fix: deploy issue in cn region

Author: yanbasic

src/dmaa/cfn/codepipeline/template.yaml

@@ -44,6 +44,21 @@ Resources:
                 Action:
                   - ecr-public:*
                   - sts:GetServiceBearerToken
+                  - cloudformation:DescribeStacks
+                  - cloudformation:CreateStack
+                  - cloudformation:DeleteStack
+                  - ec2:*
+                  - ecs:*
+                  - iam:CreateRole
+                  - iam:AttachRolePolicy
+                  - iam:PassRole
+                  - iam:PutRolePolicy
+                  - iam:DetachRolePolicy
+                  - iam:DeleteRole
+                  - iam:GetRole
+                  - lambda:*
+                  - logs:*
+                  - elasticloadbalancing:*
                 Resource:
                   - "*"
       ManagedPolicyArns:
@@ -183,8 +198,8 @@ Resources:
                 - echo Build started on `date`
             build:
               commands:
-                - echo "Building Amazon ECR image..."
-                - |
+                - |-
+                  echo "Building Amazon ECR image..."
                   region=$ModelRegion
                   model_s3_bucket=$ModelBucketName
                   model_id=$ModelId
@@ -194,25 +209,26 @@ Resources:
                   service=$ServiceType
                   instance_type=$InstanceType
                   extra_params=$ExtraParams
-                - cd pipeline/
-                - export PYTHONPATH=.:$PYTHONPATH
-                - pip install --upgrade pip
-                - pip install -r requirements.txt
-                - python pipeline.py --region $region --model_id $model_id --model_tag $ModelTag --framework_type $FrameworkType --service_type $service --backend_type $backend_name  --model_s3_bucket $model_s3_bucket --instance_type $instance_type --extra_params "$extra_params" --skip_deploy
-                - cd ..
+                  cd pipeline/
+                  export PYTHONPATH=.:$PYTHONPATH
+                  pip install --upgrade pip
+                  pip install -r requirements.txt
+                  python pipeline.py --region $region --model_id $model_id --model_tag $ModelTag --framework_type $FrameworkType --service_type $service --backend_type $backend_name  --model_s3_bucket $model_s3_bucket --instance_type $instance_type --extra_params "$extra_params" --skip_deploy
+                  cd ..
+                  echo pipeline build completed on `date`
 
             post_build:
               commands:
-                - SERVICE_TYPE=$(echo "$ServiceType" | tr '[:upper:]' '[:lower:]')
-                - cp cfn/$ServiceType/template.yaml template.yaml
-                - cp pipeline/parameters.json parameters.json
-                - echo pipeline build completed on `date`, post deployment starting
-                - if [ -f cfn/$ServiceType/post_build.py ]; then
+                - |-
+                  SERVICE_TYPE=$(echo "$ServiceType" | tr '[:upper:]' '[:lower:]')
+                  cp cfn/$ServiceType/template.yaml template.yaml
+                  cp pipeline/parameters.json parameters.json
+                  if [ -f cfn/$ServiceType/post_build.py ]; then
                     cp cfn/$ServiceType/post_build.py post_build.py
                     python post_build.py --region $region --model_id $model_id --model_tag $ModelTag --framework_type $FrameworkType --service_type $service --backend_type $backend_name --model_s3_bucket $model_s3_bucket --instance_type $instance_type --extra_params "$extra_params"
                   fi
-                - cat parameters.json
-                - echo Build completed on `date`
+                  cat parameters.json
+                  echo Build completed on `date`
 
           artifacts:
             files:

