Deployment on AWS (with Authentication)

Hello everyone!

I’m not a regular poster around here but I have been working with Streamlit recently and absolutely love the tool. So much so that I used it in a recent project at AWS on model explainability. One of the requirements was a secure and robust dashboard deployment, and I separated this part into its own example that can be found on GitHub with CloudFormation templates included. I thought it might be useful for others looking to deploy their Streamlit applications with high uptime and access control.

AWS Architecture

Stepping through the architecture diagram above:

  • SageMaker is used to deploy the example pre-trained DistilGPT-2 text generation model
  • SageMaker is also used for Streamlit app development and testing (in Docker container)
  • Elastic Container Registry is used to store the Streamlit app Docker image
  • Elastic Container Service is used to run the Streamlit app Docker containers
  • Elastic Load Balancing is used to distribute traffic between Streamlit app Docker containers
  • Cognito is for user access management via username and password

User Access Management

All users of your dashboard will initially see a ‘Sign In’ screen, when trying to access the dashboard (unless you choose not to include this component in the CloudFormation template). You can create user accounts for the selected individuals who need to access the dashboard by providing their email addresses. They will receive a personalised email with their temporary credentials and a link to the dashboard. After first use, the user will be prompted to provide a new password. Cognito also supports other identity providers such as Google and Microsoft Active Directory, but that will need some tweaking of my CloudFormation template.

Resources

I’ve written everything up in more detail in a Medium blog post and there are lots of other details in the example notebooks. I’ve also provided a quick launch option for the CloudFormation template, so you can try the example out in your own AWS account in around 10 minutes.

Would be great to hear how others are deploying Streamlit on AWS (especially for the authentication part), and look forward to any feedback or questions.

10 Likes

Hey @thomelane, thanks for writing this up! This looks like a really detailed answer to a question we get pretty frequently.

1 Like

@thomelane: Wow. This is so, so valuable! Please let us know how we can support you! :slight_smile:

p.s. Welcome to the Streamlit community! :balloon:

2 Likes

Cheers for the warm welcome and glad it’s of use!

I think I’ll take you up on that offer of support :slight_smile: Just had a couple of questions really…

One area I couldn’t find much information about was security of the Streamlit itself (after getting past the secure Cognito authentication). What’s your roadmap looking like on this? Are there any production setting to disable stack traces on error, etc? My current approach was to manually catch exception and not pass upwards unless a debug flag was set.

Also while working on this project I was thinking how much of a game changer it would be if Streamlit could be deployed on AWS Lambda (serverless ‘functions’). Guessing it’s the long-running websocket connections that would get in the way here, but that could simplify the deployment architecture a lot and reduce costs quite a bit. Any thoughts here?

1 Like

@thomelane thanks for this !

Would like to check using Amazon Cognito as a user authentication, is it possible to pass the user name into Streamlit such that I can allow specific users to access parts of the app ?

You get a token after successful authorization with Cognito and this token should contain the user name. I haven’t looked into where this is stored or how it would be accessed by Streamlit but it should be possible. Check this out for more details on the token.

1 Like