awslabs · kukushking · Feb 6, 2024 · Feb 5, 2024 · Feb 5, 2024 · Feb 5, 2024
diff --git a/README.md b/README.md
@@ -13,3 +13,11 @@ All modules in this repository adhere to the module strutucture defined in the t
 - [Project Structure](https://seed-farmer.readthedocs.io/en/latest/project_development.html)
 - [Module Development](https://seed-farmer.readthedocs.io/en/latest/module_development.html)
 - [Module Manifest Guide](https://seed-farmer.readthedocs.io/en/latest/manifests.html)
+
+## Modules
+
+### SageMaker Modules
+
+| Type                                                                        | Description                                     |
+|-----------------------------------------------------------------------------|-------------------------------------------------|
+| [SageMaker Endpoint Module](modules/sagemaker/sagemaker-endpoint/README.md) | Creates SageMaker real-time inference endpoint. |
diff --git a/examples/manifests/deployment.yaml b/examples/manifests/deployment.yaml
@@ -0,0 +1,19 @@
+# This is an example manifest.
+# Replace the parameters in referenced manifest groups with your values prior the deployment.
+name: mlops
+toolchainRegion: us-east-1
+forceDependencyRedeploy: true
+groups:
+  - name: networking
+    path: examples/manifests/networking-modules.yaml
+  - name: sagemaker-endpoints
+    path: examples/manifests/sagemaker-endpoints-modules.yaml
+targetAccountMappings:
+  - alias: primary
+    accountId:
+      valueFrom:
+        envVariable: PRIMARY_ACCOUNT
+    default: true
+    regionMappings:
+      - region: us-east-1
+        default: true
diff --git a/examples/manifests/networking-modules.yaml b/examples/manifests/networking-modules.yaml
@@ -0,0 +1,6 @@
+name: networking
+path: git::https://github.com/awslabs/idf-modules.git//modules/network/basic-cdk?release/1.3.0&depth=1
+targetAccount: primary
+parameters:
+  - name: internet-accessible
+    value: True
diff --git a/examples/manifests/sagemaker-endpoints-modules.yaml b/examples/manifests/sagemaker-endpoints-modules.yaml
@@ -0,0 +1,25 @@
+# This is an example manifest group.
+# Replace the parameters with the parameters for your model below prior the deployment.
+name: endpoint
+path: modules/sagemaker/sagemaker-endpoint
+parameters:
+  - name: sagemaker_project_id
+    value: project-1
+  - name: sagemaker_project_name
+    value: project-1
+  - name: model_package_arn
+    value: arn:aws:sagemaker:<region>:<account>:model-package/<package-name>/1
+  - name: instance_type
+    value: ml.m5.large
+  - name: vpc_id
+    valueFrom:
+      moduleMetadata:
+        group: networking
+        name: networking
+        key: VpcId
+  - name: subnet_ids
+    valueFrom:
+      moduleMetadata:
+        group: networking
+        name: networking
+        key: PrivateSubnetIds
diff --git a/modules/sagemaker/sagemaker-endpoint/README.md b/modules/sagemaker/sagemaker-endpoint/README.md
@@ -0,0 +1,88 @@
+# SageMaker Model Endpoint
+
+## Description
+
+This module creates SageMaker Model, Endpoint Configuration Production Variant, and a real-time Inference Endpoint. 
+The endpoint is deployed in a VPC inside user-provided subnets.
+
+The module supports provisioning of an endpoint from a model package, or may automatically pull
+the latest approved model from model package group to support CI/CD deployment scenarios.
+
+### Architecture
+
+![SageMaker Endpoint Module Architecture](docs/_static/sagemaker-endpoint-module-architecture.png "SageMaker Endpoint Module Architecture")
+
+## Inputs/Outputs
+
+### Input Parameters
+
+#### Required
+
+- `vpc-id`: The VPC-ID that the endpoint will be created in.
+- `subnet-ids`: The subnets that the endpoint will be created in.
+- `model-package-arn`: Model package ARN `OR`
+- `model-package-group-name`: Model package group name to pull latest approved model package from the group.
+
+The user must specify either `model-package-arn` for a specific model or `model-package-group-name` to automatically
+pull latest approved model from the model package group and deploy and endpoint. The latter is useful to scenarios
+where endpoints are provisioned as part of automated Continuous Integration and Deployment pipeline.
