Cross-Account Model Deployment With AWS RAM
Introduction
In this guide, we will demonstrate how to deploy a machine learning model across multiple AWS accounts using AWS Resource Access Manager (RAM) with Pulumi. AWS RAM allows you to securely share your resources with any AWS account or within your organization. This is particularly useful for sharing resources like machine learning models, datasets, and other assets across different accounts for collaborative purposes.
Step-by-Step Explanation
Step 1: Set Up AWS RAM
- Create a Resource Share: First, create a resource share in the account that owns the resources you want to share. This involves specifying the resources to share and the accounts or organizational units (OUs) with which to share them.
- Add Resources to the Share: Add the machine learning model and any other necessary resources to the resource share.
- Specify Principals: Define the AWS accounts or OUs that will have access to the shared resources.
Step 2: Accept the Resource Share
- Accept the Share: In the recipient account, accept the resource share invitation. This will grant access to the shared resources.
- Access Shared Resources: Use the shared resources in your Pulumi program to deploy the machine learning model.
Step 3: Deploy the Model
- Create a Pulumi Program: Write a Pulumi program to deploy the machine learning model using the shared resources.
- Configure the Program: Ensure that the program is configured to use the shared resources from AWS RAM.
- Deploy the Program: Run the Pulumi program to deploy the machine learning model across the accounts.
Conclusion
By following these steps, you can effectively deploy a machine learning model across multiple AWS accounts using AWS RAM with Pulumi. This approach ensures secure and efficient sharing of resources, enabling collaborative work across different accounts.
Full Code Example
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create a Resource Share
const resourceShare = new aws.ram.ResourceShare("exampleResourceShare", {
name: "exampleResourceShare",
allowExternalPrincipals: true,
});
// Add a SageMaker Model to the Resource Share
const model = new aws.sagemaker.Model("exampleModel", {
executionRoleArn: "arn:aws:iam::123456789012:role/SageMakerExecutionRole",
primaryContainer: {
image: "123456789012.dkr.ecr.us-west-2.amazonaws.com/my-sagemaker-image:latest",
modelDataUrl: "s3://my-bucket/model.tar.gz",
},
});
const resourceAssociation = new aws.ram.ResourceAssociation("exampleResourceAssociation", {
resourceShareArn: resourceShare.arn,
resourceArn: model.arn,
});
// Specify Principals (AWS Account IDs) to share the resources with
const principalAssociation = new aws.ram.PrincipalAssociation("examplePrincipalAssociation", {
resourceShareArn: resourceShare.arn,
principal: "123456789012", // Replace with the AWS Account ID to share with
});
// In the recipient account, accept the resource share
const resourceShareAccepter = new aws.ram.ResourceShareAccepter("exampleResourceShareAccepter", {
shareArn: resourceShare.arn,
});
// Export the Resource Share ID and Model ARN
export const resourceShareId = resourceShare.id;
export const modelArn = model.arn;
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.