src/dmaa/cfn/ecs/cluster.yaml

@@ -3,11 +3,9 @@ Description: DMAA ECS Cluster - Ensure all associated models are deleted before
 Parameters:
   VPCID:
     Type: AWS::EC2::VPC::Id
-    Default: "vpc-043d6906ccc5614f9"
     Description: The VPC ID to be used for the ECS cluster
   Subnets:
     Type: List<AWS::EC2::Subnet::Id>
-    Default: "subnet-0d74bc4b17d7ab99b,subnet-0bd0680e698e529f2"
     Description: The public subnets to be used for the ECS cluster
 Resources:
   ECSCluster:
@@ -65,10 +63,26 @@ Resources:
               - sts:AssumeRole
       Path: /
       ManagedPolicyArns:
-        - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
-        - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
-        - arn:aws:iam::aws:policy/AmazonS3FullAccess
-        - arn:aws:iam::aws:policy/AmazonECS_FullAccess
+        - Fn::Join:
+            - ""
+            - - "arn:"
+              - Ref: AWS::Partition
+              - :iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
+        - Fn::Join:
+            - ""
+            - - "arn:"
+              - Ref: AWS::Partition
+              - :iam::aws:policy/AmazonSSMManagedInstanceCore
+        - Fn::Join:
+            - ""
+            - - "arn:"
+              - Ref: AWS::Partition
+              - :iam::aws:policy/AmazonS3FullAccess
+        - Fn::Join:
+            - ""
+            - - "arn:"
+              - Ref: AWS::Partition
+              - :iam::aws:policy/AmazonECS_FullAccess
   ECSTaskExecutionRole:
     Type: AWS::IAM::Role
     Properties:
@@ -82,7 +96,11 @@ Resources:
               - sts:AssumeRole
       Path: /
       ManagedPolicyArns:
-        - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
+        - Fn::Join:
+            - ""
+            - - "arn:"
+              - Ref: AWS::Partition
+              - :iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
 
   LambdaExecutionRole:
     Type: AWS::IAM::Role

src/dmaa/cfn/ecs/post_build.py

@@ -1,13 +1,25 @@
 import boto3
 import time
 import json
+import os
 import argparse
 
 # Post build script for ECS, it will deploy the VPC and ECS cluster.
 
 CFN_ROOT_PATH = 'cfn'
 WAIT_SECONDS = 10
-CFN_ROOT_PATH = '../../cfn'
+# CFN_ROOT_PATH = '../../cfn'
+JSON_DOUBLE_QUOTE_REPLACE = '<!>'
+
+def load_extra_params(string):
+    string = string.replace(JSON_DOUBLE_QUOTE_REPLACE,'"')
+    try:
+        return json.loads(string)
+    except json.JSONDecodeError:
+        raise argparse.ArgumentTypeError(f"Invalid dictionary format: {string}")
+
+def dump_extra_params(d:dict):
+    return json.dumps(d).replace('"', JSON_DOUBLE_QUOTE_REPLACE)
 
 def wait_for_stack_completion(client, stack_id, stack_name):
     while True:
@@ -29,14 +41,28 @@ def create_or_update_stack(client, stack_name, template_path, parameters=[]):
     try:
         response = client.describe_stacks(StackName=stack_name)
         stack_status = response['Stacks'][0]['StackStatus']
-        # if stack_status == 'ROLLBACK_COMPLETE':
-        #     print(f"Stack {stack_name} is in ROLLBACK_COMPLETE state. Deleting the stack to allow for recreation.")
-        #     client.delete_stack(StackName=stack_name)
-        #     wait_for_stack_completion(client, stack_name, stack_name)
+        if stack_status in ['ROLLBACK_COMPLETE', 'ROLLBACK_FAILED', 'DELETE_FAILED']:
+            print(f"Stack {stack_name} is in {stack_status} state. Deleting the stack to allow for recreation.")
+            client.delete_stack(StackName=stack_name)
+            while True:
+                try:
+                    response = client.describe_stacks(StackName=stack_name)
+                    stack_status = response['Stacks'][0]['StackStatus']
+                    if stack_status == 'DELETE_IN_PROGRESS':
+                        print(f"Stack {stack_name} is being deleted...")
+                        time.sleep(WAIT_SECONDS)
+                    else:
+                        raise Exception(f"Unexpected status {stack_status} while waiting for stack deletion.")
+                except client.exceptions.ClientError as e:
+                    if 'does not exist' in str(e):
+                        print(f"Stack {stack_name} successfully deleted.")
+                        break
+                    else:
+                        raise
         while stack_status not in ['CREATE_COMPLETE', 'UPDATE_COMPLETE']:
             if stack_status in ['CREATE_IN_PROGRESS', 'UPDATE_IN_PROGRESS']:
                 print(f"Stack {stack_name} is currently {stack_status}. Waiting for it to complete...")
-                time.sleep(SLEEP_WAIT_SECONDS)
+                time.sleep(WAIT_SECONDS)
                 response = client.describe_stacks(StackName=stack_name)
                 stack_status = response['Stacks'][0]['StackStatus']
             else:
@@ -108,27 +134,27 @@ def deploy_ecs_cluster_template(region, vpc_id, subnets):
 
 
 def post_build():
-    parser = argparse.ArgumentParser(description="Post build script")
-    parser.add_argument('--region', type=str, required=False, help='AWS region')
-    parser.add_argument('--model_id', type=str, required=False, help='Model ID')
-    parser.add_argument('--model_tag', type=str, required=False, help='Model tag')
-    parser.add_argument('--framework_type', type=str, required=False, help='Framework type')
-    parser.add_argument('--service_type', type=str, required=False, help='Service type')
-    parser.add_argument('--backend_type', type=str, required=False, help='Backend type')
-    parser.add_argument('--model_s3_bucket', type=str, required=False, help='Model S3 bucket')
-    parser.add_argument('--instance_type', type=str, required=False, help='Instance type')
-    parser.add_argument('--extra_params', type=str, required=False, help='Extra parameters')
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--region', type=str, required=False)
+    parser.add_argument('--model_id', type=str, required=False)
+    parser.add_argument('--model_tag', type=str, required=False)
+    parser.add_argument('--framework_type', type=str, required=False)
+    parser.add_argument('--service_type', type=str, required=False)
+    parser.add_argument('--backend_type', type=str, required=False)
+    parser.add_argument('--model_s3_bucket', type=str, required=False)
+    parser.add_argument('--instance_type', type=str, required=False)
+    parser.add_argument('--extra_params', type=load_extra_params, required=False, default=os.environ.get("extra_params","{}"))
 
     args = parser.parse_args()
 
-    extra_params = json.loads(args.extra_params) if args.extra_params else {}
+    service_params = args.extra_params.get('service_params',{})
 
-    if 'VpcID' not in extra_params:
+    if 'vpc_id' not in service_params:
         vpc_id, subnets = deploy_vpc_template(args.region)
     else:
-        vpc_id = extra_params.get('VpcID')
-        subnets = extra_params.get('Subnets')
-        update_parameters_file('parameters.json', {'VpcID': vpc_id, 'Subnets': subnets})
+        vpc_id = service_params.get('vpc_id')
+        subnets = service_params.get('subnet_ids')
+        update_parameters_file('parameters.json', {'VPCID': vpc_id, 'Subnets': subnets})
 
     deploy_ecs_cluster_template(args.region, vpc_id, subnets)
 

src/dmaa/commands/deploy.py

@@ -228,7 +228,7 @@ def deploy(
     # console.print("[bold blue]Checking AWS environment...[/bold blue]")
 
     region = get_current_region()
-
+    vpc_id = None
     # ask model id
     model_id = ask_model_id(region,model_id=model_id)
 
@@ -269,7 +269,75 @@ def deploy(
     if not check_service_support_on_cn_region(service_type,region):
         raise ServiceNotSupported(region, service_type=service_type)
 
