Creating the PassRole IAM Policy

AWS uses IAM roles and policies to grant permissions to launch EC2 instances and update records in Route 53. The IAM roles for the cluster manager and transfer nodes require you to first configure policies, which are later attached to the role to manage permissions for the role. The following describes how to create the PassRole IAM role.
Note: To configure this policy, you must first configure the atc-node IAM role. For instruction, see Creating the atc-node IAM Role.
  1. Go to IAM. Select Policies from the Details sidebar.
  2. Click Create Policy. Click Select for the Create Your Own Policy option.
  3. Name the new policy "atc-pass-node-role-policy".
  4. Enter the following policy into the Policy Document field.
    {
        "Version": "2012-10-17", 
        "Statement": [ 
            { 
                "Effect": "Allow",
                "Action": "iam:PassRole", 
                "Resource": "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/atc-node"
            }
        ] 
    }
  5. Click Create Policy.