjectTagging'
- 's3:GetObjectVersionTagging'
Resource:
- 'arn:aws:s3:::sagemaker-*'
- Effect: Allow
Expand All @@ -378,11 +381,13 @@ Resources:
- 's3:DeleteBucket'
- 's3:DeleteBucketPolicy'
- 's3:GetBucketPolicy'
- 's3:GetBucketTagging'
- 's3:PutBucketAcl'
- 's3:PutBucketNotification'
- 's3:PutBucketPolicy'
- 's3:PutBucketPublicAccessBlock'
- 's3:PutBucketLogging'
- 's3:PutBucketTagging'
- 's3:PutEncryptionConfiguration'
Resource: 'arn:aws:s3:::sagemaker*'
- Action:
Expand Down Expand Up @@ -503,6 +508,7 @@ Resources:
- 'iam:PassRole'
Resource:
- 'arn:aws:iam::*:role/*custom-project*'
- 'arn:aws:iam::*:role/*SMCustomProject*'
Effect: Allow
- Effect: Allow
Action:
Expand Down Expand Up @@ -532,7 +538,18 @@ Resources:
- Effect: Allow
Action:
- 's3:*'
Resource: 'arn:aws:s3:::*sagemaker-custom-project-*'
Resource:
- 'arn:aws:s3:::*sagemaker-custom-project-*'
- Effect: Allow
Action:
- 's3:GetObject'
Resource:
- 'arn:aws:s3:::*sagemaker*/*'
- Effect: Allow
Action:
- 's3:ListBucket'
Resource:
- 'arn:aws:s3:::*sagemaker*'
- Effect: Allow
Action:
- 'sagemaker:*'
Expand Down Expand Up @@ -644,7 +661,7 @@ Resources:
PortfolioId: !Ref PortfolioIDParameter
ProductId: !Ref ServiceCatalogProduct

ServiceCatalogProductRoleLaunchContstraint:
ServiceCatalogProductRoleLaunchConstraint:
Type: AWS::ServiceCatalog::LaunchRoleConstraint
DependsOn:
- ServiceCatalogProductAssociation
Expand Down
6 changes: 3 additions & 3 deletions encrypted-buckets/project/template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ Resources:
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: 'aws/codebuild/amazonlinux2-x86_64-standard:3.0'
Image: 'aws/codebuild/amazonlinux2-x86_64-standard:5.0'
EnvironmentVariables:
- Name: SAGEMAKER_PROJECT_NAME
Value: !Sub '${SageMakerProjectName}'
Expand Down Expand Up @@ -231,7 +231,7 @@ Resources:
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: 'aws/codebuild/amazonlinux2-x86_64-standard:3.0'
Image: 'aws/codebuild/amazonlinux2-x86_64-standard:5.0'
EnvironmentVariables:
- Name: SAGEMAKER_PROJECT_NAME
Value: !Sub '${SageMakerProjectName}'
Expand Down Expand Up @@ -266,7 +266,7 @@ Resources:
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: 'aws/codebuild/amazonlinux2-x86_64-standard:3.0'
Image: 'aws/codebuild/amazonlinux2-x86_64-standard:5.0'
EnvironmentVariables:
- Name: SAGEMAKER_PROJECT_NAME
Value: !Sub '${SageMakerProjectName}'
Expand Down
5 changes: 4 additions & 1 deletion mlops-multi-account-cdk/mlops-infra/mlops_infra/pipeline_stack.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,9 @@ def __init__(
commands=[],
input=pipeline.synth,
primary_output_directory="./report",
build_environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_7_0,
),
partial_build_spec=codebuild.BuildSpec.from_object(
{
"version": 0.2,
Expand All @@ -123,7 +126,7 @@ def __init__(
},
"phases": {
"install": {
"runtime-versions": {"ruby": 3.1},
"runtime-versions": {"ruby": 3.2, "python": 3.11},
"commands": [
"export date=`date +%Y-%m-%dT%H:%M:%S.%NZ`",
"echo Installing cfn_nag - `pwd`",
Expand Down
6 changes: 6 additions & 0 deletions mlops-multi-account-cdk/mlops-infra/scripts/install-prerequisites-brew.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@
# install miniconda to manage python packages
brew install --cask miniconda

# conda doesn't initialize from shell, below step to fix that
# https://github.com/conda/conda/issues/7980
CONDA_BASE=$(conda info --base)
source "$CONDA_BASE"/etc/profile.d/conda.sh
conda init

