fixing delete event, adding tests

CODE_OF_CONDUCT.md

@@ -0,0 +1,4 @@
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+opensource-codeofconduct@amazon.com with any additional questions or comments.

CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# Contributing Guidelines
+
+Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
+documentation, we greatly value feedback and contributions from our community.
+
+Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
+information to effectively respond to your bug report or contribution.
+
+
+## Reporting Bugs/Feature Requests
+
+We welcome you to use the GitHub issue tracker to report bugs or suggest features.
+
+When filing an issue, please check [existing open](https://github.com/aws-samples/sagemaker-studio-vpc-with-network-firewall/issues), or [recently closed](https://github.com/aws-samples/sagemaker-studio-vpc-with-network-firewall/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
+reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
+
+* A reproducible test case or series of steps
+* The version of our code being used
+* Any modifications you've made relevant to the bug
+* Anything unusual about your environment or deployment
+
+
+## Contributing via Pull Requests
+Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
+
+1. You are working against the latest source on the *master* branch.
+2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
+3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
+
+To send us a pull request, please:
+
+1. Fork the repository.
+2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
+3. Ensure local tests pass.
+4. Commit to your fork using clear commit messages.
+5. Send us a pull request, answering any default questions in the pull request interface.
+6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
+
+GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
+[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
+
+
+## Finding contributions to work on
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-samples/sagemaker-studio-vpc-with-network-firewall/labels/help%20wanted) issues is a great place to start.
+
+
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+opensource-codeofconduct@amazon.com with any additional questions or comments.
+
+
+## Security issue notifications
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
+
+
+## Licensing
+
+See the [LICENSE](https://github.com/aws-samples/sagemaker-studio-vpc-with-network-firewall/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+
+We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.

Makefile

@@ -9,7 +9,7 @@ export PYTHONUNBUFFERED := 1
 FUNCTION_DIR := functions
 
 # CloudFormation deployment variables
-CFN_ARTEFACT_S3_BUCKET ?= ilyiny-sagemaker-demo-artefacts
+CFN_ARTEFACT_S3_BUCKET ?= 
 CFN_TEMPLATE_DIR := cfn_templates
 PROJECT_NAME ?= sagemaker-studio-vpc
 SM_DOMAIN_NAME ?= sagemaker-demo-domain

NOTICE

@@ -0,0 +1,2 @@
+Deploy Amazon SageMaker Studion into a private VPC with NAT gateway and Network Firewall
+Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 

README.md

@@ -1,6 +1,6 @@
 # Amazon SageMaker Studio demo
 
-This solution demostrates the setup and deployment of Amazon SageMaker Studio into a private VPC and implementation of multi-layer security controls (data encryption, network traffic monitoring and restriction, usage of VPC endpoints, subnets and security groups, IAM resource policies).
+This solution demostrates the setup and deployment of Amazon SageMaker Studio into a private VPC and implementation of multi-layer security controls, such as data encryption, network traffic monitoring and restriction, usage of VPC endpoints, subnets and security groups, IAM resource policies.
 
 The use case is a real-life environment security setup, which generally requires the following security-related features to be in place:
 - End-to-end data encryption at rest and in transit
@@ -226,7 +226,7 @@ The solution implements the following setup to demonstrate the usage of SageMake
 
 ![Amazon SageMaker Studio infrastructure overview](design/sagemaker-studio-vpc.drawio.svg)
 
-The solution uses only one availability zone and is not highly-available. The HA solution can be implemented by duplicating the single-AZ setup (subnets, NAT Gateway, Network Firewall VPC endpoints) to additional AZs.
+❗ The solution uses **only one availability zone (AZ)** and is not highly-available. The HA solution can be implemented by duplicating the single-AZ setup (subnets, NAT Gateway, Network Firewall VPC endpoints) to additional AZs.
 
 ## VPC resources
 The solution deploys the following resources:
@@ -403,14 +403,19 @@ You can demostrate any other stateless or stateful rules and implement traffic f
 You can also demostrate the usage of the SageMaker security group or NACL inbould and outbound rules. 
 
 # Clean up
-Delete the stack:
+This operation will delete the whole stack together with SageMaker Studio Domain and user profile.
+
+❗ All notebooks volumes, and all EFS home directories will be deleted as well - no user data will be preserved upon stack deletion.
+
+1. Exit all instances SageMaker Studio.
+2. Delete the stack:
 ```bash
 make delete
 ```
 
 Alternatively you can delete the stack from the AWS CloudFormation console.
 
-If the deletion of the SageMaker domain fails, try to delete running applications for the user profile as described in [Delete Amazon SageMaker Studio Domain](https://docs.aws.amazon.com/sagemaker/latest/dg/gs-studio-delete-domain.html)
+If the deletion of the SageMaker domain fails, check if there are any running applications for the user profile as described in [Delete Amazon SageMaker Studio Domain](https://docs.aws.amazon.com/sagemaker/latest/dg/gs-studio-delete-domain.html). Try to delete the applications and re-run the `make delete` command or delete the stack from AWS CloudFormation console.
 
 # Resources
 [1]. [SageMaker Security](https://docs.aws.amazon.com/sagemaker/latest/dg/security.html)  
@@ -433,9 +438,10 @@ If the deletion of the SageMaker domain fails, try to delete running application
 # Appendix
 
 ## aws cli commands to setup and launch Amazon SageMaker Studio
+The following commands show how you can create Studio Domain and user profile from a command line. This is for reference only, as the stack creates the domain and user profile automatically.
 
