Step 1: Install Root Stack

The following is a step by step guide to installing the InfinStor service in your own AWS account.

InfinStor root stack

  • In your AWS Console, go to CloudFormation and choose create stack
  • Use Amazon S3 URL for template source. The URL is:
https://s3.amazonaws.com/infinstorcft/2.3.72/infinstor.yaml

Here is a detailed explanation of the parameters:

Options

Cognito User Pool Options

  • CreateCognito: Specify whether this instance should create its own Cognito user pool, or use a pre-created cognito user pool. Pre-created Cognito user pools must be created using another CloudFormation template, which must export the following outputs:
    • CognitoUserPoolId Id of the externally created cognito user pool
    • CliClientId Id of the CLI client in the externally created cognito user pool
    • JupyterhubClientId Id of the Jupyterhub client in the externally created cognito user pool
    • MlflowuiClientId Id of the Mlflow UI client in the externally created cognito user pool
    • WebClientId Id of the Web UI client(dashboard) in the externally created cognito user pool
  • IsExternalAuth: Specify whether this instance will federate authentication to an external authentication system such as Azure Active Directory or Google Oauth. Note that InfinStor uses cognito as the core authentication service. This setting is independent of the previous setting CreateCognito. In other words, whether this instance of the service uses a pre-created Cognito user pool or it creates its own Cognito user pool, this setting must be set to true if external authentications is going to be used.
    • if set to False, Cognito will be used to securely store user information such as user id, user name, user password etc.
    • If set to True, Cognito will be configured to federate authentication to an exernal idenity provider using protocols such as SAML, OpenID Connect etc.

Specify Domain and Customize Hostnames

  • InfinStor Domain: Specify the domain where the Infinstor service will be installed. e.g. yourcompany.com or infinstor.yourcompany.com or others. InfinStor uses five hostnames in this domain. By default they are api, mlflow, mlflowui, mlflowstatic and service. These endpoint names can be customized as described in the following parameters. Without any customization, if Infinstor Domain is set to infinstor.yourcompany.com, then Infinstor CloudFormation Template (CFT) will create the following DNS entries automatically or will expect them to be created manually.
    • api.infinstor.yourcompany.com
    • mlflow.infinstor.yourcompany.com
    • mlflowui.infinstor.yourcompany.com
    • mlflowstatic.infinstor.yourcompany.com
    • service.infinstor.yourcompany.com
  • mlflowDnsName: This is the hostname of the REST endpoint for the MLflow service. It is set in the Data Scientists' environment variable MLFLOW_TRACKING_URI. For example, if InfinStor Domain is set to infinstor.yourcompany.com and mlflowDnsName is customized to mlflowrest, then the environment variable MLFLOW_TRACKING_URI must be set to infinstor://mlflowrest.infinstor.yourcompany.com/
  • mlflowuiDnsName: This is the hostname of the standalone MLflow UI. For example, if InfinStor Domain is set to infinstor.yourcompany.com and mlflowuiDnsName is not customized, i.e. it is set to the default of mlflowui, then the URL for accessing the MLflow user interface is https://mlflowui.infinstor.yourcompany.com/
  • mlflowstaticDnsName: This is the hostname of the endpoint where mlflow static files are served
  • apiDnsName: This is the hostname of the REST endpoint where InfinStor Dashboard REST APIs are served
  • serviceDnsName: This is the hostname of the standalone InfinStor Dashboard UI. For example, if InfinStor Domain is set to infinstor.yourcompany.com and serviceDnsName is not customized, i.e. it is set to the default of service, then the URL for accessing the InfinStor Dashboard user interface is https://service.infinstor.yourcompany.com/

Certificate Creation Options

  • CreateCertificates: true or false. This parameter determines whether InfinStor CFT will automatically create certifictes or not.
    • If you set this to true, Infinstor CFT automatically creates a certificate in your AWS account for each of the subdomains (under Infinstor Domain) specified above.
    • If you set this to false, you must have a wildcard certificate ready and provide it in the next parameter.
  • Enter the ARN of a pre-existing wildcard certificate located in the region where stack is being installed: This setting is only valid if CreateCertificates is set to false. Specify the ARN of a wildcard certificate in the region where this stack is being installed. If CreateCertificates is true this can be blank.
  • Enter the ARN of a pre-existing wildcard certificate located in us-east-1: This setting is only valid if CreateCertificates is set to false. Specify the ARN of a wildcard certificate in the us-east-1 region. If CreateCertificates is true this can be blank.

DNS Entry Creation Options

  • CreateDnsEntries: true or false.
    • If you want InfinStor CFTs to automatically create the required DNS entries (see above for the entries), set this to True. If set to True, Route53HostedZoneId below must also be set.
    • If you will create the needed DNS entries manually (instead of Infinstor CFT automatically creating the above DNS entries for you), set this to False
  • Route53HostedZoneId: DNS Zone ID in Route 53 for the Infinstor Domain specified above, where InfinStor is to be installed.
    • If CreateDnsEntries is false, this parameter can be blank. But you will have to create the subdomains above manually using your DNS management tool.
    • If CreateDnsEntries above is true, Infinstor CFT will attempt to create the above subdomains under Infinstor Domain.

Permissions Boundary Options

  • UseBoundaryPolicy: true or false. If your corporate policy requires you to set a boundary policy, set this to true and enter the boundary policy ARN in the BoundaryPolicyARN item below
  • BoundaryPolicyARN: If the above configuration item UseBoundaryPolicy is set to true, then this config item is required and must have the ARN of the boundary policy to use

Be sure to tick the 'IAM Resources with Custom Names' and 'CAPABILITY_AUTO_EXPAND' checkboxes while clicking through the Stack Options page.