+
+#### Optional
+
+- `sagemaker-project-id`: SageMaker project id
+- `sagemaker-project-name`: SageMaker project name
+- `model-execution-role-arn`: Model execution role ARN. Will be created if not provided.
+- `model-artifacts-bucket-arn`: Bucket ARN that contains model artifacts. Required by model execution IAM role to download model artifacts.
+- `ecr-repo-arn`: ECR repository ARN if custom container is used
+- `variant-name`: Endpoint config production variant name. `AllTraffic` by default.
+- `initial-instance-count`: Initial instance count. `1` by default.
+- `initial-variant-weight`: Initial variant weight. `1` by default.
+- `instance-type`: instance type. `ml.m4.xlarge` by default.
+
+### Sample manifest declaration
+
+```yaml
+name: endpoint
+path: modules/sagemaker/sagemaker-endpoint
+parameters:
+  - name: sagemaker_project_id
+    value: dummy123
+  - name: sagemaker_project_name
+    value: dummy123
+  - name: model_package_arn
+    value: arn:aws:sagemaker:<region>:<account>:model-package/<package_name>/1
+  - name: instance_type
+    value: ml.m5.large
+  - name: vpc_id
+    valueFrom:
+      moduleMetadata:
+        group: networking
+        name: networking
+        key: VpcId
+  - name: subnet_ids
+    valueFrom:
+      moduleMetadata:
+        group: networking
+        name: networking
+        key: PrivateSubnetIds
+```
+
+### Module Metadata Outputs
+
+- `ModelExecutionRoleArn`: SageMaker Model Execution IAM role ARN
+- `ModelName`: SageMaker Model name
+- `ModelPackageArn`: SageMaker Model package ARN
+- `EndpointName`: SageMaker Endpoint name
+- `EndpointUrl`: SageMaker Endpoint Url
+
+#### Output Example
+
+```json
+{
+  "ModelExecutionRoleArn": "arn:aws:iam::xxxxxxxxxxxx:role/xxxxxxxxxxxx",
+  "ModelName": "mlops-mlops-sagemaker-endpoints-endpoint-model-xxxxxxxxxxxx",
+  "EndpointName": "mlopsmlopssagemakerendpointsendpointendpoint-xxxxxxxxxxxx",
+  "ModelPackageArn": "arn:aws:sagemaker:us-east-1:xxxxxxxxxxxx:model-package/model-mlops-demo/1",
+  "EndpointUrl": "https://runtime.sagemaker.us-east-1.amazonaws.com/endpoints/mlopsmlopssagemakerendpointsendpointendpoint-xxxxxxxxxxxx/invocations"
+}
+```
diff --git a/modules/sagemaker/sagemaker-endpoint/app.py b/modules/sagemaker/sagemaker-endpoint/app.py
@@ -0,0 +1,97 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+import json
+import os
+
+import aws_cdk
+
+from stack import DeployEndpointStack