 ### Create an Amazon SageMaker Studio domain inside a VPC
-Please replace the variables with corresponding values from `sagemaker-studio-vpc` CloudFormation stack output (reference only, the stack creates the domain and the user profile).
+Please replace the variables with corresponding values from `sagemaker-studio-vpc` CloudFormation stack output:
 ```bash
 REGION=
 VPC_DOMAIN_NAME=

cfn_templates/packaged.yaml

@@ -77,32 +77,6 @@ Resources:
         ModelBucketName:
           Fn::Sub: ${ProjectName}-${AWS::Region}-models
       TemplateURL: https://s3.us-west-2.amazonaws.com/ilyiny-sagemaker-demo-artefacts-us-west-2/3d0d58eb15d519e575bfec9108c84606.template
-  SageMakerStudio:
-    Type: AWS::CloudFormation::Stack
-    DependsOn: IAM
-    Properties:
-      Parameters:
-        DomainName:
-          Fn::Sub: ${DomainName}-${AWS::Region}
-        UserProfileName:
-          Fn::Sub: ${UserProfileName}-${AWS::Region}
-        VpcId:
-          Fn::GetAtt:
-          - VPC
-          - Outputs.VPCId
-        SageMakerStudioSubnetIds:
-          Fn::GetAtt:
-          - VPC
-          - Outputs.SageMakerStudioSubnetId
-        SageMakerSecurityGroupIds:
-          Fn::GetAtt:
-          - VPC
-          - Outputs.SageMakerSecurityGroupId
-        SageMakerExecutionRoleArn:
-          Fn::GetAtt:
-          - IAM
-          - Outputs.ExecutionRoleArn
-      TemplateURL: https://s3.us-west-2.amazonaws.com/ilyiny-sagemaker-demo-artefacts-us-west-2/9df4e5d352738f0ff537059d5599fa82.template
 Outputs:
   VPCId:
     Description: The ID of VPC where SageMaker Studio will reside
@@ -152,15 +126,3 @@ Outputs:
       Fn::GetAtt:
       - S3
       - Outputs.ModelBucketName
-  SageMakerStudioDomainId:
-    Description: SageMaker Studio domain id
-    Value:
-      Fn::GetAtt:
-      - SageMakerStudio
-      - Outputs.SageMakerStudioDomainId
-  UserProfileName:
-    Description: SageMaker user profile name
-    Value:
-      Fn::GetAtt:
-      - SageMakerStudio
-      - Outputs.UserProfileName

cfn_templates/sagemaker-studio-vpc.yaml

@@ -68,18 +68,18 @@ Resources:
       TemplateURL: vpc.yaml
 
   # SageMaker domain, user profile and pre-signed URL
-  SageMakerStudio:
-    Type: AWS::CloudFormation::Stack
-    DependsOn: IAM
-    Properties:
-      Parameters:
-        DomainName: !Sub ${DomainName}-${AWS::Region}
-        UserProfileName: !Sub ${UserProfileName}-${AWS::Region}
-        VpcId: !GetAtt VPC.Outputs.VPCId
-        SageMakerStudioSubnetIds: !GetAtt VPC.Outputs.SageMakerStudioSubnetId
-        SageMakerSecurityGroupIds: !GetAtt VPC.Outputs.SageMakerSecurityGroupId
-        SageMakerExecutionRoleArn: !GetAtt IAM.Outputs.ExecutionRoleArn
-      TemplateURL: sagemaker-studio.yaml
+#  SageMakerStudio:
+#    Type: AWS::CloudFormation::Stack
+#    DependsOn: IAM
+#    Properties:
+#      Parameters:
+#        DomainName: !Sub ${DomainName}-${AWS::Region}
+#        UserProfileName: !Sub ${UserProfileName}-${AWS::Region}
+#        VpcId: !GetAtt VPC.Outputs.VPCId
+#        SageMakerStudioSubnetIds: !GetAtt VPC.Outputs.SageMakerStudioSubnetId
+#        SageMakerSecurityGroupIds: !GetAtt VPC.Outputs.SageMakerSecurityGroupId
+#        SageMakerExecutionRoleArn: !GetAtt IAM.Outputs.ExecutionRoleArn
+#      TemplateURL: sagemaker-studio.yaml
 
 Outputs:
   VPCId:
@@ -106,12 +106,12 @@ Outputs:
   SageMakerS3bucketModels:
     Description: Name of S3 bucket for models
     Value: !GetAtt S3.Outputs.ModelBucketName
-  SageMakerStudioDomainId:
-    Description: SageMaker Studio domain id
-    Value: !GetAtt SageMakerStudio.Outputs.SageMakerStudioDomainId
-  UserProfileName:
-    Description: SageMaker user profile name
-    Value: !GetAtt SageMakerStudio.Outputs.UserProfileName
+#  SageMakerStudioDomainId:
+#    Description: SageMaker Studio domain id
+#    Value: !GetAtt SageMakerStudio.Outputs.SageMakerStudioDomainId
+#  UserProfileName:
+#    Description: SageMaker user profile name
+#    Value: !GetAtt SageMakerStudio.Outputs.UserProfileName