Developer Tools

So as mentioned in my [other recent post](https://repost.aws/questions/QUAL9Vn9abQ6KKCs2ASwwmzg/adjusting-sagemaker-xgboost-project-to-tensorflow-or-even-just-different-folder-name), I'm trying to modify the sagemaker example abalone xgboost template to use tensorfow. My current problem is that running the pipeline I get a failure and in the logs I see: ``` ModuleNotFoundError: No module named 'transformers' ``` Now I have 'transformers' listed in various places as a dependency including: * `setup.py` - `required_packages = ["sagemaker==2.93.0", "sklearn", "transformers", "openpyxl"]` * `pipelines.egg-info/requires.txt` - `transformers` (auto-generated from setup.py? but so I'm keen to understand, how can I ensure that additional dependencies are available in the pipline itself? Many thanks in advance ------------ ------------ ------------ ADDITIONAL DETAILS ON HOW I ENCOUNTERED THE ERROR From one particular notebook (see [previous post](https://repost.aws/questions/QUAL9Vn9abQ6KKCs2ASwwmzg/adjusting-sagemaker-xgboost-project-to-tensorflow-or-even-just-different-folder-name) for more details) I have succesfully constructed the new topic/tensorflow pipeline and run the following steps: ``` pipeline.upsert(role_arn=role) execution = pipeline.start() execution.describe() ``` the `describe()` method gives this output: ``` {'PipelineArn': 'arn:aws:sagemaker:eu-west-1:398371982844:pipeline/topicpipeline-example', 'PipelineExecutionArn': 'arn:aws:sagemaker:eu-west-1:398371982844:pipeline/topicpipeline-example/execution/0aiczulkjoaw', 'PipelineExecutionDisplayName': 'execution-1664394415255', 'PipelineExecutionStatus': 'Executing', 'PipelineExperimentConfig': {'ExperimentName': 'topicpipeline-example', 'TrialName': '0aiczulkjoaw'}, 'CreationTime': datetime.datetime(2022, 9, 28, 19, 46, 55, 147000, tzinfo=tzlocal()), 'LastModifiedTime': datetime.datetime(2022, 9, 28, 19, 46, 55, 147000, tzinfo=tzlocal()), 'CreatedBy': {'UserProfileArn': 'arn:aws:sagemaker:eu-west-1:398371982844:user-profile/d-5qgy6ubxlbdq/sjoseph-reg-genome-com-273', 'UserProfileName': 'sjoseph-reg-genome-com-273', 'DomainId': 'd-5qgy6ubxlbdq'}, 'LastModifiedBy': {'UserProfileArn': 'arn:aws:sagemaker:eu-west-1:398371982844:user-profile/d-5qgy6ubxlbdq/sjoseph-reg-genome-com-273', 'UserProfileName': 'sjoseph-reg-genome-com-273', 'DomainId': 'd-5qgy6ubxlbdq'}, 'ResponseMetadata': {'RequestId': 'f949d6f4-1865-4a01-b7a2-a96c42304071', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': 'f949d6f4-1865-4a01-b7a2-a96c42304071', 'content-type': 'application/x-amz-json-1.1', 'content-length': '882', 'date': 'Wed, 28 Sep 2022 19:47:02 GMT'}, 'RetryAttempts': 0}} ``` Waiting for the execution I get: ``` --------------------------------------------------------------------------- WaiterError Traceback (most recent call last) <ipython-input-14-72be0c8b7085> in <module> ----> 1 execution.wait() /opt/conda/lib/python3.7/site-packages/sagemaker/workflow/pipeline.py in wait(self, delay, max_attempts) 581 waiter_id, model, self.sagemaker_session.sagemaker_client 582 ) --> 583 waiter.wait(PipelineExecutionArn=self.arn) 584 585 /opt/conda/lib/python3.7/site-packages/botocore/waiter.py in wait(self, **kwargs) 53 # method. 54 def wait(self, **kwargs): ---> 55 Waiter.wait(self, **kwargs) 56 57 wait.__doc__ = WaiterDocstring( /opt/conda/lib/python3.7/site-packages/botocore/waiter.py in wait(self, **kwargs) 376 name=self.name, 377 reason=reason, --> 378 last_response=response, 379 ) 380 if num_attempts >= max_attempts: WaiterError: Waiter PipelineExecutionComplete failed: Waiter encountered a terminal failure state: For expression "PipelineExecutionStatus" we matched expected path: "Failed" ``` Which I assume is corresponding to the failure I see in the logs:  I did also run `python setup.py build` to ensure my build directory was up to date ...lg...

I have sagemaker xgboost project template "build, train, deploy" working, but I'd like to modify if to use tensorflow instead of xgboost. First up I was just trying to change the `abalone` folder to `topic` to reflect the data we are working with. I was experimenting with trying to change the `topic/pipeline.py` file like so ``` image_uri = sagemaker.image_uris.retrieve( framework="tensorflow", region=region, version="1.0-1", py_version="py3", instance_type=training_instance_type, ) ``` i.e. just changing the framework name from "xgboost" to "tensorflow", but then when I run the following from a notebook: ``` from pipelines.topic.pipeline import get_pipeline pipeline = get_pipeline( region=region, role=role, default_bucket=default_bucket, model_package_group_name=model_package_group_name, pipeline_name=pipeline_name, ) ``` I get the following error ``` ValueError Traceback (most recent call last) <ipython-input-5-6343f00c3471> in <module> 7 default_bucket=default_bucket, 8 model_package_group_name=model_package_group_name, ----> 9 pipeline_name=pipeline_name, 10 ) ~/topic-models-no-monitoring-p-rboparx6tdeg/sagemaker-topic-models-no-monitoring-p-rboparx6tdeg-modelbuild/pipelines/topic/pipeline.py in get_pipeline(region, sagemaker_project_arn, role, default_bucket, model_package_group_name, pipeline_name, base_job_prefix, processing_instance_type, training_instance_type) 188 version="1.0-1", 189 py_version="py3", --> 190 instance_type=training_instance_type, 191 ) 192 tf_train = Estimator( /opt/conda/lib/python3.7/site-packages/sagemaker/workflow/utilities.py in wrapper(*args, **kwargs) 197 logger.warning(warning_msg_template, arg_name, func_name, type(value)) 198 kwargs[arg_name] = value.default_value --> 199 return func(*args, **kwargs) 200 201 return wrapper /opt/conda/lib/python3.7/site-packages/sagemaker/image_uris.py in retrieve(framework, region, version, py_version, instance_type, accelerator_type, image_scope, container_version, distribution, base_framework_version, training_compiler_config, model_id, model_version, tolerate_vulnerable_model, tolerate_deprecated_model, sdk_version, inference_tool, serverless_inference_config) 152 if inference_tool == "neuron": 153 _framework = f"{framework}-{inference_tool}" --> 154 config = _config_for_framework_and_scope(_framework, image_scope, accelerator_type) 155 156 original_version = version /opt/conda/lib/python3.7/site-packages/sagemaker/image_uris.py in _config_for_framework_and_scope(framework, image_scope, accelerator_type) 277 image_scope = available_scopes[0] 278 --> 279 _validate_arg(image_scope, available_scopes, "image scope") 280 return config if "scope" in config else config[image_scope] 281 /opt/conda/lib/python3.7/site-packages/sagemaker/image_uris.py in _validate_arg(arg, available_options, arg_name) 443 "Unsupported {arg_name}: {arg}. You may need to upgrade your SDK version " 444 "(pip install -U sagemaker) for newer {arg_name}s. Supported {arg_name}(s): " --> 445 "{options}.".format(arg_name=arg_name, arg=arg, options=", ".join(available_options)) 446 ) 447 ValueError: Unsupported image scope: None. You may need to upgrade your SDK version (pip install -U sagemaker) for newer image scopes. Supported image scope(s): eia, inference, training. ``` I was skeptical that the upgrade suggested by the error message would fix this, but gave it a try: ``` ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts. pipelines 0.0.1 requires sagemaker==2.93.0, but you have sagemaker 2.110.0 which is incompatible. ``` So that seems like I can't upgrade sagemaker without changing pipelines, and it's not clear that's the right thing to do - like this project template may be all designed around those particular ealier libraries. But so is it that the "framework" name should be different, e.g. "tf"? Or is there some other setting that needs changing in order to allow me to get a tensorflow pipeline ...? However I find that if I use the existing `abalone/pipeline.py` file I can change the framework to "tensorflow" and there's no problem running that particular step in the notebook. I've searched all the files in the project to try and find any dependency on the `abalone` folder name, and the closest I came was in `codebuild-buildspec.yml` but that hasn't helped. Has anyone else successfully changed the folder name from `abalone` to something else, or am I stuck with `abalone` if I want to make progress? Many thanks in advance p.s. is there a slack community for sagemaker studio anywhere? p.p.s. I have tried changing all instances of the term "Abalone" to "Topic" within the `topic/pipeline.py` file (matching case as appropriate) to no avail p.p.p.s. I discovered that I can get an error free run of getting the pipeline from a unit test: ``` import pytest from pipelines.topic.pipeline import * region = 'eu-west-1' role = 'arn:aws:iam::398371982844:role/SageMakerExecutionRole' default_bucket = 'sagemaker-eu-west-1-398371982844' model_package_group_name = 'TopicModelPackageGroup-Example' pipeline_name = 'TopicPipeline-Example' def test_pipeline(): pipeline = get_pipeline( region=region, role=role, default_bucket=default_bucket, model_package_group_name=model_package_group_name, pipeline_name=pipeline_name, ) ``` and strangely if I go to a different copy of the notebook, everything runs fine, there ... so I have two seemingly identical ipynb notebooks, and in one of them when I switch to trying to get a topic pipeline I get the above error, and in the other, I get no error at all, very strange p.p.p.p.s. I also notice that `conda list` returns very different results depending on whether I run it in the notebook or the terminal ... but the conda list results are identical for the two notebooks ...lg...

