Hugging Face's logo

Spaces:
Akshatbhatt515334
/
AEGIS-SECURE-API
Running

App Files Community
AEGIS-SECURE-API / DEPLOYMENT.md
Akshat Bhatt
added code
e2e0c18
preview code
|
raw
history blame contribute delete
8.02 kB

GCP Deployment Guide for Phishing Detection API

This guide explains how to deploy the Phishing Detection API to Google Cloud Platform (GCP) using Docker and Cloud Run.

Prerequisites

  1. Google Cloud Platform Account: Ensure you have a GCP account and billing enabled
  2. gcloud CLI: Install the Google Cloud SDK
  3. Docker: Install Docker Desktop or Docker Engine
  4. GROQ API Key: Obtain your API key from Groq

Quick Start

Option 1: Using Cloud Build (Recommended)

  1. Set your GCP project:

    gcloud config set project YOUR_PROJECT_ID

  2. Run the deployment script:

    # For Linux/Mac
chmod +x deploy.sh
./deploy.sh YOUR_PROJECT_ID us-central1

# For Windows PowerShell
.\deploy.ps1 -ProjectId YOUR_PROJECT_ID -Region us-central1

    The script will:

    • Enable required APIs
    • Create the GROQ_API_KEY secret in Secret Manager
    • Build the Docker image
    • Deploy to Cloud Run

Option 2: Manual Deployment

Step 1: Set Up GCP Project 

# Set your project
gcloud config set project YOUR_PROJECT_ID

# Enable required APIs
gcloud services enable cloudbuild.googleapis.com
gcloud services enable run.googleapis.com
gcloud services enable containerregistry.googleapis.com
gcloud services enable secretmanager.googleapis.com

Step 2: Create Secret for GROQ API Key 

# Create the secret
echo -n "your-groq-api-key" | gcloud secrets create GROQ_API_KEY \
    --data-file=- \
    --replication-policy="automatic"

# Grant Cloud Run access to the secret
PROJECT_NUMBER=$(gcloud projects describe YOUR_PROJECT_ID --format="value(projectNumber)")
gcloud secrets add-iam-policy-binding GROQ_API_KEY \
    --member="serviceAccount:$PROJECT_NUMBER-compute@developer.gserviceaccount.com" \
    --role="roles/secretmanager.secretAccessor"

Step 3: Build and Deploy 

# Using Cloud Build (recommended)
gcloud builds submit --config=cloudbuild.yaml

# Or build locally and push
docker build -t gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest .
docker push gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest

# Deploy to Cloud Run
gcloud run deploy phishing-detection-api \
    --image gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest \
    --region us-central1 \
    --platform managed \
    --allow-unauthenticated \
    --memory 4Gi \
    --cpu 2 \
    --timeout 300 \
    --max-instances 10 \
    --set-env-vars PYTHONUNBUFFERED=1 \
    --set-secrets GROQ_API_KEY=GROQ_API_KEY:latest

Configuration Options

Cloud Run Settings

The deployment uses these default settings (configured in cloudbuild.yaml):

  • Memory: 4GB (required for ML models)
  • CPU: 2 vCPUs
  • Timeout: 300 seconds (5 minutes)
  • Max Instances: 10
  • Region: us-central1 (change in cloudbuild.yaml or deploy command)

Adjusting Resources

If you need more resources, modify cloudbuild.yaml:

- '--memory'
- '8Gi'  # Increase memory for larger models
- '--cpu'
- '4'    # Increase CPU for faster inference

Or deploy with custom settings:

gcloud run deploy phishing-detection-api \
    --image gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest \
    --memory 8Gi \
    --cpu 4 \
    --timeout 600 \
    --max-instances 20

Verifying Deployment

  1. Check service status:

    gcloud run services describe phishing-detection-api --region us-central1

  2. Get service URL:

    SERVICE_URL=$(gcloud run services describe phishing-detection-api \
    --region us-central1 \
    --format="value(status.url)")
echo $SERVICE_URL

  3. Test health endpoint:

    curl $SERVICE_URL/health

  4. View logs:

    gcloud run services logs read phishing-detection-api --region us-central1

API Endpoints

Once deployed, your service will have these endpoints:

  • Root: GET / - API information
  • Health Check: GET /health - Service health and model status
  • Prediction: POST /predict - Main prediction endpoint
  • API Docs: GET /docs - Interactive API documentation (Swagger UI)

Testing the API

Using curl: 

curl -X POST "$SERVICE_URL/predict" \
  -H "Content-Type: application/json" \
  -d '{
    "sender": "test@example.com",
    "subject": "Urgent Action Required",
    "text": "Please verify your account at http://suspicious-site.com",
    "metadata": {}
  }'

Using Python: 

import requests

url = "YOUR_SERVICE_URL/predict"
payload = {
    "sender": "test@example.com",
    "subject": "Urgent Action Required",
    "text": "Please verify your account at http://suspicious-site.com",
    "metadata": {}
}

response = requests.post(url, json=payload)
print(response.json())

Monitoring and Logging

View Logs in Console

  1. Go to Cloud Run Console
  2. Click on your service: phishing-detection-api
  3. Navigate to the "Logs" tab

View Logs via CLI 

gcloud run services logs read phishing-detection-api --region us-central1 --limit 50

Set Up Alerts

  1. Go to Cloud Monitoring
  2. Create alerts for:
    • Error rate
    • Request latency
    • Memory usage
    • CPU utilization

Troubleshooting

Container fails to start

  • Check logs: gcloud run services logs read phishing-detection-api --region us-central1
  • Verify models are present in the container
  • Check memory limits (may need to increase)

Models not loading

  • Ensure all model files are included in the Docker image
  • Check model paths in config.py
  • Verify model files exist in models/, finetuned_bert/, and Message_model/final_semantic_model/

GROQ API errors

  • Verify the secret is correctly set: gcloud secrets versions access latest --secret="GROQ_API_KEY"
  • Check IAM permissions for the Cloud Run service account
  • Verify the API key is valid

High memory usage

  • Increase memory allocation in Cloud Run settings
  • Consider using model quantization
  • Check for memory leaks in the application

Cost Optimization

  1. Set minimum instances to 0: Scales to zero when not in use

    gcloud run services update phishing-detection-api \
    --min-instances 0 \
    --max-instances 10

  2. Use appropriate instance sizes: Start with smaller instances and scale up if needed

  3. Enable request concurrency: Reduce number of instances needed

    gcloud run services update phishing-detection-api \
    --concurrency 10

Security Considerations

  1. Authentication: Currently deployed as public. Consider adding authentication:

    gcloud run services update phishing-detection-api \
    --no-allow-unauthenticated

  2. API Keys: Store sensitive keys in Secret Manager (already configured)

  3. VPC: Consider deploying in a VPC for additional network isolation

Updating the Service

To update after code changes:

# Rebuild and deploy
gcloud builds submit --config=cloudbuild.yaml

# Or manually
docker build -t gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest .
docker push gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest
gcloud run deploy phishing-detection-api \
    --image gcr.io/YOUR_PROJECT_ID/phishing-detection-api:latest \
    --region us-central1

Local Testing with Docker

Before deploying to GCP, test locally:

# Build the image
docker build -t phishing-detection-api:local .

# Run with environment variable
docker run -p 8000:8000 \
    -e GROQ_API_KEY=your-api-key \
    phishing-detection-api:local

# Test
curl http://localhost:8000/health

Support

For issues or questions:

  1. Check the logs first
  2. Verify all prerequisites are met
  3. Ensure models are properly loaded
  4. Review the API documentation at /docs endpoint