#11882 Create AWS Policy and service subdomain for the AI/ML SIG
Closed: Fixed with Explanation a month ago by kevin. Opened a month ago by bstinson.

Describe what you would like us to do:

We'd like to host a couple of services in EC2 to experiment with building python packages and hosting them in an index. Can we create an AWS policy for tagging these resources?

I'd also like a subdomain with a proper TLS certificate to host a publicly facing download location:
pyai.fedoraproject.org, or pyai.fedorainfracloud.org, something like that.

When do you need this to be done by? (YYYY/MM/DD)

As soon as reasonable

/cc @mattdm @kevin

I endorse this request. I think probably "pyai.fedorainfracloud.org" is okay for experimenting, but assuming this experiment goes well, I'd love to have it more official as "pyai.fedoraproject.org".

@bstinson "As soon as reasonable" might mean different things to different people. As I understand it, there are people ready and itching to go on this project...

Metadata Update from @phsmoura:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble, ops

a month ago

So, to clarify, you want a aws group for this?

Does the group need only web console, or do you need cli access as well?

Do you need just ec2? or other services?

The "download location" you just need dns pointed to your resource/instance? Or do you also need space and such?
If you aren't running that part of it, we could just make you a dl.fedoraproject.org/pub/alt/<groupname> space? (that would also be mirrored by any sites that mirror alt)

Web console, and cli access.

We plan on deploying some http shares on ec2 + block storage to serve python package indexes directly and eventually deploying https://devpi.net

ok. EBS is kinda of difficult with our permission model... it requires making the volume and adding it to your policy.

Is 'pyai' an ok name for this? if so, then the group would be 'aws-pyai'.

I will need a freeze break it turns out because I have to add the SAML2 mapping to our auth server thats frozen. I'll put in for that now with the 'aws-pyai' name...

aws-pyai looks perfect


Metadata Update from @kevin:
- Issue assigned to kevin

a month ago

ok, sorry for the delay here.

I have created the aws-pyai group, you are in it and a manager of it.
You should be able to reach the console via the saml2 link in https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/

The cli/user access is in a file in your homedir on batcave01 called 'pyai'

Please let us know if you need anything further on it...

Do make sure to tag any instances with 'FedoraGroup' 'pyai'

Metadata Update from @kevin:
- Issue close_status updated to: Fixed with Explanation
- Issue status updated to: Closed (was: Open)

a month ago

Login to comment on this ticket.

Boards 1
ops Status: Backlog