amazon-web-servicesamazon-sagemakerlog-analysis

Deepracer log_analysis tool - sagemaker role errors

I'm trying to run the Deepracer log analysis tool from https://github.com/aws-samples/aws-deepracer-workshops/blob/master/log-analysis/DeepRacer%20Log%20Analysis.ipynb on my local laptop. However I get below error while trying to run step [5] "Create an IAM role". 

try:
    sagemaker_role = sagemaker.get_execution_role()
except:
    sagemaker_role = get_execution_role('sagemaker')

print("Using Sagemaker IAM role arn: \n{}".format(sagemaker_role))

Couldn't call 'get_role' to get Role ARN from role name arn:aws:iam::26********:root to get Role path.
---------------------------------------------------------------------------
ValueError                                Traceback (most recent call last)
<ipython-input-5-3bea8175b8c7> in <module>
      1 try:
----> 2     sagemaker_role = sagemaker.get_execution_role()
      3 except:

/opt/conda/lib/python3.7/site-packages/sagemaker/session.py in get_execution_role(sagemaker_session)
   3302     )
-> 3303     raise ValueError(message.format(arn))
   3304 

ValueError: The current AWS identity is not a role: arn:aws:iam::26********:root, therefore it cannot be used as a SageMaker execution role

During handling of the above exception, another exception occurred:

NameError                                 Traceback (most recent call last)
<ipython-input-5-3bea8175b8c7> in <module>
      2     sagemaker_role = sagemaker.get_execution_role()
      3 except:
----> 4     sagemaker_role = get_execution_role('sagemaker')
      5 
      6 print("Using Sagemaker IAM role arn: \n{}".format(sagemaker_role))

NameError: name 'get_execution_role' is not defined

Does anybody know what needs to be done to execute above code without errors?

Solution

  • AWS support recommended below solution:

    This seems to be a known issue when executing the code locally, as mentioned in the following Github issue [3]. A work-around to fix the issue is also defined in that issue [3] and can be referred to using the following link: aws/sagemaker-python-sdk#300 (comment)

    The steps in the work-around given in the above link are:

    1. Login to the AWS console -> IAM -> Roles -> Create Role

    2. Create an IAM role and select the "SageMaker" service

    3. Give the role "AmazonSageMakerFullAccess" permission

    4. Review and create the role

    5. Next, also attach the "AWSRoboMakerFullAccess" permission policy to the above created role (as required in the Github notebook [1]).

    6. The original code would then need to be modified to fetch the IAM role directly when the code is executed on a local machine. The code snippet to be used is given below:

    try:
   sagemaker_role = sagemaker.get_execution_role()
 except ValueError:
   iam = boto3.client('iam')
   sagemaker_role = iam.get_role(RoleName='<sagemaker-IAM-role-name>')['Role']['Arn']

    In the above snippet, replace the "" text with the IAM role name created in Step 4.

    References:

    [1] https://github.com/aws-samples/aws-deepracer-workshops/blob/master/log-analysis/DeepRacer%20Log%20Analysis.ipynb

    [2] https://docs.aws.amazon.com/sagemaker/latest/dg/automatic-model-tuning-ex-role.html

    [3] aws/sagemaker-python-sdk#300