# install nodejs (required for aws cdk)
brew install node

Expand Down
3 changes: 3 additions & 0 deletions ...s-multi-account-cdk/mlops-sm-project-template/mlops_sm_project_template/pipeline_stack.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,9 @@ def __init__(
commands=[],
input=pipeline.synth,
primary_output_directory="./report",
build_environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_7_0,
),
partial_build_spec=codebuild.BuildSpec.from_object(
{
"version": 0.2,
Expand Down
4 changes: 2 additions & 2 deletions .../mlops_sm_project_template/templates/byoc_pipeline_constructs/build_pipeline_construct.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ def __init__(
role=codebuild_role, # figure out what actually this role would need
build_spec=codebuild.BuildSpec.from_source_filename("buildspec.yml"),
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_5_0,
build_image=codebuild.LinuxBuildImage.STANDARD_7_0,
environment_variables={
"SAGEMAKER_PROJECT_NAME": codebuild.BuildEnvironmentVariable(value=project_name),
"SAGEMAKER_PROJECT_ID": codebuild.BuildEnvironmentVariable(value=project_id),
Expand Down Expand Up @@ -215,7 +215,7 @@ def __init__(
},
}
),
environment=codebuild.BuildEnvironment(build_image=codebuild.LinuxBuildImage.STANDARD_5_0, privileged=True),
environment=codebuild.BuildEnvironment(build_image=codebuild.LinuxBuildImage.STANDARD_7_0, privileged=True),
)

docker_build.add_to_role_policy(
Expand Down
10 changes: 7 additions & 3 deletions ...mlops_sm_project_template/templates/byoc_pipeline_constructs/deploy_pipeline_construct.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ def __init__(
# }
# ),
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_5_0,
build_image=codebuild.LinuxBuildImage.STANDARD_7_0,
environment_variables={
"MODEL_PACKAGE_GROUP_NAME": codebuild.BuildEnvironmentVariable(value=model_package_group_name),
"PROJECT_ID": codebuild.BuildEnvironmentVariable(value=project_id),
Expand All @@ -167,7 +167,7 @@ def __init__(
},
"phases": {
"install": {
"runtime-versions": {"ruby": 2.7},
"runtime-versions": {"ruby": 3.2},
"commands": [
"export date=`date +%Y-%m-%dT%H:%M:%S.%NZ`",
"echo Installing cfn_nag - `pwd`",
Expand All @@ -192,7 +192,7 @@ def __init__(
}
),
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_5_0,
build_image=codebuild.LinuxBuildImage.STANDARD_7_0,
),
)

Expand Down Expand Up @@ -291,11 +291,13 @@ def __init__(
self,
"PreProdActionRole",
f"arn:{Aws.PARTITION}:iam::{preprod_account}:role/cdk-hnb659fds-deploy-role-{preprod_account}-{deployment_region}",
mutable=False,
),
deployment_role=iam.Role.from_role_arn(
self,
"PreProdDeploymentRole",
f"arn:{Aws.PARTITION}:iam::{preprod_account}:role/cdk-hnb659fds-cfn-exec-role-{preprod_account}-{deployment_region}",
mutable=False,
),
cfn_capabilities=[
CfnCapabilities.AUTO_EXPAND,
Expand Down Expand Up @@ -324,11 +326,13 @@ def __init__(
self,
"ProdActionRole",
f"arn:{Aws.PARTITION}:iam::{prod_account}:role/cdk-hnb659fds-deploy-role-{prod_account}-{deployment_region}",
mutable=False,
),
deployment_role=iam.Role.from_role_arn(
self,
"ProdDeploymentRole",
f"arn:{Aws.PARTITION}:iam::{prod_account}:role/cdk-hnb659fds-cfn-exec-role-{prod_account}-{deployment_region}",
mutable=False,
),
cfn_capabilities=[
CfnCapabilities.AUTO_EXPAND,
Expand Down
2 changes: 1 addition & 1 deletion ...plate/mlops_sm_project_template/templates/pipeline_constructs/build_pipeline_construct.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ def __init__(
role=codebuild_role,
build_spec=codebuild.BuildSpec.from_source_filename("buildspec.yml"),
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_5_0,
build_image=codebuild.LinuxBuildImage.STANDARD_7_0,
environment_variables={
"SAGEMAKER_PROJECT_NAME": codebuild.BuildEnvironmentVariable(value=project_name),
"SAGEMAKER_PROJECT_ID": codebuild.BuildEnvironmentVariable(value=project_id),
Expand Down
10 changes: 7 additions & 3 deletions ...late/mlops_sm_project_template/templates/pipeline_constructs/deploy_pipeline_construct.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ def __init__(
# }
# ),
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_5_0,
build_image=codebuild.LinuxBuildImage.STANDARD_7_0,
environment_variables={
"MODEL_PACKAGE_GROUP_NAME": codebuild.BuildEnvironmentVariable(value=model_package_group_name),
"PROJECT_ID": codebuild.BuildEnvironmentVariable(value=project_id),
Expand All @@ -187,7 +187,7 @@ def __init__(
},
"phases": {
"install": {
"runtime-versions": {"ruby": 2.7},
"runtime-versions": {"ruby": 3.2},
"commands": [
"export date=`date +%Y-%m-%dT%H:%M:%S.%NZ`",
"echo Installing cfn_nag - `pwd`",
Expand All @@ -212,7 +212,7 @@ def __init__(
}
),
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_5_0,
build_image=codebuild.LinuxBuildImage.STANDARD_7_0,
),
)

