SpotEventPluginFleet
- class aws_rfdk.deadline.SpotEventPluginFleet(scope, id, *, deadline_groups, instance_types, max_capacity, render_queue, vpc, worker_machine_image, allocation_strategy=None, block_devices=None, deadline_pools=None, deadline_region=None, fleet_instance_role=None, fleet_role=None, key_name=None, log_group_props=None, security_groups=None, track_instances_with_resource_tracker=None, user_data=None, user_data_provider=None, valid_until=None, vpc_subnets=None)
Bases:
constructs.Construct
This construct reperesents a fleet from the Spot Fleet Request created by the Spot Event Plugin.
This fleet is intended to be used as input for the {@link @aws-rfdk/deadline#ConfigureSpotEventPlugin} construct.
The construct itself doesn’t create the Spot Fleet Request, but deploys all the resources required for the Spot Fleet Request and generates the Spot Fleet Configuration setting: a one to one mapping between a Deadline Group and Spot Fleet Request Configurations.
architecture diagram
Resources Deployed
An Instance Role, corresponding IAM Policy and an Instance Profile.
A Fleet Role and corresponding IAM Policy.
An Amazon CloudWatch log group that contains the Deadline Worker, Deadline Launcher, and instance-startup logs for the instances in the fleet.
A security Group if security groups are not provided.
An EC2 Launch Template for the Spot Fleet.
Security Considerations
The instances deployed by this construct download and run scripts from your CDK bootstrap bucket when that instance is launched. You must limit write access to your CDK bootstrap bucket to prevent an attacker from modifying the actions performed by these scripts. We strongly recommend that you either enable Amazon S3 server access logging on your CDK bootstrap bucket, or enable AWS CloudTrail on your account to assist in post-incident analysis of compromised production environments.
The data that is stored on your Worker’s local EBS volume can include temporary working files from the applications that are rendering your jobs and tasks. That data can be sensitive or privileged, so we recommend that you encrypt the data volumes of these instances using either the provided option or by using an encrypted AMI as your source.
The software on the AMI that is being used by this construct may pose a security risk. We recommend that you adopt a patching strategy to keep this software current with the latest security patches. Please see https://docs.aws.amazon.com/rfdk/latest/guide/patching-software.html for more information.
- Parameters
scope (
Construct) –id (
str) –deadline_groups (
Sequence[str]) – Deadline groups these workers need to be assigned to. Also, note that the Spot Fleet configuration does not allow using wildcards as part of the Group name as described here https://docs.thinkboxsoftware.com/products/deadline/10.2/1_User%20Manual/manual/event-spot.html#wildcardsinstance_types (
Sequence[InstanceType]) – Types of instances to launch.max_capacity (
Union[int,float]) – The the maximum capacity that the Spot Fleet can grow to. See https://docs.thinkboxsoftware.com/products/deadline/10.2/1_User%20Manual/manual/event-spot.html#spot-fleet-requestsrender_queue (
IRenderQueue) – The RenderQueue that Worker fleet should connect to.vpc (
IVpc) – VPC to launch the Worker fleet in.worker_machine_image (
IMachineImage) – The AMI of the Deadline Worker to launch.allocation_strategy (
Optional[SpotFleetAllocationStrategy]) – Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the Spot Fleet request. Default: - SpotFleetAllocationStrategy.LOWEST_PRICE.block_devices (
Optional[Sequence[Union[BlockDevice,Dict[str,Any]]]]) – The Block devices that will be attached to your workers. Default: - The default devices of the provided ami will be used.deadline_pools (
Optional[Sequence[str]]) – Deadline pools these workers need to be assigned to. Default: - Workers are not assigned to any pool.deadline_region (
Optional[str]) – Deadline region these workers needs to be assigned to. Note that this is not an AWS region but a Deadline region used for path mapping. See https://docs.thinkboxsoftware.com/products/deadline/10.2/1_User%20Manual/manual/cross-platform.html#regions Default: - Worker is not assigned to any Deadline region.fleet_instance_role (
Optional[IRole]) – An IAM role to associate with the instance profile assigned to its resources. Create this role on the same stack with the SpotEventPluginFleet to avoid circular dependencies. The role must be assumable by the service principalec2.amazonaws.comand have AWSThinkboxDeadlineSpotEventPluginWorkerPolicy policy attached:: const role = new iam.Role(this, ‘MyRole’, { assumedBy: new iam.ServicePrincipal(‘ec2.amazonaws.com’), managedPolicies: [ ManagedPolicy.fromAwsManagedPolicyName(‘AWSThinkboxDeadlineSpotEventPluginWorkerPolicy’), ], }); Default: - A role will automatically be created.fleet_role (
Optional[IRole]) – An IAM role for the spot fleet. The role must be assumable by the service principalspotfleet.amazonaws.comand have AmazonEC2SpotFleetTaggingRole policy attached Example:: const role = new iam.Role(this, ‘FleetRole’, { assumedBy: new iam.ServicePrincipal(‘spotfleet.amazonaws.com’), managedPolicies: [ ManagedPolicy.fromAwsManagedPolicyName(‘service-role/AmazonEC2SpotFleetTaggingRole’), ], }); Default: - A role will automatically be created.key_name (
Optional[str]) – Name of SSH keypair to grant access to instances. Default: - No SSH access will be possible.log_group_props (
Union[LogGroupFactoryProps,Dict[str,Any],None]) – Properties for setting up the Deadline Worker’s LogGroup. Default: - LogGroup will be created with all properties’ default values and a prefix of “/renderfarm/”.security_groups (
Optional[Sequence[ISecurityGroup]]) – Security Groups to assign to this fleet. Default: - A new security group will be created automatically.track_instances_with_resource_tracker (
Optional[bool]) – Whether the instances in the Spot Fleet should be tracked by Deadline Resource Tracker. In addition to this property, the Spot Event Plugin must also be configured to use the Resource tracker by using the`enableResourceTracker<https://docs.aws.amazon.com/rfdk/api/latest/docs/aws-rfdk.deadline.SpotEventPluginSettings.html#enableresourcetracker>`_ property of theConfigureSpotEventPluginconstruct, which istrueby default. Default: trueuser_data (
Optional[UserData]) – User data that instances use when starting up. Default: - User data will be created automatically.user_data_provider (
Optional[IInstanceUserDataProvider]) – An optional provider of user data commands to be injected at various points during the Worker configuration lifecycle. You can provide a subclass of InstanceUserDataProvider with the methods overridden as desired. Default: : Not used.valid_until (
Optional[Expiration]) – The end date and time of the request. After the end date and time, no new Spot Instance requests are placed or able to fulfill the request. Default: - the Spot Fleet request remains until you cancel it.vpc_subnets (
Union[SubnetSelection,Dict[str,Any],None]) – Where to place the instance within the VPC. Default: - Private subnets.
Methods
- allow_remote_control_from(other)
Allow access to the Worker’s remote command listener port (configured as a part of the WorkerConfiguration) for an IConnectable that is either in this stack, or in a stack that depends on this stack.
If this stack depends on the other stack, use allowRemoteControlTo(). See https://docs.thinkboxsoftware.com/products/deadline/10.2/1_User%20Manual/manual/remote-control.html
Common uses are:
Adding a SecurityGroup:
workerFleet.allowRemoteControlFrom(securityGroup)Adding a CIDR:
workerFleet.allowRemoteControlFrom(Peer.ipv4('10.0.0.0/24'))- Parameters
other (
IConnectable) –- Inheritdoc
true
- Return type
None
- allow_remote_control_to(other)
Allow access to the Worker’s remote command listener port (configured as a part of the WorkerConfiguration) for an IConnectable that is either in this stack, or in a stack that this stack depends on.
If the other stack depends on this stack, use allowRemoteControlFrom(). See https://docs.thinkboxsoftware.com/products/deadline/10.2/1_User%20Manual/manual/remote-control.html
Common uses are:
Adding a SecurityGroup:
workerFleet.allowRemoteControlTo(securityGroup)Adding a CIDR:
workerFleet.allowRemoteControlTo(Peer.ipv4('10.0.0.0/24'))- Parameters
other (
IConnectable) –- Inheritdoc
true
- Return type
None
- to_string()
Returns a string representation of this construct.
- Return type
str
Attributes
- allocation_strategy
Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the Spot Fleet request.
- Return type
- block_devices
The Block devices that will be attached to your workers.
- Default
The default devices of the provided ami will be used.
- Return type
Optional[List[BlockDevice]]
- connections
The security groups/rules used to allow network connections.
- Return type
- deadline_groups
Deadline groups the workers need to be assigned to.
- Default
Workers are not assigned to any group
- Return type
List[str]
- deadline_pools
Deadline pools the workers need to be assigned to.
- Default
Workers are not assigned to any pool
- Return type
Optional[List[str]]
- default_subnets
Indicates whether the subnets are the defaults.
If
props.vpcSubnetswas passed in, this will be false.- Return type
bool
- fleet_instance_role
An IAM role associated with the instance profile assigned to its resources.
- Return type
- fleet_role
An IAM role that grants the Spot Fleet the permission to request, launch, terminate, and tag instances on your behalf.
- Return type
- grant_principal
The principal to grant permissions to.
Granting permissions to this principal will grant those permissions to the spot instance role.
- Return type
- instance_profile
The IAM instance profile that fleet instance role is associated to.
- Return type
- instance_types
Types of instances to launch.
- Return type
List[InstanceType]
- key_name
Name of SSH keypair to grant access to instances.
- Default
No SSH access will be possible.
- Return type
Optional[str]
- launch_template
The Launch Template for this Spot Fleet.
This launch template does not specify an instance type or subnet.
- Return type
- machine_image
The Worker AMI.
- Return type
- max_capacity
The the maximum capacity that the Spot Fleet can grow to.
- Return type
Union[int,float]
- os_type
The operating system of the script host.
- Return type
- security_groups
Security Groups assigned to this fleet.
- Return type
List[ISecurityGroup]
- subnets
Subnets where the instance will be placed within the VPC.
- Return type
- tags
The tags to apply during creation of instances and of the Spot Fleet Request.
- Return type
- valid_until
The end date and time of the request.
After the end date and time, no new Spot Instance requests are placed or able to fulfill the request.
- Default
the Spot Fleet request remains until you cancel it.
- Return type
Optional[Expiration]
Static Methods
- classmethod is_construct(x)
Checks if
xis a construct.Use this method instead of
instanceofto properly detectConstructinstances, even when the construct library is symlinked.Explanation: in JavaScript, multiple copies of the
constructslibrary on disk are seen as independent, completely different libraries. As a consequence, the classConstructin each copy of theconstructslibrary is seen as a different class, and an instance of one class will not test asinstanceofthe other class.npm installwill not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of theconstructslibrary can be accidentally installed, andinstanceofwill behave unpredictably. It is safest to avoid usinginstanceof, and using this type-testing method instead.- Parameters
x (
Any) – Any object.- Return type
bool- Returns
true if
xis an object created from a class which extendsConstruct.