Streamlined SSH Access for Interactive AI Model Development

Question

Pulumi · Accepted Answer

To provide streamlined SSH access for interactive Artificial Intelligence (AI) model development, we will create an SSH key pair, provision an EC2 instance on AWS for running our AI models, and setup AWS IAM (Identity and Access Management) to manage the SSH keys and permissions. This will give you the infrastructure needed to access your instance securely for your AI workloads.

First, we’ll create an SSH key pair. This key pair will be used to SSH into the EC2 instance securely. AWS stores the public key, and you keep the private key which should be kept secret.

Next, we'll set up an EC2 instance. This virtual server will be where your AI models are run and developed. We will use a common instance type that balances cost and compute power, ideal for model development.

Lastly, we’ll create an IAM user to manage our SSH access. This user will encapsulate the permissions needed to interact with the EC2 instance, and it's where we will attach the SSH public key.

Let’s begin by writing the Pulumi program in Python:

```python
import pulumi
import pulumi_aws as aws

# Create a new IAM user for SSH access
iam_user = aws.iam.User("aiModelDevUser")

# Generate a new SSH key pair
ssh_key = aws.ec2.KeyPair("aiModelDevKeyPair", public_key=iam_user.name.apply(lambda name: f"{name}.pub"))

# Create a new security group that allows SSH ingress
security_group = aws.ec2.SecurityGroup("allowSsh",
    description="Allow SSH inbound traffic",
    ingress=[
        {
            # SSH access from anywhere; in practice, you should restrict the source IP range
            "protocol": "tcp",
            "from_port": 22,
            "to_port": 22,
            "cidr_blocks": ["0.0.0.0/0"],
        },
    ])

# Define the AMI (Amazon Machine Image), find an appropriate AMI for your needs
ami = aws.ec2.get_ami(
    most_recent=True,
    owners=["amazon"],
    filters=[{"name":"name", "values":["amzn2-ami-hvm-*-x86_64-ebs"]}])

# Provision an EC2 instance to run our AI models
ec2_instance = aws.ec2.Instance("aiModelDevInstance",
    instance_type="t2.micro",
    security_groups=[security_group.name], # Attach the security group for SSH access
    key_name=ssh_key.key_name, # Associate the SSH key with our instance
    ami=ami.id) # Use the AMI selected

# Export the public IP to connect to the instance
pulumi.export("publicIp", ec2_instance.public_ip)
```

In this program:

- We start by creating an IAM user named `aiModelDevUser`. This user represents the entity under which we’ll manage our SSH keys and permissions for accessing the EC2 instance securely.

- We then create an SSH key pair with `aws.ec2.KeyPair`. We're associating the public key with our IAM user. AWS will store the public key and you’ll use the private key to SSH into your instance.

- The security group `allowSsh` is configured to allow inbound SSH connections on port 22 from any IP address (`0.0.0.0/0`). For better security, you should limit the range of inbound IP addresses to known sources.

- We use `aws.ec2.get_ami` to retrieve the AMI ID of the latest Amazon Linux 2, which we'll use as the base image for our instance.

- The EC2 instance `aiModelDevInstance` is a t2.micro instance type, which is cost-effective for development and testing purposes. It uses the selected AMI and security group, and it is launched with the SSH key pair created earlier.

- Finally, we export the instance’s public IP address so you can access it with SSH using the private key that matches the public key stored in AWS.

When you run this Pulumi program with `pulumi up`, Pulumi handles provisioning all of the resources described. After deployment, you will receive an output of the EC2 instance's public IP which you can use (along with your private SSH key) to securely access your AI development environment.