shorter resource names; rename model artifacts bucket param; housekee…

…ping

Signed-off-by: Anton Kukushkin <kukushkin.anton@gmail.com>

examples/manifests/deployment.yaml

@@ -1,6 +1,6 @@
 # This is an example manifest.
 # Replace the parameters in referenced manifest groups with your values prior the deployment.
-name: mlops-modules
+name: mlops
 toolchainRegion: us-east-1
 forceDependencyRedeploy: true
 groups:

examples/manifests/sagemaker-endpoints-modules.yaml

@@ -1,6 +1,6 @@
 # This is an example manifest group.
 # Replace the parameters with the parameters for your model below prior the deployment.
-name: example-endpoint
+name: endpoint
 path: modules/sagemaker/sagemaker-endpoint
 parameters:
   - name: sagemaker_project_id
@@ -9,8 +9,6 @@ parameters:
     value: project-1
   - name: model_package_arn
     value: arn:aws:sagemaker:<region>:<account>:model-package/<package-name>/1
-  - name: model_bucket_arn
-    value: arn:aws:s3:::<bucket-name>
   - name: instance_type
     value: ml.m5.large
   - name: vpc_id

modules/sagemaker/sagemaker-endpoint/README.md

@@ -14,7 +14,6 @@ This module creates SageMaker real-time inference endpoint for a model.
 - `subnet-ids`: The subnets that the endpoint will be created in
 - `model-package-arn`: Model package ARN or
 - `model-package-group-name`: Model package group name to pull latest approved model from
-- `model-bucket-arn`: Model bucket ARN
 
 The user must specify either `model-package-arn` for a specific model or `model-package-group-name` to automatically
 pull latest approved model from the model package group and deploy and endpoint. The latter is useful to scenarios
@@ -25,6 +24,7 @@ where endpoints are provisioned as part of automated Continuous Integration and
 - `sagemaker-project-id`: SageMaker project id
 - `sagemaker-project-name`: SageMaker project name
 - `model-execution-role-arn`: Model execution role ARN. Will be created if not provided.
+- `model-artifacts-bucket-arn`: Bucket ARN that contains model artifacts. Required by model execution IAM role to download model artifacts.
 - `ecr-repo-arn`: ECR repository ARN if custom container is used
 - `variant-name`: Endpoint config production variant name. `AllTraffic` by default.
 - `initial-instance-count`: Initial instance count. `1` by default.
@@ -43,8 +43,6 @@ parameters:
     value: dummy123
   - name: model_package_arn
     value: arn:aws:sagemaker:<region>:<account>:model-package/<package_name>/1
-  - name: model_bucket_arn
-    value: arn:aws:s3:::<bucket_name>
   - name: instance_type
     value: ml.m5.large
   - name: vpc_id

modules/sagemaker/sagemaker-endpoint/app.py

@@ -23,7 +23,7 @@ def _param(name: str) -> str:
 DEFAULT_MODEL_PACKAGE_ARN = None
 DEFAULT_MODEL_PACKAGE_GROUP_NAME = None
 DEFAULT_MODEL_EXECUTION_ROLE_ARN = None
-DEFAULT_MODEL_BUCKET_ARN = None
+DEFAULT_MODEL_ARTIFACTS_BUCKET_ARN = None
 DEFAULT_ECR_REPO_ARN = None
 DEFAULT_VARIANT_NAME = "AllTraffic"
 DEFAULT_INITIAL_INSTANCE_COUNT = 1
@@ -42,7 +42,7 @@ def _param(name: str) -> str:
 model_package_arn = os.getenv(_param("MODEL_PACKAGE_ARN"), DEFAULT_MODEL_PACKAGE_ARN)
 model_package_group_name = os.getenv(_param("MODEL_PACKAGE_GROUP_NAME"), DEFAULT_MODEL_PACKAGE_GROUP_NAME)
 model_execution_role_arn = os.getenv(_param("MODEL_EXECUTION_ROLE_ARN"), DEFAULT_MODEL_EXECUTION_ROLE_ARN)
-model_bucket_arn = os.getenv(_param("MODEL_BUCKET_ARN"), DEFAULT_MODEL_BUCKET_ARN)
+model_artifacts_bucket_arn = os.getenv(_param("MODEL_ARTIFACTS_BUCKET_ARN"), DEFAULT_MODEL_ARTIFACTS_BUCKET_ARN)
 ecr_repo_arn = os.getenv(_param("ECR_REPO_ARN"), DEFAULT_ECR_REPO_ARN)
 variant_name = os.getenv(_param("VARIANT_NAME"), DEFAULT_VARIANT_NAME)
 initial_instance_count = int(os.getenv(_param("INITIAL_INSTANCE_COUNT"), DEFAULT_INITIAL_INSTANCE_COUNT))
@@ -68,7 +68,7 @@ def _param(name: str) -> str:
     model_execution_role_arn=model_execution_role_arn,
     vpc_id=vpc_id,
     subnet_ids=subnet_ids,
-    model_bucket_arn=model_bucket_arn,
+    model_artifacts_bucket_arn=model_artifacts_bucket_arn,
     ecr_repo_arn=ecr_repo_arn,
     endpoint_config_prod_variant={
         "initial_instance_count": initial_instance_count,

modules/sagemaker/sagemaker-endpoint/stack.py

@@ -34,7 +34,7 @@ def __init__(
         model_execution_role_arn: Optional[str],
         vpc_id: str,
         subnet_ids: List[str],
-        model_bucket_arn: Optional[str],
+        model_artifacts_bucket_arn: Optional[str],
         ecr_repo_arn: Optional[str],
         endpoint_config_prod_variant: Dict[str, Any],
         **kwargs: Any,
@@ -58,17 +58,21 @@ def __init__(
             # Create model execution role
             model_execution_role = iam.Role(
                 self,
-                f"{app_prefix}-model-exec-role",
+                f"{app_prefix}-model-exec",
                 assumed_by=iam.ServicePrincipal("sagemaker.amazonaws.com"),
                 managed_policies=[
                     iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSageMakerFullAccess"),
                 ],
             )
 
-            if model_bucket_arn:
-                # Grant model assets bucket read-write permissions
-                model_bucket = s3.Bucket.from_bucket_arn(self, f"{app_prefix}-model-bucket", model_bucket_arn)
-                model_bucket.grant_read_write(model_execution_role)
+            if model_artifacts_bucket_arn:
+                # Grant model assets bucket read permissions
+                model_bucket = s3.Bucket.from_bucket_arn(
+                    self,
+                    f"{app_prefix}-model-bucket",
+                    model_artifacts_bucket_arn
+                )
+                model_bucket.grant_read(model_execution_role)
 
             if ecr_repo_arn:
                 # Add ECR permissions
@@ -92,7 +96,7 @@ def __init__(
                 raise ValueError("Either model_package_arn or model_package_group_name is required")
 
         # Create model instance
-        model_name = f"{app_prefix}-{get_timestamp()}"
+        model_name: str = f"{app_prefix}-model-{get_timestamp()}"
         model = sagemaker.CfnModel(
             self,
             f"{app_prefix}-model",
@@ -116,10 +120,10 @@ def __init__(
         kms_key.grant_encrypt_decrypt(iam.AccountRootPrincipal())
 
         # Create endpoint config
-        endpoint_config_name: str = f"{app_prefix}-endpoint-config"
+        endpoint_config_name: str = f"{app_prefix}-conf-{get_timestamp()}"
         endpoint_config = sagemaker.CfnEndpointConfig(
             self,
-            f"{app_prefix}-endpoint-config",
+            f"{app_prefix}-endpoint-conf",
             endpoint_config_name=endpoint_config_name,
             kms_key_id=kms_key.key_id,
             production_variants=[
@@ -129,17 +133,15 @@ def __init__(
                 )
             ],
         )
-        endpoint_config.add_depends_on(model)
+        endpoint_config.add_dependency(model)
 
         # Create endpoint
-        endpoint_name = f"{app_prefix}-endpoint"
         endpoint = sagemaker.CfnEndpoint(
             self,
-            "Endpoint",
+            f"{app_prefix}-endpoint",
             endpoint_config_name=endpoint_config.endpoint_config_name,  # type: ignore[arg-type]
-            endpoint_name=endpoint_name,
         )
-        endpoint.add_depends_on(endpoint_config)
+        endpoint.add_dependency(endpoint_config)
         self.endpoint = endpoint
 
         # Add CDK nag solutions checks

seedfarmer.yaml

@@ -1,3 +1,3 @@
-project: mlops-modules
+project: mlops
 description: This is for local testing - intended for contributions
 #projectPolicyPath: <some relative path to this file>