时间戳

首页 > 解决方案 > 使用 AWS CDK/CloudFormation 部署 SageMaker 多模型终端节点时出现问题

deployment - 使用 AWS CDK/CloudFormation 部署 SageMaker 多模型终端节点时出现问题

问题描述

我正在尝试使用 Python 语言使用 AWS CDK 自动部署 SageMaker 多模型端点(我想通过直接以 json/yaml 格式编写 CloudFormation 模板会是一样的),但是在尝试部署它时,会发生错误在创建 SageMaker 模型时。

以下是使用该cdk synth命令制作的 CloudFormation 模板的一部分:

Resources:
  smmodelexecutionrole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Action: sts:AssumeRole
            Effect: Allow
            Principal:
              Service: sagemaker.amazonaws.com
        Version: "2012-10-17"
      Policies:
        - PolicyDocument:
            Statement:
              - Action: s3:GetObject
                Effect: Allow
                Resource:
                  Fn::Join:
                    - ""
                    - - "arn:"
                      - Ref: AWS::Partition
                      - :s3:::<bucket_name>/deploy_multi_model_artifact/*
            Version: "2012-10-17"
          PolicyName: policy_s3
        - PolicyDocument:
            Statement:
              - Action: ecr:*
                Effect: Allow
                Resource:
                  Fn::Join:
                    - ""
                    - - "arn:"
                      - Ref: AWS::Partition
                      - ":ecr:"
                      - Ref: AWS::Region
                      - ":"
                      - Ref: AWS::AccountId
                      - :repository/<my_ecr_repository>
            Version: "2012-10-17"
          PolicyName: policy_ecr
    Metadata:
      aws:cdk:path: <omitted>
  smmodel:
    Type: AWS::SageMaker::Model
    Properties:
      ExecutionRoleArn:
        Fn::GetAtt:
          - smmodelexecutionrole
          - Arn
      Containers:
        - Image: xxxxxxxxxxxx.dkr.ecr.<my_aws_region>.amazonaws.com/<my_ecr_repository>/multi-model:latest
          Mode: MultiModel
          ModelDataUrl: s3://<bucket_name>/deploy_multi_model_artifact/
      ModelName: MyModel
    Metadata:
      aws:cdk:path: <omitted>

在终端上运行cdk deploy时,出现以下错误:

3/6 | 7:56:58 PM | CREATE_FAILED | AWS::SageMaker::Model | sm_model (smmodel)
Could not access model data at s3://<bucket_name>/deploy_multi_model_artifact/. 
Please ensure that the role "arn:aws:iam::xxxxxxxxxxxx:role/<my_role>" exists 
and that its trust relationship policy allows the action "sts:AssumeRole" for the service principal "sagemaker.amazonaws.com". 
Also ensure that the role has "s3:GetObject" permissions and that the object is located in <my_aws_region>.
(Service: AmazonSageMaker; Status Code: 400; Error Code: ValidationException; Request ID: xxxxx)

我有的:

为了测试这是否是 IAM 角色问题,我尝试替换MultiModelSingleModel并替换s3://<bucket_name>/deploy_multi_model_artifact/s3://<bucket_name>/deploy_multi_model_artifact/one_of_my_artifacts.tar.gz,我可以成功创建模型。然后我猜测这不是与 IAM 相关的问题,这与错误消息告诉我的相反(但我可能会犯错误!)。

所以我想知道问题出在哪里。这更加令人困惑,因为我已经使用 boto3 毫无问题地部署了这个多模型端点。

任何帮助将不胜感激 !!

(关于多模型端点部署:https ://github.com/awslabs/amazon-sagemaker-examples/blob/master/advanced_functionality/multi_model_xgboost_home_value/xgboost_multi_model_endpoint_home_value.ipynb )

标签: deploymentamazon-cloudformationamazon-iamamazon-sagemakerclouddevelopmentkit

解决方案

问题是我忘记将 SageMaker 访问权限添加到 IAM 角色。我可以通过将 SageMaker FullAccess 托管策略添加到 IAM 角色来部署多模型终端节点。

推荐阅读