serverless.yml

# !!! NOTICE: Modify config/config.yml to customize deployment
custom:
  config: ${file(config/config.yml)}

service: improveai-${self:custom.config.organization}-${self:custom.config.project}

plugins:
  - serverless-step-functions

provider:
  name: aws
  region: ${self:custom.config.aws_region}
  runtime: python3.8
  memorySize: 192
  timeout: 900
  ecr:
    images:
      ingest:
        path: ./src/ingest/
      trainer:
        path: ./src/trainer/
        # added for macOS <-> AWS build compatibility
        platform: linux/amd64
        # figure out how to handle --secrets
  iam:
    role:
      statements:
        - Effect: Allow
          Action:
            - "firehose:*"
          Resource: { Fn::GetAtt: [Firehose, Arn] }
        - Effect: Allow
          Action:
            - "sagemaker:*"
          Resource: '*'
        - Effect: Allow
          Action:
            - "iam:PassRole"
          Resource: { Fn::GetAtt: [ SagemakerExecutionRole, Arn ] }
        - Effect: Allow
          Action:
            - 's3:*'
          Resource: "arn:aws:s3:::${self:service}-${opt:stage, self:provider.stage}-**"
  environment:
    SERVICE: ${self:service}
    STAGE: ${opt:stage, self:provider.stage}
    FIREHOSE_BUCKET: !Ref FirehoseS3Bucket
    TRAIN_BUCKET: !Ref TrainS3Bucket
    MODELS_BUCKET: !Ref ModelsS3Bucket

package:
  patterns:
    - '!./**'
    - src/**
    - config/**

functions:
  track:
    description: Decision & Reward Tracker HTTPS API
    timeout: 6
    handler: src/track/http_api.track
    runtime: nodejs14.x
    url:
      cors: true
    environment:
      FIREHOSE_DELIVERY_STREAM_NAME: !Ref Firehose
  ingestFirehose: # if renamed, FirehoseBucket event notifications must be manually deleted
    description: Ingest New Firehose File to Train Bucket
    memorySize: 512
    image:
      name: ingest
    events:
      - s3:
          bucket: !Ref FirehoseS3Bucket
          existing: true # created in resources
          event: s3:ObjectCreated:*
  filterPartitionsToGroom:
    description: Filter Groups of Rewarded Decision .parquet S3 Keys to Groom
    image:
      name: ingest
      command:
        - groom.filter_handler
  groomPartitions:
    description: Merge Rewarded Decision Partitions
    memorySize: 1024
    image:
      name: ingest
      command:
        - groom.groom_handler
  dispatchTrainingJob:
    description: Dispatch Decision Model Training Jobs
    timeout: 30
    handler: src/train/dispatch_job.lambda_handler
    environment:
      TRAINING_ROLE_ARN: { Fn::GetAtt: [ SagemakerExecutionRole, Arn ] }
      SERVICE_NAME: ${self:service}
      # ECR repo into which the trainer image was pushed
      REPOSITORY_NAME: serverless-${self:service}-${opt:stage, self:provider.stage}
      # trainer image tag
      IMAGE_TAG: trainer
  unpackModels:
    handler: src/train/unpack_models.unpack
    events:
      - s3:
          bucket: !Ref TrainS3Bucket
          existing: true # created in resources
          event: s3:ObjectCreated:*
          rules:
            - prefix: train_output/models/
            - suffix: model.tar.gz

  forceDockerPushTrainer: # Serverless wants the image to be used to deploy it
    description: Force Serverless to Push Docker Trainer Image to ECR
    image:
      name: trainer

stepFunctions:
  stateMachines:
    GroomThenTrain:
      name: ${self:service}-${opt:stage, self:provider.stage}-GroomThenTrainStateMachine
      events: ${file(src/predeploy.js):trainingScheduleEvents}
      definition:
        StartAt: FilterPartitionsToGroom
        States:
          FilterPartitionsToGroom:
            Type: Task
            Resource:
              Fn::GetAtt: [filterPartitionsToGroom, Arn]
            ResultPath: $.filter
            Next: HasGroups
          HasGroups:
            Type: Choice
            Choices:
              - Variable: $.filter.groom_groups[0]
                IsPresent: true
                Next: GroomMap
            Default: Train
          GroomMap:
            Type: Map
            MaxConcurrency: 64
            ItemsPath: $.filter.groom_groups
            Parameters:
              model_name.$: $.model_name
              s3_keys.$: $$.Map.Item.Value
            Iterator:
              StartAt: GroomTask
              States:
                GroomTask:
                  Type: Task
                  Resource:
                    Fn::GetAtt: [groomPartitions, Arn]
                  Catch:
                    - ErrorEquals:
                      - States.TaskFailed
                      Next: ErrorHandler
                      ResultPath: $.error
                  End: true
                ErrorHandler:
                  Type: Pass
                  End: true
            ResultPath: $.filter.groom_groups # clear filter.groom_groups with null result
            Next: FilterPartitionsToGroom # loop back to FilterPartitions
          Train:
            Type: Task
            Resource:
              Fn::GetAtt: [dispatchTrainingJob, Arn]
            End: true
#  validate: true
 
resources:
  Resources:
      FirehoseToS3Role:
        Type: AWS::IAM::Role
        Properties:
          RoleName: ${self:service}-${opt:stage, self:provider.stage}-FirehoseToS3Role
          AssumeRolePolicyDocument:
            Statement:
            - Effect: Allow
              Principal:
                Service:
                - firehose.amazonaws.com
              Action:
              - sts:AssumeRole
          Policies:
          - PolicyName: FirehoseToS3Policy
            PolicyDocument:
              Statement:
                - Effect: Allow
                  Action:
                  - s3:AbortMultipartUpload
                  - s3:GetBucketLocation
                  - s3:GetObject
                  - s3:ListBucket
                  - s3:ListBucketMultipartUploads
                  - s3:PutObject
                  Resource: "arn:aws:s3:::${self:service}-${opt:stage, self:provider.stage}-**"
      SagemakerExecutionRole:
        Type: AWS::IAM::Role
        Properties:
          RoleName: ${self:service}-${opt:stage, self:provider.stage}-SagemakerExecutionRole
          AssumeRolePolicyDocument:
            Statement:
            - Effect: Allow
              Principal:
                Service:
                - sagemaker.amazonaws.com
              Action:
              - sts:AssumeRole
          ManagedPolicyArns:
          - arn:aws:iam::aws:policy/AmazonSageMakerFullAccess
          Policies:
          - PolicyName: SagemakerExecutionPolicy
            PolicyDocument:
              Statement:
                - Effect: Allow
                  Action:
                  - 's3:GetObject'
                  - 's3:GetBucketLocation'
                  - 's3:DeleteObject'
                  - 's3:ListBucket'
                  - 's3:PutObject'
                  Resource: "arn:aws:s3:::${self:service}-${opt:stage, self:provider.stage}-**"
      FirehoseS3Bucket:
        Type: AWS::S3::Bucket
        DeletionPolicy: Retain
        Properties:
          BucketName: ${self:service}-${opt:stage, self:provider.stage}-firehose
          IntelligentTieringConfigurations:
            - Id: '${self:service}-${opt:stage, self:provider.stage}-FirehoseIntelligentTiering'
              Status: Enabled
              Tierings: # After 30 days intelligent tiering automatically moves to infrequent access tier
                - AccessTier: ARCHIVE_ACCESS
                  Days: 90
                - AccessTier: DEEP_ARCHIVE_ACCESS
                  Days: 180
      Firehose:
        Type: AWS::KinesisFirehose::DeliveryStream
        Properties:
          DeliveryStreamName: ${self:service}-${opt:stage, self:provider.stage}-firehose
          S3DestinationConfiguration:
            BucketARN:
              Fn::Join:
              - ''
              - - 'arn:aws:s3:::'
                - Ref: FirehoseS3Bucket
            BufferingHints:
              IntervalInSeconds: 900 # max value is 900
              SizeInMBs: 128 # max value is 128.
            CompressionFormat: "GZIP"
            RoleARN: { Fn::GetAtt: [ FirehoseToS3Role, Arn ] }
      TrainS3Bucket:
        Type: AWS::S3::Bucket
        DeletionPolicy: Retain
        Properties:
          BucketName: ${self:service}-${opt:stage, self:provider.stage}-train
      ModelsS3Bucket:
        Type: AWS::S3::Bucket
        DeletionPolicy: Retain
        Properties:
          BucketName: ${self:service}-${opt:stage, self:provider.stage}-models