search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.11k stars 56 forks source link

[Resource Type] - [BUG] - SageMaker Domain Default User Settings "Hidden App Types" is broken and incomplete for MLFlow #2129

Open ericpapaluca opened 1 month ago

ericpapaluca commented 1 month ago

Name of the resource

AWS::SageMaker::Domain

Resource Name

No response

Issue Description

Deploying a SageMaker Domain via CDK/CFN and trying to use the Default User Settings "Hidden App Types" to hide various app types is poorly documented, broken, and missing coverage for ML Flow.

Given some example CDK:

const domain = new CfnDomain(this, 'Domain', {
            appNetworkAccessType: 'VpcOnly',
            authMode: 'IAM',
            defaultUserSettings: {
                executionRole: executionRole.roleArn,
                studioWebPortal: 'ENABLED',
                defaultLandingUri: 'studio::',
                ....
                    hiddenAppTypes: [
                        'JupyterServer',                 // "Studio Classic" in console
                        // 'KernelGateway',              // BREAKS deployment
                        'DetailedProfiler',              // Hides nothing in console
                        'TensorBoard',                   // Hides nothing in console
                        'RStudioServerPro',              // "RStudio" in console
                        // 'RSessionGateway',            // BREAKS deployment
                        'CodeEditor',                    // "Code Editor" in console
                        'JupyterLab',                    // "JupyterLab" in console
                        'Canvas',                        // "Canvas" in console
                    ],
                },
            },
            domainName: 'myDomain',
           ...
        });

the hiddenAppTypes property is not consistently behaving and resulting in either no result, or cloudformation breaking.

Furthermore, there is no documentation of the hidden app type strings within the typescript CDK or in the documentation here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sagemaker-domain-studiowebportalsettings.html#cfn-sagemaker-domain-studiowebportalsettings-hiddenapptypes

I was only able to find some of the strings via the CLI JSON example here: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sagemaker/create-domain.html

Additionally, there is no string implemented in order to disable the MLFlow app.

Expected Behavior

String values for hiddenAppType cover all available SageMaker Apps and disable them accordingly upon domain deployment

Observed Behavior

#/DefaultUserSettings/StudioWebPortalSettings/HiddenAppTypes/4: #: only 1 subschema matches out of 2
#/DefaultUserSettings/StudioWebPortalSettings/HiddenAppTypes/4: failed validation constraint for keyword [enum]

When using those marked // BREAKS deployment above.

Test Cases

Use the following HiddenAppTypes when deploying a domain:

 hiddenAppTypes: [
                        'KernelGateway',              // BREAKS deployment
                         'RSessionGateway',            // BREAKS deployment
                    ],

Other Details

No response

mbeldo commented 1 month ago

having a similar issue