Standalone Scenarios β Run CommandsΒΆ
All standalone scenarios share the same 12 actions. The only difference is the config file name.
Available ConfigurationsΒΆ
Config file |
Source control |
VPC source |
Notes |
|---|---|---|---|
|
codecommit |
parameter-store |
|
|
codecommit |
parameter-store |
workload: rt, use_case: demand-fc |
|
codecommit |
direct |
|
|
codecommit |
direct |
includes route table IDs |
|
s3 |
parameter-store |
|
|
s3 |
direct |
PrerequisitesΒΆ
In standalone mode the ML Provisioner creates and manages its own endpoint SecurityGroup.
The SG Provisioner must NOT be deployed β standalone mode does not use it.
SG Provisioner β must not be deployedΒΆ
aws cloudformation describe-stacks \
--stack-name globalbank-prod-c001-us-west-2-sg-stack \
--region us-west-2 \
--query "Stacks[0].StackStatus" \
--output text 2>&1
# If output contains 'does not exist' β good, proceed.
# If output is CREATE_COMPLETE β delete it before running any standalone scenario.
VPC β all scenariosΒΆ
The VPC must exist in us-west-2:
aws ec2 describe-vpcs \
--vpc-ids vpc-01d82c12b5b84da89 \
--region us-west-2 \
--query "Vpcs[0].VpcId" \
--output text
# Expected: vpc-01d82c12b5b84da89
SSM VPC params β parameter-store scenarios onlyΒΆ
Required by: codecommit-standalone-ssm, codecommit-standalone-ssm-workload, s3-standalone-ssm
aws ssm get-parameter \
--name /vpc/globalbank-prod-c001-us-west-2-vpc/VPCId \
--region us-west-2 \
--query Parameter.Value \
--output text
aws ssm get-parameter \
--name /vpc/globalbank-prod-c001-us-west-2-vpc/PrivateSubnetIds \
--region us-west-2 \
--query Parameter.Value \
--output text
# Expected: subnet-03ef04e345a08b008,subnet-059d4326e512a5a33,subnet-038b75b317519b7d4
If PrivateSubnetIds is missing, create it:
aws ssm put-parameter \
--name /vpc/globalbank-prod-c001-us-west-2-vpc/PrivateSubnetIds \
--value "subnet-03ef04e345a08b008,subnet-059d4326e512a5a33,subnet-038b75b317519b7d4" \
--type StringList \
--region us-west-2
Route tables β direct-rtb scenario onlyΒΆ
Required by: codecommit-standalone-direct-rtb
The following private route tables must exist in the VPC:
rtb-045e45e43e7792d8a (private-route-table-2a)
rtb-0208b3fc83187ae05 (private-route-table-2b)
rtb-0cf4bb2e112a25a9d (private-route-table-2c)
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=vpc-01d82c12b5b84da89" \
--region us-west-2 \
--query "RouteTables[*].{Id:RouteTableId,Name:Tags[?Key=='Name'].Value|[0]}" \
--output table
S3 source bucket β s3 scenarios onlyΒΆ
Required by: s3-standalone-ssm, s3-standalone-direct
aws s3api head-bucket --bucket globalbank-c001-ml-source --region us-west-2
aws s3api get-bucket-versioning \
--bucket globalbank-c001-ml-source \
--region us-west-2 \
--query Status \
--output text
# Expected: Enabled
If missing, create it:
aws s3api create-bucket \
--bucket globalbank-c001-ml-source \
--region us-west-2 \
--create-bucket-configuration LocationConstraint=us-west-2
aws s3api put-bucket-versioning \
--bucket globalbank-c001-ml-source \
--versioning-configuration Status=Enabled \
--region us-west-2
aws s3api put-public-access-block \
--bucket globalbank-c001-ml-source \
--public-access-block-configuration \
BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true \
--region us-west-2
Set ConfigΒΆ
Set the three variables before running the commands below. Pick one set from the list:
codecommit-standalone-ssmβ codecommit + parameter-storecodecommit-standalone-ssm-workloadβ codecommit + parameter-store + workloadcodecommit-standalone-directβ codecommit + directcodecommit-standalone-direct-rtbβ codecommit + direct + route tabless3-standalone-ssmβ s3 + parameter-stores3-standalone-directβ s3 + direct
# codecommit + parameter-store
CONFIG=globalbank-prod-c001-us-west-2-demand-forecasting-ml-codecommit-standalone-ssm.yaml
STACK_NAME=globalbank-prod-c001-us-west-2-demand-forecasting-ml-stack
SSM_PATH=/ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/
# codecommit + parameter-store + workload
# CONFIG=globalbank-prod-c001-us-west-2-demand-forecasting-ml-codecommit-standalone-ssm-workload.yaml
# STACK_NAME=globalbank-prod-c001-us-west-2-demand-fc-rt-ml-stack
# SSM_PATH=/ml/globalbank-prod-c001-us-west-2-demand-fc-rt-ml/
# codecommit + direct
# CONFIG=globalbank-prod-c001-us-west-2-demand-forecasting-ml-codecommit-standalone-direct.yaml
# STACK_NAME=globalbank-prod-c001-us-west-2-demand-forecasting-ml-stack
# SSM_PATH=/ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/
# codecommit + direct + route tables
# CONFIG=globalbank-prod-c001-us-west-2-demand-forecasting-ml-codecommit-standalone-direct-rtb.yaml
# STACK_NAME=globalbank-prod-c001-us-west-2-demand-forecasting-ml-stack
# SSM_PATH=/ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/
# s3 + parameter-store
# CONFIG=globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-standalone-ssm.yaml
# STACK_NAME=globalbank-prod-c001-us-west-2-demand-forecasting-ml-stack
# SSM_PATH=/ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/
# s3 + direct
# CONFIG=globalbank-prod-c001-us-west-2-demand-forecasting-ml-s3-standalone-direct.yaml
# STACK_NAME=globalbank-prod-c001-us-west-2-demand-forecasting-ml-stack
# SSM_PATH=/ml/globalbank-prod-c001-us-west-2-demand-forecasting-ml/
CommandsΒΆ
validate-configΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act validate-config
list-productsΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act list-products
show-productΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act show-product
create-policyΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/policies:/app/policies \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act create-policy
create-prov-templateΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act create-prov-template
validate-prov-templateΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act validate-prov-template
create-review-reportΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act create-review-report
test-deploy (optional β recommended)ΒΆ
Deploys a temporary stack with a random suffix to validate the template before the real deployment. The test stack must be deleted before running
deploy-product. For thedirect-rtbscenario, see the note about route table conflicts incodecommit-standalone-direct-rtb_test.md.
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act test-deploy
delete test stack (required if test-deploy was run)ΒΆ
Replace
<test-stack-name>with the stack name printed by thetest-deployoutput above.
aws cloudformation delete-stack \
--stack-name <test-stack-name> \
--region us-west-2
aws cloudformation wait stack-delete-complete \
--stack-name <test-stack-name> \
--region us-west-2
deploy-productΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act deploy-product --force
show-changes (optional)ΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/templates:/app/templates \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act show-changes
check-drift (optional)ΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act check-drift
delete-productΒΆ
docker run --rm \
-v ~/.aws:/home/mluser/.aws:ro \
-v $(pwd)/ml/configs:/app/configs:ro \
-v $(pwd)/ml/reports:/app/reports \
ml-provisioner:enterprise \
-con $CONFIG \
-act delete-product --force
VerifyΒΆ
List all provisioned resourcesΒΆ
aws cloudformation describe-stack-resources \
--stack-name $STACK_NAME \
--region us-west-2 \
--query "StackResources[*].[ResourceType,PhysicalResourceId]" \
--output table
List all SSM parametersΒΆ
aws ssm get-parameters-by-path \
--path $SSM_PATH \
--recursive \
--region us-west-2 \
--query "Parameters[*].Name" \
--output table