This is a terraform module for setting up an external AWS account as a sagemaker deployment target in Domino.
Must be running Domino 6.0.0 (or newer) on AWS EKS
- Configure the AWS CLI with valid admin creds for an AWS account to use in testing
terraform initterraform test -verbose- Verify the tests succeeded or failed.
- Configure the AWS CLI with valid admin creds for the target AWS account
terraform initterraform apply- Enter the value for
domino_external_deployments_role_arnwhen prompted. Use the ARN of the external deployments IAM role for the Domino platform.var.domino_external_deployments_role_arn ARN for the Domino external deployments IAM role (in the domino AWS account) Enter a value: arn:aws:iam::123456789012:role/domino-external-deployments-operator - Enter the value for
regionwhen prompted. Use the region where you want sagemaker resources to be created in the target account (NOT the region of the Domino platform).var.region AWS region in which to create the sagemaker resources Enter a value: us-west-2 - If successful, you'll see output like this:
Apply complete! Resources: 3 added, 0 changed, 0 destroyed. Outputs: sagemaker = { "account_id" = "521624712688" "bucket" = "domino-sagemaker-521624712688" "region" = "us-west-2" "repository" = "domino-sagemaker" "role_arn" = "arn:aws:iam::521624712688:role/domino-sagemaker" }
- Enter the value for
- Configure the AWS CLI with valid admin creds for the target AWS account
terraform initterraform destroy- Enter the value for
domino_external_deployments_role_arnwhen prompted. Use the ARN of the external deployments IAM role for the Domino platform.var.domino_external_deployments_role_arn ARN for the Domino external deployments IAM role (in the domino AWS account) Enter a value: arn:aws:iam::123456789012:role/domino-external-deployments-operator - Enter the value for
regionwhen prompted. Use the region where you want sagemaker resources to be created in the target account (NOT the region of the Domino platform).var.region AWS region in which to create the sagemaker resources Enter a value: us-west-2 - If successful, you'll see output like this:
Destroy complete! Resources: 3 destroyed.
- Enter the value for
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | ~> 5.0 |
| Name | Version |
|---|---|
| aws | ~> 5.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_policy.role_permissions_policy | resource |
| aws_iam_role.domino_sagemaker_role | resource |
| aws_iam_role_policy_attachment.role_permissions_policy | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.read_domino_environments | data source |
| aws_iam_policy_document.role_permissions_policy | data source |
| aws_iam_policy_document.role_trust_policy | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| bucket | S3 bucket to use for sagemaker deployment model artifacts (in the target AWS account). Defaults to the value specified by resource_identifier plus the suffix -{aws_account_id}. |
string |
null |
no |
| domino_environments_repository_arn | ARN for the Domino environments repository. ONLY needed if deploying in the SAME AWS account as Domino. | string |
n/a | yes |
| domino_external_deployments_role_arn | ARN for the Domino external deployments IAM role (in the domino AWS account) | string |
n/a | yes |
| region | AWS region in which to create the sagemaker resources | string |
n/a | yes |
| repository | ECR repository name to use for sagemaker deployment images (in the target AWS account). Defaults to the value specified by resource_identifier. |
string |
null |
no |
| resource_identifier | identifier for domino-created resources in the AWS account | string |
"domino-sagemaker" |
no |
| role_name | IAM role name to use for creating sagemaker deployment resources (in the target AWS account). Defaults to the value specified by resource_identifier. |
string |
null |
no |
| Name | Description |
|---|---|
| sagemaker | Domino sagemaker deployments info |