Step 2: Configure Single Tenant

Important

If you chose false for CreateDnsEntries while creating the root stack, please create DNS entries manually or by means of your own Cloudformation stack before setting up single tenant

There are two options for installing the single tenant stack

  • Install the complete service - mlflow tracking, mlflow projects, mlflow models and the model registry
  • Install the service without compute capabilities, i.e. no mlflow projects

Single Tenant with Compute

In this step, an InfinStor account named 'root' will be created. Data Scientist users can be created and managed by this root user.

  • In your AWS Console, go to CloudFormation and choose create stack
  • Use Amazon S3 URL for template source. The URL is:
https://s3.amazonaws.com/infinstorcft/2.2.10/single-tenant.yaml

While specifying stack details, choose the following:

  • stack name - single-tenant in the example below
  • Parameter MlflowArtifactsBucketParameter: this bucket will be created and used for storage of all artifacts for all users
  • Parameter RootUserEmail: This is the email address of the root user

Be sure to tick the 'IAM Resources with Custom Names' checkbox while clicking through the Stack Options page.

Single Tenant without Compute

If you do not want to use the MLflow projects capability, i.e. the ability to run MLflow projects remotely, then you can perform the installation shown below. This setup results in the creation of an IAM role for the InfinStor service that does not have EC2 permissions

  • In your AWS Console, go to CloudFormation and choose create stack
  • Use Amazon S3 URL for template source. The URL is:
https://s3.amazonaws.com/infinstorcft/2.2.10/single-tenant-no-compute.yaml

While specifying stack details, choose the following:

  • stack name - single-tenant in the example below
  • Parameter RootUserEmail: This is the email address of the root user
  • Parameter MlflowArtifactsBucketParameter: this bucket will be created and used for storage of all artifacts for all users

Permissions Boundary Options

If your enterprise requires a permissions boundary to be applied to every IAM role created, you may specify that permissions boundary in this step. Choose false and enter the BoundaryPolicyARN

Be sure to tick the 'IAM Resources with Custom Names' checkbox while clicking through the Stack Options page.