Creating an IAM Role for the Cluster Manager

AWS Identity & Access Management (IAM) manages credentials for the ATC Manager and its nodes by assigning IAM roles to them when they are launched. Attaching policies to these roles grant the associated instances permissions such as starting, stopping, and terminating instances in EC2, updating records in the Route 53 service,or associating IAM roles with a new instance.

The atc-manager IAM role for the cluster manager requires that the following policies have already been configured:

atc-ec2-policy (see Creating the EC2 IAM Policy)
atc-route53-policy (see Creating the Route 53 IAM Policy)
atc-pass-node-role-policy (see Creating the PassRole IAM Policy)

The following describes how to create an IAM role to grant the cluster manager permissions to access EC2 and Route 53.

From the AWS console, go to Security & Identity > Identity & Access Management and select Roles from the Details sidebar.
Click Create New Role.
Name the new role atc-manager.
Select Amazon EC2 for the Role Type.
Select the following policies and attach them to the role:
- atc-ec2-policy
- atc-route53-policy
- atc-pass-node-role-policy
Click Next Step, then Create Role.

The AWS Console redirects you to the Roles page. The new atc-manager role appears in the list of roles.