Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(stepfunctions-tasks): bedrock createModelCustomizationJob integration #29043

Closed

Conversation

badmintoncryer
Copy link
Contributor

Issue

Closes #29042

Reason for this change

AWS stepfunctions support optimized integration with AWS bedrock.
Currently, only invokeModel is supported by CDK, but I would like createModelCustomizationJob to be supported in the same manner.

Description of changes

I've added CreatemodelCustomizationJob class.

const taskConfig = {
  baseModel: model,
  clientRequestToken: 'MyToken',
  customizationType: CustomizationType.FINE_TUNING,
  kmsKey,
  customModelName: 'MyCustomModel',
  customModelTags: [{ key: 'key1', value: 'value1' }],
  hyperParameters: {
    batchSize: '10',
  },
  jobName: 'MyCustomizationJob',
  jobTags: [{ key: 'key2', value: 'value2' }],
  outputDataS3Uri: outputBucket.s3UrlForObject(),
  trainingDataS3Uri: trainingBucket.s3UrlForObject(),
  validationDataS3Uri: [validationBucket.s3UrlForObject()],
  vpcConfig: {
    securityGroups: [new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc })],
    subnets: vpc.isolatedSubnets,
  },
};

const task1 = new BedrockCreateModelCustomizationJob(stack, 'CreateModelCustomizationJob1', taskConfig);

const chain = sfn.Chain
  .start(new sfn.Pass(stack, 'Start'))
  .next(task1)
  .next(new sfn.Pass(stack, 'Done'));

new sfn.StateMachine(stack, 'StateMachine', {
  definitionBody: sfn.DefinitionBody.fromChainable(chain),
  timeout: cdk.Duration.seconds(30),
});

Description of how you validated changes

I've added both unit and integ tests.

Checklist


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added feature-request A feature should be added or improved. p2 star-contributor [Pilot] contributed between 25-49 PRs to the CDK labels Feb 9, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team February 9, 2024 09:28
@badmintoncryer badmintoncryer force-pushed the createModelCustomizationJob branch from 1aae7b8 to f0f34a7 Compare February 10, 2024 07:06
@badmintoncryer badmintoncryer marked this pull request as ready for review February 10, 2024 16:59
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Feb 10, 2024
@badmintoncryer badmintoncryer changed the title feat(stepfunctions-tasks): bedrock createModelustomizationJob integration feat(stepfunctions-tasks): bedrock createModelCustomizationJob integration Feb 11, 2024
@github-actions github-actions bot added the effort/medium Medium work item – several days of effort label Feb 11, 2024
Copy link
Contributor

@lpizzinidev lpizzinidev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks 👍
Left some comments for adjustments

@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Mar 30, 2024
Copy link
Contributor

@lpizzinidev lpizzinidev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for implementing the changes!
I left some suggestions for further improvements

@badmintoncryer badmintoncryer force-pushed the createModelCustomizationJob branch from 5907c2a to cb45af4 Compare April 8, 2024 01:57
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@aws-cdk-automation aws-cdk-automation dismissed their stale review April 8, 2024 05:08

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@badmintoncryer
Copy link
Contributor Author

@lpizzinidev
Thank you for your review. I've addressed your comments.

Copy link
Contributor

@lpizzinidev lpizzinidev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 I don't think the current IAM policies setup is correct.
From the documentation, we should create:

  1. If the task is in a private VPC with no internet access, a VPC endpoint policy granting S3 access via the private network (docs). In this case, I think we should also validate that a VPC gateway endpoint for S3 must is provided.
  2. If customModelKmsKey is specified, a key policy to grant KMS permissions to the Bedrock role (docs

Let me know if you think I missed something or want to discuss it further.

@lpizzinidev
Copy link
Contributor

Thanks for updating the implementation 👍
I left #29043 (comment) to be discussed.

Copy link
Contributor

@lpizzinidev lpizzinidev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for implementing the changes 👍
I left comments for adjusting the vpc interface (#29043 (comment)) and other nits.
Thank you for your patience, I should have thought about it before 😅 (of course let me know if you think that the implementation is better as is)

@badmintoncryer
Copy link
Contributor Author

badmintoncryer commented Apr 13, 2024

@lpizzinidev Thank you for your continuous review!
I have updated to use only vpc as props and I will fix CI failure later.

I have 1 question about security groups.

#29043 (comment)

Copy link
Contributor

@lpizzinidev lpizzinidev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#29043 (comment)

My only concern is regarding the settings for the security group. If only the vpc is specified as an argument, there will be a need to automatically generate a security group for the ENI used by bedrock. For the outbound rules of this security group, is it acceptable to allow access to S3 via HTTPS to 0.0.0.0/0?

We should allow users control over securityGroups configuration.
Which is why I think we should revert to using the previous interface.

If the strictest outbound rules are required

Let's keep it simple for now as adding stricter rules will probably require adding more props.

The rest of the changes look good 👍

Copy link
Contributor

@lpizzinidev lpizzinidev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks 👍 Left comments for some final minor adjustments.
Otherwise, this looks good to me 💪

@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Apr 14, 2024
@badmintoncryer
Copy link
Contributor Author

@lpizzinidev I'm sorry for my misunderstanding. I've removed vpc props from vpcConfig.
I apologize for the time it took to make the corrections in this PR. I look forward to continuing to work with you.

@lpizzinidev
Copy link
Contributor

@badmintoncryer
No worries, you're pretty quick in implementing changes 😄
Hopefully, this will get merged soon 💪

Copy link
Contributor

@comcalvi comcalvi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a fantastic change! Shoutout to @lpizzinidev for reviewing this PR!

@mergify mergify bot dismissed comcalvi’s stale review April 25, 2024 07:49

Pull request has been modified.

@badmintoncryer
Copy link
Contributor Author

@comcalvi Thank you for your review and I'm sorry for my confusing implementation. I've replied your comments.

@badmintoncryer badmintoncryer force-pushed the createModelCustomizationJob branch from 9c4ba2a to ab063b8 Compare April 25, 2024 08:23
badmintoncryer and others added 8 commits July 4, 2024 22:30
…e-model-customization-job.ts

Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
…e-model-customization-job.ts

Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
…e-model-customization-job.ts

Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
…e-model-customization-job.ts

Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
…e-model-customization-job.ts

Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
@badmintoncryer badmintoncryer force-pushed the createModelCustomizationJob branch from 6986b56 to 18e8f23 Compare July 4, 2024 13:30
@mergify mergify bot dismissed comcalvi’s stale review July 4, 2024 13:31

Pull request has been modified.

@badmintoncryer
Copy link
Contributor Author

@comcalvi I've resolved conflicts. Could you approve again after esbuild issue is fixed?

@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jul 4, 2024
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 3697bf6
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Oct 24, 2024
@aws-cdk-automation
Copy link
Collaborator

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

@aws-cdk-automation aws-cdk-automation added the closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. label Oct 25, 2024
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 pr/do-not-merge This PR should not be merged at this time. star-contributor [Pilot] contributed between 25-49 PRs to the CDK
Projects
None yet
Development

Successfully merging this pull request may close these issues.

stepfunctions-tasks: support for bedrock createModelCustomizationJob task
4 participants