Modal logo

Overview

Introduction Example: Hello, world Tutorial: A simple web scraper

Custom container images

Custom container images Private registries

GPUs and other resources

GPU acceleration Reserving CPU and memory Example: High performance LLM hosting with Text Generation Inference Example: Generate 100+ tokens/second on Llama 2 with vLLM Example: Fine-tune LLaMA-70B with multiple GPUs

Scaling out

Scaling out Dicts and queues Concurrent inputs (beta) Example: Face detection on YouTube videos

Secrets and environment variables

Secrets Environment variables Example: Write to Google Sheets

Deployment

Managing deployments Invoke deployed functions Continuous deployment

Scheduling and cron jobs

Scheduling remote cron jobs Example: Hacker News Slackbot

Web endpoints

Web endpoints Streaming web endpoints Web endpoint URLs Request timeouts Example: Document OCR job queue Example: Document OCR web app

Data sharing and storage

Passing local data Network file systems Volumes

Deep learning and AI examples

Stable Diffusion CLI Replace your CEO with an LLM Voice Chat with LLMs Generate music on Discord Parallel podcast transcription using Whisper Pet Art using Dreambooth Question-answering with LangChain Play with ControlNet Miscellaneous examples

Examples using popular libraries

DuckDB: Analyze NYC taxi data in parallel Blender: Distributed 3D rendering SQLite: Publish explorable data with Datasette Y! Finance: Stock prices in parallel

Dynamic sandboxes

Dynamic sandboxes

Reliability and robustness

Failures and retries Preemption Timeouts Troubleshooting

Security

Security at Modal

Other topics

Developing and debugging Cold start performance Workspaces Environments Jupyter notebooks Asynchronous usage Global variables Container lifecycle and parameters Apps, stubs, and entrypoints Example: Algolia docsearch crawler

Private registries

Modal provides the Image.from_registry function, which pulls most common images available from public registries, like Docker Hub and GitHub Container Registry.

We also support private image registries, starting with AWS Elastic Container Registry (ECR) and GCP Artifact Registry.

Elastic Container Registry (ECR)

You can pull images from your AWS ECR account by specifying the full image URI as follows:

aws_secret = modal.Secret.from_name("my-aws-secret")
image = (
    modal.Image
        .from_aws_ecr(
            "000000000000.dkr.ecr.us-east-1.amazonaws.com/my-private-registry:latest",
            secret=aws_secret)
        .pip_install("torch", "huggingface")
)

stub = modal.Stub(image=image)

As shown above, you also need to use a Modal Secret containing the environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_REGION. The AWS IAM user account associated with those keys must have access to the private registry you want to access.

The user needs to have the following read-only policies:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": ["ecr:GetAuthorizationToken"],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ecr:BatchCheckLayerAvailability",
        "ecr:GetDownloadUrlForLayer",
        "ecr:GetRepositoryPolicy",
        "ecr:DescribeRepositories",
        "ecr:ListImages",
        "ecr:DescribeImages",
        "ecr:BatchGetImage",
        "ecr:GetLifecyclePolicy",
        "ecr:GetLifecyclePolicyPreview",
        "ecr:ListTagsForResource",
        "ecr:DescribeImageScanFindings"
      ],
      "Resource": "<MY-REGISTRY-ARN>"
    }
  ]
}

You can use the IAM configuration above as a template for creating an IAM user. You can then generate an access key and create a Modal Secret using the AWS integration option. Modal will use your access keys to generate an ephemeral ECR token. That token is only used to pull image layers at the time a new image is built. We don’t store this token but will cache the image once it has been pulled.

Images on ECR must be private and follow image configuration requirements.