From 0e29910efa75d549c8f2273757770ef17f3cc13d Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Wed, 7 Feb 2024 18:50:25 +0900 Subject: [PATCH] add IPipeline using IPipeline grantStartPipelineExecution tweak tweak tweak fix eslint error tweak --- .../aws-scheduler-targets-alpha/README.md | 2 +- .../sage-maker-start-pipeline-execution.ts | 28 +- ...maker-start-pipeline-execution.assets.json | 4 +- ...ker-start-pipeline-execution.template.json | 158 ++-- ...efaultTestDeployAssert19EB5121.assets.json | 4 +- ...aultTestDeployAssert19EB5121.template.json | 2 +- .../manifest.json | 44 +- .../tree.json | 696 +++++++++--------- ...teg.sage-maker-start-pipeline-execution.ts | 158 ++-- ...age-maker-start-pipeline-execution.test.ts | 284 ++----- .../aws-cdk-lib/aws-sagemaker/lib/index.ts | 1 + .../aws-cdk-lib/aws-sagemaker/lib/pipeline.ts | 27 + 12 files changed, 644 insertions(+), 764 deletions(-) create mode 100644 packages/aws-cdk-lib/aws-sagemaker/lib/pipeline.ts diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md b/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md index b923897487906..3f95fadf1d961 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/README.md @@ -301,7 +301,7 @@ called every hour by Event Bridge Scheduler. ```ts import * as sagemaker from 'aws-cdk-lib/aws-sagemaker'; -declare const pipeline: sagemaker.CfnPipeline; +declare const pipeline: sagemaker.IPipeline; new Schedule(this, 'Schedule', { schedule: ScheduleExpression.rate(Duration.minutes(60)), diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/sage-maker-start-pipeline-execution.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/sage-maker-start-pipeline-execution.ts index ccb3f1f62c3a8..94dc880ffd84e 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/sage-maker-start-pipeline-execution.ts +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/lib/sage-maker-start-pipeline-execution.ts @@ -1,7 +1,7 @@ import { ISchedule, IScheduleTarget, ScheduleTargetConfig } from '@aws-cdk/aws-scheduler-alpha'; -import { ArnFormat, Names, Stack } from 'aws-cdk-lib'; -import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam'; -import { CfnPipeline } from 'aws-cdk-lib/aws-sagemaker'; +import { Names } from 'aws-cdk-lib'; +import { IRole } from 'aws-cdk-lib/aws-iam'; +import { IPipeline } from 'aws-cdk-lib/aws-sagemaker'; import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target'; import { sameEnvDimension } from './util'; @@ -40,20 +40,11 @@ export interface SageMakerStartPipelineExecutionProps extends ScheduleTargetBase * Use a SageMaker pipeline as a target for AWS EventBridge Scheduler. */ export class SageMakerStartPipelineExecution extends ScheduleTargetBase implements IScheduleTarget { - private readonly pipelineArn: string; - constructor( - private readonly pipeline: CfnPipeline, + private readonly pipeline: IPipeline, private readonly props: SageMakerStartPipelineExecutionProps = {}, ) { - const targetArn = Stack.of(pipeline).formatArn({ - service: 'sagemaker', - resource: 'pipeline', - resourceName: pipeline.pipelineName, - arnFormat: ArnFormat.SLASH_RESOURCE_NAME, - }); - super(props, targetArn); - this.pipelineArn = targetArn; + super(props, pipeline.pipelineArn); if (props.pipelineParameterList !== undefined && props.pipelineParameterList.length > 200) { throw new Error(`pipelineParameterList length must be between 0 and 200, got ${props.pipelineParameterList.length}`); @@ -73,13 +64,10 @@ export class SageMakerStartPipelineExecution extends ScheduleTargetBase implemen throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(this.pipeline.node)} in account ${this.pipeline.stack.account}. Both the target and the execution role must be in the same account.`); } - role.addToPrincipalPolicy(new PolicyStatement({ - actions: ['sagemaker:StartPipelineExecution'], - resources: [this.pipelineArn], - })); + this.pipeline.grantStartPipelineExecution(role); } - protected bindBaseTargetConfig(_schedule: ISchedule): ScheduleTargetConfig { + protected bindBaseTargetConfig(schedule: ISchedule): ScheduleTargetConfig { const sageMakerPipelineParameters = this.props.pipelineParameterList ? { pipelineParameterList: this.props.pipelineParameterList.map(param => { return { @@ -89,7 +77,7 @@ export class SageMakerStartPipelineExecution extends ScheduleTargetBase implemen }), } : undefined; return { - ...super.bindBaseTargetConfig(_schedule), + ...super.bindBaseTargetConfig(schedule), sageMakerPipelineParameters, }; } diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.assets.json b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.assets.json index 79f978261e665..d23875dc4ce62 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.assets.json +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.assets.json @@ -14,7 +14,7 @@ } } }, - "d0f9f25afdddf0d4b80b284035e215ccbd9fe0787db495083cd44e828780f3fd": { + "fa479854f30bf33d4667034a3b110207ddf63bb1c87eb57a86a7b833b9713461": { "source": { "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d0f9f25afdddf0d4b80b284035e215ccbd9fe0787db495083cd44e828780f3fd.json", + "objectKey": "fa479854f30bf33d4667034a3b110207ddf63bb1c87eb57a86a7b833b9713461.