Sometimes I am getting the below error from sts while API call. I am not able to find the root cause of this error. ``` Unable to execute HTTP request: Connect to sts.us-east-1.amazonaws.com:443 [sts.us-east-1.amazonaws.com/209.54.177.185] failed: Connect timed out ``` Stack Trace JSON ``` { "message": "Unable to execute HTTP request: Connect to sts.us-east-1.amazonaws.com:443 [sts.us-east-1.amazonaws.com/209.54.177.185] failed: Connect timed out", "source": "JavaSDK", "stackTrace": "software.amazon.awssdk.core.exception.SdkClientException$BuilderImpl.build(SdkClientException.java:102)", "cause": { "message": "Connect to sts.us-east-1.amazonaws.com:443 [sts.us-east-1.amazonaws.com/209.54.177.185] failed: Connect timed out", "source": "JavaSDK", "stackTrace": "org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:151)", "cause": { "message": "Connect timed out", "source": "JavaSDK", "stackTrace": "java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:546)\njava.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:597)", "cause": null, "applicationFailureInfo": { "type": "java.net.SocketTimeoutException", "nonRetryable": false, "details": null } }, "applicationFailureInfo": { "type": "org.apache.http.conn.ConnectTimeoutException", "nonRetryable": false, "details": null } }, "applicationFailureInfo": { "type": "software.amazon.awssdk.core.exception.SdkClientException", "nonRetryable": false, "details": null } } ```lg...

Hi, I already posted my problem in: https://stackoverflow.com/questions/73702466/chainabletemporarycredentials-getpromise-and-missing-credentials-in-config-if-u Basically it is the following. When I use ``` const credentials = new ChainableTemporaryCredentials({ params: { RoleArn: 'arn:aws:iam::${this.accountId}:role/${this.targetRoleName}', RoleSessionName: this.targetRoleName, }, masterCredentials: new WebIdentityCredentials({ RoleArn: 'arn:aws:iam::<proxyAccountId>:role/<proxyRoleName>', RoleSessionName: this.proxyRoleName, WebIdentityToken: token, }), }) await credentials.getPromise() ``` with `token` a a token received from GCP-cloud do I still need some kind of AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY in my environment? I don't think so, since the idea of the token is to grant access exactly without such credentials. Right? (In the codeblock above I had to manipulate some charaters because the code-template here in the forum had some difficulties withe original 1:1 code...) At runtime I get always an error message: `Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1` I think I have not to use AWS_CONFIG_FILE: My application runs in GCP and just want access AWS via STS. My token looks good so far as I would assess: ``` { "aud": <here my email address of the service account in GCP>, "azp": "21 digit number", "email": <same email as under "aud">, "email_verified": true, "exp": <10 digit number>, "iat": <10 digit number>, "iss": "https://accounts.google.com", "sub": "<same number as under azp>" } ``` Are my expectations wrong? What is the reason for the error message? Best regards Thomaslg...

I'm using CDK Pipelines to deploy a stack into another account. I've been able to deploy it successfully. But, when I execute 'cdk diff' in the deploying account, it only shows the Pipelines stack. Is it possible to show the cross-account stack diff along with the Pipelines stack?lg...

We are using CodePipeline to build and deploy our CDK stacks to AWS. However, the pipeline is quite slow and upon investigation we found that the provisioning of a container for the CodeBuild steps were taking between 1.5 - 2 mins and we have 5 CodeBuild steps in our pipeline so the pipeline runs for a long time. We are using the latest CodeBuild image (`aws/codebuild/standard:6.0`) and so the provisioning should be quick as the latest image is cached from what I have read. Are there any other suggestions as to how we can reduce the pipeline execution time?lg...

Hi, I am a little confused on what's required for this setup to work. I have two account Tooling account(Account A) and a Dev account(Account B). Account B has a db cluster(private isolated subnet) and have configured its security group to allow access from IP address associated with target region of CODEBUILD - https://ip-ranges.amazonaws.com/ip-ranges.json This of course is not sufficient alone since db cluster is in a vpc and not just that- different account as well. ``` Error: connect EHOSTUNREACH <addressIp>3306 at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1187:16) { errno: -113, code: 'EHOSTUNREACH', syscall: 'connect', address: <addressIp> port: 3306, fatal: true } ``` Could you please point me to the steps I'd have to take in order to be able to connect to it from CodeBuild ? I cannot seem to have any relevant documentation on what I am trying to achieve, beside just VPC support section on AWS - https://docs.aws.amazon.com/codebuild/latest/userguide/vpc-support.html . I do have a bastion host so the team can connect to it locally. Do I have to setup another VPC in Tooling account and do VPC peering between VPC in Account A and Account B ? I am using CDK to deploy infrastructure and for the pipelines as well. Any suggestions are greatly appreciated.lg...

Hi, Are there any Open Source tools for for UI for Serverless Amazon MSK? 1) **Yahoo CMK** (https://github.com/yahoo/CMAK) No mentions, and 1 open issue with a question Seems no support 2) **Kafka Drop** https://github.com/obsidiandynamics/kafdrop Only has a PR for IAM, but probably will not support the Amazon MSK Serverless Seems no support 3) **Kafka UI (not yet) :** https://github.com/provectus/kafka-ui/issues/2185 No support, atleast until v0.5 is released Due to: Amazon MSK Serverless doesn't support fetching broker or broker-logger configurations.lg...

[This knowledge article](https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pool-remembered-devices/) describes the calculation of `PASSWORD_CLAIM_SIGNATURE` for the case of `ChallengeName: "DEVICE_PASSWORD_VERIFIER"`. > * Let PASSWORD_CLAIM_SIGNATURE = SHA256_HMAC(K_USER, DeviceGroupKey + DeviceKey + PASSWORD_CLAIM_SECRET_BLOCK + TIMESTAMP), base64-encoded > * Let K_USER = SHA256_HASH(S_USER) > * Let S_USER = (SRP_B - k * gx)(a + ux) > * Let x = SHA256_HASH(salt + FULL_PASSWORD) > * Let u = SHA256_HASH(SRP_A + SRP_B) > * Let k = SHA256_HASH(N + g) What is the equivalent calculation of `PASSWORD_CLAIM_SIGNATURE` for the case of `ChallengeName: "PASSWORD_VERIFIER"`?lg...

Hello, I'm trying to retrieve AWS Secret Value inside my .NET C# (.NET Framework 4.8) Application hosted on IIS in a EC2 instance like in the example showed here: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-net.html The exception I receive is the following: Exception Details: Amazon.Runtime.AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service. If I try to execute the command from CLI, the secret's are retrieved successfully. Can someone help please ?lg...

With an existing auto-scaling group, and an existing CodeDeploy revision, we encounter quite a few DownloadBundle failures from CodeDeploy when a scale-out event occurs. What exactly is DownloadBundle doing? I would assume, based on the name, that it's pulling the zip file from "Revision location" (e.g - S3). According to the events log, the ApplicationStop event executed prior to DownloadBundle and that hook is defined in appspec.yml which is stored in the zip file ("Revision location") retrieved from S3 so I would assume the download from S3 has already happend.lg...

Is there a way to group my contacts into separate groups, i.e. I have worked at 5 different buildings within my node, with additional contacts in different areas of the business, example DML2, UTR, OTR and RTS. Would like ability to group them together without having to create new chime rooms, favorites etc.lg...

I have a program written which performs a call to Textract to get tables in multi-page pdfs. This has been working great so far. The problem I have run into is that I now have pdfs where I only need certain tables on *specific* pages, and I am having trouble figuring out how to set the "Pages" property in the QueriesConfig in the StartDocumentAnalysisRequest. A simple example of this, from the StartDocumentAnalysisRequest level, would be sufficient. The program is written in C# using Amazon.Textract and Amazon.Textract.Model Thank you!lg...

I'm having trouble deploying to ElasticBeanstalk, it says: `Deployment completed, but with errors: Failed to deploy application. Failed to check health. Verify the permissions on the environment's service role and try again later. Permissions changes take up to two hours to propagate.` It's not at all clear what to do here. I can see that the service role is Service role: `arn:aws:iam::*:role/aws-elasticbeanstalk-service-role` I can see that the service role exists and appears to be correct. It's not clear what the actual issue is or how to diagnose it further.lg...

All of a sudden we started to get `UPDATE_FAILED` errors with "Unsupported Operation" error message for the event bus. We use infra-as-code (CDK) approach and I am tracking the changes, and there were NO infra changes, other than tags changing (e.g. build ID, git sha). I am also doing a `cdk diff` and it produces no meaningful changes, other than tags. Yet, CloudFormation has been failing for days with the aforementioned message. We most definitely did not make any changes to event bridge (bus) itself or anything surrounding that. Any ideas?lg...

We recently received some throttling errors, likely related to our use of Chime Messaging for chat within our application. However, I can't seem to find which specific metric's quota was exceeded, nor any existing monitors/metrics for our usage of AWS Chime Messaging (as opposed to Chime Meetings, video calls, etc.). The throttling errors did occur during an event when many people were online and likely using our chat feature, and spanned about an hour. The errors were reported for many different users as well. Questions: 1. Is there a console or something where we can see our Chime Messaging usage, or a report of errors (like these throttling events)? Also, is there a way to tell which specific quota we exceeeded? 2. The AWS CLI `service-quotas` command requires a `service-code` param. Does anyone know which value corresponds to Chime Messaging? There's just `chime`, but that only seems to include Chime Meetings related things (and not Messaging). Is the [Service Quotas Console](https://us-east-1.console.aws.amazon.com/servicequotas/home/services/chime/quotas) a better way to check values and request increases? Thanks!lg...

we created a SSO account and I just added one application to it (PagerDuty) but each time I try opening the application we get a 400 The was a bad request. I checked the configurations and they are all correct and mappings are set correctly. What might be the problem?lg...

I am using a Windows 11 PC (Lenovo Legion Y540) and have installed NoSQL Workbench v3.3.0 The fonts are not loading properly for me on the app, creating a strain on my eyes & ruining the experience. Here's a screenshot for your reference  I suspect this is due to a font not having been properly installed on my machine. Can you please tell me which font this application uses so that I can go install it & then maybe try rebooting the application and try again ? I have installed all Amazon Developer fonts, Helvetica, Roboto, Sans Serif on my machine & yet they somehow don't seem to be workinglg...