Creating an IAM Role for S3 Access In the Same AWS Account
AWS Identity & Access Management (IAM) manages credentials for the ATC Manager and its nodes by assigning IAM roles to them when they are launched. Attaching policies to these roles grant the associated instances permissions such as starting, stopping, and terminating instances in EC2, updating records in the Route 53 service,or associating IAM roles with a new instance.
IAM Roles are also used to provide ATC Manager access to your S3 buckets. If you are not using S3 cloud storage with Cluster Manager, you can skip these instructions. For more information about accessing S3 cloud storage with the Cluster Manager, see Access Key Overview.
These instructions describe how to create the atc-s3-access-keys role, which uses the atc-s3-policy to grant ATC Manager access to the S3 bucket specified in the policy. You must have already created the atc-s3-policy to create the atc-s3-access-keys role. For more information about creating the policy, see Creating the Custom S3 Access IAM Policy.
If you want to provide access to S3 buckets located in a different AWS account, see Creating an IAM Role for S3 Access to a Separate AWS Account. Otherwise, follow the instructions below to create the atc-s3-access-keys role and attach the atc-s3-policy to the role.
The following instructions describe how to create the S3 Access Key Management IAM role.
In addition to creating the atc-s3-access-keys role, you must also configure trust relationships to allow the atc-node role to assume the atc-s3-policy attached to this role. Follow the instructions below to configure the trust relationships of the atc-s3-access-keys.