Creating the ELB IAM Policy

AWS Identity & Access Management (IAM) manages credentials for the Cluster Manager and its nodes by assigning IAM roles to them when they are launched. Attaching policies to these roles grant the associated instances permissions such as starting, stopping, and terminating instances in EC2, associating IAM roles with a new instance, or updating records in the Route 53 service.

The ELB IAM policy allows the Cluster Manager to assign it's instance to an existing Elastic Load Balancer. The Cluster Manager only requires this policy if you are using an internal ELB for the cluster to connect back to the manager. The following instructions describe how to create the ELB IAM policy:

From the AWS console, go to Security & Identity > Identity & Access Management and select Policies from the Details sidebar.
Click Create Policy. Select the Create Your Own Policy option.
Name the new policy atc-elb-policy.

Enter the following policy into the Policy Document field.

{
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Effect": "Allow",
            "Action": "elasticloadbalancing:*", 
            "Resource": "arn:aws:elasticloadbalancing:your_ami_region:your_aws_account_number:loadbalancer/your_load_balancer_name"
        }
    ] 
}

For example, if your AWS account ID is 123456789012 and the load balancer name is lb-aspera.example.com, the Resource object would be the following:

"Resource": "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/lb-aspera.example.com"

Click Validate Policy to check for formatting issues. The policy must be well-formed JSON text.
Click Create Policy.