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.template.json b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.template.json index 36acb1364ceff..f06fd5d5ac016 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.template.json +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.template.json @@ -1,6 +1,6 @@ { "Resources": { - "SourceBucketDDD2130A": { + "PipelineSourceBucket23FDFC28": { "Type": "AWS::S3::Bucket", "Properties": { "Tags": [ @@ -13,11 +13,11 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "SourceBucketPolicy703DFBF9": { + "PipelineSourceBucketPolicy017B174D": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { - "Ref": "SourceBucketDDD2130A" + "Ref": "PipelineSourceBucket23FDFC28" }, "PolicyDocument": { "Statement": [ @@ -40,7 +40,7 @@ "Resource": [ { "Fn::GetAtt": [ - "SourceBucketDDD2130A", + "PipelineSourceBucket23FDFC28", "Arn" ] }, @@ -50,7 +50,7 @@ [ { "Fn::GetAtt": [ - "SourceBucketDDD2130A", + "PipelineSourceBucket23FDFC28", "Arn" ] }, @@ -65,7 +65,7 @@ } } }, - "SourceBucketAutoDeleteObjectsCustomResourceC68FC040": { + "PipelineSourceBucketAutoDeleteObjectsCustomResource041F2E1E": { "Type": "Custom::S3AutoDeleteObjects", "Properties": { "ServiceToken": { @@ -75,74 +75,16 @@ ] }, "BucketName": { - "Ref": "SourceBucketDDD2130A" + "Ref": "PipelineSourceBucket23FDFC28" } }, "DependsOn": [ - "SourceBucketPolicy703DFBF9" + "PipelineSourceBucketPolicy017B174D" ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ] - }, - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - } - ] - } - }, - "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "2ec8ad9e91dcd6e7ad6a5c84ffc6c9c05c408aca3b26ceb2816d81043e6c4dc3.zip" - }, - "Timeout": 900, - "MemorySize": 128, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - }, - "Runtime": "nodejs18.x", - "Description": { - "Fn::Join": [ - "", - [ - "Lambda function for auto-deleting objects in ", - { - "Ref": "SourceBucketDDD2130A" - }, - " S3 bucket." - ] - ] - } - }, - "DependsOn": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" - ] - }, - "OutputBucket7114EB27": { + "PipelineOutputBucket98EA5F71": { "Type": "AWS::S3::Bucket", "Properties": { "Tags": [ @@ -155,11 +97,11 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "OutputBucketPolicyAE009DDC": { + "PipelineOutputBucketPolicy4566E5A8": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { - "Ref": "OutputBucket7114EB27" + "Ref": "PipelineOutputBucket98EA5F71" }, "PolicyDocument": { "Statement": [ @@ -182,7 +124,7 @@ "Resource": [ { "Fn::GetAtt": [ - "OutputBucket7114EB27", + "PipelineOutputBucket98EA5F71", "Arn" ] }, @@ -192,7 +134,7 @@ [ { "Fn::GetAtt": [ - "OutputBucket7114EB27", + "PipelineOutputBucket98EA5F71", "Arn" ] }, @@ -207,7 +149,7 @@ } } }, - "OutputBucketAutoDeleteObjectsCustomResource6C7A161F": { + "PipelineOutputBucketAutoDeleteObjectsCustomResource0CB6E67C": { "Type": "Custom::S3AutoDeleteObjects", "Properties": { "ServiceToken": { @@ -217,16 +159,16 @@ ] }, "BucketName": { - "Ref": "OutputBucket7114EB27" + "Ref": "PipelineOutputBucket98EA5F71" } }, "DependsOn": [ - "OutputBucketPolicyAE009DDC" + "PipelineOutputBucketPolicy4566E5A8" ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "SageMakerPipelineRole4BE63DC1": { + "PipelineSageMakerPipelineRole7D1FE5F8": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -257,7 +199,7 @@ ] } }, - "Pipeline": { + "PipelineC660917D": { "Type": "AWS::SageMaker::Pipeline", "Properties": { "PipelineDefinition": { @@ -267,11 +209,11 @@ [ "{\"Version\":\"2020-12-01\",\"Metadata\":{},\"Parameters\":[{\"Name\":\"ParameterName\",\"Type\":\"String\",\"DefaultValue\":\"Value\"}],\"Steps\":[{\"Name\":\"TrainingStep\",\"Type\":\"Training\",\"Arguments\":{\"AlgorithmSpecification\":{\"TrainingImage\":\"382416733822.dkr.ecr.us-east-1.amazonaws.com/linear-learner:1\",\"TrainingInputMode\":\"File\"},\"InputDataConfig\":[{\"DataSource\":{\"S3DataSource\":{\"S3Uri\":\"s3://", { - "Ref": "SourceBucketDDD2130A" + "Ref": "PipelineSourceBucket23FDFC28" }, "\"}}}],\"OutputDataConfig\":{\"S3OutputPath\":\"s3://", { - "Ref": "OutputBucket7114EB27" + "Ref": "PipelineOutputBucket98EA5F71" }, "\"},\"ResourceConfig\":{\"InstanceCount\":1,\"InstanceType\":\"ml.m5.large\",\"VolumeSizeInGB\":50},\"StoppingCondition\":{\"MaxRuntimeInSeconds\":3600}}}]}" ] @@ -281,12 +223,70 @@ "PipelineName": "my-pipeline", "RoleArn": { "Fn::GetAtt": [ - "SageMakerPipelineRole4BE63DC1", + "PipelineSageMakerPipelineRole7D1FE5F8", "Arn" ] } } }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "2ec8ad9e91dcd6e7ad6a5c84ffc6c9c05c408aca3b26ceb2816d81043e6c4dc3.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "PipelineSourceBucket23FDFC28" + }, + " S3 bucket." + ] + ] + } + }, + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + ] + }, "Schedule83A77FD1": { "Type": "AWS::Scheduler::Schedule", "Properties": { diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/integrationtestsagemakerstartpipelineexecutionDefaultTestDeployAssert19EB5121.assets.json b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/integrationtestsagemakerstartpipelineexecutionDefaultTestDeployAssert19EB5121.assets.json index 45347894ce7eb..e25b19cedadfa 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/integrationtestsagemakerstartpipelineexecutionDefaultTestDeployAssert19EB5121.assets.json +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/integrationtestsagemakerstartpipelineexecutionDefaultTestDeployAssert19EB5121.assets.json @@ -14,7 +14,7 @@ } } }, - "354145d74e384924fe45ac2b9327c2c4317f17a5b89121382dd273e4e3f30983": { + "c684d4c491cd78afa609ab0d8b3360d273a36cea49ec2ac32a2feb248ba3a77f": { "source": { "path": "integrationtestsagemakerstartpipelineexecutionDefaultTestDeployAssert19EB5121.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "354145d74e384924fe45ac2b9327c2c4317f17a5b89121382dd273e4e3f30983.json", + "objectKey": "c684d4c491cd78afa609ab0d8b3360d273a36cea49ec2ac32a2feb248ba3a77f.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/integrationtestsagemakerstartpipelineexecutionDefaultTestDeployAssert19EB5121.template.json b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/integrationtestsagemakerstartpipelineexecutionDefaultTestDeployAssert19EB5121.template.json index a8c14f1b7a38e..3158884572b2e 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/integrationtestsagemakerstartpipelineexecutionDefaultTestDeployAssert19EB5121.template.json +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/integrationtestsagemakerstartpipelineexecutionDefaultTestDeployAssert19EB5121.template.json @@ -23,7 +23,7 @@ "outputPaths": [ "PipelineExecutionSummaries.0.PipelineExecutionArn" ], - "salt": "1707132601364" + "salt": "1707307602516" }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/manifest.json b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/manifest.json index 05c97afa48ccc..89b28365b6c2b 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d0f9f25afdddf0d4b80b284035e215ccbd9fe0787db495083cd44e828780f3fd.