Expand Down Expand Up @@ -311,11 +311,13 @@ def __init__(
self,
"PreProdActionRole",
f"arn:{Aws.PARTITION}:iam::{preprod_account}:role/cdk-hnb659fds-deploy-role-{preprod_account}-{deployment_region}",
mutable=False,
),
deployment_role=iam.Role.from_role_arn(
self,
"PreProdDeploymentRole",
f"arn:{Aws.PARTITION}:iam::{preprod_account}:role/cdk-hnb659fds-cfn-exec-role-{preprod_account}-{deployment_region}",
mutable=False,
),
cfn_capabilities=[
CfnCapabilities.AUTO_EXPAND,
Expand Down Expand Up @@ -344,11 +346,13 @@ def __init__(
self,
"ProdActionRole",
f"arn:{Aws.PARTITION}:iam::{prod_account}:role/cdk-hnb659fds-deploy-role-{prod_account}-{deployment_region}",
mutable=False,
),
deployment_role=iam.Role.from_role_arn(
self,
"ProdDeploymentRole",
f"arn:{Aws.PARTITION}:iam::{prod_account}:role/cdk-hnb659fds-cfn-exec-role-{prod_account}-{deployment_region}",
mutable=False,
),
cfn_capabilities=[
CfnCapabilities.AUTO_EXPAND,
Expand Down
6 changes: 6 additions & 0 deletions mlops-multi-account-cdk/mlops-sm-project-template/scripts/install-prerequisites-brew.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@
# install miniconda to manage python packages
brew install --cask miniconda

# conda doesn't initialize from shell, below step to fix that
# https://github.com/conda/conda/issues/7980
CONDA_BASE=$(conda info --base)
source "$CONDA_BASE"/etc/profile.d/conda.sh
conda init

# install nodejs (required for aws cdk)
brew install node

Expand Down
2 changes: 1 addition & 1 deletion mlops-multi-account-cdk/mlops-sm-project-template/seed_code/batch_build_app/buildspec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ version: 0.2
phases:
install:
runtime-versions:
python: 3.8
python: 3.11
commands:
- pip install --upgrade --force-reinstall . "awscli>1.20.30"

Expand Down
3 changes: 3 additions & 0 deletions mlops-multi-account-cdk/mlops-sm-project-template/seed_code/batch_deploy_app/buildspec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
version: 0.2

phases:
install:
runtime-versions:
python: 3.11
build:
commands:
- npm install -g aws-cdk
Expand Down
2 changes: 1 addition & 1 deletion mlops-multi-account-cdk/mlops-sm-project-template/seed_code/build_app/buildspec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ version: 0.2
phases:
install:
runtime-versions:
python: 3.8
python: 3.11
commands:
- pip install --upgrade --force-reinstall . "awscli>1.20.30"

Expand Down
2 changes: 1 addition & 1 deletion mlops-multi-account-cdk/mlops-sm-project-template/seed_code/byoc_build_app/buildspec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ version: 0.2
phases:
install:
runtime-versions:
python: 3.8
python: 3.11
commands:
- pip install --upgrade --force-reinstall . "awscli>1.20.30"

Expand Down
3 changes: 3 additions & 0 deletions mlops-multi-account-cdk/mlops-sm-project-template/seed_code/deploy_app/buildspec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
version: 0.2

phases:
install:
runtime-versions:
python: 3.11
build:
commands:
- npm install -g aws-cdk
Expand Down