AWS Identity & Access Management (IAM) manages credentials
for the ATC Manager and its nodes by assigning IAM roles to them
when they are launched. Attaching policies to
these roles grant the associated instances permissions such as starting, stopping,
and terminating instances in EC2, updating records in the Route
53 service,or associating IAM roles with a new instance.
The EC2 IAM Policy allows the Cluster Manager and its nodes to perform
actions on EC2 instances, such as starting, stopping, and terminating instances. The
Cluster Manager requires this policy to start and manage nodes. The following
instructions describe how to create the EC2 IAM policy.
-
From the AWS console, go to Security & Identity > Identity &
Access Management and select Policies
from the Details sidebar.
-
Click Create Policy. Select the Create Your Own Policy option.
-
Name the new policy atc-ec2-policy.
-
Enter the following policy into the Policy Document
field.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "arn:aws:ec2:*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeAddresses",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:DescribeRegions",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
-
Click Validate Policy to check for formatting issues.
The policy must be well-formed JSON text.
-
Click Create Policy.