## cdk-aws-sagemaker-role-manager
## Usage
### Create Role from ML Activity with VPC and KMS conditions
```python
import { Stack } from 'aws-cdk-lib';
import { Activity } from '@cdklabs/cdk-aws-sagemaker-role-manager';
const stack = new Stack(app, 'CdkRoleManagerDemo');
const activity = Activity.manageJobs(stack, 'id1', {
rolesToPass: [iam.Role.fromRoleName('Enter Name')],
subnets: [ec2.Subnet.fromSubnetId('Enter Id')],
securityGroups: [ec2.SecurityGroup.fromSecurityGroupId('Enter Id')],
dataKeys: [kms.Key.fromKeyArn('Enter Key Arn')],
volumeKeys: [kms.Key.fromKeyArn('Enter Key Arn')],
});
activity.createRole(stack, 'role id', 'Enter Name');
```
### Create Role from ML Activity without VPC and KMS conditions
```python
import { Stack } from 'aws-cdk-lib';
import { Activity } from '@cdklabs/cdk-aws-sagemaker-role-manager';
const stack = new Stack(app, 'CdkRoleManagerDemo');
const activity = Activity.manageJobs(this, 'id1', {
rolesToPass: [iam.Role.fromRoleName('Enter Name')],
});
activity.createRole(this, 'role id', 'Enter Name', 'Enter Description');
```
### Create Role from Data Scientist ML Persona
```python
import { Stack } from 'aws-cdk-lib';
import { Activity, Persona } from '@cdklabs/cdk-aws-sagemaker-role-manager';
const stack = new Stack(app, 'CdkRoleManagerDemo');
let persona = new Persona(this, 'persona id', {
activities: [
Activity.useStudioApps(),
Activity.manageJobs(this, 'id1', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.manageModels(this, 'id2', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.manageExperiments(this, 'id3', {}),
Activity.searchExperiments(this, 'id4', {}),
Activity.accessBuckets(this, 'id5', {buckets: [s3.S3Bucket.fromBucketName('Enter Name')]})
],
subnets: [ec2.Subnet.fromSubnetId('Enter Id')],
securityGroups: [ec2.SecurityGroup.fromSecurityGroupId('Enter Id')],
dataKeys: [kms.Key.fromKeyArn('Enter Key Arn')],
volumeKeys: [kms.Key.fromKeyArn('Enter Key Arn')],
});
persona.createRole(this, 'role id', 'Enter Name', 'Enter Description');
```
### Create Role from Data Scientist ML Persona without vpc and kms global conditions
```python
import { Stack } from 'aws-cdk-lib';
import { Activity, Persona } from '@cdklabs/cdk-aws-sagemaker-role-manager';
const stack = new Stack(app, 'CdkRoleManagerDemo');
// Please see below how to create the Data Scientist ML Persona using its ML Activities.
// You can update the following list with changes matching your usecase.
let persona = new Persona(this, 'persona id', {
activities: [
Activity.useStudioApps(),
Activity.manageJobs(this, 'id1', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.manageModels(this, 'id2', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.manageExperiments(this, 'id3', {}),
Activity.searchExperiments(this, 'id4', {}),
Activity.accessBuckets(this, 'id5', {buckets: [s3.S3Bucket.fromBucketName('Enter Name')]})
],
});
// We can create a role with Data Scientist persona permissions
const role = persona.createRole(this, 'role id', 'Enter Name', 'Enter Description');
```
### Create Role MLOps ML Persona
```python
import { Stack } from 'aws-cdk-lib';
import { Activity, Persona } from '@cdklabs/cdk-aws-sagemaker-role-manager';
const stack = new Stack(app, 'CdkRoleManagerDemo');
let persona = new Persona(this, 'persona id', {
activities: [
Activity.useStudioApps(this, 'id1', {}),
Activity.manageModels(this, 'id2', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.manageEndpoints(this, 'id3',{rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.managePipelines(this, 'id4', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.searchExperiments(this, 'id5', {})
],
subnets: [ec2.Subnet.fromSubnetId('Enter Id')],
securityGroups: [ec2.SecurityGroup.fromSecurityGroupId('Enter Id')],
dataKeys: [kms.Key.fromKeyArn('Enter Key Arn')],
volumeKeys: [kms.Key.fromKeyArn('Enter Key Arn')],
});
const role = persona.createRole(this, 'role id', 'Enter Name', 'Enter Description');
```
### Create Role from MLOps ML Persona without vpc and kms global conditions
```python
import { Stack } from 'aws-cdk-lib';
import { Activity, Persona } from '@cdklabs/cdk-aws-sagemaker-role-manager';
const stack = new Stack(app, 'CdkRoleManagerDemo');
