I am trying to deploy sagemaker endpoints using CDK [python] from model artefacts in S3.

The Sagemaker model requires execution_rol_arn. So I created a role using CDK and passed it as a parameter for the sagemaker model. But It says Role does not exist when creating the model. But if add the dependency on resources by this command sagemaker_model.add_depends_on(model_role) . It gives me this error.

type of argument target must be aws_cdk.CfnResource; got aws_cdk.aws_iam.Role instead

My cdk code for sagemaker model and Iam role

        sagemaker_model = aws_sagemaker.CfnModel(
            self,
            model_name,
            execution_role_arn=model_role.role_arn,
            model_name=model_name,
            primary_container=sagemaker_primary_container_definition,
        )
        model_role = Role(
            self,
            f"{construct_id}_role",
            assumed_by=ServicePrincipal("sagemaker.amazonaws.com"),
        )
        model_role.add_to_policy(PolicyStatement(
            resources=["*"],
            actions= [
                "cloudwatch:PutMetricData",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:CreateLogGroup",
                "logs:DescribeLogStreams",
                "s3:GetObject",
                "s3:ListBucket",
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage"
            ]
        ))

CodePudding user response：

Things get a bit messy when you move between between the L1 (CfnModel) and L2 (Role) abstraction levels. You need to use the so-called ecape hatch syntax:

cfnRole = cast(iam.CfnRole, model_role.node.default_child) # cast if using typings

sagemaker_model.add_depends_on(cfnRole)