Creating the IAM Role for the Transfer Nodes

AWS Identity & Access Management (IAM) manages credentials for the Cluster Manager and its nodes by assigning IAM roles to them when they are launched. Attaching policies to these roles grant the associated instances permissions such as starting, stopping, and terminating instances in EC2, associating IAM roles with a new instance, or updating records in the Route 53 service.

AWS uses IAM roles and policies to grant permissions to launch EC2 instances and update records in Route 53. The IAM roles for the cluster manager and transfer nodes require you to first configure policies, which are later attached to the role to manage permissions for the role. The following describes how to create an IAM role to grant transfer nodes the permissions to access EC2 and Route 53.

This IAM role requires that the following policies have already been configured:

atc-ec2-policy (see Creating the EC2 IAM Policy)
atc-route53-policy (see Creating the Route 53 IAM Policy)
atc-pass-node-role-policy (see Creating the PassRole IAM Policy)

From the AWS console, go to Security & Identity > Identity & Access Management and select Roles from the Details sidebar.
Click Create New Role.
Name the new role atc-node.
Select Amazon EC2 for the Role Type.
Select the following policies and attach them to the role:
- atc-ec2-policy
- atc-route53-policy
- atc-pass-node-role-policy
Click Next Step, then Create Role.

The AWS Console redirects you to the Roles page. The new atc-node role appears in the list of roles.