Skip to content

Commit

Permalink
Merge pull request #208 from awslabs/feature/security-patches
Browse files Browse the repository at this point in the history
  • Loading branch information
@estohlmann
estohlmann authored Dec 11, 2024
2 parents 332bef1 + 372c07c commit bcf3cfe
Show file tree
Hide file tree
Showing 19 changed files with 192 additions and 69 deletions.
56 changes: 56 additions & 0 deletions ecs_model_deployer/src/lib/ecs-schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,62 @@ export class Ec2Metadata {
maxThroughput: 100,
vCpus: 192,
},
'g6.xlarge': {
memory: 16 * 1000,
gpuCount: 1,
nvmePath: '/dev/nvme1n1',
maxThroughput: 10,
vCpus: 4,
},
'g6.2xlarge': {
memory: 32 * 1000,
gpuCount: 1,
nvmePath: '/dev/nvme1n1',
maxThroughput: 10,
vCpus: 8,
},
'g6.4xlarge': {
memory: 64 * 1000,
gpuCount: 1,
nvmePath: '/dev/nvme1n1',
maxThroughput: 25,
vCpus: 16,
},
'g6.8xlarge': {
memory: 128 * 1000,
gpuCount: 1,
nvmePath: '/dev/nvme1n1',
maxThroughput: 25,
vCpus: 32,
},
'g6.16xlarge': {
memory: 256 * 1000,
gpuCount: 1,
nvmePath: '/dev/nvme1n1',
maxThroughput: 25,
vCpus: 64,
},
'g6.12xlarge': {
memory: 192 * 1000,
gpuCount: 4,
nvmePath: '/dev/nvme1n1',
maxThroughput: 40,
vCpus: 48,
},
'g6.24xlarge': {
memory: 384 * 1000,
gpuCount: 4,
nvmePath: '/dev/nvme1n1',
maxThroughput: 50,
vCpus: 96,
},
'g6.48xlarge': {
memory: 768 * 1000,
gpuCount: 8,
nvmePath: '/dev/nvme1n1',
maxThroughput: 100,
vCpus: 192,
},
'p4d.24xlarge': {
memory: 1152 * 1000,
gpuCount: 8,
Expand Down
5 changes: 3 additions & 2 deletions lib/api-base/authorizer.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import * as cdk from 'aws-cdk-lib';
import { RequestAuthorizer, IdentitySource } from 'aws-cdk-lib/aws-apigateway';
import { ISecurityGroup } from 'aws-cdk-lib/aws-ec2';
import { IRole } from 'aws-cdk-lib/aws-iam';
import { Code, Function, LayerVersion, Runtime } from 'aws-cdk-lib/aws-lambda';
import { Code, Function, LayerVersion } from 'aws-cdk-lib/aws-lambda';
import { StringParameter } from 'aws-cdk-lib/aws-ssm';
import { Construct } from 'constructs';

Expand All @@ -27,6 +27,7 @@ import { createCdkId } from '../core/utils';
import { Secret } from 'aws-cdk-lib/aws-secretsmanager';
import { Vpc } from '../networking/vpc';
import { Queue } from 'aws-cdk-lib/aws-sqs';
import { getDefaultRuntime } from './utils';

/**
* Properties for RestApiGateway Construct.
Expand Down Expand Up @@ -81,7 +82,7 @@ export class CustomAuthorizer extends Construct {
queueName: 'AuthorizerLambdaDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'authorizer.lambda_functions.lambda_handler',
functionName: `${cdk.Stack.of(this).stackName}-lambda-authorizer`,
code: Code.fromAsset('./lambda'),
Expand Down
4 changes: 2 additions & 2 deletions lib/api-base/fastApiContainer.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ export class FastApiContainer extends Construct {
const { config, securityGroup, tokenTable, vpc } = props;

const buildArgs: Record<string, string> | undefined = {
BASE_IMAGE: 'python:3.10',
BASE_IMAGE: 'python:3.11',
PYPI_INDEX_URL: config.pypiConfig.indexUrl,
PYPI_TRUSTED_HOST: config.pypiConfig.trustedHost,
LITELLM_CONFIG: yamlDump(config.litellmConfig),
Expand Down Expand Up @@ -115,7 +115,7 @@ export class FastApiContainer extends Construct {
buildArgs,
containerConfig: {
image: {
baseImage: 'python:3.10',
baseImage: 'python:3.11',
path: 'lib/serve/rest-api',
type: EcsSourceType.ASSET
},
Expand Down
4 changes: 4 additions & 0 deletions lib/api-base/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,3 +156,7 @@ function getOrCreateResource (scope: Construct, parentResource: IResource, path:
}
return resource;
}

export function getDefaultRuntime (): Runtime{
return Runtime.PYTHON_3_11;
}
6 changes: 3 additions & 3 deletions lib/chat/api/configuration.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@
import { IAuthorizer, RestApi } from 'aws-cdk-lib/aws-apigateway';
import * as dynamodb from 'aws-cdk-lib/aws-dynamodb';
import { ISecurityGroup } from 'aws-cdk-lib/aws-ec2';
import { LayerVersion, Runtime } from 'aws-cdk-lib/aws-lambda';
import { LayerVersion } from 'aws-cdk-lib/aws-lambda';
import { StringParameter } from 'aws-cdk-lib/aws-ssm';
import { Construct } from 'constructs';

import { PythonLambdaFunction, registerAPIEndpoint } from '../../api-base/utils';
import { getDefaultRuntime, PythonLambdaFunction, registerAPIEndpoint } from '../../api-base/utils';
import { BaseProps } from '../../schema';
import { createLambdaRole } from '../../core/utils';
import { Vpc } from '../../networking/vpc';
Expand Down Expand Up @@ -156,7 +156,7 @@ export class ConfigurationApi extends Construct {
'./lambda',
[commonLambdaLayer],
f,
Runtime.PYTHON_3_10,
getDefaultRuntime(),
vpc,
securityGroups,
lambdaRole,
Expand Down
6 changes: 3 additions & 3 deletions lib/chat/api/session.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ import { IAuthorizer, RestApi } from 'aws-cdk-lib/aws-apigateway';
import * as dynamodb from 'aws-cdk-lib/aws-dynamodb';
import { IRole } from 'aws-cdk-lib/aws-iam';
import { ISecurityGroup } from 'aws-cdk-lib/aws-ec2';
import { LayerVersion, Runtime } from 'aws-cdk-lib/aws-lambda';
import { LayerVersion } from 'aws-cdk-lib/aws-lambda';
import { StringParameter } from 'aws-cdk-lib/aws-ssm';
import { Construct } from 'constructs';

import { PythonLambdaFunction, registerAPIEndpoint } from '../../api-base/utils';
import { getDefaultRuntime, PythonLambdaFunction, registerAPIEndpoint } from '../../api-base/utils';
import { BaseProps } from '../../schema';
import { createLambdaRole } from '../../core/utils';
import { Vpc } from '../../networking/vpc';
Expand Down Expand Up @@ -156,7 +156,7 @@ export class SessionApi extends Construct {
'./lambda',
[commonLambdaLayer],
f,
Runtime.PYTHON_3_10,
getDefaultRuntime(),
vpc,
securityGroups,
lambdaRole,
Expand Down
7 changes: 4 additions & 3 deletions lib/core/layers/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,12 @@
*/

import { BundlingOutput } from 'aws-cdk-lib';
import { Architecture, Code, LayerVersion, Runtime } from 'aws-cdk-lib/aws-lambda';
import { Architecture, Code, LayerVersion } from 'aws-cdk-lib/aws-lambda';
import { Asset } from 'aws-cdk-lib/aws-s3-assets';
import { Construct } from 'constructs';

import { BaseProps } from '../../schema';
import { getDefaultRuntime } from '../../api-base/utils';

/**
* Properties for Layer Construct.
Expand Down Expand Up @@ -84,7 +85,7 @@ export class Layer extends Construct {
const layerAsset = new Asset(this, 'LayerAsset', {
path,
bundling: {
image: Runtime.PYTHON_3_10.bundlingImage,
image: getDefaultRuntime().bundlingImage,
platform: architecture.dockerPlatform,
command: ['bash', '-c', `set -e ${args.join(' ')}`],
outputType: BundlingOutput.AUTO_DISCOVER,
Expand All @@ -97,7 +98,7 @@ export class Layer extends Construct {

const layer = new LayerVersion(this, 'Layer', {
code: layerCode,
compatibleRuntimes: [Runtime.PYTHON_3_10],
compatibleRuntimes: [getDefaultRuntime()],
removalPolicy: config.removalPolicy,
description: description,
});
Expand Down
5 changes: 3 additions & 2 deletions lib/models/docker-image-builder.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import {
Role,
ServicePrincipal,
} from 'aws-cdk-lib/aws-iam';
import { Code, Function, Runtime } from 'aws-cdk-lib/aws-lambda';
import { Code, Function } from 'aws-cdk-lib/aws-lambda';
import { Duration, Stack } from 'aws-cdk-lib';
import { Bucket } from 'aws-cdk-lib/aws-s3';
import { BucketDeployment, Source } from 'aws-cdk-lib/aws-s3-deployment';
Expand All @@ -34,6 +34,7 @@ import { BaseProps } from '../schema';
import { Vpc } from '../networking/vpc';
import { Roles } from '../core/iam/roles';
import { Queue } from 'aws-cdk-lib/aws-sqs';
import { getDefaultRuntime } from '../api-base/utils';

export type DockerImageBuilderProps = BaseProps & {
ecrUri: string;
Expand Down Expand Up @@ -88,7 +89,7 @@ export class DockerImageBuilder extends Construct {
enforceSSL: true,
}),
functionName: functionId,
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'dockerimagebuilder.handler',
code: Code.fromAsset('./lambda/'),
timeout: Duration.minutes(1),
Expand Down
8 changes: 4 additions & 4 deletions lib/models/model-api.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,11 @@ import {
Role,
ServicePrincipal,
} from 'aws-cdk-lib/aws-iam';
import { LayerVersion, Runtime } from 'aws-cdk-lib/aws-lambda';
import { LayerVersion } from 'aws-cdk-lib/aws-lambda';
import { StringParameter } from 'aws-cdk-lib/aws-ssm';
import { Construct } from 'constructs';

import { PythonLambdaFunction, registerAPIEndpoint } from '../api-base/utils';
import { getDefaultRuntime, PythonLambdaFunction, registerAPIEndpoint } from '../api-base/utils';
import { BaseProps } from '../schema';
import { Vpc } from '../networking/vpc';

Expand Down Expand Up @@ -202,7 +202,7 @@ export class ModelsApi extends Construct {
method: 'ANY',
environment
},
Runtime.PYTHON_3_10,
getDefaultRuntime(),
vpc,
securityGroups,
lambdaRole,
Expand Down Expand Up @@ -274,7 +274,7 @@ export class ModelsApi extends Construct {
'./lambda',
[commonLambdaLayer],
f,
Runtime.PYTHON_3_10,
getDefaultRuntime(),
vpc,
securityGroups,
lambdaRole,
Expand Down
17 changes: 9 additions & 8 deletions lib/models/state-machine/create-model.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import { Construct } from 'constructs';
import { Duration } from 'aws-cdk-lib';
import { BaseProps } from '../../schema';
import { ITable } from 'aws-cdk-lib/aws-dynamodb';
import { Code, Function, ILayerVersion, Runtime } from 'aws-cdk-lib/aws-lambda';
import { Code, Function, ILayerVersion } from 'aws-cdk-lib/aws-lambda';
import { IRole } from 'aws-cdk-lib/aws-iam';
import { LAMBDA_MEMORY, LAMBDA_TIMEOUT, OUTPUT_PATH, POLLING_TIMEOUT } from './constants';
import { ISecurityGroup } from 'aws-cdk-lib/aws-ec2';
Expand All @@ -36,6 +36,7 @@ import { Repository } from 'aws-cdk-lib/aws-ecr';
import { IStringParameter } from 'aws-cdk-lib/aws-ssm';
import { Vpc } from '../../networking/vpc';
import { Queue } from 'aws-cdk-lib/aws-sqs';
import { getDefaultRuntime } from '../../api-base/utils';

type CreateModelStateMachineProps = BaseProps & {
modelTable: ITable,
Expand Down Expand Up @@ -81,7 +82,7 @@ export class CreateModelStateMachine extends Construct {
queueName: 'SetModelToCreatingDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.create_model.handle_set_model_to_creating',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand All @@ -106,7 +107,7 @@ export class CreateModelStateMachine extends Construct {
queueName: 'StartCopyDockerImageDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.create_model.handle_start_copy_docker_image',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand All @@ -129,7 +130,7 @@ export class CreateModelStateMachine extends Construct {
queueName: 'PollDockerImageAvailableDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.create_model.handle_poll_docker_image_available',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand All @@ -152,7 +153,7 @@ export class CreateModelStateMachine extends Construct {
queueName: 'HandleFailureDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.create_model.handle_failure',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand Down Expand Up @@ -181,7 +182,7 @@ export class CreateModelStateMachine extends Construct {
queueName: 'StartCreateStackDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.create_model.handle_start_create_stack',
code: Code.fromAsset('./lambda'),
timeout: Duration.minutes(8),
Expand All @@ -204,7 +205,7 @@ export class CreateModelStateMachine extends Construct {
queueName: 'PollCreateStackDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.create_model.handle_poll_create_stack',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand Down Expand Up @@ -233,7 +234,7 @@ export class CreateModelStateMachine extends Construct {
queueName: 'AddModelToLitellmDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.create_model.handle_add_model_to_litellm',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand Down
13 changes: 7 additions & 6 deletions lib/models/state-machine/delete-model.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ import {
Succeed,
Wait,
} from 'aws-cdk-lib/aws-stepfunctions';
import { Code, Function, ILayerVersion, Runtime } from 'aws-cdk-lib/aws-lambda';
import { Code, Function, ILayerVersion } from 'aws-cdk-lib/aws-lambda';
import { BaseProps } from '../../schema';
import { IRole } from 'aws-cdk-lib/aws-iam';
import { ISecurityGroup } from 'aws-cdk-lib/aws-ec2';
Expand All @@ -34,6 +34,7 @@ import { LAMBDA_MEMORY, LAMBDA_TIMEOUT, OUTPUT_PATH, POLLING_TIMEOUT } from './c
import { IStringParameter } from 'aws-cdk-lib/aws-ssm';
import { Vpc } from '../../networking/vpc';
import { Queue } from 'aws-cdk-lib/aws-sqs';
import { getDefaultRuntime } from '../../api-base/utils';

type DeleteModelStateMachineProps = BaseProps & {
modelTable: ITable,
Expand Down Expand Up @@ -75,7 +76,7 @@ export class DeleteModelStateMachine extends Construct {
queueName: 'SetModelToDeletingDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.delete_model.handle_set_model_to_deleting',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand All @@ -98,7 +99,7 @@ export class DeleteModelStateMachine extends Construct {
queueName: 'DeleteFromLitellmDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.delete_model.handle_delete_from_litellm',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand All @@ -121,7 +122,7 @@ export class DeleteModelStateMachine extends Construct {
queueName: 'DeleteStackDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.delete_model.handle_delete_stack',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand All @@ -144,7 +145,7 @@ export class DeleteModelStateMachine extends Construct {
queueName: 'MonitorDeleteStackDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.delete_model.handle_monitor_delete_stack',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand All @@ -167,7 +168,7 @@ export class DeleteModelStateMachine extends Construct {
queueName: 'DeleteFromDdbDLQ',
enforceSSL: true,
}),
runtime: Runtime.PYTHON_3_10,
runtime: getDefaultRuntime(),
handler: 'models.state_machine.delete_model.handle_delete_from_ddb',
code: Code.fromAsset('./lambda'),
timeout: LAMBDA_TIMEOUT,
Expand Down
Loading

0 comments on commit bcf3cfe

Please sign in to comment.