let persona = new Persona(this, 'persona id', {
activities: [
Activity.useStudioApps(this, 'id1', {}),
Activity.manageModels(this, 'id2', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.manageEndpoints(this, 'id3',{rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.managePipelines(this, 'id4', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),
Activity.searchExperiments(this, 'id5', {})
],
});
const role = persona.createRole(this, 'role id', 'Enter Name', 'Enter Description');
```
## Available ML Activities
| ML Activity Name | ML Activity Interface | ML Activity Description | ML Activity Required Parameters |
|------------------|---------------------------------|-----------------------------------------------------------------------------------------------------------|---------------------------------|
| Access Required AWS Services | Activity.accessAwsServices() | Permissions to access S3, ECR, Cloudwatch and EC2. Required for execution roles for jobs and endpoints. | ecrRepositories, s3Buckets |
| Run Studio Applications | Activity.runStudioApps() | Permissions to operate within a Studio environment. Required for domain and user-profile execution roles. | rolesToPass |
| Manage ML Jobs | Activity.manageJobs() | Permissions to manage SageMaker jobs across their lifecycles. | rolesToPass |
| Manage Models | Activity.manageModels() | Permissions to manage SageMaker models and Model Registry. | rolesToPass |
| Manage Endpoints | Activity.manageEndpoints() | Permissions to manage SageMaker Endpoint deployments and updates. | No required parameters |
| Manage Pipelines | Activity.managePipelines() | Permissions to manage SageMaker Pipelines and pipeline executions. | rolesToPass |
| Manage Experiments | Activity.manageExperiments() | Permissions to manage experiments and trials. | No required parameters |
| Search and visualize experiments | Activity.visualizeExperiments() | Permissions to audit, query lineage and visualize experiments. | No required parameters |
| Manage Model Monitoring | Activity.monitorModels() | Permissions to manage monitoring schedules for SageMaker Model Monitor. | rolesToPass |
| S3 Full Access | Activity.accessS3AllResources() | Permissions to perform all S3 operations | No required parameters |
| S3 Bucket Access | Activity.accessS3Buckets() | Permissions to perform operations on specified buckets. | s3Buckets |
| Query Athena Workgroups | Activity.queryAthenaGroups() | Permissions to execute and manage Amazon Athena queries. | athenaWorkgroupNames |
| Manage Glue Tables | Activity.manageGlueTables() | Permissions to create and manage Glue tables for SageMaker Feature Store and Data Wrangler. | s3Buckets, glueDatabaseNames |
## Security
See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
## License
This project is licensed under the Apache-2.0 License.
Raw data
{
"_id": null,
"home_page": "https://github.com/cdklabs/cdk-aws-sagemaker-role-manager",
"name": "cdklabs.cdk-aws-sagemaker-role-manager",
"maintainer": "",
"docs_url": null,
"requires_python": "~=3.7",
"maintainer_email": "",
"keywords": "",
"author": "Amazon Web Services<aws-cdk-dev@amazon.com>",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/04/c2/f83b455f434ba8283006f1d169db72b6d95770c184247c024346642f8ae3/cdklabs.cdk-aws-sagemaker-role-manager-0.0.30.tar.gz",
"platform": null,
"description": "## cdk-aws-sagemaker-role-manager\n\n## Usage\n\n### Create Role from ML Activity with VPC and KMS conditions\n\n```python\nimport { Stack } from 'aws-cdk-lib';\nimport { Activity } from '@cdklabs/cdk-aws-sagemaker-role-manager';\n\nconst stack = new Stack(app, 'CdkRoleManagerDemo');\n\nconst activity = Activity.manageJobs(stack, 'id1', {\n rolesToPass: [iam.Role.fromRoleName('Enter Name')],\n subnets: [ec2.Subnet.fromSubnetId('Enter Id')],\n securityGroups: [ec2.SecurityGroup.fromSecurityGroupId('Enter Id')],\n dataKeys: [kms.Key.fromKeyArn('Enter Key Arn')],\n volumeKeys: [kms.Key.fromKeyArn('Enter Key Arn')],\n});\n\nactivity.createRole(stack, 'role id', 'Enter Name');\n```\n\n### Create Role from ML Activity without VPC and KMS conditions\n\n```python\nimport { Stack } from 'aws-cdk-lib';\nimport { Activity } from '@cdklabs/cdk-aws-sagemaker-role-manager';\n\nconst