Initial Stability Diffusion v3 support

Author: philipws

infrastructure/lib/features/readable/generate.ts

@@ -20,6 +20,7 @@ import { dt_readableWorkflow as dt_readableWorkflow_amazon_titanText } from "./v
 import { dt_readableWorkflow as dt_readableWorkflow_anthropic_claudeText } from "./vendor/text.anthropic.claude-v2";
 import { dt_readableWorkflow as dt_readableWorkflow_anthropic_claude3Text } from "./vendor/text.anthropic.claude-3-*-*-v1";
 import { dt_readableWorkflow as dt_readableWorkflow_stabilityai_stableDiffusion } from "./vendor/image.stability.stable-diffusion-xl-v1";
+import { dt_readableWorkflow as dt_readableWorkflow_stabilityai_stableDiffusion_3 } from "./vendor/image.stability.sd3-*";
 
 export interface props {
 	bedrockRegion: string;
@@ -178,6 +179,17 @@ export class dt_readableWorkflowGenerate extends Construct {
 					removalPolicy: props.removalPolicy,
 				},
 			);
+		// MODEL WORKFLOWS | IMAGE | STABILITYAI v3
+		const workflow_stabilityai_3 =
+			new dt_readableWorkflow_stabilityai_stableDiffusion_3(
+				this,
+				"workflow_stabilityai_3",
+				{
+					bedrockRegion: props.bedrockRegion,
+					contentBucket: props.contentBucket,
+					removalPolicy: props.removalPolicy,
+				},
+			);
 
 		//
 		// STATE MACHINE
@@ -209,44 +221,35 @@ export class dt_readableWorkflowGenerate extends Construct {
 						workflow_stabilityai.modelChoiceCondition,
 						workflow_stabilityai.invokeModel,
 					)
+					.when(
+						workflow_stabilityai_3.modelChoiceCondition,
+						workflow_stabilityai_3.invokeModel,
+					)
 					.otherwise(failUnrecognisedModel),
 			},
 		).StateMachine;
 
+		const workflows = [
+			workflow_amazon_text,
+			workflow_amazon_image, 
+			workflow_anthropic,
+			workflow_anthropic3,
+			workflow_stabilityai,
+			workflow_stabilityai_3
+		];
 		NagSuppressions.addResourceSuppressions(
 			this.sfnMain,
 			[
 				{
 					id: "AwsSolutions-IAM5",
-					reason:
-						"Permission scoped to project specific resources. Execution ID unknown at deploy time.",
-					appliesTo: [
-						`Resource::arn:<AWS::Partition>:states:<AWS::Region>:<AWS::AccountId>:execution:{"Fn::Select":[6,{"Fn::Split":[":",{"Ref":"${cdk.Stack.of(
-							this,
-						).getLogicalId(
-							workflow_amazon_text.sfnMain.node.defaultChild as cdk.CfnElement,
-						)}"}]}]}*`,
-						`Resource::arn:<AWS::Partition>:states:<AWS::Region>:<AWS::AccountId>:execution:{"Fn::Select":[6,{"Fn::Split":[":",{"Ref":"${cdk.Stack.of(
-							this,
-						).getLogicalId(
-							workflow_amazon_image.sfnMain.node.defaultChild as cdk.CfnElement,
-						)}"}]}]}*`,
-						`Resource::arn:<AWS::Partition>:states:<AWS::Region>:<AWS::AccountId>:execution:{"Fn::Select":[6,{"Fn::Split":[":",{"Ref":"${cdk.Stack.of(
-							this,
-						).getLogicalId(
-							workflow_anthropic.sfnMain.node.defaultChild as cdk.CfnElement,
-						)}"}]}]}*`,
-						`Resource::arn:<AWS::Partition>:states:<AWS::Region>:<AWS::AccountId>:execution:{"Fn::Select":[6,{"Fn::Split":[":",{"Ref":"${cdk.Stack.of(
-							this,
-						).getLogicalId(
-							workflow_anthropic3.sfnMain.node.defaultChild as cdk.CfnElement,
-						)}"}]}]}*`,
+					reason: "Permission scoped to project specific resources. Execution ID unknown at deploy time.",
+					appliesTo: workflows.map(workflow => 
 						`Resource::arn:<AWS::Partition>:states:<AWS::Region>:<AWS::AccountId>:execution:{"Fn::Select":[6,{"Fn::Split":[":",{"Ref":"${cdk.Stack.of(
 							this,
 						).getLogicalId(
-							workflow_stabilityai.sfnMain.node.defaultChild as cdk.CfnElement,
-						)}"}]}]}*`,
-					],
+							workflow.sfnMain.node.defaultChild as cdk.CfnElement,
+						)}"}]}]}*`
+					)
 				},
 			],
 			true,