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fa479854f30bf33d4667034a3b110207ddf63bb1c87eb57a86a7b833b9713461.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -34,64 +34,64 @@ "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution.assets" ], "metadata": { - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SourceBucket/Resource": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SourceBucket/Resource": [ { "type": "aws:cdk:logicalId", - "data": "SourceBucketDDD2130A" + "data": "PipelineSourceBucket23FDFC28" } ], - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SourceBucket/Policy/Resource": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SourceBucket/Policy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "SourceBucketPolicy703DFBF9" + "data": "PipelineSourceBucketPolicy017B174D" } ], - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SourceBucket/AutoDeleteObjectsCustomResource/Default": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SourceBucket/AutoDeleteObjectsCustomResource/Default": [ { "type": "aws:cdk:logicalId", - "data": "SourceBucketAutoDeleteObjectsCustomResourceC68FC040" + "data": "PipelineSourceBucketAutoDeleteObjectsCustomResource041F2E1E" } ], - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/OutputBucket/Resource": [ { "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" + "data": "PipelineOutputBucket98EA5F71" } ], - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/OutputBucket/Policy/Resource": [ { "type": "aws:cdk:logicalId", - "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" + "data": "PipelineOutputBucketPolicy4566E5A8" } ], - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/OutputBucket/Resource": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/OutputBucket/AutoDeleteObjectsCustomResource/Default": [ { "type": "aws:cdk:logicalId", - "data": "OutputBucket7114EB27" + "data": "PipelineOutputBucketAutoDeleteObjectsCustomResource0CB6E67C" } ], - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/OutputBucket/Policy/Resource": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SageMakerPipelineRole/Resource": [ { "type": "aws:cdk:logicalId", - "data": "OutputBucketPolicyAE009DDC" + "data": "PipelineSageMakerPipelineRole7D1FE5F8" } ], - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/OutputBucket/AutoDeleteObjectsCustomResource/Default": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/Resource": [ { "type": "aws:cdk:logicalId", - "data": "OutputBucketAutoDeleteObjectsCustomResource6C7A161F" + "data": "PipelineC660917D" } ], - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SageMakerPipelineRole/Resource": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role": [ { "type": "aws:cdk:logicalId", - "data": "SageMakerPipelineRole4BE63DC1" + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092" } ], - "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline": [ + "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler": [ { "type": "aws:cdk:logicalId", - "data": "Pipeline" + "data": "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F" } ], "/aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Schedule/Resource": [ @@ -144,7 +144,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/354145d74e384924fe45ac2b9327c2c4317f17a5b89121382dd273e4e3f30983.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c684d4c491cd78afa609ab0d8b3360d273a36cea49ec2ac32a2feb248ba3a77f.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/tree.json b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/tree.json index 4211ac1bcc3e9..3328160f61b10 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.js.snapshot/tree.json @@ -8,367 +8,377 @@ "id": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution", "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution", "children": { - "SourceBucket": { - "id": "SourceBucket", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SourceBucket", + "Pipeline": { + "id": "Pipeline", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline", "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SourceBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "aws-cdk:auto-delete-objects", - "value": "true" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" - } - }, - "Policy": { - "id": "Policy", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SourceBucket/Policy", + "SourceBucket": { + "id": "SourceBucket", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SourceBucket", "children": { "Resource": { "id": "Resource", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SourceBucket/Policy/Resource", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SourceBucket/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "SourceBucketDDD2130A" - }, - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" - ] - }, + "tags": [ + { + "key": "aws-cdk:auto-delete-objects", + "value": "true" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SourceBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SourceBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "PipelineSourceBucket23FDFC28" + }, + "policyDocument": { + "Statement": [ { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "SourceBucketDDD2130A", - "Arn" + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineSourceBucket23FDFC28", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineSourceBucket23FDFC28", + "Arn" + ] + }, + "/*" ] - }, - "/*" - ] + ] + } ] } - ] + ], + "Version": "2012-10-17" } - ], - "Version": "2012-10-17" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" - } - }, - "AutoDeleteObjectsCustomResource": { - "id": "AutoDeleteObjectsCustomResource", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SourceBucket/AutoDeleteObjectsCustomResource", - "children": { - "Default": { - "id": "Default", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SourceBucket/AutoDeleteObjectsCustomResource/Default", + }, + "AutoDeleteObjectsCustomResource": { + "id": "AutoDeleteObjectsCustomResource", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SourceBucket/AutoDeleteObjectsCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SourceBucket/AutoDeleteObjectsCustomResource/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "Custom::S3AutoDeleteObjectsCustomResourceProvider": { - "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider", - "children": { - "Staging": { - "id": "Staging", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "Role": { - "id": "Role", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - }, - "Handler": { - "id": "Handler", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.CustomResourceProviderBase", - "version": "0.0.0" - } - }, - "OutputBucket": { - "id": "OutputBucket", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/OutputBucket", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/OutputBucket/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::Bucket", - "aws:cdk:cloudformation:props": { - "tags": [ - { - "key": "aws-cdk:auto-delete-objects", - "value": "true" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucket", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "Policy": { - "id": "Policy", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/OutputBucket/Policy", + "OutputBucket": { + "id": "OutputBucket", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/OutputBucket", "children": { "Resource": { "id": "Resource", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/OutputBucket/Policy/Resource", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/OutputBucket/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", "aws:cdk:cloudformation:props": { - "bucket": { - "Ref": "OutputBucket7114EB27" - }, - "policyDocument": { - "Statement": [ - { - "Action": [ - "s3:DeleteObject*", - "s3:GetBucket*", - "s3:List*", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": [ - "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", - "Arn" - ] - } - }, - "Resource": [ - { - "Fn::GetAtt": [ - "OutputBucket7114EB27", - "Arn" - ] - }, + "tags": [ + { + "key": "aws-cdk:auto-delete-objects", + "value": "true" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Policy": { + "id": "Policy", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/OutputBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/OutputBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "PipelineOutputBucket98EA5F71" + }, + "policyDocument": { + "Statement": [ { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "OutputBucket7114EB27", - "Arn" + "Action": [ + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:List*", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn" + ] + } + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineOutputBucket98EA5F71", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineOutputBucket98EA5F71", + "Arn" + ] + }, + "/*" ] - }, - "/*" - ] + ] + } ] } - ] + ], + "Version": "2012-10-17" } - ], - "Version": "2012-10-17" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "AutoDeleteObjectsCustomResource": { + "id": "AutoDeleteObjectsCustomResource", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/OutputBucket/AutoDeleteObjectsCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/OutputBucket/AutoDeleteObjectsCustomResource/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "AutoDeleteObjectsCustomResource": { - "id": "AutoDeleteObjectsCustomResource", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/OutputBucket/AutoDeleteObjectsCustomResource", + "SageMakerPipelineRole": { + "id": "SageMakerPipelineRole", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SageMakerPipelineRole", "children": { - "Default": { - "id": "Default", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/OutputBucket/AutoDeleteObjectsCustomResource/Default", + "ImportSageMakerPipelineRole": { + "id": "ImportSageMakerPipelineRole", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SageMakerPipelineRole/ImportSageMakerPipelineRole", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/SageMakerPipelineRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "sagemaker.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonSageMakerFullAccess" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.Bucket", - "version": "0.0.0" - } - }, - "SageMakerPipelineRole": { - "id": "SageMakerPipelineRole", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SageMakerPipelineRole", - "children": { - "ImportSageMakerPipelineRole": { - "id": "ImportSageMakerPipelineRole", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SageMakerPipelineRole/ImportSageMakerPipelineRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { "id": "Resource", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SageMakerPipelineRole/Resource", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:type": "AWS::SageMaker::Pipeline", "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "sagemaker.