-    #
+    if Service.get_service_from_service_type(service_type).need_vpc:
+        client = boto3.client('ec2', region_name=region)
+        vpcs = []
+        dmaa_default_vpc = None
+        paginator = client.get_paginator('describe_vpcs')
+        for page in paginator.paginate():
+            for vpc in page['Vpcs']:
+                if any(tag['Key'] == 'Name' and tag['Value'] == 'DMAA-vpc' for tag in vpc.get('Tags', [])):
+                    dmaa_default_vpc = vpc
+                    continue
+                vpcs.append(vpc)
+        else:
+            for vpc in vpcs:
+                vpc_name = next((tag['Value'] for tag in vpc.get('Tags', []) if tag.get('Key') == 'Name'), None)
+                vpc['Name'] = vpc_name if vpc_name else '-'
+            dmaa_vpc = select_with_help(
+                "Select the VPC (Virtual Private Cloud) you want to deploy the ESC service:",
+                choices=[
+                    Choice(
+                        title=f"{dmaa_default_vpc['VpcId']} ({dmaa_default_vpc['CidrBlock']}) (DMAA-vpc)" if dmaa_default_vpc else 'Create a new VPC',
+                        description='Use the existing DMAA-VPC for the new model deployment (recommended)' if dmaa_default_vpc else 'Create a new VPC with two public subnets and a S3 Endpoint for the model deployment. Select this option if you do not know what is VPC',
+                    )
+                ] + [
+                    Choice(
+                        title=f"{vpc['VpcId']} ({vpc['CidrBlock']}) ({vpc['Name']})",
+                        description="Custom VPC requirement: A NAT Gateway or S3 Endpoint, with at least two public and two private subnet.",
+                    )
+                    for vpc in vpcs
+                ],
+                style=custom_style
+            ).ask()
+
+        vpc_id = None
+        selected_subnet_ids = []
+        if 'Create a new VPC' == dmaa_vpc:
+            pass
+        elif 'DMAA-vpc' in dmaa_vpc:
+            vpc_id = dmaa_vpc.split()[0]
+            paginator = client.get_paginator('describe_subnets')
+            for page in paginator.paginate(Filters=[{'Name': 'vpc-id', 'Values': [vpc_id]}]):
+                for subnet in page['Subnets']:
+                    selected_subnet_ids.append(subnet['SubnetId'])
+        else:
+            vpc_id = dmaa_vpc.split()[0]
+            subnets = []
+            paginator = client.get_paginator('describe_subnets')
+            for page in paginator.paginate(Filters=[{'Name': 'vpc-id', 'Values': [vpc_id]}]):
+                for subnet in page['Subnets']:
+                    subnets.append(subnet)
+            if not subnets:
+                console.print("[bold red]No subnets found in the selected VPC.[/bold red]")
+                raise typer.Exit(0)
+            else:
+                for subnet in subnets:
+                    subnet_name = next((tag['Value'] for tag in subnet.get('Tags', []) if tag.get('Key') == 'Name'), None)
+                    subnet['Name'] = subnet_name if subnet_name else '-'
+                selected_subnet = questionary.checkbox(
+                    "Select multiple subnets for the model deployment:",
+                    choices=[
+                        f"{subnet['SubnetId']} ({subnet['CidrBlock']}) ({subnet['Name']})"
+                        for subnet in subnets
+                    ],
+                    style=custom_style
+                ).ask()
+                if selected_subnet is None:
+                    raise typer.Exit(0)
+                else:
+                    for subnet in selected_subnet:
+                        selected_subnet_ids.append(subnet.split()[0])
 
     # support instance
     supported_instances = model.supported_instances
@@ -395,12 +463,18 @@ def deploy(
         except json.JSONDecodeError as e:
             console.print("[red]Invalid JSON format. Please try again.[/red]")
 
+    # append extra params for VPC and subnets
+    if vpc_id:
+        if 'service_params' not in extra_params:
+            extra_params['service_params'] = {}
+        extra_params['service_params']['vpc_id'] = vpc_id
+        extra_params['service_params']['subnet_ids'] = ",".join(selected_subnet_ids)
     # model tag
     if model_tag==MODEL_DEFAULT_TAG and not skip_confirm and not service_type == ServiceType.LOCAL:
         while True:
             model_tag = questionary.text(
                     "(Optional) Add a model deployment tag (custom label), you can skip by pressing Enter:",
-                    default=""
+                    default="dev"
                 ).ask()
             if model_tag == MODEL_DEFAULT_TAG:
                 console.print(f"[bold blue]invalid model tag: {model_tag}. Please try again.[/bold blue]")

src/dmaa/models/model.py

@@ -101,7 +101,7 @@ class Service(ModelBase):
     name: str
     description: str
     support_cn_region: bool
-    # support_custom_vpc: bool = False
+    need_vpc: bool = False
 
     # class vars
     service_name_maps: ClassVar[dict] = {}

src/dmaa/models/services.py

@@ -57,7 +57,8 @@
     name = "Amazon EC2",
     service_type=ServiceType.EC2,
     description="Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud.",
-     support_cn_region = False
+    support_cn_region = False,
+    need_vpc = True
 )
 
 ecs_service = Service(
@@ -77,7 +78,8 @@
     name = "Amazon ECS",
     service_type=ServiceType.ECS,
     description="Amazon ECS is a fully managed service that provides scalable and reliable container orchestration for your applications.",
-    support_cn_region = False
+    support_cn_region = True,
+    need_vpc = True
 )
 
 

src/dmaa/utils/aws_service_utils.py

@@ -75,7 +75,7 @@ def get_account_id():
 
 
 def create_s3_bucket(bucket_name, region):
-    s3 = boto3.client("s3")
+    s3 = boto3.client("s3", region_name=region)
     try:
         s3.head_bucket(Bucket=bucket_name)
     except: