Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 7e96daa

Browse files
Update for least privledge. (#4)
* Update CFN for least privilege. * Added KmsKey for API Lambda. * Update notebook to log errors and wait for prod stack to create.
1 parent 426b6e7 commit 7e96daa

File tree

4 files changed

+231
-47
lines changed

4 files changed

+231
-47
lines changed

‎assets/deploy-model-dev.yml‎

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,6 @@ Resources:
4343
Tags:
4444
- Key: Name
4545
Value: !Sub mlops-${ModelName}-dec-${TrainJobId}
46-
DependsOn: Model
4746

4847
Endpoint:
4948
Type: "AWS::SageMaker::Endpoint"
@@ -53,4 +52,3 @@ Resources:
5352
Tags:
5453
- Key: Name
5554
Value: !Sub mlops-${ModelName}-dev-${TrainJobId}
56-
DependsOn: EndpointConfig

‎assets/deploy-model-prd.yml‎

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,6 @@ Resources:
5959
Tags:
6060
- Key: Name
6161
Value: !Sub mlops-${ModelName}-prd-${TrainJobId}
62-
DependsOn: EndpointConfig
6362

6463
SagemakerDataCapture:
6564
Type: Custom::EnableDataCapture
@@ -85,6 +84,7 @@ Resources:
8584
Handler: app.lambda_handler
8685
Runtime: python3.7
8786
Role: !GetAtt ApiFunctionRole.Arn
87+
KmsKeyArn: !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/${KmsKeyId}
8888
AutoPublishAlias: "live"
8989
#AutoPublishCodeSha256: !Ref TrainSha256
9090
DeploymentPreference:
@@ -113,7 +113,7 @@ Resources:
113113
Path: /api
114114
Method: post
115115
DependsOn: SagemakerDataCapture
116-
Description: "Api deployment that invokes SagemMaker endpoint"
116+
Description: "Api deployment that invokes SageMaker endpoint"
117117

118118
ApiFunctionRole:
119119
Type: AWS::IAM::Role
@@ -147,6 +147,7 @@ Resources:
147147
CodeUri: ../api
148148
Handler: pre_traffic_hook.lambda_handler
149149
Runtime: python3.7
150+
KmsKeyArn: !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/${KmsKeyId}
150151
Policies:
151152
- Version: "2012年10月17日"
152153
Statement:
@@ -177,6 +178,7 @@ Resources:
177178
CodeUri: ../api
178179
Handler: post_traffic_hook.lambda_handler
179180
Runtime: python3.7
181+
KmsKeyArn: !Sub arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/${KmsKeyId}
180182
Policies:
181183
- Version: "2012年10月17日"
182184
Statement:

‎notebook/mlops.ipynb‎

Lines changed: 34 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,7 @@
284284
"outputs": [],
285285
"source": [
286286
"import boto3\n",
287+
"from botocore.exceptions import ClientError\n",
287288
"import os\n",
288289
"import time\n",
289290
"\n",
@@ -457,8 +458,8 @@
457458
" print(\"Endpoint status: {}\".format(response['EndpointStatus']))\n",
458459
" if response['EndpointStatus'] == 'InService':\n",
459460
" break\n",
460-
" except:\n",
461-
" pass \n",
461+
" except ClientError as e:\n",
462+
" print(e.response[\"Error\"][\"Message\"])\n",
462463
" time.sleep(10)"
463464
]
464465
},
@@ -690,7 +691,14 @@
690691
"print('stack name: {}'.format(stack_name))\n",
691692
"\n",
692693
"# Get latest stack events\n",
693-
"response = cfn.describe_stack_events(StackName=stack_name)\n",
694+
"while True:\n",
695+
" try:\n",
696+
" response = cfn.describe_stack_events(StackName=stack_name)\n",
697+
" break\n",
698+
" except ClientError as e:\n",
699+
" print(e.response[\"Error\"][\"Message\"])\n",
700+
" time.sleep(10)\n",
701+
" \n",
694702
"get_event_dataframe(response['StackEvents']).head()"
695703
]
696704
},
@@ -735,8 +743,8 @@
735743
" and 'DataCaptureConfig' in response \\\n",
736744
" and response['DataCaptureConfig']['EnableCapture']:\n",
737745
" break\n",
738-
" except:\n",
739-
" pass\n",
746+
" except ClientError as e:\n",
747+
" print(e.response[\"Error\"][\"Message\"])\n",
740748
" time.sleep(10)"
741749
]
742750
},
@@ -777,6 +785,7 @@
777785
" response = cfn.describe_stacks(StackName=stack_name)\n",
778786
" if response['Stacks']:\n",
779787
" stack = response['Stacks'][0]\n",
788+
" outputs = None\n",
780789
" if 'Outputs' in stack:\n",
781790
" outputs = dict([(o['OutputKey'], o['OutputValue']) for o in stack['Outputs']])\n",
782791
" return stack['StackStatus'], outputs \n",
@@ -787,8 +796,8 @@
787796
" status, outputs = get_stack_status(stack_name)\n",
788797
" response = sm.describe_endpoint(EndpointName=prd_endpoint_name)\n",
789798
" print(\"Endpoint status: {}\".format(response['EndpointStatus']))\n",
790-
" except:\n",
791-
" pass\n",
799+
" except ClientError as e:\n",
800+
" print(e.response[\"Error\"][\"Message\"])\n",
792801
" time.sleep(10) \n",
793802
" \n",
794803
"print('stack status: {}'.format(status))\n",
@@ -845,8 +854,8 @@
845854
" if status.endswith('COMPLETE'):\n",
846855
" print('Deployment complete\\n')\n",
847856
" break\n",
848-
" except Exception as e:\n",
849-
" pass\n",
857+
" except ClientError as e:\n",
858+
" print(e.response[\"Error\"][\"Message\"])\n",
850859
" time.sleep(10)"
851860
]
852861
},
@@ -1033,8 +1042,8 @@
10331042
"while processing_job_arn == None:\n",
10341043
" try:\n",
10351044
" response = sm.list_monitoring_executions(MonitoringScheduleName=schedule_name)\n",
1036-
" except:\n",
1037-
" pass\n",
1045+
" except ClientError as e:\n",
1046+
" print(e.response[\"Error\"][\"Message\"])\n",
10381047
" for mon in response['MonitoringExecutionSummaries']:\n",
10391048
" status = mon['MonitoringExecutionStatus']\n",
10401049
" now = datetime.now(tzlocal())\n",
@@ -1235,8 +1244,6 @@
12351244
"metadata": {},
12361245
"outputs": [],
12371246
"source": [
1238-
"from botocore.exceptions import ClientError\n",
1239-
"\n",
12401247
"while True:\n",
12411248
" try:\n",
12421249
" response = synth.get_canary(Name=canary_name)\n",
@@ -1252,8 +1259,7 @@
12521259
" if e.response[\"Error\"][\"Code\"] == \"ResourceNotFoundException\":\n",
12531260
" print('No canary found.')\n",
12541261
" break\n",
1255-
" except:\n",
1256-
" pass\n",
1262+
" print(e.response[\"Error\"][\"Message\"])\n",
12571263
" time.sleep(10)\n",
12581264
"\n",
12591265
"# Output a html link to the cloudwatch console\n",
@@ -1332,8 +1338,7 @@
13321338
" if e.response[\"Error\"][\"Code\"] == \"ResourceNotFoundException\":\n",
13331339
" print('Canary succesfully deleted.')\n",
13341340
" break\n",
1335-
" except:\n",
1336-
" pass\n",
1341+
" print(e.response[\"Error\"][\"Message\"])\n",
13371342
" time.sleep(10)"
13381343
]
13391344
},
@@ -1370,6 +1375,18 @@
13701375
"display_name": "conda_python3",
13711376
"language": "python",
13721377
"name": "conda_python3"
1378+
},
1379+
"language_info": {
1380+
"codemirror_mode": {
1381+
"name": "ipython",
1382+
"version": 3
1383+
},
1384+
"file_extension": ".py",
1385+
"mimetype": "text/x-python",
1386+
"name": "python",
1387+
"nbconvert_exporter": "python",
1388+
"pygments_lexer": "ipython3",
1389+
"version": "3.6.10"
13731390
}
13741391
},
13751392
"nbformat": 4,

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /