feat(examples): added ec2 image builder example #292
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
horsmand
force-pushed
the
ib-example
branch
2 times, most recently
from
464a674 to
95694b3
Compare
horsmand
commented
Feb 9, 2021
ddneilson
suggested changes
Feb 12, 2021
| @@ -0,0 +1,60 @@ | |||
| # RFDK Sample Application - EC2 Image Builder | |||
|
|
|||
| Keeping software updated on custom AMIs can be a pain if you're creating them manually. The EC2 Image Builder service has matured to the point that it is a viable option for automating the process. While the support in CloudFormation and CDK is still a bit lacking, it is usable and can be worked into an RFDK app to build the required AMIs for the worker fleet on the fly. | |||
There was a problem hiding this comment.
I'd avoid the value/judgement wording.
Suggested change
| Keeping software updated on custom AMIs can be a pain if you're creating them manually. The EC2 Image Builder service has matured to the point that it is a viable option for automating the process. While the support in CloudFormation and CDK is still a bit lacking, it is usable and can be worked into an RFDK app to build the required AMIs for the worker fleet on the fly. | |
| Keeping software updated on custom AMIs can be a pain if you're creating them manually. The EC2 Image Builder service is an option for automating the process. The CDK constructs for Image Builder can be worked into an RFDK app to build the required AMIs for the worker fleet on the fly. |
|
|
||
| This construct creates all the infrastructure required by Image Builder to install Deadline onto an existing AMI and then create a WorkerInstanceFleet that uses it. The configuration for the image creation is as simple as providing the Deadline version, ID of the parent AMI, and the OS. An image version also needs to be supplied. One strategy to use with versioning your image is to start with version `1.0.0` and bump the version if you need to change any of the input parameters, such as changin the parent AMI or Deadline version. Images for different OSes can be versioned separately. | ||
|
|
||
| CDK does not have L2 constructs for Image Builder yet, so we are using the L1 constructs. The documentation for these in CDK is sparse, so referring to the [AWS CloudFormation user guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ImageBuilder.html) will provide more details. |
There was a problem hiding this comment.
I'd suggest linking to https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib here, if you're going to talk about L1 vs L2 constructs. I wouldn't expect most readers to be familiar with the distinction.
| If you would like to upgrade the version of Deadline your worker fleet is using, you will need to bump the image version to a value such as `1.0.1` along with changing the Deadline version. Since the worker fleet is backed by an autoscaling group, the new image will get built and the autoscaling group's launch configuration will get updated; however, this doesn't replace existing instances, it will only affect new ones that get deployed. To have current workers get replaced with the new version, you have a few options: | ||
|
|
||
| 1. Set your `desiredCapacity` and `minCapacity` on the worker fleet to `0` before you perform the redeployment that will create your new AMI, and then do a follow up deployment with these fields set to their previous values (or removed). | ||
| 1. Manually terminate the worker instances from the console before performing your redeployment. |
There was a problem hiding this comment.
Suggested change
| 1. Manually terminate the worker instances from the console before performing your redeployment. | |
| 1. Manually terminate the worker instances from the console after performing your redeployment. |
??
There was a problem hiding this comment.
I did mean "before" but I see how it's confusing. I clarified a bit.
|
|
||
| #### AMI Storage | ||
|
|
||
| When performing an update to or deletion of the DeadlineImage constuct, any AMI that was created by a previous deployment of the construct will not be deleted. They are still available in EC2 and can be seen under `Images > AMIs` in the EC2 console or in the `My AMIs` section of the Launch instance wizard. You can continue to use them like any other AMI, or deregister them if you no longer require them. The cost of storing these AMIs depends on the size of the disk you took a snapshot of to create them, for EBS-backed AMIs you can find snapshot costs on their [EBS pricing page](https://aws.amazon.com/ebs/pricing/). For S3-backed AMI's, you'll pay for the storage fees of the data that needs to be stored based on (S3 pricing)[https://aws.amazon.com/s3/pricing/], whether you have an instance running or not. |
There was a problem hiding this comment.
Suggested change
| When performing an update to or deletion of the DeadlineImage constuct, any AMI that was created by a previous deployment of the construct will not be deleted. They are still available in EC2 and can be seen under `Images > AMIs` in the EC2 console or in the `My AMIs` section of the Launch instance wizard. You can continue to use them like any other AMI, or deregister them if you no longer require them. The cost of storing these AMIs depends on the size of the disk you took a snapshot of to create them, for EBS-backed AMIs you can find snapshot costs on their [EBS pricing page](https://aws.amazon.com/ebs/pricing/). For S3-backed AMI's, you'll pay for the storage fees of the data that needs to be stored based on (S3 pricing)[https://aws.amazon.com/s3/pricing/], whether you have an instance running or not. | |
| When performing an update to, or deletion of, the DeadlineImage constuct, any AMI that was created by a previous deployment of the construct will not be deleted. They are still available in EC2 and can be seen under `Images > AMIs` in the EC2 console or in the `My AMIs` section of the Launch instance wizard. You can continue to use them like any other AMI, or deregister them if you no longer require them. The cost of storing these AMIs depends on the size of the disk you took a snapshot of to create them, for EBS-backed AMIs you can find snapshot costs on their [EBS pricing page](https://aws.amazon.com/ebs/pricing/). For S3-backed AMI's, you'll pay for the storage fees of the data that needs to be stored based on (S3 pricing)[https://aws.amazon.com/s3/pricing/], whether you have an instance running or not. |
|
|
||
| At this point in time, we do not provide Amazon-managed Deadline components for you to consume, so if you do choose to go this route, you would need to create a new version of | ||
| your Deadline component for each release of Deadline, but you may decide this is worthwhile, depending on how many image variations you use for your workers. The management of | ||
| EC2 Image Builder pipelines with CDK isn't very well developed yet, so if you do decide to create one, the AWS Console is recommended. |
There was a problem hiding this comment.
Suggested change
| EC2 Image Builder pipelines with CDK isn't very well developed yet, so if you do decide to create one, the AWS Console is recommended. | |
| EC2 Image Builder pipelines with CDK is not developed at this time, so if you do decide to create one, the AWS Console is recommended. |
| 'ssmmessages:OpenControlChannel', | ||
| 'ssmmessages:OpenDataChannel', | ||
| ], | ||
| resources=['*'], |
There was a problem hiding this comment.
Hmm. Could these permissions be restricted any more than just '*' ?
e.g. the s3 permissions scoped to a particular bucket, or bucket prefix? ( I think these are for the Deadline installer?)
There was a problem hiding this comment.
I'm not sure why I didn't use the Amazon managed policies to begin with. I switched to those and added the S3 permissions specifically for our bucket the installers are in.
yashda
suggested changes
Feb 12, 2021
examples/deadline/EC2-Image-Builder/components/deadline-linux.component.template
Outdated
Show resolved
Hide resolved
examples/deadline/EC2-Image-Builder/components/deadline-windows.component.template
Show resolved
Hide resolved
examples/deadline/EC2-Image-Builder/components/deadline-windows.component.template
Show resolved
Hide resolved
examples/deadline/EC2-Image-Builder/python/package/lib/deadline_image.py
Outdated
Show resolved
Hide resolved
yashda
reviewed
Feb 18, 2021
examples/deadline/EC2-Image-Builder/components/deadline-windows.component.template
Outdated
Show resolved
Hide resolved
examples/deadline/EC2-Image-Builder/components/deadline-windows.component.template
Outdated
Show resolved
Hide resolved
examples/deadline/EC2-Image-Builder/ts/lib/deadline-machine-image.ts
Outdated
Show resolved
Hide resolved
yashda
previously approved these changes
Feb 25, 2021
|
My latest push updated the version of RFDK and CDK but there were no functional changes. |
jericht
requested changes
Mar 4, 2021
examples/deadline/EC2-Image-Builder/python/package/lib/base_farm_stack.py
Show resolved
Hide resolved
examples/deadline/EC2-Image-Builder/ts/lib/deadline-machine-image.ts
Outdated
Show resolved
Hide resolved
examples/deadline/EC2-Image-Builder/python/package/lib/deadline_machine_image.py
Outdated
Show resolved
Hide resolved
examples/deadline/EC2-Image-Builder/ts/lib/deadline-machine-image.ts
Outdated
Show resolved
Hide resolved
jericht
approved these changes
Mar 10, 2021
ddneilson
approved these changes
Mar 12, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #304
The apps in both languages have been deployed successfully.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license