Integration Test β globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-directΒΆ
Field |
Value |
|---|---|
Config file |
|
ml_name |
|
Stack name |
|
Tier |
enterprise |
Source control |
s3 |
VPC mode |
sg-provisioner |
VPC source |
direct |
Region |
us-west-2 |
Account |
123456789012 |
CFN resources |
36 (no CodeCommit repos β source control is S3; no SecurityGroup β managed by SG Provisioner) |
SSM parameters |
9 (no RepositoryUrl β source control is S3) |
Tested |
- [x] Passed (ml-provisioner:enterprise) |
ArtifactsΒΆ
Artifact |
Filename |
|---|---|
Template |
|
Policy |
|
Log |
|
Review |
|
Deploy |
|
For full verification commands refer to:
RERUN-SEQUENCE.md
1. PrerequisitesΒΆ
1.1 VPCΒΆ
VPC ID and subnet IDs are hardcoded in the config β no SSM resolution needed. The VPC simply needs to exist.
Verify VPC exists:
aws ec2 describe-vpcs \
--vpc-ids vpc-01d82c12b5b84da89 \
--region us-west-2 \
--query "Vpcs[0].VpcId" \
--output text
# Expected: vpc-01d82c12b5b84da89
1.2 SG ProvisionerΒΆ
Already deployed. Verify SSM param is present:
aws ssm get-parameter \
--name /sg/globalbank-prod-c001-us-west-2-sg/app/SecurityGroupId \
--region us-west-2 \
--query Parameter.Value \
--output text
# Expected: sg-09468cab28bcf1020
1.3 S3 Source BucketΒΆ
The bucket must exist with versioning enabled before deploying.
Create the bucket:
aws s3api create-bucket \
--bucket globalbank-c001-ml-source \
--region us-west-2 \
--create-bucket-configuration LocationConstraint=us-west-2
Enable versioning (required by CodePipeline S3 source action):
aws s3api put-bucket-versioning \
--bucket globalbank-c001-ml-source \
--versioning-configuration Status=Enabled \
--region us-west-2
Block public access:
aws s3api put-public-access-block \
--bucket globalbank-c001-ml-source \
--public-access-block-configuration \
BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true \
--region us-west-2
Verify:
aws s3api head-bucket \
--bucket globalbank-c001-ml-source \
--region us-west-2
aws s3api get-bucket-versioning \
--bucket globalbank-c001-ml-source \
--region us-west-2 \
--query Status \
--output text
# Expected: Enabled
2. CommandsΒΆ
validate-configΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act validate-config
list-productsΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act list-products
show-productΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act show-product
create-policyΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/policies:/app/policies \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act create-policy
create-prov-templateΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act create-prov-template
validate-prov-templateΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act validate-prov-template
create-review-reportΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act create-review-report
deploy-productΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act deploy-product --force
show-changesΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act show-changes
check-driftΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act check-drift
test-deployΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act test-deploy
List all provisioned resourcesΒΆ
aws cloudformation describe-stack-resources \
--stack-name globalbank-prod-c001-us-west-2-demand-forecasting-ml-stack \
--region us-west-2 \
--query "StackResources[*].[ResourceType,PhysicalResourceId]" \
--output table
List all SSM parametersΒΆ
aws ssm get-parameters-by-path \
--path /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/ \
--recursive \
--region us-west-2 \
--query "Parameters[*].{Name:Name,Value:Value}" \
--output table
delete-productΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-sgprov-direct.yaml \
-act delete-product --force
Resources ProvisionedΒΆ
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| DescribeStackResources |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------+
| AWS::SNS::Subscription | arn:aws:sns:us-west-2:123456789012:globalbank-prod-c001-us-west-2-demand-forecasting-ml-security-alerts:dc35b640-2ec6-4b2a-9fbe-90f3fde0a0a3 |
| AWS::SNS::Topic | arn:aws:sns:us-west-2:123456789012:globalbank-prod-c001-us-west-2-demand-forecasting-ml-security-alerts |
| AWS::S3::Bucket | globalbank-prod-c001-us-west-2-demand-forecasting-ml-artifacts |
| AWS::CodeBuild::Project | globalbank-prod-c001-us-west-2-demand-forecasting-ml-build |
| AWS::CodeBuild::Project | globalbank-prod-c001-us-west-2-demand-forecasting-ml-deploy |
| AWS::Logs::LogGroup | globalbank-prod-c001-us-west-2-demand-forecasting-ml-compliance-logs |