+
+
+def _param(name: str) -> str:
+    return f"SEEDFARMER_PARAMETER_{name}"
+
+
+project_name = os.getenv("SEEDFARMER_PROJECT_NAME", "")
+deployment_name = os.getenv("SEEDFARMER_DEPLOYMENT_NAME", "")
+module_name = os.getenv("SEEDFARMER_MODULE_NAME", "")
+app_prefix = f"{project_name}-{deployment_name}-{module_name}"
+
+DEFAULT_SAGEMAKER_PROJECT_ID = None
+DEFAULT_SAGEMAKER_PROJECT_NAME = None
+DEFAULT_MODEL_PACKAGE_ARN = None
+DEFAULT_MODEL_PACKAGE_GROUP_NAME = None
+DEFAULT_MODEL_EXECUTION_ROLE_ARN = None
+DEFAULT_MODEL_ARTIFACTS_BUCKET_ARN = None
+DEFAULT_ECR_REPO_ARN = None
+DEFAULT_VARIANT_NAME = "AllTraffic"
+DEFAULT_INITIAL_INSTANCE_COUNT = 1
+DEFAULT_INITIAL_VARIANT_WEIGHT = 1
+DEFAULT_INSTANCE_TYPE = "ml.m4.xlarge"
+
+environment = aws_cdk.Environment(
+    account=os.environ["CDK_DEFAULT_ACCOUNT"],
+    region=os.environ["CDK_DEFAULT_REGION"],
+)
+
+vpc_id = os.getenv(_param("VPC_ID"))
+subnet_ids = json.loads(os.getenv(_param("SUBNET_IDS"), "[]"))
+sagemaker_project_id = os.getenv(_param("SAGEMAKER_PROJECT_ID"), DEFAULT_SAGEMAKER_PROJECT_ID)
+sagemaker_project_name = os.getenv(_param("SAGEMAKER_PROJECT_NAME"), DEFAULT_SAGEMAKER_PROJECT_NAME)
+model_package_arn = os.getenv(_param("MODEL_PACKAGE_ARN"), DEFAULT_MODEL_PACKAGE_ARN)
+model_package_group_name = os.getenv(_param("MODEL_PACKAGE_GROUP_NAME"), DEFAULT_MODEL_PACKAGE_GROUP_NAME)
+model_execution_role_arn = os.getenv(_param("MODEL_EXECUTION_ROLE_ARN"), DEFAULT_MODEL_EXECUTION_ROLE_ARN)
+model_artifacts_bucket_arn = os.getenv(_param("MODEL_ARTIFACTS_BUCKET_ARN"), DEFAULT_MODEL_ARTIFACTS_BUCKET_ARN)
+ecr_repo_arn = os.getenv(_param("ECR_REPO_ARN"), DEFAULT_ECR_REPO_ARN)
+variant_name = os.getenv(_param("VARIANT_NAME"), DEFAULT_VARIANT_NAME)
+initial_instance_count = int(os.getenv(_param("INITIAL_INSTANCE_COUNT"), DEFAULT_INITIAL_INSTANCE_COUNT))
+initial_variant_weight = int(os.getenv(_param("INITIAL_VARIANT_WEIGHT"), DEFAULT_INITIAL_VARIANT_WEIGHT))
+instance_type = os.getenv(_param("INSTANCE_TYPE"), DEFAULT_INSTANCE_TYPE)
+
+if not vpc_id:
+    raise ValueError("Missing input parameter vpc-id")
+
+if not model_package_arn and not model_package_group_name:
+    raise ValueError("Parameter model-package-arn or model-package-group-name is required")
+
+
+app = aws_cdk.App()
+stack = DeployEndpointStack(
+    scope=app,
+    id=app_prefix,
+    app_prefix=app_prefix,
+    sagemaker_project_id=sagemaker_project_id,
