Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(stepfunctions-tasks): bedrock createModelCustomizationJob integration #31913

Open
wants to merge 75 commits into
base: main
Choose a base branch
from
Open

feat(stepfunctions-tasks): bedrock createModelCustomizationJob integration #31913

wants to merge 75 commits into from

Conversation

badmintoncryer
Copy link
Contributor

This PR was previously created and passed the community review, but the maintainer review stopped midway, and it was eventually closed. There shouldn’t be any issues with the content, so I am submitting the PR again.

Issue # (if applicable)

Closes #29042

Reason for this change

AWS stepfunctions support optimized integration with AWS bedrock.
Currently, only invokeModel is supported by CDK, but I would like createModelCustomizationJob to be supported in the same manner.

Description of changes

I've added CreatemodelCustomizationJob class.

const taskConfig = {
  baseModel: model,
  clientRequestToken: 'MyToken',
  customizationType: CustomizationType.FINE_TUNING,
  kmsKey,
  customModelName: 'MyCustomModel',
  customModelTags: [{ key: 'key1', value: 'value1' }],
  hyperParameters: {
    batchSize: '10',
  },
  jobName: 'MyCustomizationJob',
  jobTags: [{ key: 'key2', value: 'value2' }],
  outputDataS3Uri: outputBucket.s3UrlForObject(),
  trainingDataS3Uri: trainingBucket.s3UrlForObject(),
  validationDataS3Uri: [validationBucket.s3UrlForObject()],
  vpcConfig: {
    securityGroups: [new ec2.SecurityGroup(stack, 'SecurityGroup', { vpc })],
    subnets: vpc.isolatedSubnets,
  },
};

const task1 = new BedrockCreateModelCustomizationJob(stack, 'CreateModelCustomizationJob1', taskConfig);

const chain = sfn.Chain
  .start(new sfn.Pass(stack, 'Start'))
  .next(task1)
  .next(new sfn.Pass(stack, 'Done'));

new sfn.StateMachine(stack, 'StateMachine', {
  definitionBody: sfn.DefinitionBody.fromChainable(chain),
  timeout: cdk.Duration.seconds(30),
});

Description of how you validated changes

I've added both unit and integ tests.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

badmintoncryer and others added 30 commits July 4, 2024 22:30
@badmintoncryer
feat: add createModelCustomizationJob class
a976a46
@badmintoncryer
test: add integ test
79dfc84
@badmintoncryer
test: integ test
3798cb7
@badmintoncryer
fix: permission
8a5d70d
@badmintoncryer
test: update integ test
bde1a4f
@badmintoncryer
test: update integ test
3aa76b6
@badmintoncryer
docs: readme
dfa9f8c
@badmintoncryer
fix: jsii problem
8686dcc
@badmintoncryer
test: add unit test
e5d3e3f
@badmintoncryer
test: add unit test
e6d6e37
@badmintoncryer
chore: add default docs
b661fad
@badmintoncryer
fix: iam policy and update comments
b7a8345
@badmintoncryer
chore: remove space
548c706
@badmintoncryer
docs: update readme
0351161
@badmintoncryer
test: update integ test
a414a5a
@badmintoncryer
test: fix unit test
c034b66
@badmintoncryer
docs: fix readme
509203a
@badmintoncryer
fix: readme
83bcf27
@badmintoncryer @lpizzinidev
Update packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/creat…
9568cba 
…e-model-customization-job.ts

Co-authored-by: Luca Pizzini <[email protected]>
@badmintoncryer @lpizzinidev
Update packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/creat…
a4831da 
…e-model-customization-job.ts

Co-authored-by: Luca Pizzini <[email protected]>
@badmintoncryer @lpizzinidev
Update packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/creat…
41a0b71 
…e-model-customization-job.ts

Co-authored-by: Luca Pizzini <[email protected]>
@badmintoncryer
fix: iam policy
d591952
@badmintoncryer
test: fix test
102067e
@badmintoncryer
fix: unit test
fb63238
@badmintoncryer
docs: update readme
41370b6
@badmintoncryer
test: update integ test (temp)
b91224a
@badmintoncryer
fix: remove principal
f921e0e
@badmintoncryer
fix: integ test
caf77fd
@badmintoncryer
chore: remove unnecessary line
5caff6f
@badmintoncryer
chore: udpate integ test
3a65136
@aws-cdk-automation aws-cdk-automation requested a review from a team October 26, 2024 06:50
@github-actions github-actions bot added the distinguished-contributor [Pilot] contributed 50+ PRs to the CDK label Oct 26, 2024
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Oct 26, 2024
@moelasmar moelasmar added pr/needs-maintainer-review This PR needs a review from a Core Team Member and removed pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. labels Oct 26, 2024
@aws-cdk-automation aws-cdk-automation added pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. and removed pr/needs-maintainer-review This PR needs a review from a Core Team Member labels Oct 26, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 26, 2024
View reviewed changes
packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/create-model-customization-job.ts Show resolved Hide resolved
packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/create-model-customization-job.ts
}

private validatePattern(name: string, pattern: RegExp, value?: string): void {
if (value !== undefined && !Token.isUnresolved(value) && !pattern.test(value)) {

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
Loading
that depends on
library input
Loading
may run slow on strings starting with '0' and with many repetitions of '-'.
@github-actions github-actions bot mentioned this pull request Oct 28, 2024
Closed
@badmintoncryer badmintoncryer force-pushed the createModelCustomizationJob branch from 083ec3a to c209f7f Compare October 28, 2024 13:22
@github-actions github-actions bot mentioned this pull request Nov 1, 2024
Closed
@badmintoncryer
Copy link
Contributor Author

@moelasmar It appears that the needs-maintainer-review label was attached, but it was automatically removed.

Additionally, I’m seeing a CodeQL error related to a regular expression, but this expression is directly from the CloudFormation documentation. In this case, I believe it’s acceptable to ignore the error. What are your thoughts?

@codecov Codecov
Copy link

codecov bot commented Nov 27, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.38%. Comparing base (b021efe) to head (068c110).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #31913   +/-   ##
=======================================
  Coverage   81.38%   81.38%           
=======================================
  Files         222      222           
  Lines       13698    13698           
  Branches     2413     2413           
=======================================
  Hits        11148    11148           
  Misses       2271     2271           
  Partials      279      279
Flag Coverage Δ
suite.unit 81.38% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
packages/aws-cdk 80.69% <ø> (ø)
packages/aws-cdk-lib/core 82.10% <ø> (ø)

@gracelu0 gracelu0 self-assigned this Dec 6, 2024
gracelu0
gracelu0 previously requested changes Dec 7, 2024
View reviewed changes
Copy link
Contributor

@gracelu0 gracelu0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @badmintoncryer , thank you for working on this! I saw the previously open PR was approved (apologies that it got closed by our automation), I just have a few more comments.

packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/create-model-customization-job.ts Show resolved Hide resolved
packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/create-model-customization-job.ts Outdated
Comment on lines 241 to 248
this.props.customModelKmsKey.addToResourcePolicy(new iam.PolicyStatement({
actions: ['kms:Decrypt', 'kms:GenerateDataKey', 'kms:DescribeKey', 'kms:CreateGrant'],
resources: ['*'],
principals: [new iam.ArnPrincipal(this._role.roleArn)],
}));
}
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To adhere to the best security practice stated here: https://docs.aws.amazon.com/bedrock/latest/userguide/encryption-custom-job.html#encryption-cm-statements, can we add a kms:ViaService condition to this policy to limit key access to the Amazon Bedrock service? There's an example under the Encrypt a model dropdown in that link

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated my code and executed integ test again!

packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/bedrock/create-model-customization-job.ts
S3Uri: this.props.outputData.bucket.s3UrlForObject(this.props.outputData.prefix),
},
RoleArn: this._role.roleArn,
TrainingDataConfig: {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wondering if there's a reason we omit invocationLogsConfig?

https://docs.aws.amazon.com/bedrock/latest/APIReference/API_TrainingDataConfig.html#API_TrainingDataConfig_Contents

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When it was created, I remember handling all the parameters, so additional arguments might have been added later. Should I address this as well?

@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Dec 7, 2024
@mergify mergify bot dismissed gracelu0’s stale review December 18, 2024 13:11

Pull request has been modified.

@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Dec 21, 2024
@badmintoncryer
Copy link
Contributor Author

@gracelu0 Thank you for your kindness check. I've addressed all of your comments.

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 068c110
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gracelu0 gracelu0 gracelu0 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@gracelu0 gracelu0

Labels
distinguished-contributor [Pilot] contributed 50+ PRs to the CDK effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

stepfunctions-tasks: support for bedrock createModelCustomizationJob task
4 participants
@badmintoncryer @aws-cdk-automation @gracelu0 @moelasmar