Amazon Web Services

Amazon Web Services (AWS) is a cloud provider we use to deploy your Prediction Nodes. In this section, we've documented how to Sign up for AWS and create an IAM user for the numerai-cli.

AWS Sign Up

Firstly, follow these steps to set up an AWS account with billing enabled. You will not be able to run your model without billing enabled (don't worry it should only cost around $5 per month).

1. Create an Amazon Web Services (AWS) Account
2. Make sure you are signed in to the AWS Console
3. Set up AWS Billing

AWS API Keys

After you have an AWS account w/ Billing and create an administrative IAM user

1. Make sure you are signed in to the AWS Console

2. Create a new IAM Policy:

   1. Select the "JSON" tab and overwrite the existing values with the following policy document:

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Sid": "VisualEditor0",
               "Effect": "Allow",
               "Action": [
                   "apigateway:*",
                   "logs:*",
                   "s3:List*",
                   "ecs:*",
                   "lambda:*",
                   "ecr:*",
                   "ec2:*",
                   "iam:*",
                   "events:*"
               ],
               "Resource": "*"
           }
       ]
   }
   

   2. Click "Next" at the bottom until you reach "Review Policy"
   3. Name your policy (e.g. "compute-setup-policy") and remember this name, then hit "Create Policy"

3. Create a new IAM user:

   1. Give the user a name (like "numerai-compute") and select "Programmatic access"
   2. For permissions, click "Attach existing policies directly"
   3. Search for the Policy you just created and check the box next to it
   4. Continue through remaining pages and click "Create User"
   5. Record the "Access key ID" and "Secret access key" from the final step.

NOTES:

• For experienced cloud users, it may seem unsafe to have :* next to resources, but there are a lot permissions that Numerai CLI needs to run properly now and in the future. Believe it or not, this policy is already ALOT safer that using the stock Admin policy. You can experiment with least permissions for your own setup, but it most likely will break with future versions of the CLI.

Architecture

We use 4 primary resources in AWS to run your compute Node. The links will take you to the AWS console where you can monitor any of these resources for a given node; just visit the link and select the resource with the same name as the node you want to monitor (further directions are given for each resource below).

• API Gateway: Hosts the webhook (HTTP endpoint) that Numerai calls to trigger your nodes. After clicking the link and selecting the resource, use the left sidebar to access metrics and logging.

• Lambda: Schedules your compute job when you call your Webhook URL. After clicking the link and selecting the resource, use the "Monitor" tab below the "Function Overview" section.

• ECR (Elastic Container Repository): Used for storing docker images. This is the location to which numerai docker deploy will push your image. There is not much monitoring here, but you can view your images and when they were uploaded.

• ECS (Elastic Container Service): This is where your containers will actually run and where you'll want to look if your containers don't seem to be scheduled/running. After clicking the link, you'll be able to scroll and monitor the top-level metrics of each cluster. After selecting a specific cluster, you can use the various tabs to view different components of the cluster (tasks are the runnable jobs that the Lambda schedules, instances are the computers the tasks run on, and metrics will show cluster-wide information)

Troubleshooting

Please see https://github.com/numerai/numerai-cli/wiki/Troubleshooting for all common Troubleshooting scenarios.