+    sagemaker_project_name=sagemaker_project_name,
+    model_package_arn=model_package_arn,
+    model_package_group_name=model_package_group_name,
+    model_execution_role_arn=model_execution_role_arn,
+    vpc_id=vpc_id,
+    subnet_ids=subnet_ids,
+    model_artifacts_bucket_arn=model_artifacts_bucket_arn,
+    ecr_repo_arn=ecr_repo_arn,
+    endpoint_config_prod_variant={
+        "initial_instance_count": initial_instance_count,
+        "initial_variant_weight": initial_variant_weight,
+        "instance_type": instance_type,
+        "variant_name": variant_name,
+    },
+    env=environment,
+)
+
+aws_cdk.CfnOutput(
+    scope=stack,
+    id="metadata",
+    value=stack.to_json_string(
+        {
+            "ModelExecutionRoleArn": stack.model_execution_role_arn,
+            "ModelName": stack.model.model_name,
+            "ModelPackageArn": stack.model_package_arn,
+            "EndpointName": stack.endpoint.attr_endpoint_name,
+            "EndpointUrl": stack.endpoint_url,
+        }
+    ),
+)
+
+
+app.synth()
diff --git a/modules/sagemaker/sagemaker-endpoint/coverage.ini b/modules/sagemaker/sagemaker-endpoint/coverage.ini
@@ -0,0 +1,3 @@
+[run]
+omit =
+    tests/*
diff --git a/modules/sagemaker/sagemaker-endpoint/deployspec.yaml b/modules/sagemaker/sagemaker-endpoint/deployspec.yaml
@@ -0,0 +1,25 @@
+publishGenericEnvVariables: true
+deploy:
+  phases:
+    install:
+      commands:
+      - env
+      # Install whatever additional build libraries
+      - npm install -g [email protected]
+      - pip install -r requirements.txt
+    build:
+      commands:
+      - cdk deploy --require-approval never --progress events --app "python app.py" --outputs-file ./cdk-exports.json
+      # Export metadata
+      - seedfarmer metadata convert -f cdk-exports.json || true
+destroy:
+  phases:
+    install:
+      commands:
+      # Install whatever additional build libraries
+      - npm install -g [email protected]
+      - pip install -r requirements.txt
+    build:
+      commands:
+      # execute the CDK
+      - cdk destroy --force --app "python app.py"
diff --git a/...aker/sagemaker-endpoint/docs/_static/sagemaker-endpoint-module-architecture.png b/...aker/sagemaker-endpoint/docs/_static/sagemaker-endpoint-module-architecture.png
diff --git a/modules/sagemaker/sagemaker-endpoint/docs/_static/sagemaker-endpoint-module-architecture.xml b/modules/sagemaker/sagemaker-endpoint/docs/_static/sagemaker-endpoint-module-architecture.xml
@@ -0,0 +1 @@
+<mxfile modified="2024-02-06T13:47:59.902Z" host="design-inspector.a2z.com" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" etag="PBzFQYuJOLxmMEoWWo0p" version="10.1.8" type="device"><diagram id="Slb-7FiMrRCHa78ZGk73X" name="Page-1">7V1rd6JKs/41s9Y5H8jiqvJRhWTYJ2BMcDLmy7sQkeA1y0sEfv2pqu4GNE4mM5O80dnuPbN3aMvurvtTRUO+aO1ZerUMnh7dxTCaflHlYfpFs76oakMz4L84kLGBmqGzgXiZDNmQUg7cJXnEB2U+ukmG0WqHcL1YTNfJ0+5guJjPo3C9MxYsl4vtLtloMd1d9SmIoxcDd2EwfTl6nwzXj5wttV6Of42S+FGsrNRM9sksEMSck9VjMFxsK0Oa/UVrLxeLNftplrajKcpOyIV/bx6la/zEGX4Lphu+LU0pZriNVovNMoysaBUuk6f1YglfWvJBRv2fL1pT7CJaJsE0yYN1sphLz9FyBf9nVM+cJOAiWx6YmK95F82C+ToJrWAdtBfzdZDMo+VbZmffXi+TeXydrKNlMGW6W0fz9Q7XT8vFU7Rcc6t5XK9R380v6iX8AfLFdBFnF6so3CyTdXYRzIJ8Mb8YRs/w8WixmQ9pB3AxTIJ4Gcyk52S1KXYG44GqGoZp1KRQG44kPVRDaaA3TLiU66NaIxiEJlPxJduzc+u8EOsv7QqsOInnUjJfPYGdoiwvw8XsaTEHzldw0dCDhjwwRpJR01VJD5S6ZBoNQ4oGo+GgZoz0QRS+r2hW2WodzaQZuizoA0Zk3dBMw6xLOjiupI9qhtSQTVkKolp9ZA61yNTNqlDgh8OWID49YJviI27uh02/8Lrlrl38isErJ2Lwytng/3UGvxiMMVmp8jQYQL4kvr6otSmYRGuYwMZrMf747aYtRkmzxQfctMGIwmTqZ09cP89PXGLCj+LtQPm/YffuNg3rVl6LzO5T/5tkFIZZON5qnYmM97RIUEHws9GCP2DFbfmLAZ+08epCNfYG9q/ruwPKyyucY3dg/7q+O6DsT6/sra/sb7Ay8OJqZ3p5b325skH4o7UWmzUYS9Qu8IUMg+BhwwTsuA22Bxq25mDVMPy4nqEyFfhx+wjefvcUkOtsARrB2AjMhSMcRRXXXPA4KyAE0uQsjRFLXQTblSpfxMvF5onWdEKKLQc+/g9qHiZYLxeTSGzqi6qpeqOh6LhUMp3ubRaCFZhxMG1OwU1heL3AVQJ+NY1GaGgr4ABDF11Zmsx3XVmi2WzVWw2022D1GA05K8wMcYko/WFI50PL4aj3hBKNdqN/sFpFazTub9WwqlWM9ypazKL1MgNisUqDx3QeLDSdX29L8KYJmscqcKvtJYO4mLt0/zdmnle87gTy0au7P2epE8hSHy4UfWQopqmMpJEW1kAoOghlIMuSrGhGTQ4GpjrSfySUYg/b7fZiq10slsgiTGcip8iEqkoQEqRVBmadSnNYUFtjintPDnckTuFUguC5CdebZYT7GOhRFIQNSdYjQ9IjUHijZoItDo3aaGDq9UF98KEMvuqhBAt+ZXFVlmVcHALrJa0cPkL8gGUZ/HjrunfTgVS/TNzlbftrUG88XE3q2vf/TlyQjTA0NCWUhqquSLoZauACQ1SIVq/XQ0NXa6OPAGq4fYbVXsFtB7FYHMFySSgVjvMWZNZ4FZktUVJFij2EMCoA5EDGLzK08pkZuraboYuKv5KhdfVAhtbkj87QjZPO0I1zhj5n6HOGPooMfc6Uv5MpHwOosadvyZNq2f4+lCijYRyJwnqxXD8u4sU8mNrlaGs3lVbSZpQm6++Vn/tIcmHwKyvl36CLjF+Mo/U644V9sFkvsGtQrHq9wLq6knJxcz9LuFWvOSyB98zMy2gK1vMc7c3wMsvyr95gh6jM6DWlvpPRdWUvS66DZRyt+bd2LK+yjT9P3+qpdHxf3/6xJfDWNJhPPMh1jvULynhnZl4mgKEyCuVaLZK0Rg3TfiRLDU3WpVoYjXTIbnJgyH9jvP7oxFozFKNeU2Wprg8Az9TlCLZiDqWBORgZtUEtHOgfm1jPgPEDbzzsZekXN95edebn8v6zuC0xEHckmsQ8EN0FceQGE4qV/DRAcQdjsH//osjYovWdzOh+fNGcvkb0cLNYJWsWZQeL9Xox+3H3mlQOl6MkxYzYovmaYlQWI/AzKCcAZbJLUNEzqKWVAg5Q2zdfPfUha+mD+3QT5nISfL2VQ2vxfK0NtWFmaG5mPIez8NkdN7du28yHszBxvj6uB1dG3pk/roJ7Y3lz989i+PV220kaz/At7Xoe5tczM3vIGmnHnxjXGqNzkpYW3N/KgSUnnvW4jdpOHFx9e3pQH+WbO0fufG3pQKMG99+07szUYWzrWM3Ys2L8C+s+TMO59zRQddMZ2xv3Dryn9U/i6X1/FTvtZnzz9fZpeJVObybTMVCte7Nv+UD7lvXV3rN/fzkOrqabhzvFfbi/zAYz+Dkz7x6+e6PuvfIYzczN9Tfv8UH95vXv19NwanoD9XY6uGzIHWv7PLyayoOr3v6KV2Ec3HdN571XBNmE2m02UNdTkO9moBpTkE0+/PrPc6D21kN1OhlexSiHxLl6eBpcbU1nZjwPZj1xvQ7n31YPvpw8fH+YDmbm5KG9Ly/6a6Xb/vfbhXOFXMhZ5043PL9nXFuOcT2Os44fxt0cf54onj9ZuXlz4+a24mVNpMUxoHW31+MwdYHWHU82rhXKnbtt7rZ1zfVtzbHdrNPWlY4V79HGG9efZJw2d/2e5liOfj22DZhnhXN1YB9e1rIqtLhu7lldTtvTOxbSxpuO39X5vrZe3kUe4PMJ6E/w0FM6/gvaCr+u7FmMh44PtGwtHa6Bh+1B2dwnLc/NHdinqwF96gI9zI08524C+/RtoLdToDdo7twWcyOtDPsBPty0kK8Plm3ZOfFcpQX5ueM+0mawT8UlWtCF76bAB66lu3mIa4F87dwlvbk50GZuvkeboV4mnLaXeWPcl7vxctvg+9oCLeOhpIU9dg3kGWmB53yHX9pXnHs54wF0IgMP7kHZXC5i30cZdlOmu+bGG0+2TM+TjWfZOsoe6FMvR56Rtpkxm7A3nh+mpDuUSd5HfcDeehrjGXXeVFxrl9bLdNXzu5zW1ojncQjr9mRaq62rHb9JtlqhBfk4W2YTYH9Wb4t8kE1YsbC/3MN9+WirTV3w4FpOtke7wy/8lbn9ya4f87X6BvhO7FsHZRM4tpx7bT2FfaAfqbA3netZBp62zD97oMcJ+ifSghzQ/lwF7IDrrgs2FaM+cg/8iOwP9Aw/y8xnqrQ94KlvcFqtQ/6Jn8cq+VHeBz7ilNlqhTbRQb59TtvVPOQjD8H++hnflwE+iWtpsG8V9MB56G3JrndpK/yGKrPVLnzeVPhaWcfCGLM9KBvmnzHYgUN7A5vKQTfEM9hP5pKe0f+6Wof8E/VsC1qd4pflok2ljGcH1g5zZtslLcwFdtClfYAtQUxqwrzdDOMT7tmnuBfrLpcFxJGt8A+w95x4yTCeNkXsgDmIF53JhfkdjBHfHfSNsYN7A7lNdPK7fMLlhvroo+2re7RaqbsQ5gq3JONMhz1O9m2qQttFG2T6SGCP5HMUW17YFMSLwqZc8iN3jxb49V1mfxTzRUxzUlfYr5ANxf94y+1PyIbiP9gMt9We4nL/rNDiWtw/hcz7lXkLWhnjmzeOWXxvow+gzLsg0+a2w3wR5auifEFPwGeosDmQ5z7FNZAJxIgezYGyZDZogyzBx32aA2XJ/NMHufu2zOIE6SilOAG26FlN3DPw1FfIZyCmgDwo1wJPlZjE4gTEupJ2DHYJMiHaRMdcg7S5iIvIM8hdpViHdpbbTEfoM+PeLi3knSIGg38B7zxHHYjXJW3K8ADGOsrxCouLuG6s8VgnZIM5PmV+QbmUywbiidVl8sUcw3y8Il9hU/GOfCvxIEU76bA9lDHR71XmLWlRDqBjEf+AlvJnLvbGYinPiQn4EGEOtLmQxYKdXF3QYuzOWK4Hv7EclLkucnIlH+qVPA2yBQQMsu2gPlA3Vom5KEeMuztjO2uXeCUlzGEJHcQa5UwfcrvVzzlO4DES+Qz1Dtkn+p+QVbeUVdXG2xUbh/jtkf/1MeflwlfBx3APKHeVz4uxS0HfAR40L3cpPmLe5joEWU4AM5AMiJbsC+0AYxrsF2g1jqFA3/2cfB3jnNWXuW2w/GqTLxtgIUiLWE9l/tvNaQ3uIxCjVWEHXF9o4yrIh9lBG2MlYQqQSV/ew0boO1uOd/LCDsZuZd6SlvgcN1lOQP8l/EuYQWX+6zIsgrGbsEjTIB1hXrJoD6rArxVczf07FlhFZnmiStsvsXIZV9TDuLpfYnCGRZAW4hXgY57vgJ90F1ejvTAMDzyAnXW3nV1anAvwqstza1hiX4ahkMdCNl5bYEycq5AN2Iajubzm8Pw+y1V3VVobfGXHT1lNIuYtaDGGM13u2kO30JtnQW71XbmQGeUwZqsuy43Ah7tFrEKYAuI4fF/l9CA3yk3AO6yJtQbpuZuSvfpYuzg6pwV7xZxHMTBj8XSC9s7ydpWWfAb1YYM+wpx0h/WXHyJ2xLVAt30hC80judmEk1jOq9AmhE947RIyrIN+lvdlvhbUMw7joaTVKTaPGS3k/e0Ov7QvR6Y4j/kF6gnygUOyIcyP/h5nrEZAX3RUxjNiR0cr4yzNjViE1y6QY/Ku4EMD3ng9EsqcZ8SRBsuZFVqM7z7iMBvjm8x0gdhrsuVrqVRTMb0JWor/7pjRgv3IIlcwHE/yZfaOcdXnmJ9iFq+JStoKv5jP7Iz2RTVlyPfVz5hdHpQNYn7cJ8ep1dxvE2byeJ0De1VxboZZ452aiHJF7ma8phK5H2tKneOECi34mtVLd+svrBO7rOas5v4qLcWsLqeNZcaHqIloXznzC5vyPavJqS5mmKJKu8Mvr798xDf2Xq22PSgb4Z/g0wbH1ZDnXKFnGWyK1x7dLeYewmSQ1zktYG2H+yfUzqIesezCP3Gfe7QG7pNsFbE92C/ygT7lWi5fKzZcynNVWvD1PN4SLcWFmOP9UCNcg7Egd1JeX0As6AkeoNbv7dGW/GIt0rGEf3bzEu9PcuGfL2TD/BP7JYTDAesAz1g3t1zqtxTruVSv+Rbme1ZfkM/mFDuwh6JRPKBYT/o0MDaRjgkrhugDGFcUMeYivsZ1qF5t8ljbNBiGQBuxOQ+IeSYG4wFtvuCX1Tdo03eInyZCNqnH7R/wxl4tRDGBz1vUTS7GIogf2g4ti4kZ86tumXcoPsQG1RFCPxW7ATuAuahesMi+fXu7S4t+J2wB+x4xygb97oDdVGkxbjcVbmOGS3EL82WTx63Sbrw7bqOMB1F3V2gx9oaC1qBeF8Winuzt1OIoG7eQOdgNlw3FOyHzrdAb2HleyBd7On5X5b4NvmvzPMRoybfZvIQxWP2IODJWiV/CPkzviEOZjWBu6hPO9il3T4yiBhkjpkd8DTrneBJskXIN6hSxD8eTGcah0r4p5yC2rY4xjOrv2DzyDGN9xj/EI9ZnQZ5dhcdzjEesn1Gp+WjeccxrIIdyEtWdDOMa9H2/OlaN+XEZb4u6bIL2mu/UdeQzLsMLiE2pB4Y2CLWH76R7tHKZR4oaEvH+oZxT0vqo0x7R0lxU59u8H8t06mHPhNW2qStklRyUFWEyV+TJvMdxAcQgqE15/QH52ea26bKeEvqqz3JGBReg7Yr8gjI2Onu0nbsi1zN+yAYnB3FBhRZjUs7yRUz1Cav1GAZh+KhpVMdgfdwLxT7Cciw/IhbdstoY8yfzY+pdMXtLS7lU7O2usLcixjJ8SL2vlNUa6NtY3/Z1VpM5on5TMeeyuI11DetnsDjB6xb0ET/UuL5yXg+hXGXWH6C4xuohjBklrUb5g/mJJvJ+OW9Bm5GO/JjNi3GJ1VmI3bjNdEs8SjG9yeXlqt4LnFzQ8n6bsI2+wnphziGcnFVwsk79an+HNmP9EHGfItZZ76RZxeQCJ1dokQeoy3NmR4BTUs4v4CuH52EuG+r52KrIw0I2biFz8m1eX6PvubxuKfWGfSisn9kceC+D1pNZbHR4Lu8qpU8hTUw+BfED65yc647ZuYW0IYvVzLZRFrJHfYf+Xr8G85+o03u8P4X1E9ZoPY3Zv5Oyni6jpfofseYY7QTHwH59GlMY1sexpsbpcuohsfstOs8VIP+uVtwf8EPaP8lc1Mas10ljot8FtSbVIIT9mQwxzlBOoH4Pu6+Tsrq2L9YpcB7E/3JOUcflPb0YE7nW6mZiHSajUPRpdeHLXdbz1dlYL0d79zCH0Lq41z7WzVrFtzNWU241IS8ub4bhEsRKFd2wex+ilqd+IvfLMjeSvnv7YxAfWV8He55u4Wc2wy1JkW+xp6KTHADvdViNgf0oFj9xP9Q/YxjA9ZkcKhhRI/1X+cljskWyy6zAmGg/1DOnfvjY5mN9wlysV93nYyFhI59kAFge9WphD9FRSh06hLkYfhNY3ab6jWjHrCZjPTbq/WJfkeMKtJd+zmgxj9oai6vktzqfd+vmxT3OlPWfcA47K+5x5k2N06bsvgj1BrRiD35fFfc4vTHZzR5tnLsFrW3we18Gu5/K98vuMaCOWE8B8STdB8LeJNZW5POIaVV2n5V8Li3wL8Q69HkXY4gv8DP2SYTPl/c/QE868/ke9jdF/0CjeW1Xpr4L4UGyGWbrLO4UvQbX6vG4I3ox6ANdWcxbiVHAZx9jWuJcTSc3d/+0BveXNbzbfvAOu8LvoreVf/qqufmupnTC4Pr+n7mTtGbBfbq6uXPGrnXZ6liPtpM09u/pt835TdIfR1d2/YadeQCK3bOTn/VIga5oOwcQtfrLRwoOPfPX+OgHCo7oQOJHnKriJ3lXv3Yc7IcPIyUrKxoBU8PWjgY+/DzYwIz0elQLJSMwTUmP5Egya0NVUgdDZTQcjkY1+Ycn3j7rPNhvnC890uOl/+4HBV47Nnd+wu+/8dzCxz6ooFQz16c/qIAXN8ACZDkU1Kc9vMAFzJ4LOLqnHN4n9WvHk/t/J1lox5ktfu9hBPXYHkY40mcqakp9APBnKIUjBaBIICtSUDeGUkOJhlqg11VDU8/PIvzbn0U4I4jfePLxxbud3vYEhT0fPrHn5g49RPELr4ZawaQzNukbHq98FbQcfEHUwZdEHXpR1MGXRb18YdQOGb3C6cAK+4OHxuovB5WXZOKtTy8HD40desXV/reVA99W9r794xdM7b1kCf69RH28ePEUfKY3W6rZrHxmJUuYiAGBOWK5vbdBwHcUpWYZrUNvjBrRP/uvc/rdx3H4VQi7Qr/aeT/FT16G9eJRnsNvxxKxmb0bqwWXB9+SVZr/57WpVH33zRdH06YS9c5pQtV3BndH09f4G6HD+b0X/8J2Volhzh2to8Gj79bgeh0r/kmDaw457rvoXOFFpcWFl2WPi66y6tUxdLnEazB+3uZST7fNddrYQWz/2MDDb/aH3vnd6Z/V5/rwdt25z3Xuc537XJ/U5+qtMKb/YTsrCHne+Ck+KfPDIXwimgqb2bRJU76h10H8toJwEhN2OdQ8OdwOqYCbw02fl6/s/KxehbnXqmi8bFVoB1oVH/4SbZHiThVv/K2/3eQnoTdohIY8HA6lIDAbkt4IIylQAjpxY4ygZNej+jvfcDyCXsVJV/IsSp8L9qNJrO9WsL/+2z/+oGD/jBpbf2uJfcInSU77F0coR/qbI36vNP1h8/i0KuzzSZJzhX0EEOsMBD6kwha/hNNOQQSMJdlpuvDf2wWk8D+tvZc0yc+Rhv4q0PijYw+8Ot471dCuK5py+eJUw/5vvziWAw10Uyxa2s8RO06j/PiQw2L6mc2A/edritL/sw8u6CeNjN4ZSxxNL+BvzFTngwt/d7vjZynz3Ag5Gvzzbo2Q+t/UCFFqb+2E6KfbCamfdL4X2z+2hP+bLYTa39EK+fCOzrkVcm6FnFshn9wKaUI1PwpCNA/5DpKZ3NqEk+gdHqvR3gQ1aq9CjfMDNUf1QE1Nbmpa/dceqFHrdQW0/C96oEY7ooaUqRxHP0pgolMFqO8M6U6mIxVFuj7QzEAK9cFA0mUAMQOzpkgAMhtRqJha1HjngztH0JH6K/o1P8zr54bN0aC092rYaK8f5Ty1hk3j72/YiPtEJ5oPtXcO+p/csHnnXxB/bticGzbnhs0ZCrxvw8Zu3/5xUyYKl2/qyjTOXZnT6cpc1hu2rP9aV8aSjbZS/xd1ZdDyP68tAzlqpy1zNOeEBPQ5URz63sjtZPoyYFKmOVIBf6mKLOly3YQ0pgZSbTQMaqOGMop+fCjm3Jf5jL4Mpe9z7+WEAFcbHG6zjvC803y1DuZhtPoVAPZigf+J4guYbDa9mOkX6RS7G4gKYATxwMXFxf/+IpZT34Ll1NcP85yx3BnLnR6WU48Iyx3Py+pO+xCYeqSHwD4cy41Gmjmsh6qk1RqA5bQokAb1EHZVN4zADDRTPj8CflxY7gAyeEtyP6O/T0B/KL/FYl0hvUJrY7dJNfv/AQ==</diagram></mxfile>
diff --git a/modules/sagemaker/sagemaker-endpoint/modulestack.yaml b/modules/sagemaker/sagemaker-endpoint/modulestack.yaml
@@ -0,0 +1,26 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: This template deploys a Module specific IAM permissions
+
+Parameters:
+  RoleName:
+    Type: String
+    Description: The name of the IAM Role
+  ModelPackageGroupName:
+    Type: String
+    Description: The name of the SageMaker Model Package Group
+    Default: NotPopulated
+
+Resources:
+  Policy:
+    Type: AWS::IAM::Policy
+    Properties:
+      PolicyName: "sagemaker-endpoint-modulespecific-policy"
+      Roles: [!Ref RoleName]
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Action:
+              - sagemaker:ListModelPackages
+            Resource:
+              - !Sub arn:${AWS::Partition}:sagemaker:${AWS::Region}:${AWS::AccountId}:model-package/${ModelPackageGroupName}/*