stack = new Stack(app, 'CdkRoleManagerDemo');\n\nconst activity = Activity.manageJobs(this, 'id1', {\n rolesToPass: [iam.Role.fromRoleName('Enter Name')],\n});\n\nactivity.createRole(this, 'role id', 'Enter Name', 'Enter Description');\n```\n\n### Create Role from Data Scientist ML Persona\n\n```python\nimport { Stack } from 'aws-cdk-lib';\nimport { Activity, Persona } from '@cdklabs/cdk-aws-sagemaker-role-manager';\n\nconst stack = new Stack(app, 'CdkRoleManagerDemo');\n\nlet persona = new Persona(this, 'persona id', {\n activities: [\n Activity.useStudioApps(),\n Activity.manageJobs(this, 'id1', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.manageModels(this, 'id2', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.manageExperiments(this, 'id3', {}),\n Activity.searchExperiments(this, 'id4', {}),\n Activity.accessBuckets(this, 'id5', {buckets: [s3.S3Bucket.fromBucketName('Enter Name')]})\n ],\n subnets: [ec2.Subnet.fromSubnetId('Enter Id')],\n securityGroups: [ec2.SecurityGroup.fromSecurityGroupId('Enter Id')],\n dataKeys: [kms.Key.fromKeyArn('Enter Key Arn')],\n volumeKeys: [kms.Key.fromKeyArn('Enter Key Arn')],\n});\n\npersona.createRole(this, 'role id', 'Enter Name', 'Enter Description');\n```\n\n### Create Role from Data Scientist ML Persona without vpc and kms global conditions\n\n```python\nimport { Stack } from 'aws-cdk-lib';\nimport { Activity, Persona } from '@cdklabs/cdk-aws-sagemaker-role-manager';\n\nconst stack = new Stack(app, 'CdkRoleManagerDemo');\n\n// Please see below how to create the Data Scientist ML Persona using its ML Activities.\n// You can update the following list with changes matching your usecase.\nlet persona = new Persona(this, 'persona id', {\n activities: [\n Activity.useStudioApps(),\n Activity.manageJobs(this, 'id1', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.manageModels(this, 'id2', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.manageExperiments(this, 'id3', {}),\n Activity.searchExperiments(this, 'id4', {}),\n Activity.accessBuckets(this, 'id5', {buckets: [s3.S3Bucket.fromBucketName('Enter Name')]})\n ],\n});\n\n// We can create a role with Data Scientist persona permissions\nconst role = persona.createRole(this, 'role id', 'Enter Name', 'Enter Description');\n```\n\n### Create Role MLOps ML Persona\n\n```python\nimport { Stack } from 'aws-cdk-lib';\nimport { Activity, Persona } from '@cdklabs/cdk-aws-sagemaker-role-manager';\n\nconst stack = new Stack(app, 'CdkRoleManagerDemo');\n\nlet persona = new Persona(this, 'persona id', {\n activities: [\n Activity.useStudioApps(this, 'id1', {}),\n Activity.manageModels(this, 'id2', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.manageEndpoints(this, 'id3',{rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.managePipelines(this, 'id4', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.searchExperiments(this, 'id5', {})\n ],\n subnets: [ec2.Subnet.fromSubnetId('Enter Id')],\n securityGroups: [ec2.SecurityGroup.fromSecurityGroupId('Enter Id')],\n dataKeys: [kms.Key.fromKeyArn('Enter Key Arn')],\n volumeKeys: [kms.Key.fromKeyArn('Enter Key Arn')],\n});\n\nconst role = persona.createRole(this, 'role id', 'Enter Name', 'Enter Description');\n```\n\n### Create Role from MLOps ML Persona without vpc and kms global conditions\n\n```python\nimport { Stack } from 'aws-cdk-lib';\nimport { Activity, Persona } from '@cdklabs/cdk-aws-sagemaker-role-manager';\n\nconst stack = new Stack(app, 'CdkRoleManagerDemo');\n\nlet persona = new Persona(this, 'persona id', {\n activities: [\n Activity.useStudioApps(this, 'id1', {}),\n Activity.manageModels(this, 'id2', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.manageEndpoints(this, 'id3',{rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.managePipelines(this, 'id4', {rolesToPass: [iam.Role.fromRoleName('Enter Name')]}),\n Activity.searchExperiments(this, 'id5', {})\n ],\n});\n\nconst role = persona.createRole(this, 'role id', 'Enter Name', 'Enter Description');\n```\n\n## Available ML Activities\n\n| ML Activity Name | ML Activity Interface | ML Activity Description | ML Activity Required Parameters |\n|------------------|---------------------------------|-----------------------------------------------------------------------------------------------------------|---------------------------------|\n| Access Required AWS Services | Activity.accessAwsServices() | Permissions to access S3, ECR, Cloudwatch and EC2. Required for execution roles for jobs and endpoints. | ecrRepositories, s3Buckets |\n| Run Studio Applications | Activity.runStudioApps() | Permissions to operate within a Studio environment. Required for domain and user-profile execution roles. | rolesToPass |\n| Manage ML Jobs | Activity.manageJobs() | Permissions to manage SageMaker jobs across their lifecycles. | rolesToPass |\n| Manage Models | Activity.manageModels() | \tPermissions to manage SageMaker models and Model Registry. | rolesToPass |\n| Manage Endpoints | Activity.manageEndpoints() | Permissions to manage SageMaker Endpoint deployments and updates. | No required parameters |\n| Manage Pipelines | Activity.managePipelines() | Permissions to manage SageMaker Pipelines and pipeline executions. | rolesToPass |\n| Manage Experiments | Activity.manageExperiments() | \tPermissions to manage experiments and trials. | No required parameters |\n| Search and visualize experiments | Activity.visualizeExperiments() | Permissions to audit, query lineage and visualize experiments. | No required parameters |\n| \tManage Model Monitoring | Activity.monitorModels() | Permissions to manage monitoring schedules for SageMaker Model Monitor. | rolesToPass |\n| S3 Full Access | Activity.accessS3AllResources() | \tPermissions to perform all S3 operations | No required parameters |\n| S3 Bucket Access | Activity.accessS3Buckets() | Permissions to perform operations on specified buckets. | s3Buckets |\n| \tQuery Athena Workgroups | Activity.queryAthenaGroups() | Permissions to execute and manage Amazon Athena queries. | athenaWorkgroupNames |\n| \tManage Glue Tables | Activity.manageGlueTables() | \tPermissions to create and manage Glue tables for SageMaker Feature Store and Data Wrangler. | s3Buckets, glueDatabaseNames |\n\n## Security\n\nSee [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.\n\n## License\n\nThis project is licensed under the Apache-2.0 License.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Create roles and policies for ML Activities and ML Personas",
"version": "0.0.30",
"project_urls": {
"Homepage": "https://github.com/cdklabs/cdk-aws-sagemaker-role-manager",
"Source": "https://github.com/cdklabs/cdk-aws-sagemaker-role-manager"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "5d25d42bb4abd55b27d4ddf5d9e0a171c4b4758ec9b61f5c98357288dedc31c6",
"md5": "fa8514a89c1ffb2825bd41f0f24f301c",
"sha256": "0f2e5e341e1e0c93ffca2681400fa6169bea32fa484e4da15463e424d93ef962"
},
"downloads": -1,
"filename": "cdklabs.cdk_aws_sagemaker_role_manager-0.0.30-py3-none-any.whl",
"has_sig": false,
"md5_digest": "fa8514a89c1ffb2825bd41f0f24f301c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.7",
"size": 77738,
"upload_time": "2023-11-16T18:11:11",
"upload_time_iso_8601": "2023-11-16T18:11:11.401129Z",
"url": "https://files.pythonhosted.org/packages/5d/25/d42bb4abd55b27d4ddf5d9e0a171c4b4758ec9b61f5c98357288dedc31c6/cdklabs.cdk_aws_sagemaker_role_manager-0.0.30-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "04c2f83b455f434ba8283006f1d169db72b6d95770c184247c024346642f8ae3",
"md5": "884d7ac696ab1e94c934420d7f74533a",
"sha256": "fffe866f11f70a03ec5af72c00194be2a40f9f648a21495ad55df2313463f4f1"
},
"downloads": -1,
"filename": "cdklabs.cdk-aws-sagemaker-role-manager-0.0.30.tar.gz",
"has_sig": false,
"md5_digest": "884d7ac696ab1e94c934420d7f74533a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.7",
"size": 79017,
"upload_time": "2023-11-16T18:11:13",
"upload_time_iso_8601": "2023-11-16T18:11:13.657972Z",
"url": "https://files.pythonhosted.org/packages/04/c2/f83b455f434ba8283006f1d169db72b6d95770c184247c024346642f8ae3/cdklabs.cdk-aws-sagemaker-role-manager-0.0.30.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-11-16 18:11:13",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cdklabs",
"github_project": "cdk-aws-sagemaker-role-manager",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdklabs.cdk-aws-sagemaker-role-manager"
}