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { + "pipelineDefinition": { + "PipelineDefinitionBody": { "Fn::Join": [ "", [ - "arn:", + "{\"Version\":\"2020-12-01\",\"Metadata\":{},\"Parameters\":[{\"Name\":\"ParameterName\",\"Type\":\"String\",\"DefaultValue\":\"Value\"}],\"Steps\":[{\"Name\":\"TrainingStep\",\"Type\":\"Training\",\"Arguments\":{\"AlgorithmSpecification\":{\"TrainingImage\":\"382416733822.dkr.ecr.us-east-1.amazonaws.com/linear-learner:1\",\"TrainingInputMode\":\"File\"},\"InputDataConfig\":[{\"DataSource\":{\"S3DataSource\":{\"S3Uri\":\"s3://", { - "Ref": "AWS::Partition" + "Ref": "PipelineSourceBucket23FDFC28" + }, + "\"}}}],\"OutputDataConfig\":{\"S3OutputPath\":\"s3://", + { + "Ref": "PipelineOutputBucket98EA5F71" }, - ":iam::aws:policy/AmazonSageMakerFullAccess" + "\"},\"ResourceConfig\":{\"InstanceCount\":1,\"InstanceType\":\"ml.m5.large\",\"VolumeSizeInGB\":50},\"StoppingCondition\":{\"MaxRuntimeInSeconds\":3600}}}]}" ] ] } - ] + }, + "pipelineName": "my-pipeline", + "roleArn": { + "Fn::GetAtt": [ + "PipelineSageMakerPipelineRole7D1FE5F8", + "Arn" + ] + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "Pipeline": { - "id": "Pipeline", - "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Pipeline", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::SageMaker::Pipeline", - "aws:cdk:cloudformation:props": { - "pipelineDefinition": { - "PipelineDefinitionBody": { - "Fn::Join": [ - "", - [ - "{\"Version\":\"2020-12-01\",\"Metadata\":{},\"Parameters\":[{\"Name\":\"ParameterName\",\"Type\":\"String\",\"DefaultValue\":\"Value\"}],\"Steps\":[{\"Name\":\"TrainingStep\",\"Type\":\"Training\",\"Arguments\":{\"AlgorithmSpecification\":{\"TrainingImage\":\"382416733822.dkr.ecr.us-east-1.amazonaws.com/linear-learner:1\",\"TrainingInputMode\":\"File\"},\"InputDataConfig\":[{\"DataSource\":{\"S3DataSource\":{\"S3Uri\":\"s3://", - { - "Ref": "SourceBucketDDD2130A" - }, - "\"}}}],\"OutputDataConfig\":{\"S3OutputPath\":\"s3://", - { - "Ref": "OutputBucket7114EB27" - }, - "\"},\"ResourceConfig\":{\"InstanceCount\":1,\"InstanceType\":\"ml.m5.large\",\"VolumeSizeInGB\":50},\"StoppingCondition\":{\"MaxRuntimeInSeconds\":3600}}}]}" - ] - ] - } - }, - "pipelineName": "my-pipeline", - "roleArn": { - "Fn::GetAtt": [ - "SageMakerPipelineRole4BE63DC1", - "Arn" - ] + "Custom::S3AutoDeleteObjectsCustomResourceProvider": { + "id": "Custom::S3AutoDeleteObjectsCustomResourceProvider", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Handler": { + "id": "Handler", + "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_sagemaker.CfnPipeline", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Schedule": { @@ -430,8 +440,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_scheduler.CfnSchedule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -448,8 +458,8 @@ "id": "ImportSchedulerRoleForTarget-1441a7", "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/SchedulerRoleForTarget-1441a7/ImportSchedulerRoleForTarget-1441a7", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -480,8 +490,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -532,42 +542,42 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "integrationtest-sagemaker-start-pipeline-execution": { @@ -620,14 +630,14 @@ "id": "Default", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/AwsApiCallSagemakerlistPipelineExecutions71b9b02a221fe0cb2da3392cc58e78d8/Default/Default", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.CustomResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "WaitFor": { @@ -650,8 +660,8 @@ "id": "Invoke", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/AwsApiCallSagemakerlistPipelineExecutions71b9b02a221fe0cb2da3392cc58e78d8/WaitFor/IsCompleteProvider/Invoke", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -676,8 +686,8 @@ "id": "Invoke", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/AwsApiCallSagemakerlistPipelineExecutions71b9b02a221fe0cb2da3392cc58e78d8/WaitFor/TimeoutProvider/Invoke", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -690,16 +700,16 @@ "id": "Role", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/AwsApiCallSagemakerlistPipelineExecutions71b9b02a221fe0cb2da3392cc58e78d8/WaitFor/Role", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { "id": "Resource", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/AwsApiCallSagemakerlistPipelineExecutions71b9b02a221fe0cb2da3392cc58e78d8/WaitFor/Resource", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -712,8 +722,8 @@ "id": "AssertionResults", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/AwsApiCallSagemakerlistPipelineExecutions71b9b02a221fe0cb2da3392cc58e78d8/AssertionResults", "constructInfo": { - "fqn": "aws-cdk-lib.CfnOutput", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -730,24 +740,24 @@ "id": "Staging", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Staging", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Role": { "id": "Role", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Handler": { "id": "Handler", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Handler", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -764,24 +774,24 @@ "id": "Staging", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Staging", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Role": { "id": "Role", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Role", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Handler": { "id": "Handler", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Handler", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -798,24 +808,24 @@ "id": "Staging", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Staging", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Role": { "id": "Role", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Role", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Handler": { "id": "Handler", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Handler", "constructInfo": { - "fqn": "aws-cdk-lib.CfnResource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -828,22 +838,22 @@ "id": "BootstrapVersion", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "integrationtest-sagemaker-start-pipeline-execution/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -868,8 +878,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.ts index 4e57ee3493775..b895f64bf0fd8 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.ts +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/integ.sage-maker-start-pipeline-execution.ts @@ -1,82 +1,118 @@ import * as scheduler from '@aws-cdk/aws-scheduler-alpha'; import { ExpectedResult, IntegTest } from '@aws-cdk/integ-tests-alpha'; import * as cdk from 'aws-cdk-lib'; -import { ManagedPolicy, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; +import { Grant, IGrantable, ManagedPolicy, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; import { Bucket } from 'aws-cdk-lib/aws-s3'; +import { IPipeline } from 'aws-cdk-lib/aws-sagemaker'; import { CfnPipeline } from 'aws-cdk-lib/aws-sagemaker'; import { SageMakerPipelineParameter, SageMakerStartPipelineExecution } from '../lib'; +import { Construct } from 'constructs'; -const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution'); +interface FakePipelineProps { + readonly pipelineName: string; +} -const sourceBucket = new Bucket(stack, 'SourceBucket', { - removalPolicy: cdk.RemovalPolicy.DESTROY, - autoDeleteObjects: true, -}); -const outputBucket = new Bucket(stack, 'OutputBucket', { - removalPolicy: cdk.RemovalPolicy.DESTROY, - autoDeleteObjects: true, -}); -// dummy definition for the integ test execution -const pipelineDefinition = { - PipelineDefinitionBody: JSON.stringify({ - Version: '2020-12-01', - Metadata: {}, - Parameters: [ - { - Name: 'ParameterName', - Type: 'String', - DefaultValue: 'Value', - }, - ], - Steps: [ - { - Name: 'TrainingStep', - Type: 'Training', - Arguments: { - AlgorithmSpecification: { - TrainingImage: '382416733822.dkr.ecr.us-east-1.amazonaws.com/linear-learner:1', - TrainingInputMode: 'File', +class FakePipeline extends cdk.Resource implements IPipeline { + public readonly pipelineArn; + + public readonly pipelineName; + constructor(scope: Construct, id: string, props: FakePipelineProps) { + super(scope, id, { + physicalName: props.pipelineName, + }); + this.pipelineName = props.pipelineName; + + const sourceBucket = new Bucket(this, 'SourceBucket', { + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); + const outputBucket = new Bucket(this, 'OutputBucket', { + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, + }); + // dummy definition for the integ test execution + const pipelineDefinition = { + PipelineDefinitionBody: JSON.stringify({ + Version: '2020-12-01', + Metadata: {}, + Parameters: [ + { + Name: 'ParameterName', + Type: 'String', + DefaultValue: 'Value', }, - InputDataConfig: [ - { - DataSource: { - S3DataSource: { - S3Uri: sourceBucket.s3UrlForObject(), + ], + Steps: [ + { + Name: 'TrainingStep', + Type: 'Training', + Arguments: { + AlgorithmSpecification: { + TrainingImage: '382416733822.dkr.ecr.us-east-1.amazonaws.com/linear-learner:1', + TrainingInputMode: 'File', + }, + InputDataConfig: [ + { + DataSource: { + S3DataSource: { + S3Uri: sourceBucket.s3UrlForObject(), + }, + }, }, + ], + OutputDataConfig: { + S3OutputPath: outputBucket.s3UrlForObject(), + }, + ResourceConfig: { + InstanceCount: 1, + InstanceType: 'ml.m5.large', + VolumeSizeInGB: 50, + }, + StoppingCondition: { + MaxRuntimeInSeconds: 3600, }, }, - ], - OutputDataConfig: { - S3OutputPath: outputBucket.s3UrlForObject(), - }, - ResourceConfig: { - InstanceCount: 1, - InstanceType: 'ml.m5.large', - VolumeSizeInGB: 50, - }, - StoppingCondition: { - MaxRuntimeInSeconds: 3600, }, - }, - }, - ], - }), -}; + ], + }), + }; + + const pipelineRole = new Role(this, 'SageMakerPipelineRole', { + assumedBy: new ServicePrincipal('sagemaker.amazonaws.com'), + }); + pipelineRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AmazonSageMakerFullAccess')); + + const pipeline = new CfnPipeline(this, 'Resource', { + pipelineName: this.pipelineName, + pipelineDefinition: pipelineDefinition, + roleArn: pipelineRole.roleArn, + }); + + this.pipelineArn = cdk.Stack.of(pipeline).formatArn({ + service: 'sagemaker', + resource: 'pipeline', + resourceName: pipeline.pipelineName, + arnFormat: cdk.ArnFormat.SLASH_RESOURCE_NAME, + }); + } + + public grantStartPipelineExecution(grantee: IGrantable): Grant { + return Grant.addToPrincipal({ + grantee, + actions: ['sagemaker:StartPipelineExecution'], + resourceArns: [this.pipelineArn], + }); + } +} + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-scheduler-targets-sagemaker-start-pipeline-execution'); -const pipelineRole = new Role(stack, 'SageMakerPipelineRole', { - assumedBy: new ServicePrincipal('sagemaker.amazonaws.com'), -}); -pipelineRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AmazonSageMakerFullAccess')); const pipelineParameterList: SageMakerPipelineParameter[] = [{ name: 'ParameterName', value: 'ParameterValue', }]; -const pipeline = new CfnPipeline(stack, 'Pipeline', { - pipelineName: 'my-pipeline', - pipelineDefinition: pipelineDefinition, - roleArn: pipelineRole.roleArn, -}); +const pipeline = new FakePipeline(stack, 'Pipeline', {pipelineName: 'my-pipeline'}); new scheduler.Schedule(stack, 'Schedule', { schedule: scheduler.ScheduleExpression.rate(cdk.Duration.minutes(10)), diff --git a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/sage-maker-start-pipeline-execution.test.ts b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/sage-maker-start-pipeline-execution.test.ts index e48c3754d7e6f..8074a60d542e4 100644 --- a/packages/@aws-cdk/aws-scheduler-targets-alpha/test/sage-maker-start-pipeline-execution.test.ts +++ b/packages/@aws-cdk/aws-scheduler-targets-alpha/test/sage-maker-start-pipeline-execution.test.ts @@ -1,68 +1,25 @@ import { ScheduleExpression, Schedule } from '@aws-cdk/aws-scheduler-alpha'; -import { App, Duration, Stack } from 'aws-cdk-lib'; +import { App, Duration, Resource, Stack } from 'aws-cdk-lib'; import { Template } from 'aws-cdk-lib/assertions'; -import { AccountRootPrincipal, ManagedPolicy, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; -import { CfnPipeline } from 'aws-cdk-lib/aws-sagemaker'; +import { AccountRootPrincipal, Grant, IGrantable, Role } from 'aws-cdk-lib/aws-iam'; +import { IPipeline } from 'aws-cdk-lib/aws-sagemaker'; import * as sqs from 'aws-cdk-lib/aws-sqs'; import { SageMakerPipelineParameter, SageMakerStartPipelineExecution } from '../lib'; describe('schedule target', () => { let app: App; let stack: Stack; - let pipeline: CfnPipeline; + let pipeline: IPipeline; const expr = ScheduleExpression.at(new Date(Date.UTC(1969, 10, 20, 0, 0, 0))); const pipelineParameterList: SageMakerPipelineParameter[] = [{ name: 'MyParameterName', value: 'MyParameterValue', }]; - const pipelineDefinition = { - PipelineDefinitionBody: JSON.stringify({ - Version: '2020-12-01', - Metadata: {}, - PipelineName: 'my-sagemaker-pipeline', - Stages: [ - { - Name: 'MyTrainingStage', - Steps: [ - { - Name: 'MyTrainingJob', - Type: 'Training', - Arguments: { - AlgorithmSpecification: { - TrainingImage: '123456789012.dkr.ecr.us-west-2.amazonaws.com/my-training-image:latest', - TrainingInputMode: 'File', - }, - OutputDataConfig: { - S3OutputPath: 's3://my-bucket/my-training-output', - }, - ResourceConfig: { - InstanceCount: 1, - InstanceType: 'ml.m5.large', - VolumeSizeInGB: 10, - }, - StoppingCondition: { - MaxRuntimeInSeconds: 3600, - }, - }, - }, - ], - }, - ], - }), - }; beforeEach(() => { app = new App(); stack = new Stack(app, 'Stack', { env: { region: 'us-east-1', account: '123456789012' } }); - const pipelineRole = new Role(stack, 'SageMakerPipelineRole', { - assumedBy: new ServicePrincipal('sagemaker.amazonaws.com'), - }); - pipelineRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AmazonSageMakerFullAccess')); - pipeline = new CfnPipeline(stack, 'MyPipeline', { - pipelineName: 'my-sagemaker-pipeline', - pipelineDefinition: pipelineDefinition, - roleArn: pipelineRole.roleArn, - }); + pipeline = new FakePipeline(stack, 'MyPipeline', {pipelineName: 'MyPipeline1'}); }); test('creates IAM role and IAM policy for pipeline in the same account', () => { @@ -78,19 +35,8 @@ describe('schedule target', () => { Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { Properties: { Target: { - Arn: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline', - ], - ], - }, - RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] }, + Arn: 'MyPipeline1', + RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTargetd15d6b89C69AEC', 'Arn'] }, RetryPolicy: {}, SageMakerPipelineParameters: { PipelineParameterList: [{ @@ -108,22 +54,11 @@ describe('schedule target', () => { { Action: 'sagemaker:StartPipelineExecution', Effect: 'Allow', - Resource: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline', - ], - ], - }, + Resource: 'MyPipeline1', }, ], }, - Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }], + Roles: [{ Ref: 'SchedulerRoleForTargetd15d6b89C69AEC' }], }); Template.fromStack(stack).hasResourceProperties('AWS::IAM::Role', { @@ -161,18 +96,7 @@ describe('schedule target', () => { Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { Properties: { Target: { - Arn: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline', - ], - ], - }, + Arn: 'MyPipeline1', RoleArn: { 'Fn::GetAtt': ['ProvidedTargetRole8CFDD54A', 'Arn'] }, RetryPolicy: {}, SageMakerPipelineParameters: { @@ -191,18 +115,7 @@ describe('schedule target', () => { { Action: 'sagemaker:StartPipelineExecution', Effect: 'Allow', - Resource: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline', - ], - ], - }, + Resource: 'MyPipeline1', }, ], }, @@ -247,22 +160,11 @@ describe('schedule target', () => { { Action: 'sagemaker:StartPipelineExecution', Effect: 'Allow', - Resource: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline', - ], - ], - }, + Resource: 'MyPipeline1', }, ], }, - Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }], + Roles: [{ Ref: 'SchedulerRoleForTargetd15d6b89C69AEC' }], }, 1); }); @@ -273,15 +175,7 @@ describe('schedule target', () => { account: '123456789012', }, }); - const pipelineRole = new Role(stack2, 'SageMakerPipelineRole2', { - assumedBy: new ServicePrincipal('sagemaker.amazonaws.com'), - }); - pipelineRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AmazonSageMakerFullAccess')); - const anotherTemplate = new CfnPipeline(stack2, 'AnotherTemplate', { - pipelineName: 'my-sagemaker-pipeline2', - pipelineDefinition: pipelineDefinition, - roleArn: pipelineRole.roleArn, - }); + const anotherTemplate = new FakePipeline(stack2, 'AnotherTemplate', {pipelineName: 'MyPipeline2'}); const pipelineTarget = new SageMakerStartPipelineExecution(anotherTemplate, { pipelineParameterList, @@ -295,17 +189,8 @@ describe('schedule target', () => { Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { Properties: { Target: { - Arn: { - 'Fn::Join': [ - '', - [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline2', - ], - ], - }, - RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] }, + Arn: 'MyPipeline2', + RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget6a2eb1D8028120', 'Arn'] }, RetryPolicy: {}, SageMakerPipelineParameters: { PipelineParameterList: [{ @@ -323,22 +208,11 @@ describe('schedule target', () => { { Action: 'sagemaker:StartPipelineExecution', Effect: 'Allow', - Resource: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline2', - ], - ], - }, + Resource: 'MyPipeline2', }, ], }, - Roles: [{ Ref: 'SchedulerRoleForTarget1441a743A31888' }], + Roles: [{ Ref: 'SchedulerRoleForTarget6a2eb1D8028120' }], }); }); @@ -358,18 +232,7 @@ describe('schedule target', () => { Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { Properties: { Target: { - Arn: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline', - ], - ], - }, + Arn: 'MyPipeline1', RoleArn: 'arn:aws:iam::123456789012:role/someRole', RetryPolicy: {}, SageMakerPipelineParameters: { @@ -388,18 +251,7 @@ describe('schedule target', () => { { Action: 'sagemaker:StartPipelineExecution', Effect: 'Allow', - Resource: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline', - ], - ], - }, + Resource: 'MyPipeline1', }, ], }, @@ -414,15 +266,7 @@ describe('schedule target', () => { account: '123456789012', }, }); - const pipelineRole = new Role(stack2, 'SageMakerPipelineRole2', { - assumedBy: new ServicePrincipal('sagemaker.amazonaws.com'), - }); - pipelineRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AmazonSageMakerFullAccess')); - const anotherTemplate = new CfnPipeline(stack2, 'AnotherTemplate', { - pipelineName: 'my-sagemaker-pipeline2', - pipelineDefinition: pipelineDefinition, - roleArn: pipelineRole.roleArn, - }); + const anotherTemplate = new FakePipeline(stack2, 'AnotherTemplate', {pipelineName: 'MyPipeline2'}); const importedRole = Role.fromRoleArn(stack, 'ImportedRole', 'arn:aws:iam::123456789012:role/someRole'); const pipelineTarget = new SageMakerStartPipelineExecution(anotherTemplate, { @@ -438,18 +282,7 @@ describe('schedule target', () => { Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { Properties: { Target: { - Arn: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline2', - ], - ], - }, + Arn: 'MyPipeline2', RoleArn: 'arn:aws:iam::123456789012:role/someRole', RetryPolicy: {}, SageMakerPipelineParameters: { @@ -468,18 +301,7 @@ describe('schedule target', () => { { Action: 'sagemaker:StartPipelineExecution', Effect: 'Allow', - Resource: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline2', - ], - ], - }, + Resource: 'MyPipeline2', }, ], }, @@ -494,15 +316,7 @@ describe('schedule target', () => { account: '234567890123', }, }); - const pipelineRole = new Role(stack2, 'SageMakerPipelineRole2', { - assumedBy: new ServicePrincipal('sagemaker.amazonaws.com'), - }); - pipelineRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AmazonSageMakerFullAccess')); - const anotherTemplate = new CfnPipeline(stack2, 'AnotherTemplate', { - pipelineName: 'my-sagemaker-pipeline2', - pipelineDefinition: pipelineDefinition, - roleArn: pipelineRole.roleArn, - }); + const anotherTemplate = new FakePipeline(stack2, 'AnotherTemplate', {pipelineName: 'MyPipeline2'}); const pipelineTarget = new SageMakerStartPipelineExecution(anotherTemplate, { pipelineParameterList, @@ -522,15 +336,7 @@ describe('schedule target', () => { account: '123456789012', }, }); - const pipelineRole = new Role(stack2, 'SageMakerPipelineRole2', { - assumedBy: new ServicePrincipal('sagemaker.amazonaws.com'), - }); - pipelineRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AmazonSageMakerFullAccess')); - const anotherTemplate = new CfnPipeline(stack2, 'AnotherTemplate', { - pipelineName: 'my-sagemaker-pipeline2', - pipelineDefinition: pipelineDefinition, - roleArn: pipelineRole.roleArn, - }); + const anotherTemplate = new FakePipeline(stack2, 'AnotherTemplate', {pipelineName: 'MyPipeline2'}); const pipelineTarget = new SageMakerStartPipelineExecution(anotherTemplate, { pipelineParameterList, @@ -670,19 +476,8 @@ describe('schedule target', () => { Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { Properties: { Target: { - Arn: { - 'Fn::Join': [ - '', - [ - 'arn:', - { - Ref: 'AWS::Partition', - }, - ':sagemaker:us-east-1:123456789012:pipeline/my-sagemaker-pipeline', - ], - ], - }, - RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTarget1441a743A31888', 'Arn'] }, + Arn: 'MyPipeline1', + RoleArn: { 'Fn::GetAtt': ['SchedulerRoleForTargetd15d6b89C69AEC', 'Arn'] }, RetryPolicy: { MaximumEventAgeInSeconds: 10800, MaximumRetryAttempts: 5, @@ -752,4 +547,27 @@ describe('schedule target', () => { pipelineParameterList: dummyPipelineParameterList, })).toThrow(/pipelineParameterList length must be between 0 and 200, got 201/); }); -}); \ No newline at end of file +}); + +interface FakePipelineProps { + readonly pipelineName: string; +} + +class FakePipeline extends Resource implements IPipeline { + public readonly pipelineArn; + + public readonly pipelineName; + constructor(scope: Stack, id: string, props: FakePipelineProps) { + super(scope, id); + this.pipelineArn = props.pipelineName; + this.pipelineName = props.pipelineName; + } + + public grantStartPipelineExecution(grantee: IGrantable): Grant { + return Grant.addToPrincipal({ + grantee, + actions: ['sagemaker:StartPipelineExecution'], + resourceArns: [this.pipelineArn], + }); + } +} \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-sagemaker/lib/index.ts b/packages/aws-cdk-lib/aws-sagemaker/lib/index.ts index d01b5737ce0ee..572a93c5ebe69 100644 --- a/packages/aws-cdk-lib/aws-sagemaker/lib/index.ts +++ b/packages/aws-cdk-lib/aws-sagemaker/lib/index.ts @@ -1,2 +1,3 @@ export * from './sagemaker.generated'; export * from './endpoint'; +export * from './pipeline'; diff --git a/packages/aws-cdk-lib/aws-sagemaker/lib/pipeline.ts b/packages/aws-cdk-lib/aws-sagemaker/lib/pipeline.ts new file mode 100644 index 0000000000000..cb2e152a9693f --- /dev/null +++ b/packages/aws-cdk-lib/aws-sagemaker/lib/pipeline.ts @@ -0,0 +1,27 @@ +import { Grant, IGrantable } from '../../aws-iam'; +import { IResource } from '../../core'; + +/** + * The interface for a SageMaker Pipeline resource. + */ +export interface IPipeline extends IResource { + /** + * The ARN of the pipeline. + * + * @attribute + */ + readonly pipelineArn: string; + + /** + * The name of the pipeline. + * + * @attribute + */ + readonly pipelineName: string; + + /** + * Permits an IAM principal to start this pipeline execution + * @param grantee The principal to grant access to + */ + grantStartPipelineExecution(grantee: IGrantable): Grant; +}