堆栈内存溢出
  繁体   English   中英

创建 SageMaker 时出现验证错误 Model

[英]ValidationError when creating a SageMaker Model

 原文  2018-06-26 13:55:32       amazon-web-services/ amazon-s3/ validationerror/ amazon-sagemaker

问题描述

我是 AWS 的新手,并尝试通过参考他们的演示来构建一个 model(来自 web 控制台)。 但是,当我尝试创建 model 时,出现以下错误。

无法在https://s3.console.aws.amazon.com/s3/buckets/ bucket_name /models/ model_name -v0.1.hdf5 访问 model 数据-v0.1.hdf5. 请确保角色“arn:aws:iam:: id :role/service-role/AmazonSageMaker-ExecutionRole- xxx ”存在并且其信任关系策略允许服务主体“sagemaker.amazonaws”的操作“sts:AssumeRole” .com”。 还要确保该角色具有“s3:GetObject”权限,并且 object 位于eu-west-1中。

我检查了 IAM 角色,它附加了AmazonSageMakerFullAccessAmazonS3FullAccess策略。 而且,还为角色指定了信任关系(如下所示)。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sagemaker.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

我正确指定了 ECR 和 S3 路径,但我无法弄清楚发生了什么。 有人可以帮我解决这个问题吗?

抱歉,如果我无法提供更多信息,但如果需要,我会提供任何其他信息。

更新:

以下是 IAM 政策。

AmazonS3 完全访问

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

AmazonSageMaker-ExecutionPolicy-xxx

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::<bucket_name>"
            ]
        },
        {
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::<bucket_name>/*"
            ]
        }
    ]
}

AmazonSageMakerFullAccess

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sagemaker:*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability",
                "cloudwatch:PutMetricData",
                "cloudwatch:PutMetricAlarm",
                "cloudwatch:DescribeAlarms",
                "cloudwatch:DeleteAlarms",
                "ec2:CreateNetworkInterface",
                "ec2:CreateNetworkInterfacePermission",
                "ec2:DeleteNetworkInterface",
                "ec2:DeleteNetworkInterfacePermission",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeVpcs",
                "ec2:DescribeDhcpOptions",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups",
                "application-autoscaling:DeleteScalingPolicy",
                "application-autoscaling:DeleteScheduledAction",
                "application-autoscaling:DeregisterScalableTarget",
                "application-autoscaling:DescribeScalableTargets",
                "application-autoscaling:DescribeScalingActivities",
                "application-autoscaling:DescribeScalingPolicies",
                "application-autoscaling:DescribeScheduledActions",
                "application-autoscaling:PutScalingPolicy",
                "application-autoscaling:PutScheduledAction",
                "application-autoscaling:RegisterScalableTarget",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:DescribeLogStreams",
                "logs:GetLogEvents",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::*SageMaker*",
                "arn:aws:s3:::*Sagemaker*",
                "arn:aws:s3:::*sagemaker*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket",
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "*",
            "Condition": {
                "StringEqualsIgnoreCase": {
                    "s3:ExistingObjectTag/SageMaker": "true"
                }
            }
        },
        {
            "Action": "iam:CreateServiceLinkedRole",
            "Effect": "Allow",
            "Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint",
            "Condition": {
                "StringLike": {
                    "iam:AWSServiceName": "sagemaker.application-autoscaling.amazonaws.com"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:PassedToService": "sagemaker.amazonaws.com"
                }
            }
        }
    ]
}

2 个解决方案

解决方案1
 5  2018-06-27 23:32:34

我认为 sagemaker 执行策略在存储桶级别缺少权限。 尝试将"arn:aws:s3:::<bucket_name>"添加到 AmazonSageMaker-ExecutionPolicy-xxx

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::<bucket_name>" ] }, { "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::<bucket_name>", "arn:aws:s3:::<bucket_name>/*" ] } ] }

我使用 SageMaker 执行策略运行演示,如下所示,它可以正常工作。 这是非常宽松的政策。 一旦它工作,您可以根据您的存储桶名称更改它。

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::*" ] } ] }

解决方案2
 0  2022-03-20 09:00:48

尝试检查存储桶,数据已保存在 eu-west-1 中

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从 s3 工件创建时,SageMaker 自定义 model output 路径 tensorflow 在 MLflow 中注册 SageMaker model 当 Sagemaker Kernel 死了时,如何跟踪 model 的进度/状态? 尝试在 sagemaker 上部署 fastai model 时没有名为“Fastai”的模块 在 AWS SageMaker 中使用预处理和后处理创建和部署预训练 tensorflow model 如何在 AWS sagemaker 上部署预训练的 sklearn model? (端点停留在创建) 为 PyTorch Model 调用 SageMaker 端点 将 tensorflow model 从本地机器转移到 AWS SageMaker 时读取 S3 存储桶时出现问题 贤者推理:如何加载model ValueError:未找到 SavedModel 包。 尝试将 TF2.0 模型部署到 SageMaker 时
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM