SageMaker Studio: Export EFS interface object not just EFS ID

byongwu commented 1 year ago

Describe the feature

Currently, sagemaker.CfnDomain() does not accept external EFS file system as input.
All the CfnDomain() calls will create its own EFS file system.
CfnDomain provides attrHomeEfsFileSystemId.
The problem with this EFS ID is that this is a CDK token instead of the real EFS ID.
Therefore, if we use the following import to use the EFS FS, like this, it will fail.

    const sg = ec2.SecurityGroup.fromLookupById(
      this,
      prefix + "-SG-EFS",
      "sg-abcdef"
    );
    const efs_fs = efs.FileSystem.fromFileSystemAttributes(
      this,
      prefix + "-EFS-FS",
      { securityGroup: sg, fileSystemId: cfnDomain.attrHomeEfsFileSystemId }
    );

Therefore, it would be really appreciated if CfnDomain provides the actual EFS interface object (efs.IFileSystem) instead of the EFS ID.
The only workaround is to create a separate CDK stack to import the EFS FS.

Use Case

When the customer needs to mount an EFS FS created from SageMaker Studio to figure out how much space each users are using.

Proposed Solution

The new CfnDomain provides the actual EFS interface object (efs.IFileSystem) instead of the EFS ID.

Other Information

No response

Acknowledgements

[X] I may be able to implement this feature request
[ ] This feature might incur a breaking change

CDK version used

2.77.0

Environment details (OS name and version, etc.)

MacOS (13.3.1 (a) (22E772610a))

pahud commented 1 year ago

attrHomeEfsFileSystemId is actually a attribute from the CfnDomain resource in the return values of AWS::SageMaker::Domain. This means we don't know that value until the resource is provisioned.

In your provided code:

const efs_fs = efs.FileSystem.fromFileSystemAttributes( this, prefix + "-EFS-FS", { 
    securityGroup: sg, 
    fileSystemId: cfnDomain.attrHomeEfsFileSystemId, 
});

fromFileSystemAttributes() requires the fileSystemId as string not Token while cfnDomain.attrHomeEfsFileSystemId in your case is actually a Token, which means it will not resolve unless deployed.

I am afraid we probably can't get efs. IFileSystem from CfnDomain as it seems to provision the EFS volume under the hood and only return the filesystem ID.

What would you like to do in CDK with the imported efsFilesystem though?

pahud commented 1 year ago

I just tried this in my account with CDK in TS and it works for me.

    const vpc = getDefaultVpc(this);

    const domain = new sagemaker.CfnDomain(this, 'Domain', {
      vpcId: vpc.vpcId,
      authMode: 'IAM',
      domainName: 'demo-domain',
      subnetIds: vpc.privateSubnets.map(s => s.subnetId),
      defaultUserSettings: {
        executionRole: new iam.Role(this, 'ExeRole', {
          assumedBy: new iam.ServicePrincipal('sagemaker.amazonaws.com'),
        }).roleArn,
      },
    });

    const importedEfsFilesystem = efs.FileSystem.fromFileSystemAttributes(this, 'ImportedEFS', {
      fileSystemId: domain.attrHomeEfsFileSystemId,
      securityGroup: ec2.SecurityGroup.fromLookupById(this, 'SG', 'sg-063c556be7f258021'),
    });

Is this something you want?

aws / aws-cdk