| AWS::CloudWatch::Dashboard | globalbank-prod-c001-us-west-2-demand-forecasting-ml-dashboard |
| AWS::Events::Rule | globalbank-prod-c001-us-west-2-demand-forecasting-ml-event-rule |
| AWS::IAM::Role | globalbank-prod-c001-demand-forecasting-ml-codebuild-role |
| AWS::IAM::Role | globalbank-prod-c001-demand-forecasting-ml-pipeline-role |
| AWS::IAM::Role | globalbank-prod-c001-demand-forecasting-ml-sm-exec-role |
| AWS::KMS::Alias | alias/globalbank-prod-c001-us-west-2-demand-forecasting-ml-key |
| AWS::KMS::Key | 0fe9e32a-8a73-4947-9029-f1d7f773eac6 |
| AWS::IAM::ManagedPolicy | arn:aws:iam::123456789012:policy/globalbank-prod-c001-demand-forecasting-ml-build-policy |
| AWS::IAM::ManagedPolicy | arn:aws:iam::123456789012:policy/globalbank-prod-c001-demand-forecasting-ml-deploy-policy |
| AWS::SageMaker::ModelPackageGroup| arn:aws:sagemaker:us-west-2:123456789012:model-package-group/globalbank-prod-c001-us-west-2-demand-forecasting-ml-models |
| AWS::IAM::ManagedPolicy | arn:aws:iam::123456789012:policy/globalbank-prod-c001-demand-forecasting-ml-perm-boundary |
| AWS::CodePipeline::Pipeline | globalbank-prod-c001-us-west-2-demand-forecasting-ml-build-pipeline |
| AWS::CodePipeline::Pipeline | globalbank-prod-c001-us-west-2-demand-forecasting-ml-deploy-pipeline |
| AWS::CloudWatch::Alarm | globalbank-prod-c001-us-west-2-demand-forecasting-ml-root-account-usage |
| AWS::Logs::MetricFilter | GlobalbankDemandForecastingSecurityAlarmsRootAccountUsageFilter-VOvP3E4aFhSz |
| AWS::CloudWatch::Alarm | globalbank-prod-c001-us-west-2-demand-forecasting-ml-unauthorized-api-calls |
| AWS::Logs::MetricFilter | GlobalbankDemandForecastingSecurityAlarmsUnauthorizedApiCallsFilter-3kaXq0Zicc4w |
| AWS::SSM::Parameter | /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/BucketName |
| AWS::SSM::Parameter | /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/DashboardName |
| AWS::SSM::Parameter | /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/KmsKeyArn |
| AWS::SSM::Parameter | /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/LogGroupName |
| AWS::SSM::Parameter | /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/ModelPackageGroupArn |
| AWS::SSM::Parameter | /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/VpcEndpointIdS3 |
| AWS::SSM::Parameter | /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/VpcEndpointIdSagemakerApi |
| AWS::SSM::Parameter | /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/VpcEndpointIdSagemakerRuntime |
| AWS::SSM::Parameter | /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/VpcEndpointIdSts |
| AWS::EC2::VPCEndpoint | vpce-0fc04e24cf43f5c3a |
| AWS::EC2::VPCEndpoint | vpce-02e801efdb3c4487c |
| AWS::EC2::VPCEndpoint | vpce-0d3b080624058a3db |
| AWS::EC2::VPCEndpoint | vpce-00b3cadd28df8ac33 |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------+
SSM Parameters CreatedΒΆ
aws ssm get-parameters-by-path \
--path /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/ \
--recursive \
--region us-west-2 \
--query "Parameters[*].{Name:Name,Value:Value}" \
--output table
Result:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| GetParametersByPath |
+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+
| Name | Value |
+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+
| /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/BucketName | globalbank-prod-c001-us-west-2-demand-forecasting-ml-artifacts |
| /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/DashboardName | globalbank-prod-c001-us-west-2-demand-forecasting-ml-dashboard |
| /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/KmsKeyArn | arn:aws:kms:us-west-2:123456789012:key/0fe9e32a-8a73-4947-9029-f1d7f773eac6 |
| /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/LogGroupName | globalbank-prod-c001-us-west-2-demand-forecasting-ml-compliance-logs |
| /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/ModelPackageGroupArn | arn:aws:sagemaker:us-west-2:123456789012:model-package-group/globalbank-prod-c001-us-west-2-demand-forecasting-ml-models |
| /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/VpcEndpointIdS3 | vpce-0fc04e24cf43f5c3a |
| /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/VpcEndpointIdSagemakerApi | vpce-02e801efdb3c4487c |
| /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/VpcEndpointIdSagemakerRuntime | vpce-0d3b080624058a3db |
| /ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/VpcEndpointIdSts | vpce-00b3cadd28df8ac33 |
+-----------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+
Note:
RepositoryUrlandSecurityGroupIdare NOT present β source control is S3 (no CodeCommit repo) and VPC mode is sg-provisioner (SG managed externally).