Edge — Professional Tier Scenarios — Run Commands¶

All edge scenarios use the professional tier and share the same action sequence. The only difference is the config file name.

Available Configurations¶

Config file	Source control	Workload	ml_name
`edge-prod-b001-us-west-2-fraud-detection-ml-codecommit.yaml`	codecommit	(none)	`edge-prod-b001-us-west-2-fraud-detection-ml`
`edge-prod-b001-us-west-2-fraud-detection-ml-s3.yaml`	s3	(none)	`edge-prod-b001-us-west-2-fraud-detection-ml`
`edge-prod-b001-us-west-2-fraud-detection-ml-codecommit-workload.yaml`	codecommit	realtime	`edge-prod-b001-us-west-2-fraud-detection-realtime-ml`
`edge-prod-b001-us-west-2-fraud-detection-ml-s3-workload.yaml`	s3	realtime	`edge-prod-b001-us-west-2-fraud-detection-realtime-ml`

Prerequisites¶

Professional tier has no VPC integration — no VPC or SG Provisioner required.

S3 source bucket — s3 scenarios only¶

Required by: s3, s3-workload

aws s3api head-bucket --bucket edge-b001-ml-source --region us-west-2 2>&1
aws s3api get-bucket-versioning \
  --bucket edge-b001-ml-source \
  --region us-west-2 --query Status --output text
# Expected: Enabled

If missing, create it:

aws s3api create-bucket \
  --bucket edge-b001-ml-source \
  --region us-west-2 \
  --create-bucket-configuration LocationConstraint=us-west-2

aws s3api put-bucket-versioning \
  --bucket edge-b001-ml-source \
  --versioning-configuration Status=Enabled \
  --region us-west-2

aws s3api put-public-access-block \
  --bucket edge-b001-ml-source \
  --public-access-block-configuration \
    BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true \
  --region us-west-2

Set Config¶

Set the three variables before running the commands below. Pick one set from the list:

codecommit — codecommit, no workload
s3 — s3, no workload
codecommit-workload — codecommit + workload: realtime
s3-workload — s3 + workload: realtime

# codecommit — no workload
CONFIG=edge-prod-b001-us-west-2-fraud-detection-ml-codecommit.yaml
STACK_NAME=edge-prod-b001-us-west-2-fraud-detection-ml-stack
SSM_PATH=/ml/edge-prod-b001-us-west-2-fraud-detection-ml/

# s3 — no workload
# CONFIG=edge-prod-b001-us-west-2-fraud-detection-ml-s3.yaml
# STACK_NAME=edge-prod-b001-us-west-2-fraud-detection-ml-stack
# SSM_PATH=/ml/edge-prod-b001-us-west-2-fraud-detection-ml/

# codecommit + workload: realtime
# CONFIG=edge-prod-b001-us-west-2-fraud-detection-ml-codecommit-workload.yaml
# STACK_NAME=edge-prod-b001-us-west-2-fraud-detection-realtime-ml-stack
# SSM_PATH=/ml/edge-prod-b001-us-west-2-fraud-detection-realtime-ml/

# s3 + workload: realtime
# CONFIG=edge-prod-b001-us-west-2-fraud-detection-ml-s3-workload.yaml
# STACK_NAME=edge-prod-b001-us-west-2-fraud-detection-realtime-ml-stack
# SSM_PATH=/ml/edge-prod-b001-us-west-2-fraud-detection-realtime-ml/

Commands¶

validate-config¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act validate-config

list-products¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act list-products

show-product¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act show-product

create-policy¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/policies:/app/policies \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act create-policy

create-prov-template¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/templates:/app/templates \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act create-prov-template

validate-prov-template¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/templates:/app/templates \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act validate-prov-template

create-review-report¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/templates:/app/templates \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act create-review-report

test-deploy (optional — recommended)¶

Deploys a temporary stack with a random suffix to validate the template before the real deployment. The test stack must be deleted before running deploy-product.

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act test-deploy

delete test stack (required if test-deploy was run)¶

Replace <test-stack-name> with the stack name printed by the test-deploy output above.

aws cloudformation delete-stack \
  --stack-name <test-stack-name> \
  --region us-west-2

aws cloudformation wait stack-delete-complete \
  --stack-name <test-stack-name> \
  --region us-west-2

deploy-product¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/templates:/app/templates \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act deploy-product --force

show-changes (optional)¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/templates:/app/templates \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act show-changes

check-drift (optional)¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act check-drift

delete-product¶

docker run --rm \
  -v ~/.aws:/home/mluser/.aws:ro \
  -v $(pwd)/ml/configs:/app/configs:ro \
  -v $(pwd)/ml/reports:/app/reports \
  ml-provisioner:professional \
  -con $CONFIG \
  -act delete-product --force

Verify¶

List all provisioned resources¶

aws cloudformation describe-stack-resources \
  --stack-name $STACK_NAME \
  --region us-west-2 \
  --query "StackResources[*].[ResourceType,PhysicalResourceId]" \
  --output table

List all SSM parameters¶

aws ssm get-parameters-by-path \
  --path $SSM_PATH \
  --recursive \
  --region us-west-2 \
  --query "Parameters[*].Name" \
  --output table