Skip to content

2. Configure Single Tenant

Important

If you chose false for CreateDnsEntries while creating the root stack, please create DNS entries manually or by means of your own Cloudformation stack before setting up single tenant

2.1 Single Tenant

The Single Tenant stack initializes the InfinStor MLflow instance into a single tenant instance.

  • In your AWS Console, go to CloudFormation and choose create stack
  • Use Amazon S3 URL for template source. Specify the build number that matches the build that was provided to you in the URL below. The URL is:
https://s3.amazonaws.com/infinstorcft/a.b.cc/single-tenant-no-compute.yaml

While specifying stack details, choose the following:

  • stack name - single-tenant in the example below

2.1.1 General Options

  • MlflowArtifactsBucketParameter: Specify the default location where MLflow artifacts will be stored. Usually a s3 location. The destination for artifacts can be overridden at the time of experiment creation

  • Should the stack created by this CFT support the concept of Projects: The concept of Projects is a way to classify experiments and models into projects

  • EnableAuthorization: Should the MLflow implementation support authorization for experiments and models

2.1.2 Admin User Options

  • CreateRootUserInCognito: This CFT can optionally create a user named root in the Cognito's local database. This user is the administrator for this instance of the InfinStor service

  • RootUserEmail: If CreateRootUserInCongito is true, then this parameter should contain the email address of the root user

  • UseThisUserAsAdmin: As an alternative to creating a root user in Cognito, InfinStor can treat the specified user as admin. The account specified in this is usually a Non Person Account or a Service Account

Standalone Cognito User Pool:

If the user management architecture is Standalone Cognito User Pool then CreateRootUserInCognito must be true, and RootUserEmail must be specified

Cognito User Pool with Federation:

If the user management architecture is Congito User Pool with Federation, it is possible to designate a specific user in the corporate directory as the admin for InfinStor MLflow and not create a root user in Cognito.

Direct Azure Active Directory Auth:

If the user management architecture is Direct Azure Active Directory Auth, please set CreateRootUserInCognito to false, leave RootUserEmail empty and set the UseThisUserAsAdmin option to the Azure Active Directory user who will be considered as admin in InfinStor MLflow.

2.1.3 Permissions Boundary Options

If your enterprise requires a permissions boundary to be applied to every IAM role created, you may specify that permissions boundary in this step. Choose false and enter the BoundaryPolicyARN

2.1.4 Other parameters

  • UsePresignedUrlForInfinSnap: This is part of InfinStor Access Control. If you set this option, then access to InfinSnap enabled buckets will be managed using experiment authorization and users do not need separate AWS access keys
  • UsePresignedUrlForMLflow This is part of InfinStor Access Control. If you set this option, then access to MLflow artifact buckets will be managed using experiment authorization and users do not need separate AWS access keys
  • enableDDBPointInTimeRecov If you set this option, any dynamodb table created by InfinStor will have point in time recovery enabled

  • enableDefaultBucketAuth This is part of InfinStor Access Control. If you set this option, then access to default MLflow artifact bucket will be managed using experiment authorization and users do not need separate AWS access keys

  • enableDefaultBucketVersioning If you set this option, object versioning will be turned on for the default artifacts bucket that InfinStor MLflow creates

Be sure to tick the 'IAM Resources with Custom Names' checkbox while clicking through the Stack Options page.

2.2 Download Single SPA MLFlow UI Microfrontend

To access and locally install the Microfrontend (MFE) for MLFlow UI, based on Single SPA, follow the steps below

  • download https://<mlflowui subdomain>.<infinstor platform domain>/mlflowui-ss/static-files/mlflowui-ss.tar.gz
    • for example: https://mlflowui.infinstor.com/mlflowui-ss/static-files/mlflowui-ss.tar.gz
  • download https://<mlflowui subdomain>.<infinstor platform domain>/mlflowui-ss/static-files/serviceconfig.js
    • for example: https://mlflowui.infinstor.com/mlflowui-ss/static-files/serviceconfig.js
  • mkdir <document root of target web server>/static-files
    • under the document root of the target webserver, where the single spa build will be installed, create a directory static-files
  • cd <document root of target web server>/static-files
    • cd to the static-files directory created above
  • tar xvzf <path to downloaded mlflowui-ss.tar.gz>
    • extract the tar file contents inside <document root of target web server>/static-files directory
  • cp <path to downloaded serviceconfig.js> .
    • copy serviceconfig.js to <document root of target web server>/static-files directory
  • integrate MLFlow UI MFE with your Single SPA root application using bundle.js located in <document root of target web server>/static-files directory.