{"id":17601090,"url":"https://github.com/aws-samples/sagemaker-studio-image-build-cli","last_synced_at":"2025-05-07T10:35:55.505Z","repository":{"id":42008902,"uuid":"277649791","full_name":"aws-samples/sagemaker-studio-image-build-cli","owner":"aws-samples","description":"CLI for building Docker images in SageMaker Studio using AWS CodeBuild.","archived":false,"fork":false,"pushed_at":"2022-04-18T21:21:52.000Z","size":48,"stargazers_count":55,"open_issues_count":22,"forks_count":27,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-05-01T00:40:07.399Z","etag":null,"topics":["aws","codebuild","ecr","sagemaker","sagemaker-studio"],"latest_commit_sha":null,"homepage":"https://pypi.org/project/sagemaker-studio-image-build/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit-0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aws-samples.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-06T21:11:26.000Z","updated_at":"2025-04-06T14:32:10.000Z","dependencies_parsed_at":"2022-09-14T17:12:39.742Z","dependency_job_id":null,"html_url":"https://github.com/aws-samples/sagemaker-studio-image-build-cli","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-samples%2Fsagemaker-studio-image-build-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-samples%2Fsagemaker-studio-image-build-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-samples%2Fsagemaker-studio-image-build-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-samples%2Fsagemaker-studio-image-build-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aws-samples","download_url":"https://codeload.github.com/aws-samples/sagemaker-studio-image-build-cli/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252860532,"owners_count":21815533,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","codebuild","ecr","sagemaker","sagemaker-studio"],"created_at":"2024-10-22T12:08:33.528Z","updated_at":"2025-05-07T10:35:55.462Z","avatar_url":"https://github.com/aws-samples.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"## SageMaker Docker Build\n\n[![Version](https://img.shields.io/pypi/v/sagemaker-studio-image-build.svg)](https://pypi.org/project/sagemaker-studio-image-build/)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n\nThis is a CLI for building Docker images in SageMaker Studio using AWS CodeBuild. \n\n### Usage\n\nNavigate to the directory containing the Dockerfile and simply do:\n\n```bash\nsm-docker build .\n```\n \n\nAny additional arguments supported with `docker build` are supported\n\n```bash\nsm-docker build . --file /path/to/Dockerfile --build-arg foo=bar\n```\n\nBy default, the CodeBuild project will not run within a VPC, the image will be pushed to a repository `sagemakerstudio` with the tag `latest`, and use the Studio App's execution role and the default SageMaker Python SDK S3 bucket\n\nThese can be overridden with the relevant CLI options.\n\n```bash\nsm-docker build . --repository mynewrepo:1.0 --role SampleDockerBuildRole --bucket sagemaker-us-east-1-326543455535 --vpc-id vpc-0c70e76ef1c603b94 --subnet-ids subnet-0d984f080338960bb,subnet-0ac3e96808c8092f2 --security-group-ids sg-0d31b4042f2902cd0\n``` \n\nThe CLI will take care of packaging the current directory and uploading to S3, creating a CodeBuild project, starting a build with the S3 artifacts, tailing the build logs, and uploading the built image to ECR.\n\n\n### Installing\n\nInstall the CLI using pip.\n```bash\npip install sagemaker-studio-image-build\n```\n\nEnsure the execution role has a trust policy with CodeBuild.\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": [\n \"codebuild.amazonaws.com\"\n ]\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n```\n\nThe following permissions are required in the execution role to execute a build in CodeBuild and push the image to ECR\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:DeleteProject\",\n \"codebuild:CreateProject\",\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\"\n ],\n \"Resource\": \"arn:aws:codebuild:*:*:project/sagemaker-studio*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"logs:CreateLogStream\",\n \"Resource\": \"arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:GetLogEvents\",\n \"logs:PutLogEvents\"\n ],\n \"Resource\": \"arn:aws:logs:*:*:log-group:/aws/codebuild/sagemaker-studio*:log-stream:*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"logs:CreateLogGroup\",\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecr:CreateRepository\",\n \"ecr:BatchGetImage\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeImages\",\n \"ecr:DescribeRepositories\",\n \"ecr:UploadLayerPart\",\n \"ecr:ListImages\",\n \"ecr:InitiateLayerUpload\", \n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\"\n ],\n \"Resource\": \"arn:aws:ecr:*:*:repository/sagemaker-studio*\"\n },\n {\n \"Sid\": \"ReadAccessToPrebuiltAwsImages\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\"\n ],\n \"Resource\": [\n \"arn:aws:ecr:*:763104351884:repository/*\",\n \"arn:aws:ecr:*:217643126080:repository/*\",\n \"arn:aws:ecr:*:727897471807:repository/*\",\n \"arn:aws:ecr:*:626614931356:repository/*\",\n \"arn:aws:ecr:*:683313688378:repository/*\",\n \"arn:aws:ecr:*:520713654638:repository/*\",\n \"arn:aws:ecr:*:462105765813:repository/*\"\n ]\n },\n {\n \"Sid\": \"EcrAuthorizationTokenRetrieval\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ecr:GetAuthorizationToken\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:DeleteObject\",\n \"s3:PutObject\"\n ],\n \"Resource\": \"arn:aws:s3:::sagemaker-*/*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:CreateBucket\"\n ],\n \"Resource\": \"arn:aws:s3:::sagemaker*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:GetRole\",\n \"iam:ListRoles\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"iam:PassRole\",\n \"Resource\": \"arn:aws:iam::*:role/*\",\n \"Condition\": {\n \"StringLikeIfExists\": {\n \"iam:PassedToService\": \"codebuild.amazonaws.com\"\n }\n }\n }\n ]\n}\n\n```\n\nIf you need to run your CodeBuild project within a VPC, please add the following actions to your execution role that the CodeBuild Project will assume:\n\n```json\n {\n \"Sid\": \"VpcAccessActions\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\"\n ],\n \"Resource\": \"*\"\n }\n```\n\n### Development\n\nCheckout the repository.\n\n```bash\nmake install\n```\n\n#### Testing locally\nTo build locally, use one of the example Dockerfiles in the *examples* directory\n\n```bash\nROLE_NAME=\u003c\u003cA role in your account to use in the CodeBuild build job\u003e\u003e\n(cd examples/basic_build \u0026\u0026 sm-docker build . --role ${ROLE_NAME} )\n```\n\n```bash\n(cd examples/build_with_args \u0026\u0026 sm-docker build . --role ${ROLE_NAME} --file Dockerfile.args --build-arg BASE_IMAGE=python:3.8 )\n```\n\n\n#### Testing on SageMaker Studio\n\nTo build a binary to use on SageMaker Studio, specify an S3 path and use the *s3bundle* target.\n\n```bash\nexport DEV_S3_PATH_PREFIX=s3://path/to/location\nblack .\nmake -k s3bundle\n```\n\nFrom a \"System Terminal\" in SageMaker Studio\n\n```bash\nexport DEV_S3_PATH_PREFIX=s3://path/to/location\naws s3 sync ${DEV_S3_PATH_PREFIX}/sagemaker-docker-build/dist . \npip install sagemaker_studio_image_build-x.y.z.tar.gz\n```\n\n## Security\n\nSee [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.\n\n## License\n\nThis library is licensed under the MIT-0 License. See the LICENSE file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws-samples%2Fsagemaker-studio-image-build-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faws-samples%2Fsagemaker-studio-image-build-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws-samples%2Fsagemaker-studio-image-build-cli/lists"}