From cc4d590be64514419e4bd2b92dff8eec4a3dad98 Mon Sep 17 00:00:00 2001 From: Tim Nguyen Date: Mon, 7 Jun 2021 18:08:24 -0400 Subject: [PATCH] fix: Allow sagemaker to have the proper IAM permission to autostop itself (#515) --- .../service-catalog/sagemaker-notebook-instance.cfn.yml | 7 ++++++- main/solution/backend/config/infra/functions.yml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml b/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml index 1ad5d7d950..f5d85fc1e7 100644 --- a/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml +++ b/addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog/sagemaker-notebook-instance.cfn.yml @@ -73,6 +73,11 @@ Resources: Action: - 'sts:AssumeRole' Resource: 'arn:aws:iam::*:role/swb-*' + - Effect: Allow + Action: + - sagemaker:DescribeNotebookInstance + - sagemaker:StopNotebookInstance + Resource: '*' IAMRole: Type: 'AWS::IAM::Role' Properties: @@ -175,7 +180,7 @@ Resources: chmod a+x /usr/local/bin/autostop.py IDLE_TIME=`expr ${AutoStopIdleTimeInMinutes} \* 60` echo "Starting the SageMaker autostop script in cron" - (crontab -l 2>/dev/null; echo "5 * * * * /usr/bin/python /usr/local/bin/autostop.py --time $IDLE_TIME --ignore-connections") | crontab - + (crontab -l 2>/dev/null; echo "*/1 * * * * /usr/bin/python /usr/local/bin/autostop.py --time $IDLE_TIME --ignore-connections >> /var/log/autostop.log") | crontab - fi Outputs: diff --git a/main/solution/backend/config/infra/functions.yml b/main/solution/backend/config/infra/functions.yml index 4e008e862c..57ee15522d 100644 --- a/main/solution/backend/config/infra/functions.yml +++ b/main/solution/backend/config/infra/functions.yml @@ -33,7 +33,7 @@ envStatusPollHandler: description: Handles status polling for sc environments events: - schedule: - rate: rate(3 minutes) + rate: rate(1 minute) description: 'Invokes the lambda function that polls and synchronize environment status.' environment: APP_CUSTOM_USER_AGENT: ${self:custom.settings.customUserAgent}