Created
June 26, 2023 17:00
-
-
Save HarshadRanganathan/2a9c3db5e442359d4855a170df47c087 to your computer and use it in GitHub Desktop.
Sagemaker Scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Installs a git helper function which retrieves the password or developer token from Secrets Manager | |
| # directly for cloning a repository from a private git repo or pushing back changes upstream. | |
| # Storing passwords and tokens in Secrets Manager eliminates the need to store any sensitive information on EFS. | |
| # Steps: | |
| # 1. Add your password or personal developer token to Secret Manager | |
| # 2. Set the secret name, key & email in the script below | |
| # 3. Clone your repository via HTTP with the user name in the url, e.g. "git clone http://username@github.com/...." | |
| #!/bin/bash | |
| set -eux | |
| ## Parameters | |
| # your git provider, e.g. github.com | |
| GIT_PROVIDER="github.com" | |
| GIT_EMAIL_ADDRESS="<github_email_address>" | |
| AWS_REGION="us-east-1" | |
| # Secret name stored in AWS Secrets Manager | |
| AWS_SECRET_NAME="AmazonSageMaker-ghec_token" | |
| # Secret key name inside the secret | |
| AWS_SECRET_KEY_GIT_USERNAME="username" | |
| AWS_SECRET_KEY_GIT_PASSWORD="password" | |
| ## Script Body | |
| PYTHON_EXEC=$(command -v python) | |
| cat > ~/.aws-credential-helper.py <<EOL | |
| #!$PYTHON_EXEC | |
| import sys | |
| import json | |
| import boto3 | |
| import botocore | |
| GIT_PROVIDER='$GIT_PROVIDER' | |
| AWS_REGION='$AWS_REGION' | |
| AWS_SECRET_NAME='$AWS_SECRET_NAME' | |
| AWS_SECRET_KEY_GIT_USERNAME='$AWS_SECRET_KEY_GIT_USERNAME' | |
| AWS_SECRET_KEY_GIT_PASSWORD='$AWS_SECRET_KEY_GIT_PASSWORD' | |
| if len(sys.argv) < 2 or sys.argv[1] != 'get': | |
| exit(0) | |
| credentials = {} | |
| for line in sys.stdin: | |
| if line.strip() == "": | |
| break | |
| key, value = line.split('=')[0:2] | |
| credentials[key.strip()] = value.strip() | |
| if credentials.get('host', '') == GIT_PROVIDER: | |
| client = boto3.client('secretsmanager', region_name=AWS_REGION) | |
| try: | |
| response = client.get_secret_value(SecretId=AWS_SECRET_NAME) | |
| except botocore.exceptions.ClientError as e: | |
| exit(1) | |
| if 'SecretString' in response: | |
| secret = response['SecretString'] | |
| secret_dict = json.loads(secret) | |
| if AWS_SECRET_KEY_GIT_USERNAME in secret_dict: | |
| credentials['username'] = secret_dict[AWS_SECRET_KEY_GIT_USERNAME] | |
| if AWS_SECRET_KEY_GIT_PASSWORD in secret_dict: | |
| credentials['password'] = secret_dict[AWS_SECRET_KEY_GIT_PASSWORD] | |
| for key, value in credentials.items(): | |
| print('{}={}'.format(key, value)) | |
| EOL | |
| chmod +x ~/.aws-credential-helper.py | |
| git config --global credential.helper ~/.aws-credential-helper.py | |
| git config --global user.name "$AWS_SECRET_KEY_GIT_USERNAME" | |
| git config --global user.email "$GIT_EMAIL_ADDRESS" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment