From 2c18d7e0875b3d171e3e21476d82618777cdc310 Mon Sep 17 00:00:00 2001
From: Tommy Dang <quantumventuress@gmail.com>
Date: Tue, 14 May 2024 01:28:13 -0700
Subject: [PATCH] 3

---
 .env.dev                                      |   4 +-
 .gitignore                                    |   4 +
 Dockerfile                                    |   2 +-
 mlops/metadata.yaml                           |  12 ++
 mlops/unit_5_deploying/aws/alb.tf             |  82 ++++++++
 mlops/unit_5_deploying/aws/db.tf              |  83 ++++++++
 mlops/unit_5_deploying/aws/efs.tf             |  36 ++++
 mlops/unit_5_deploying/aws/env_vars.json      |  34 ++++
 mlops/unit_5_deploying/aws/iam.tf             |  73 +++++++
 mlops/unit_5_deploying/aws/lambda.tf          |  23 +++
 mlops/unit_5_deploying/aws/main.tf            | 190 ++++++++++++++++++
 mlops/unit_5_deploying/aws/networking.tf      |  56 ++++++
 .../aws/python/event_handler.py               |  26 +++
 .../aws/python/event_handler.zip              | Bin 0 -> 637 bytes
 mlops/unit_5_deploying/aws/variables.tf       | 110 ++++++++++
 mlops/unit_5_deploying/aws/vpc.tf             |  11 +
 scripts/start.sh                              |   6 +-
 17 files changed, 748 insertions(+), 4 deletions(-)
 create mode 100644 mlops/unit_5_deploying/aws/alb.tf
 create mode 100644 mlops/unit_5_deploying/aws/db.tf
 create mode 100644 mlops/unit_5_deploying/aws/efs.tf
 create mode 100644 mlops/unit_5_deploying/aws/env_vars.json
 create mode 100644 mlops/unit_5_deploying/aws/iam.tf
 create mode 100644 mlops/unit_5_deploying/aws/lambda.tf
 create mode 100644 mlops/unit_5_deploying/aws/main.tf
 create mode 100644 mlops/unit_5_deploying/aws/networking.tf
 create mode 100644 mlops/unit_5_deploying/aws/python/event_handler.py
 create mode 100644 mlops/unit_5_deploying/aws/python/event_handler.zip
 create mode 100644 mlops/unit_5_deploying/aws/variables.tf
 create mode 100644 mlops/unit_5_deploying/aws/vpc.tf

diff --git a/.env.dev b/.env.dev
index bfe1a6daf..88471e5ed 100644
--- a/.env.dev
+++ b/.env.dev
@@ -23,5 +23,5 @@ EXPERIMENTS_DB=experiments
 EXPERIMENTS_TRACKING_URI="postgresql+psycopg2://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:5432/${EXPERIMENTS_DB}"
 
 # Alerts
-SMTP_EMAIL=
-SMTP_PASSWORD=
+SMTP_EMAIL=$SMTP_EMAIL
+SMTP_PASSWORD=$SMTP_PASSWORD
diff --git a/.gitignore b/.gitignore
index 63f3eeffb..1a9eff0a2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,8 @@
 .mage_temp_profiles
 .preferences.yaml
 .ssh_tunnel
+.terraform
+.terraform.*
 .variables/
 __pycache__/
 docker-compose.override.yml
@@ -15,4 +17,6 @@ mage-ai.db
 mage_data/
 mlruns
 secrets/
+terraform.tfstate
+terraform.tfstate.backup
 titanic_clean.csv
diff --git a/Dockerfile b/Dockerfile
index 1b5951949..cfcf29197 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,6 +19,6 @@ ENV USER_CODE_PATH=${USER_CODE_PATH}
 # Install custom Python libraries
 RUN pip3 install -r ${USER_CODE_PATH}/requirements.txt
 
-ENV PYTHONPATH="${PYTHONPATH}:/home/mage_code"
+ENV PYTHONPATH="${PYTHONPATH}:${MAGE_CODE_PATH}/${PROJECT_NAME}"
 
 CMD ["/bin/sh", "-c", "/app/run_app.sh"]
diff --git a/mlops/metadata.yaml b/mlops/metadata.yaml
index 6eadc9f70..d674645b2 100644
--- a/mlops/metadata.yaml
+++ b/mlops/metadata.yaml
@@ -16,3 +16,15 @@ features:
   polars: true
 project_uuid: 36404d0ffc214b8a89f598f3522c1a20
 help_improve_mage: true
+notification_config:
+  alert_on:
+    - trigger_failure
+    - trigger_passed_sla
+    - trigger_success
+  email_config:
+    smtp_host: smtp.gmail.com
+    smtp_user: "{{ env_var('SMTP_EMAIL') }}"
+    smtp_password: "{{ env_var('SMTP_PASSWORD') }}"
+    smtp_mail_from: "{{ env_var('SMTP_EMAIL') }}"
+    to_emails:
+      - "{{ env_var('SMTP_EMAIL') }}"
diff --git a/mlops/unit_5_deploying/aws/alb.tf b/mlops/unit_5_deploying/aws/alb.tf
new file mode 100644
index 000000000..1268c2513
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/alb.tf
@@ -0,0 +1,82 @@
+# alb.tf | Load Balancer Configuration
+
+resource "aws_alb" "application_load_balancer" {
+  name               = "${var.app_name}-${var.app_environment}-alb"
+  internal           = false
+  load_balancer_type = "application"
+  subnets            = aws_subnet.public.*.id
+  security_groups    = [aws_security_group.load_balancer_security_group.id]
+
+  tags = {
+    Name        = "${var.app_name}-alb"
+    Environment = var.app_environment
+  }
+}
+
+data "http" "myip" {
+  url = "http://ipv4.icanhazip.com"
+}
+
+resource "aws_security_group" "load_balancer_security_group" {
+  vpc_id = aws_vpc.aws-vpc.id
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["${chomp(data.http.myip.response_body)}/32"]
+  }
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["${chomp(data.http.myip.response_body)}/32"]
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+  tags = {
+    Name        = "${var.app_name}-sg"
+    Environment = var.app_environment
+  }
+}
+
+resource "aws_lb_target_group" "target_group" {
+  name        = "${var.app_name}-${var.app_environment}-tg"
+  port        = 6789
+  protocol    = "HTTP"
+  target_type = "ip"
+  vpc_id      = aws_vpc.aws-vpc.id
+
+  health_check {
+    healthy_threshold   = "3"
+    interval            = "30"
+    protocol            = "HTTP"
+    matcher             = "200"
+    timeout             = "5"
+    path                = "/api/status"
+    unhealthy_threshold = "2"
+  }
+
+  tags = {
+    Name        = "${var.app_name}-lb-tg"
+    Environment = var.app_environment
+  }
+}
+
+resource "aws_lb_listener" "listener" {
+  load_balancer_arn = aws_alb.application_load_balancer.id
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.target_group.id
+  }
+}
diff --git a/mlops/unit_5_deploying/aws/db.tf b/mlops/unit_5_deploying/aws/db.tf
new file mode 100644
index 000000000..f99f927db
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/db.tf
@@ -0,0 +1,83 @@
+# db.tf | Database Configuration
+
+resource "aws_db_subnet_group" "rds_subnet_group" {
+  name        = "${var.app_name}-${var.app_environment}-rds-subnet-group"
+  description = "${var.app_name} RDS subnet group"
+  subnet_ids  = aws_subnet.public.*.id
+  tags = {
+    Environment = var.app_environment
+  }
+}
+
+
+resource "aws_security_group" "rds_sg" {
+  name        = "${var.app_name}-${var.app_environment}-rds-sg"
+  description = "${var.app_name} RDS Security Group"
+  vpc_id      = aws_vpc.aws-vpc.id
+
+  tags = {
+    Name        = "${var.app_name}-${var.app_environment}-rds-sg"
+    Environment = var.app_environment
+  }
+
+  // allows traffic from the SG itself
+  ingress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    self      = true
+  }
+
+  //allow traffic for TCP 5432
+  ingress {
+    from_port       = 5432
+    to_port         = 5432
+    protocol        = "tcp"
+    security_groups = ["${aws_security_group.service_security_group.id}"]
+  }
+
+  // outbound internet access
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_db_instance" "rds" {
+  identifier             = "${var.app_name}-${var.app_environment}-db"
+  allocated_storage      = 20
+  engine                 = "postgres"
+  engine_version         = "16.3"
+  instance_class         = "db.t3.micro"
+  multi_az               = false
+  db_name                = "mage"
+  username               = var.database_user     // export TF_VAR_database_username="..."
+  password               = var.database_password // export TF_VAR_database_password="..."
+  db_subnet_group_name   = aws_db_subnet_group.rds_subnet_group.id
+  vpc_security_group_ids = ["${aws_security_group.rds_sg.id}"]
+  skip_final_snapshot    = true
+  publicly_accessible    = true
+
+  tags = {
+    Environment = var.app_environment
+  }
+}
+
+# Extra resources specific to this project.
+
+resource "null_resource" "db_setup" {
+  depends_on = [aws_db_instance.rds]
+
+  provisioner "local-exec" {
+    command = <<EOT
+      PGPASSWORD="${var.database_password}" psql -U ${var.database_user} -h ${aws_db_instance.rds.address} -d ${aws_db_instance.rds.db_name} -c "CREATE DATABASE ${var.experiments_database_name};"
+    EOT
+  }
+
+  triggers = {
+    # Forces this resource to be recreated on any change of the RDS instance.
+    always_run = "${timestamp()}"
+  }
+}
diff --git a/mlops/unit_5_deploying/aws/efs.tf b/mlops/unit_5_deploying/aws/efs.tf
new file mode 100644
index 000000000..60d61bf8c
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/efs.tf
@@ -0,0 +1,36 @@
+# efs.tf | Elastic File System Configuration
+
+resource "aws_efs_file_system" "file_system" {
+  encrypted         = true
+  performance_mode  = "generalPurpose"
+  throughput_mode   = "elastic"
+
+  tags = {
+    Name        = "${var.app_name}-efs"
+    Environment = var.app_environment
+  }
+}
+
+resource "aws_efs_mount_target" "mount_target" {
+  count = length(aws_subnet.public)
+  file_system_id = aws_efs_file_system.file_system.id
+  subnet_id      = aws_subnet.public[count.index].id
+  security_groups = [ aws_security_group.mount_target_security_group.id ]
+}
+
+
+resource "aws_security_group" "mount_target_security_group" {
+  vpc_id = aws_vpc.aws-vpc.id
+
+  ingress {
+    from_port        = 2049
+    to_port          = 2049
+    protocol         = "tcp"
+    security_groups  = [aws_security_group.service_security_group.id]
+  }
+
+  tags = {
+    Name        = "${var.app_name}-efs-sg"
+    Environment = var.app_environment
+  }
+}
diff --git a/mlops/unit_5_deploying/aws/env_vars.json b/mlops/unit_5_deploying/aws/env_vars.json
new file mode 100644
index 000000000..68f4f5e5e
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/env_vars.json
@@ -0,0 +1,34 @@
+[
+  {
+    "name": "ENV",
+    "value": "production"
+  },
+  {
+    "name": "AWS_ACCESS_KEY_ID",
+    "value": "${aws_access_key_id}"
+  },
+  {
+    "name": "AWS_SECRET_ACCESS_KEY",
+    "value": "${aws_secret_access_key}"
+  },
+  {
+    "name": "AWS_REGION_NAME",
+    "value": "${aws_region_name}"
+  },
+  {
+    "name": "MAGE_EC2_SUBNET_ID",
+    "value": "${ec2_subnet_id}"
+  },
+  {
+    "EXPERIMENTS_TRACKING_URI": "${experiments_tracking_uri}"
+  },
+  {
+    "SMTP_EMAIL": "${smtp_email}"
+  },
+  {
+    "SMTP_PASSWORD": "${smtp_password}"
+  },
+  {
+    "MAGE_PRESENTERS_DIRECTORY": "mlops/presenters"
+  }
+]
diff --git a/mlops/unit_5_deploying/aws/iam.tf b/mlops/unit_5_deploying/aws/iam.tf
new file mode 100644
index 000000000..d0d57510b
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/iam.tf
@@ -0,0 +1,73 @@
+# iam.tf | IAM Role Policies
+
+resource "aws_iam_role" "ecsTaskExecutionRole" {
+  name               = "${var.app_name}-execution-task-role"
+  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
+  tags = {
+    Name        = "${var.app_name}-iam-role"
+    Environment = var.app_environment
+  }
+}
+
+data "aws_iam_policy_document" "assume_role_policy" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ecs-tasks.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "ecsTaskExecutionRole_policy" {
+  role       = aws_iam_role.ecsTaskExecutionRole.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
+}
+
+
+# resource "aws_iam_role" "lambda_role" {
+#   name   = "${var.app_name}-lambda-role"
+#   assume_role_policy = <<EOF
+# {
+#  "Version": "2012-10-17",
+#  "Statement": [
+#    {
+#      "Action": "sts:AssumeRole",
+#      "Principal": {
+#        "Service": "lambda.amazonaws.com"
+#      },
+#      "Effect": "Allow",
+#      "Sid": ""
+#    }
+#  ]
+# }
+# EOF
+# }
+
+# resource "aws_iam_policy" "iam_policy_for_lambda" {
+#  name         = "${var.app_name}_policy_for_lambda_role"
+#  path         = "/"
+#  description  = "IAM Policy for managing ${var.app_name} lambda role"
+#  policy = <<EOF
+# {
+#  "Version": "2012-10-17",
+#  "Statement": [
+#    {
+#      "Action": [
+#        "logs:CreateLogGroup",
+#        "logs:CreateLogStream",
+#        "logs:PutLogEvents"
+#      ],
+#      "Resource": "arn:aws:logs:*:*:*",
+#      "Effect": "Allow"
+#    }
+#  ]
+# }
+# EOF
+# }
+
+# resource "aws_iam_role_policy_attachment" "attach_iam_policy_to_lambda_role" {
+#  role        = aws_iam_role.lambda_role.name
+#  policy_arn  = aws_iam_policy.iam_policy_for_lambda.arn
+# }
diff --git a/mlops/unit_5_deploying/aws/lambda.tf b/mlops/unit_5_deploying/aws/lambda.tf
new file mode 100644
index 000000000..80adbfa1e
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/lambda.tf
@@ -0,0 +1,23 @@
+# # lambda.tf | Lambda Function Configuration
+
+# data "archive_file" "zip_the_python_code" {
+#   type        = "zip"
+#   source_dir  = "${path.module}/python/"
+#   output_path = "${path.module}/python/event_handler.zip"
+# }
+
+# resource "aws_lambda_function" "terraform_lambda_func" {
+#   filename        = "${path.module}/python/event_handler.zip"
+#   function_name   = "${var.app_name}-events"
+#   role            = aws_iam_role.lambda_role.arn
+#   handler         = "event_handler.lambda_handler"
+#   runtime         = "python3.8"
+#   depends_on      = [aws_iam_role_policy_attachment.attach_iam_policy_to_lambda_role,
+#                       aws_alb.application_load_balancer]
+
+#   environment {
+#     variables = {
+#       MAGE_API_HOST = aws_alb.application_load_balancer.dns_name,
+#     }
+#   }
+# }
diff --git a/mlops/unit_5_deploying/aws/main.tf b/mlops/unit_5_deploying/aws/main.tf
new file mode 100644
index 000000000..186bbb894
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/main.tf
@@ -0,0 +1,190 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.50"
+    }
+  }
+
+  required_version = ">= 1.2.0"
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+resource "aws_ecs_cluster" "aws-ecs-cluster" {
+  name = "${var.app_name}-${var.app_environment}-cluster"
+
+  setting {
+    name  = "containerInsights"
+    value = "enabled"
+  }
+
+  tags = {
+    Name        = "${var.app_name}-ecs"
+    Environment = var.app_environment
+  }
+}
+
+// To delete an existing log grou, run the cli command:
+// aws logs delete-log-group --log-group-name app-name-production-logs
+resource "aws_cloudwatch_log_group" "log-group" {
+  name = "${var.app_name}-${var.app_environment}-logs"
+
+  tags = {
+    Application = var.app_name
+    Environment = var.app_environment
+  }
+}
+
+data "template_file" "env_vars" {
+  template = file("env_vars.json")
+
+  vars = {
+    aws_access_key_id     = var.AWS_ACCESS_KEY_ID
+    aws_secret_access_key = var.AWS_SECRET_ACCESS_KEY
+    aws_region_name       = var.aws_region
+    # lambda_func_arn = "${aws_lambda_function.terraform_lambda_func.arn}"
+    # lambda_func_name = "${aws_lambda_function.terraform_lambda_func.function_name}"
+    database_connection_url = "postgresql+psycopg2://${var.database_user}:${var.database_password}@${aws_db_instance.rds.address}:5432/mage"
+    ec2_subnet_id           = aws_subnet.public[0].id
+
+    # Extra env_vars specific to this project.
+    experiments_tracking_uri = "postgresql+psycopg2://${var.database_user}:${var.database_password}@${aws_db_instance.rds.address}:5432/${var.experiments_database_name}"
+    smtp_email               = var.smtp_email    // export TF_VAR_smtp_email="..."
+    smtp_password            = var.smtp_password // export TF_VAR_smtp_password="..."
+  }
+}
+
+resource "aws_ecs_task_definition" "aws-ecs-task" {
+  family = "${var.app_name}-task"
+
+  container_definitions = <<DEFINITION
+  [
+    {
+      "name": "${var.app_name}-${var.app_environment}-container",
+      "image": "${var.docker_image}",
+      "environment": ${data.template_file.env_vars.rendered},
+      "essential": true,
+      "mountPoints": [
+        {
+          "readOnly": false,
+          "containerPath": "/home/src",
+          "sourceVolume": "${var.app_name}-fs"
+        }
+      ],
+      "logConfiguration": {
+        "logDriver": "awslogs",
+        "options": {
+          "awslogs-group": "${aws_cloudwatch_log_group.log-group.id}",
+          "awslogs-region": "${var.aws_region}",
+          "awslogs-stream-prefix": "${var.app_name}-${var.app_environment}"
+        }
+      },
+      "portMappings": [
+        {
+          "containerPort": 6789,
+          "hostPort": 6789
+        }
+      ],
+      "cpu": ${var.ecs_task_cpu},
+      "memory": ${var.ecs_task_memory},
+      "networkMode": "awsvpc",
+      "ulimits": [
+        {
+          "name": "nofile",
+          "softLimit": 16384,
+          "hardLimit": 32768
+        }
+      ],
+      "healthCheck": {
+        "command": ["CMD-SHELL", "curl -f http://localhost:6789/api/status || exit 1"],
+        "interval": 30,
+        "timeout": 5,
+        "retries": 3,
+        "startPeriod": 10
+      }
+    }
+  ]
+  DEFINITION
+
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+  memory                   = var.ecs_task_memory
+  cpu                      = var.ecs_task_cpu
+  execution_role_arn       = aws_iam_role.ecsTaskExecutionRole.arn
+  task_role_arn            = aws_iam_role.ecsTaskExecutionRole.arn
+
+  volume {
+    name = "${var.app_name}-fs"
+
+    efs_volume_configuration {
+      file_system_id     = aws_efs_file_system.file_system.id
+      transit_encryption = "ENABLED"
+    }
+  }
+
+  tags = {
+    Name        = "${var.app_name}-ecs-td"
+    Environment = var.app_environment
+  }
+
+  # depends_on = [aws_lambda_function.terraform_lambda_func]
+}
+
+data "aws_ecs_task_definition" "main" {
+  task_definition = aws_ecs_task_definition.aws-ecs-task.family
+}
+
+resource "aws_ecs_service" "aws-ecs-service" {
+  name                 = "${var.app_name}-${var.app_environment}-ecs-service"
+  cluster              = aws_ecs_cluster.aws-ecs-cluster.id
+  task_definition      = "${aws_ecs_task_definition.aws-ecs-task.family}:${max(aws_ecs_task_definition.aws-ecs-task.revision, data.aws_ecs_task_definition.main.revision)}"
+  launch_type          = "FARGATE"
+  scheduling_strategy  = "REPLICA"
+  desired_count        = 1
+  force_new_deployment = true
+
+  network_configuration {
+    subnets          = aws_subnet.public.*.id
+    assign_public_ip = true
+    security_groups = [
+      aws_security_group.service_security_group.id,
+      aws_security_group.load_balancer_security_group.id
+    ]
+  }
+
+  load_balancer {
+    target_group_arn = aws_lb_target_group.target_group.arn
+    container_name   = "${var.app_name}-${var.app_environment}-container"
+    container_port   = 6789
+  }
+
+  depends_on = [aws_lb_listener.listener]
+}
+
+resource "aws_security_group" "service_security_group" {
+  vpc_id = aws_vpc.aws-vpc.id
+
+  ingress {
+    from_port       = 6789
+    to_port         = 6789
+    protocol        = "tcp"
+    cidr_blocks     = ["${chomp(data.http.myip.response_body)}/32"]
+    security_groups = [aws_security_group.load_balancer_security_group.id]
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  tags = {
+    Name        = "${var.app_name}-service-sg"
+    Environment = var.app_environment
+  }
+}
diff --git a/mlops/unit_5_deploying/aws/networking.tf b/mlops/unit_5_deploying/aws/networking.tf
new file mode 100644
index 000000000..6eee0bad0
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/networking.tf
@@ -0,0 +1,56 @@
+# networking.tf | Network Configuration
+
+resource "aws_internet_gateway" "aws-igw" {
+  vpc_id = aws_vpc.aws-vpc.id
+  tags = {
+    Name        = "${var.app_name}-igw"
+    Environment = var.app_environment
+  }
+
+}
+
+resource "aws_subnet" "private" {
+  vpc_id            = aws_vpc.aws-vpc.id
+  count             = length(var.private_subnets)
+  cidr_block        = element(var.private_subnets, count.index)
+  availability_zone = element(var.availability_zones, count.index)
+
+  tags = {
+    Name        = "${var.app_name}-private-subnet-${count.index + 1}"
+    Environment = var.app_environment
+  }
+}
+
+resource "aws_subnet" "public" {
+  vpc_id                  = aws_vpc.aws-vpc.id
+  cidr_block              = element(var.public_subnets, count.index)
+  availability_zone       = element(var.availability_zones, count.index)
+  count                   = length(var.public_subnets)
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name        = "${var.app_name}-public-subnet-${count.index + 1}"
+    Environment = var.app_environment
+  }
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.aws-vpc.id
+
+  tags = {
+    Name        = "${var.app_name}-routing-table-public"
+    Environment = var.app_environment
+  }
+}
+
+resource "aws_route" "public" {
+  route_table_id         = aws_route_table.public.id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.aws-igw.id
+}
+
+resource "aws_route_table_association" "public" {
+  count          = length(var.public_subnets)
+  subnet_id      = element(aws_subnet.public.*.id, count.index)
+  route_table_id = aws_route_table.public.id
+}
diff --git a/mlops/unit_5_deploying/aws/python/event_handler.py b/mlops/unit_5_deploying/aws/python/event_handler.py
new file mode 100644
index 000000000..070a483eb
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/python/event_handler.py
@@ -0,0 +1,26 @@
+import json
+import os
+import urllib.request
+
+
+def lambda_handler(event, context):
+    print(event)
+
+    mage_api_host = os.getenv('MAGE_API_HOST')
+    url = f'http://{mage_api_host}/api/events'
+
+    request = urllib.request.Request(url)
+    request.add_header('Content-Type', 'application/json; charset=utf-8')
+    jsondata = json.dumps(event)
+    jsondataasbytes = jsondata.encode('utf-8')
+    request.add_header('Content-Length', len(jsondataasbytes))
+
+    response = urllib.request.urlopen(request, jsondataasbytes, timeout=60 * 5)
+
+    results = response.read().decode()
+    print('results', results)
+
+    return dict(
+        body=json.loads(results),
+        statusCode=200,
+    )
diff --git a/mlops/unit_5_deploying/aws/python/event_handler.zip b/mlops/unit_5_deploying/aws/python/event_handler.zip
new file mode 100644
index 0000000000000000000000000000000000000000..b165ec8f06376277fff9150ba95eea49da1fd92f
GIT binary patch
literal 637
zcmWIWW@Zs#-~d7f2E{HQ0S5v=R%%&lUP*jLVqQv4YLQ++WzEFE?kff&t@nRxzl#=n
zxvY7?2`{;6t|0*;cfS`c-)Y>t#M38FjQ!(&Z|k>KeF^bZ)kW_fzV4hIbcW}?7tdL%
z<C}a<tKWaKy8PX%b@sB2B@F$S?<LtMZJ4)di96SwLjuf~`NOvJGB}*l`|#7lwA<+6
z#44Y4^2vz?0^N2(!4*>;J-&O}{O{f8-~aCRkC$(WdShB`P#~aOyzA|*`Sol6zcSdF
z=c)flX1`L?&ZKMc=kg;rhfnwGz4lFc;ZmKWe|hA8JbO6BV~c`;>U*{nac6V$&r)rI
z#foNA`OVjd9s7AiNqI)<m2G}2bL?v~4{WkGoO;z<d)6TVUC+Xq-|aW?i}cxaiP^AL
zPF;QFnxm(o$gk}!vub@rp8UESH+k!UyhRZ=_uM&XT=7wTL)E;U+cV~Jt_`_$scF5Q
zUi6y0i+R=lnlZ%;ui2(`8`%HO@K4J;>%PS`Py6lU#Rf&X-!D$8+;@9!>D51c3=IGO
z2Y9n{$flp#l)=cru%3y5ApmDA31Y-jRb~ND7sL!uWU_(?APDegWD;RU#5J<{pty#C
vC5<2!dd#Ei2C0FW3~~buENNT@v>jD9&_w~>tZX19Oh8x*q+bCQF)#oC3)$kO

literal 0
HcmV?d00001

diff --git a/mlops/unit_5_deploying/aws/variables.tf b/mlops/unit_5_deploying/aws/variables.tf
new file mode 100644
index 000000000..2b9c6a2f5
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/variables.tf
@@ -0,0 +1,110 @@
+variable "AWS_ACCESS_KEY_ID" {
+  type    = string
+  default = "AWS_ACCESS_KEY_ID"
+}
+
+variable "AWS_SECRET_ACCESS_KEY" {
+  type    = string
+  default = "AWS_SECRET_ACCESS_KEY"
+}
+
+variable "DATABASE_CONNECTION_URL" {
+  type    = string
+  default = ""
+}
+
+variable "app_count" {
+  type    = number
+  default = 1
+}
+
+variable "aws_region" {
+  type        = string
+  description = "AWS Region"
+  default     = "us-west-2"
+}
+
+variable "aws_cloudwatch_retention_in_days" {
+  type        = number
+  description = "AWS CloudWatch Logs Retention in Days"
+  default     = 30
+}
+
+variable "app_name" {
+  type        = string
+  description = "Application Name"
+  default     = "mlops"
+}
+
+variable "app_environment" {
+  type        = string
+  description = "Application Environment"
+  default     = "production"
+}
+
+variable "cidr" {
+  description = "The CIDR block for the VPC."
+  default     = "10.32.0.0/16"
+}
+
+variable "database_user" {
+  type        = string
+  description = "The username of the Postgres database."
+  default     = "mageuser"
+}
+
+variable "database_password" {
+  type        = string
+  description = "The password of the Postgres database."
+  sensitive   = true
+}
+
+variable "docker_image" {
+  description = "Docker image url used in ECS task."
+  default     = "mageai/mageai:alpha"
+}
+
+variable "ecs_task_cpu" {
+  description = "ECS task cpu"
+  default     = 512
+}
+
+variable "ecs_task_memory" {
+  description = "ECS task memory"
+  default     = 1024
+}
+
+variable "public_subnets" {
+  description = "List of public subnets"
+  default     = ["10.32.100.0/24", "10.32.101.0/24"]
+}
+
+variable "private_subnets" {
+  description = "List of private subnets"
+  default     = ["10.32.0.0/24", "10.32.1.0/24"]
+}
+
+variable "availability_zones" {
+  description = "List of availability zones"
+  default     = ["us-west-2a", "us-west-2b"]
+}
+
+# Extra variables specific to this project.
+
+variable "experiments_database_name" {
+  type        = string
+  description = "The name of the database to store experiments that track training runs."
+  default     = "experiments"
+}
+
+variable "smtp_email" {
+  type        = string
+  description = "The email address to use for sending emails."
+  default     = ""
+}
+
+variable "smtp_password" {
+  type        = string
+  description = "The password to use for sending emails."
+  default     = ""
+}
diff --git a/mlops/unit_5_deploying/aws/vpc.tf b/mlops/unit_5_deploying/aws/vpc.tf
new file mode 100644
index 000000000..bcf5f4004
--- /dev/null
+++ b/mlops/unit_5_deploying/aws/vpc.tf
@@ -0,0 +1,11 @@
+# vpc.tf | VPC Configuration
+
+resource "aws_vpc" "aws-vpc" {
+  cidr_block           = var.cidr
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+  tags = {
+    Name        = "${var.app_name}-vpc"
+    Environment = var.app_environment
+  }
+}
diff --git a/scripts/start.sh b/scripts/start.sh
index 4fbaa802e..dab7207b4 100755
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -3,4 +3,8 @@
 
 # MAGE_CODE_PATH matches with the value in .env.dev
 # PROJECT_NAME matches with the value in .env.dev
-MAGE_CODE_PATH=/home/mage_code PROJECT_NAME=mlops docker compose up
+MAGE_CODE_PATH=/home/mage_code \
+  PROJECT_NAME=mlops \
+  SMTP_EMAIL=$SMTP_EMAIL \
+  SMTP_PASSWORD=$SMTP_PASSWORD \
+  docker compose up