Skip to content

Commit

Permalink
feat(terraform): add sagemaker (#16869)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hongbo-miao
hongbo-miao authored May 23, 2024
1 parent 329e7f4 commit 20ac4f6
Show file tree
Hide file tree
Showing 9 changed files with 157 additions and 5 deletions.
23 changes: 22 additions & 1 deletion cloud-infrastructure/terraform/environments/development/aws/general/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,7 @@ module "development_hm_sedona_emr_studio_iam" {
providers = { aws = aws.development }
source = "../../../../modules/aws/hm_amazon_emr_studio_iam"
amazon_emr_studio_name = "hm-sedona-emr-studio"
s3_bucket = data.terraform_remote_state.hm_terraform_remote_state_development_aws_network.outputs.development_hm_development_bucket_amazon_s3_bucket_name
s3_bucket_name = data.terraform_remote_state.hm_terraform_remote_state_development_aws_network.outputs.development_hm_development_bucket_amazon_s3_bucket_name
environment = var.environment
team = var.team
}
Expand Down Expand Up @@ -531,3 +531,24 @@ module "development_hm_aws_batch_job_definition" {
module.development_hm_aws_batch_job_definition_iam
]
}

# Amazon SageMaker
locals {
amazon_sagemaker_notebook_instance_name = "hm-amazon-sagemaker-notebook"
}
module "development_hm_amazon_sagemaker_notebook_instance_iam" {
providers = { aws = aws.development }
source = "../../../../modules/aws/hm_amazon_sagemaker_notebook_instance_iam"
amazon_sagemaker_notebook_instance_name = local.amazon_sagemaker_notebook_instance_name
environment = var.environment
team = var.team
}
module "development_hm_amazon_sagemaker_notebook_instance" {
providers = { aws = aws.development }
source = "../../../../modules/aws/hm_amazon_sagemaker_notebook_instance"
amazon_sagemaker_notebook_instance_name = local.amazon_sagemaker_notebook_instance_name
iam_role_arn = module.development_hm_amazon_sagemaker_notebook_instance_iam.arn
instance_type = "ml.g4dn.4xlarge"
environment = var.environment
team = var.team
}
23 changes: 22 additions & 1 deletion cloud-infrastructure/terraform/environments/production/aws/general/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,7 @@ module "production_hm_sedona_emr_studio_iam" {
providers = { aws = aws.production }
source = "../../../../modules/aws/hm_amazon_emr_studio_iam"
amazon_emr_studio_name = "hm-sedona-emr-studio"
s3_bucket = data.terraform_remote_state.hm_terraform_remote_state_production_aws_network.outputs.production_hm_production_bucket_amazon_s3_bucket_name
s3_bucket_name = data.terraform_remote_state.hm_terraform_remote_state_production_aws_network.outputs.production_hm_production_bucket_amazon_s3_bucket_name
environment = var.environment
team = var.team
}
Expand Down Expand Up @@ -531,3 +531,24 @@ module "production_hm_aws_batch_job_definition" {
module.production_hm_aws_batch_job_definition_iam
]
}

# Amazon SageMaker
locals {
amazon_sagemaker_notebook_instance_name = "hm-amazon-sagemaker-notebook"
}
module "production_hm_amazon_sagemaker_notebook_instance_iam" {
providers = { aws = aws.production }
source = "../../../../modules/aws/hm_amazon_sagemaker_notebook_instance_iam"
amazon_sagemaker_notebook_instance_name = local.amazon_sagemaker_notebook_instance_name
environment = var.environment
team = var.team
}
module "production_hm_amazon_sagemaker_notebook_instance" {
providers = { aws = aws.production }
source = "../../../../modules/aws/hm_amazon_sagemaker_notebook_instance"
amazon_sagemaker_notebook_instance_name = local.amazon_sagemaker_notebook_instance_name
iam_role_arn = module.production_hm_amazon_sagemaker_notebook_instance_iam.arn
instance_type = "ml.g4dn.4xlarge"
environment = var.environment
team = var.team
}
4 changes: 2 additions & 2 deletions cloud-infrastructure/terraform/modules/aws/hm_amazon_emr_studio_iam/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ resource "aws_iam_role_policy" "hm_amazon_emr_studio_iam_role_s3_policy" {
"s3:PutObject"
]
Resource = [
"arn:aws:s3:::${var.s3_bucket}",
"arn:aws:s3:::${var.s3_bucket}/*"
"arn:aws:s3:::${var.s3_bucket_name}",
"arn:aws:s3:::${var.s3_bucket_name}/*"
]
},
{
Expand Down
2 changes: 1 addition & 1 deletion cloud-infrastructure/terraform/modules/aws/hm_amazon_emr_studio_iam/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
variable "amazon_emr_studio_name" {
type = string
}
variable "s3_bucket" {
variable "s3_bucket_name" {
type = string
}
variable "environment" {
Expand Down
19 changes: 19 additions & 0 deletions cloud-infrastructure/terraform/modules/aws/hm_amazon_sagemaker_notebook_instance/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}

# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sagemaker_notebook_instance
resource "aws_sagemaker_notebook_instance" "hm_amazon_sagemaker_notebook_instance" {
name = var.amazon_sagemaker_notebook_instance_name
role_arn = var.iam_role_arn
instance_type = var.instance_type
tags = {
Environment = var.environment
Team = var.team
ResourceName = var.amazon_sagemaker_notebook_instance_name
}
}
15 changes: 15 additions & 0 deletions ...d-infrastructure/terraform/modules/aws/hm_amazon_sagemaker_notebook_instance/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
variable "amazon_sagemaker_notebook_instance_name" {
type = string
}
variable "instance_type" {
type = string
}
variable "iam_role_arn" {
type = string
}
variable "environment" {
type = string
}
variable "team" {
type = string
}
64 changes: 64 additions & 0 deletions cloud-infrastructure/terraform/modules/aws/hm_amazon_sagemaker_notebook_instance_iam/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}

# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role
resource "aws_iam_role" "hm_amazon_sagemaker_notebook_instance_iam" {
name = "AmazonSageMakerExecutionRole-${var.amazon_sagemaker_notebook_instance_name}"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Principal = {
Service = "sagemaker.amazonaws.com"
}
Action = "sts:AssumeRole"
}
]
})
tags = {
Environment = var.environment
Team = var.team
ResourceName = "AmazonSageMakerExecutionRole-${var.amazon_sagemaker_notebook_instance_name}"
}
}
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy
resource "aws_iam_role_policy" "hm_amazon_sagemaker_notebook_instance_iam_s3_policy" {
name = "AmazonSageMakerExecutionPolicyForS3-${var.amazon_sagemaker_notebook_instance_name}"
role = aws_iam_role.hm_amazon_sagemaker_notebook_instance_iam.name
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
]
Resource = [
"arn:aws:s3:::*"
]
}
]
})
}
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment
resource "aws_iam_role_policy_attachment" "hm_amazon_sagemaker_notebook_instance_iam_policy_attachment_amazon_sagemaker_canvas_ai_services_access" {
role = aws_iam_role.hm_amazon_sagemaker_notebook_instance_iam.name
policy_arn = "arn:aws:iam::aws:policy/AmazonSageMakerCanvasAIServicesAccess"
}
resource "aws_iam_role_policy_attachment" "hm_amazon_sagemaker_notebook_instance_iam_policy_attachment_amazon_sagemaker_canvas_full_access" {
role = aws_iam_role.hm_amazon_sagemaker_notebook_instance_iam.name
policy_arn = "arn:aws:iam::aws:policy/AmazonSageMakerCanvasFullAccess"
}
resource "aws_iam_role_policy_attachment" "hm_amazon_sagemaker_notebook_instance_iam_policy_attachment_amazon_sagemaker_full_access" {
role = aws_iam_role.hm_amazon_sagemaker_notebook_instance_iam.name
policy_arn = "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess"
}
3 changes: 3 additions & 0 deletions ...infrastructure/terraform/modules/aws/hm_amazon_sagemaker_notebook_instance_iam/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
output "arn" {
value = aws_iam_role.hm_amazon_sagemaker_notebook_instance_iam.arn
}
9 changes: 9 additions & 0 deletions ...frastructure/terraform/modules/aws/hm_amazon_sagemaker_notebook_instance_iam/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
variable "amazon_sagemaker_notebook_instance_name" {
type = string
}
variable "environment" {
type = string
}
variable "team" {
type = string
}

0 comments on commit 20ac4f6

Please sign in to comment.