infrastructure/lib/features/readable/vendor/image.stability.sd3-*.ts

@@ -0,0 +1,235 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT-0
+
+import { Construct } from "constructs";
+import * as cdk from "aws-cdk-lib";
+import { NagSuppressions } from "cdk-nag";
+
+import {
+	aws_stepfunctions as sfn,
+	aws_stepfunctions_tasks as tasks,
+	aws_iam as iam,
+	aws_s3 as s3,
+} from "aws-cdk-lib";
+
+import { Bucket } from "../enum";
+import { dt_lambda } from "../../../components/lambda";
+import { dt_stepfunction } from "../../../components/stepfunction";
+
+export interface props {
+	bedrockRegion: string;
+	contentBucket: s3.Bucket;
+	removalPolicy: cdk.RemovalPolicy;
+}
+
+enum Strings {
+	modelVendor = "stability",
+	modelNamePrefix = "sd3-",
+}
+
+const id = "v3";
+
+export class dt_readableWorkflow extends Construct {
+	public readonly invokeModel: tasks.StepFunctionsStartExecution;
+	public readonly modelChoiceCondition: sfn.Condition;
+	public readonly sfnMain: sfn.StateMachine;
+
+	constructor(scope: Construct, id: string, props: props) {
+		super(scope, id);
+
+		// LAMBDA
+		// LAMBDA | INVOKE BEDROCK
+		// LAMBDA | INVOKE BEDROCK | ROLE
+		const invokeBedrockLambdaRole = new iam.Role(
+			this,
+			"invokeBedrockSaveToS3",
+			{
+				// ASM-L6 // ASM-L8
+				assumedBy: new iam.ServicePrincipal("lambda.amazonaws.com"),
+				description: "Lambda Role (Invoke Bedrock API & save file to S3)",
+			},
+		);
+
+		// LAMBDA | INVOKE BEDROCK | POLICY
+		const permitInvokeBedrockModel = new iam.Policy(
+			this,
+			"permitInvokeModels",
+			{
+				policyName: `Invoke-${Strings.modelVendor}-${Strings.modelNamePrefix}-models`,
+				statements: [
+					new iam.PolicyStatement({
+						// ASM-IAM
+						actions: ["bedrock:InvokeModel"],
+						resources: [
+							`arn:aws:bedrock:${props.bedrockRegion}::foundation-model/${Strings.modelVendor}.${Strings.modelNamePrefix}*`, // Foundational Models
+						],
+					}),
+				],
+			},
+		);
+		invokeBedrockLambdaRole.attachInlinePolicy(permitInvokeBedrockModel);
+		NagSuppressions.addResourceSuppressions(
+			permitInvokeBedrockModel,
+			[
+				{
+					id: "AwsSolutions-IAM5",
+					reason: "Preferred model for prompt is unknown at deploy time",
+					appliesTo: [
+						`Resource::arn:aws:bedrock:${props.bedrockRegion}::foundation-model/${Strings.modelVendor}.${Strings.modelNamePrefix}*`,
+					],
+				},
+			],
+			true,
+		);
+		const permitPutS3 = new iam.Policy(this, "permitPutS3", {
+			policyName: "S3-PutObject",
+			statements: [
+				new iam.PolicyStatement({
+					// ASM-IAM
+					actions: ["s3:PutObject"],
+					resources: [
+						`${props.contentBucket.bucketArn}/${Bucket.PREFIX_PRIVATE}/*`,
+					],
+				}),
+			],
+		});
+		invokeBedrockLambdaRole.attachInlinePolicy(permitPutS3);
+		NagSuppressions.addResourceSuppressions(
+			permitPutS3,
+			[
+				{
+					id: "AwsSolutions-IAM5",
+					reason:
+						"Scoped to project specific resources. Unknown filenames at deploy time.",
+					appliesTo: [
+						"Resource::<basereadablecontentBucketbucket6155EB26.Arn>/private/*",
+					],
+				},
+			],
+			true,
+		);
+
+		// LAMBDA | INVOKE BEDROCK | FUNCTION
+		const invokeBedrockLambda = new dt_lambda(this, "invokeBedrockLambda", {
+			role: invokeBedrockLambdaRole,
+			path: "lambda/invokeBedrockSaveToS3",
+			description: "Invoke Bedrock API & save file to S3",
+			environment: {
+				BEDROCK_REGION: props.bedrockRegion,
+			},
+			bundlingNodeModules: [
+				"@aws-sdk/client-bedrock-runtime",
+				"@aws-sdk/client-s3",
+			],
+			timeout: cdk.Duration.seconds(60),
+		});
+
+		//
+		// STATE MACHINE
+		// STATE MACHINE | TASKS
+		// STATE MACHINE | TASKS | createPrompt
+		const createPrompt = new sfn.Pass(this, "createPrompt", {
+			resultPath: "$.prompt",
+			parameters: {
+				Payload: {
+					prompt: sfn.JsonPath.stringAt("$.jobDetails.prePrompt"),
+				},
+			},
+		});
+		// STATE MACHINE | TASKS | createBody
+		const createBody = new sfn.Pass(this, "createBody", {
+			resultPath: "$.body",
+			parameters: {
+				Payload: sfn.JsonPath.jsonMerge(
+					sfn.JsonPath.objectAt("$.prompt.Payload"),
+					sfn.JsonPath.objectAt("$.jobDetails.parameters"),
+				),
+			},
+		});
+
+		// STATE MACHINE | TASKS | invokeBedrock
+		const invokeBedrock = new tasks.LambdaInvoke(this, "invokeBedrock", {
+			lambdaFunction: invokeBedrockLambda.lambdaFunction,
+			resultPath: "$.invokeBedrock",
+			resultSelector: {
+				"Payload.$": "$.Payload",
+			},
+			payload: sfn.TaskInput.fromObject({
+				ModelId: sfn.JsonPath.objectAt("$.jobDetails.modelId"),
+				Body: sfn.JsonPath.stringAt("$.body.Payload"),
+				PathToResult: "images.0",
+				ResultS3Bucket: props.contentBucket.bucketName,
+				ResultS3Key: sfn.JsonPath.format(
+					`${Bucket.PREFIX_PRIVATE}/{}/{}/{}_{}.png`,
+					sfn.JsonPath.stringAt("$.jobDetails.identity"),
+					sfn.JsonPath.stringAt("$.jobDetails.id"),
+					sfn.JsonPath.stringAt("$.jobDetails.itemId"),
+					sfn.JsonPath.stringAt("$$.Execution.StartTime"),
+				),
+				ItemId: sfn.JsonPath.stringAt("$.jobDetails.itemId"),
+			}),
+		});
+
+		// STATE MACHINE | TASKS | filterOutput
+		const filterOutput = new sfn.Pass(this, "filterOutput", {
+			parameters: {
+				payload: sfn.JsonPath.stringAt("$.invokeBedrock.Payload.key"),
+			},
+		});
+
+		// STATE MACHINE | DEF
+		this.sfnMain = new dt_stepfunction(
+			this,
+			`${cdk.Stack.of(this).stackName}_Readable_${Strings.modelVendor}_${id}`,
+			{
+				nameSuffix: `Readable_${Strings.modelVendor}_${id}`,
+				removalPolicy: props.removalPolicy,
+				definition: createPrompt
+					.next(createBody)
+					.next(invokeBedrock)
+					.next(filterOutput),
+			},
+		).StateMachine;
+		NagSuppressions.addResourceSuppressions(
+			this.sfnMain,
+			[
+				{
+					id: "AwsSolutions-IAM5",
+					reason: "Permissions scoped to dedicated resources.",
+					appliesTo: [
+						`Resource::<${cdk.Stack.of(this).getLogicalId(
+							invokeBedrockLambda.lambdaFunction.node
+								.defaultChild as cdk.CfnElement,
+						)}.Arn>:*`,
+					],
+				},
+			],
+			true,
+		);
+
+		// PARENT
+		// PARENT | CHOICE FILTER
+		this.modelChoiceCondition = sfn.Condition.stringMatches(
+			"$.jobDetails.modelId",
+			`${Strings.modelVendor}.${Strings.modelNamePrefix}*`,
+		);
+		// PARENT | TASK
+		this.invokeModel = new tasks.StepFunctionsStartExecution(
+			this,
+			`invokeModel_${Strings.modelVendor}_${id}`,
+			{
+				stateMachine: this.sfnMain,
+				resultSelector: {
+					"Payload.$": "$.Output.payload",
+				},
+				resultPath: "$.invokeModel",
+				integrationPattern: sfn.IntegrationPattern.RUN_JOB,
+				input: sfn.TaskInput.fromObject({
+					jobDetails: sfn.JsonPath.objectAt("$.jobDetails"),
+				}),
+			},
+		);
+
+		// END
+	}
+}

infrastructure/lib/features/readable/vendor/image.stability.stable-diffusion-xl-v1.ts

@@ -27,6 +27,8 @@ enum Strings {
 	modelNamePrefix = "stable-diffusion-",
 }
 
+const id = "v1";
+
 export class dt_readableWorkflow extends Construct {
 	public readonly invokeModel: tasks.StepFunctionsStartExecution;
 	public readonly modelChoiceCondition: sfn.Condition;
@@ -51,7 +53,7 @@ export class dt_readableWorkflow extends Construct {
 		// LAMBDA | INVOKE BEDROCK | POLICY
 		const permitInvokeBedrockModel = new iam.Policy(
 			this,
-			"permitSfnSendSuccess",
+			"permitInvokeModels",
 			{
 				policyName: `Invoke-${Strings.modelVendor}-${Strings.modelNamePrefix}-models`,
 				statements: [
@@ -183,9 +185,9 @@ export class dt_readableWorkflow extends Construct {
 		// STATE MACHINE | DEF
 		this.sfnMain = new dt_stepfunction(
 			this,
-			`${cdk.Stack.of(this).stackName}_Readable_${Strings.modelVendor}`,
+			`${cdk.Stack.of(this).stackName}_Readable_${Strings.modelVendor}_${id}`,
 			{
-				nameSuffix: `Readable_${Strings.modelVendor}`,
+				nameSuffix: `Readable_${Strings.modelVendor}_${id}`,
 				removalPolicy: props.removalPolicy,
 				definition: createPrompt
 					.next(createBody)