From dfaf68da18d01ae6d20221e4ccabc409ce509b9e Mon Sep 17 00:00:00 2001 From: abk Date: Thu, 20 Jul 2023 11:34:21 -0500 Subject: [PATCH 1/2] addition of key store --- keyvalue-store-in-secretsmgr.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 keyvalue-store-in-secretsmgr.py diff --git a/keyvalue-store-in-secretsmgr.py b/keyvalue-store-in-secretsmgr.py new file mode 100644 index 0000000..ced458a --- /dev/null +++ b/keyvalue-store-in-secretsmgr.py @@ -0,0 +1,18 @@ +import boto3 + +def lambda_handler(event, context): + # Replace 'YOUR_SECRET_NAME' with the actual name of your secret in AWS Secrets Manager + secret_name = 'YOUR_SECRET_NAME' + + # Replace 'YOUR_KEY' and 'YOUR_VALUE' with the actual key-value pair you want to store + key = 'YOUR_KEY' + value = 'YOUR_VALUE' + + # Create a Secrets Manager client + client = boto3.client('secretsmanager') + + # Create or update the secret with the key-value pair + response = client.put_secret_value(SecretId=secret_name, SecretString={key: value}) + + # Return the response + return response From 3e666c703947d45c7f3132f43f9a14becb458336 Mon Sep 17 00:00:00 2001 From: abk Date: Thu, 20 Jul 2023 11:43:50 -0500 Subject: [PATCH 2/2] SageMaker related cfn boilerplate --- sagemaker/cfn-create-sagemaker-domain.yml | 10 ++++++ sagemaker/cfn-create-sagemaker-instance.yml | 29 +++++++++++++++++ sagemaker/lambda-execution-role.json | 36 +++++++++++++++++++++ sagemaker/notes.txt | 13 ++++++++ 4 files changed, 88 insertions(+) create mode 100644 sagemaker/cfn-create-sagemaker-domain.yml create mode 100644 sagemaker/cfn-create-sagemaker-instance.yml create mode 100644 sagemaker/lambda-execution-role.json create mode 100644 sagemaker/notes.txt diff --git a/sagemaker/cfn-create-sagemaker-domain.yml b/sagemaker/cfn-create-sagemaker-domain.yml new file mode 100644 index 0000000..24e8815 --- /dev/null +++ b/sagemaker/cfn-create-sagemaker-domain.yml @@ -0,0 +1,10 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: CloudFormation template for Amazon SageMaker domain creation + +Resources: + SageMakerDomainCustomResource: + Type: Custom::SageMakerDomain + Properties: + ServiceToken: ARN_OF_YOUR_LAMBDA_FUNCTION + # Add any input parameters you want to pass to the Lambda function + diff --git a/sagemaker/cfn-create-sagemaker-instance.yml b/sagemaker/cfn-create-sagemaker-instance.yml new file mode 100644 index 0000000..7651203 --- /dev/null +++ b/sagemaker/cfn-create-sagemaker-instance.yml @@ -0,0 +1,29 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: CloudFormation template for Amazon SageMaker notebook instance + +Resources: + SageMakerNotebookInstance: + Type: AWS::SageMaker::NotebookInstance + Properties: + NotebookInstanceName: MySageMakerNotebook + InstanceType: ml.t2.medium + RoleArn: !GetAtt SageMakerNotebookRole.Arn + # You can add more properties here, such as SubnetId, SecurityGroupIds, etc. + + SageMakerNotebookRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Principal: + Service: sagemaker.amazonaws.com + Action: sts:AssumeRole + + # Add more permissions for the SageMaker role if needed. + # For example, you may need permissions to access S3 buckets or other resources. + +Outputs: + SageMakerNotebookInstanceName: + Value: !Ref SageMakerNotebookInstance diff --git a/sagemaker/lambda-execution-role.json b/sagemaker/lambda-execution-role.json new file mode 100644 index 0000000..b519e5d --- /dev/null +++ b/sagemaker/lambda-execution-role.json @@ -0,0 +1,36 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "SageMakerPermissions", + "Effect": "Allow", + "Action": [ + "sagemaker:CreateEndpoint", + "sagemaker:UpdateEndpoint", + "sagemaker:DeleteEndpoint", + "sagemaker:InvokeEndpoint", + "sagemaker:CreateModel", + "sagemaker:DeleteModel", + "sagemaker:CreateEndpointConfig", + "sagemaker:DeleteEndpointConfig", + "sagemaker:CreateTransformJob", + "sagemaker:CreateProcessingJob", + "sagemaker:Describe*", + "sagemaker:List*", + "sagemaker:Stop*" + ], + "Resource": "*" + }, + { + "Sid": "S3Permissions", + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject" + ], + "Resource": "arn:aws:s3:::YOUR_S3_BUCKET/*" + } + ] +} + diff --git a/sagemaker/notes.txt b/sagemaker/notes.txt new file mode 100644 index 0000000..36f1b40 --- /dev/null +++ b/sagemaker/notes.txt @@ -0,0 +1,13 @@ +Creation of the SageMaker Domain is not straight forward. + +Create the Lambda Function: +Create an AWS Lambda function that uses the Boto3 library to create the SageMaker domain. The Lambda function will be responsible for the actual domain creation and handling the CloudFormation custom resource request. + +CloudFormation Custom Resource: +In your CloudFormation template, define a custom resource that references the Lambda function you created in the previous step. The custom resource acts as a bridge between CloudFormation and the Lambda function. + +Lambda Execution Role: +Ensure that the Lambda function has the necessary IAM permissions to create a SageMaker domain. Create an IAM role with the required permissions and attach it to the Lambda function. + +CloudFormation Stack: +Deploy your CloudFormation stack, which includes the custom resource. When the stack is created, the custom resource triggers the Lambda function to create the SageMaker domain.