Environment Variables And Prerequisites Setup#

Caution

While this document provides an overview of certain Cloud Service Provider (CSP) procedures, it is strongly advised to consult the official, publicly accessible CSP documentation for the most up-to-date and comprehensive instructions. CSPs frequently update their services and interfaces, making it crucial to rely on their current guidelines to ensure accuracy and optimal implementation.

Using lookup Function In Config Template#

The config template yml file contains several inputs about the infrastructure and application’s needs. For ease of use, some of these are wired to lookup environment variables. For example {{ lookup(‘env’, ‘NGC_CLI_API_KEY’) }} is expanding it to the NGC_CLI_API_KEY environment variable. What this means is, we can set an environment variable for NGC_CLI_API_KEY with its value and Deployment Script can access it automatically.

Environment Variable Definitions#

By default the sample environment variable files examples folder provides look like below. Based on need you can make more environment variables and use lookup function in config-template yaml file.

cat my-env-file.env
export OPENAI_API_KEY="<replace-with-actual-value>"
export NGC_CLI_API_KEY="<replace-with-actual-value>"
export NVIDIA_API_KEY="<replace-with-actual-value>"
export AWS_SECRET_ACCESS_KEY="<replace-with-actual-value>"
export AWS_ACCESS_KEY_ID="<replace-with-actual-value>"

Below table explains the purpose of each environment variable used in the examples folder.

AWS Environment Variable Definition#
Environment Variable	Definition
OPENAI_API_KEY	Key to access OpenAI’s models through the API
NGC_CLI_API_KEY	Key to access NGC resources thru command line. Such as Helm charts, Models, Container images etc.
NVIDIA_API_KEY	Key to access NGC resources thru command line. Such as Helm charts, Models, Container images etc. This one is specifically used to access Nvidia NIMs.
AWS_SECRET_ACCESS_KEY	AWS secrete Access Key - Used to identify the AWS account and IAM user or role making API requests
AWS_ACCESS_KEY_ID	Secret value used in conjunction with the AWS_ACCESS_KEY_ID to authenticate AWS API requests.

Caution

If you modify your <my-env-file.env> file or start a new shell, you will have to run source <my-env-file.env> again before running ./envbuild.sh command.

Setting Up AWS Pre-requisites#

Below sections describe high-level details on how to get the Pre-requisites setup.

Note

The same pre-requisites provisioned here can be used for multiple projects, and can be considered as a one time setup for most scenarios unless the parameters are not acceptable for any deployment.

IAM User access key Setup#

On your AWS account, procure access key ID and secret access key for programmatic access to your AWS resources.
Prefer to obtain a non root IAM user with administrator access.
Refer to the AWS documentation to create access key.

Deployment State Storage#

Back-end state#

This script uses S3 buckets to store the references to the resources that it spins up.
Create an S3 bucket to be used to store the deployment state.
Ensure the bucket is not publicly accessible but rather only to your account (such as using the keys procured in the previous step).
Refer to the AWS documentation.

DynamoDB Table for Back-end state#

This script uses DynamoDB tables to prevent concurrent access to the same deployment as they are being spun up.
Create a DynamoDB table to be used to manage access to the deployment state.
Define the Partition key as LockID and type String.
The Sort key need not be defined.
Refer to the AWS documentation.

Base Domain#

Tokkio application needs a Domain and Route53 hosted zone to support HTTPS
Create a domain or make Route53 the DNS service for your existing domain.
Refer to the AWS documentation development guide.