Creating a Template

Prior to launching a cluster, you must configure a template with your settings. Configure the cluster template to match your environment settings to properly launch the cluster. Most settings in the default template are acceptable, so you only need to modify two sections: Provider and DNS configuration.

Go to Templates.
Duplicate the existing default template: EC2 Default. Select Duplicate from the Action drop-down menu.

Enter the following information in the Provider section.

Setting	Description
IAM Role	The name of the role you set for the transfer nodes.
AMI Identifier	The unique identifier of the node AMI.
Instance Type	Your AMI's instance type. Aspera recommends instance types with at least 7.5 GB memory and adequate network performance.
Region	The region where the cluster will bise deployed. This has to be the same region where the S3 buckets are located that are accessed by the cluster.
Subnet IDs	The ID of your VPC subnet. Cluster nodes are distributed across the different subnets in a round-robin fashion.
Security Groups	The security group created for use by the transfer nodes.
Availability Zone (Optional)	Specify the specific zone or zones for launching a cluster. If not set, the cluster manager distributes the nodes across the availability zones in your chosen region.
Elastic IP Addresses (eip_pool)	The Elastic IP (EIP) addresses assigned to your cluster. EIP addresses are only needed if transfer clients require IP address whitelisting.
Tags	An array of key-value pairs that used to tag cluster node instances. You can define multiple tags. They are assigned to every new cluster node that is launched. ATCM automatically adds a tag "cc" with the DNS name of the Cluster Manager instance as the value.
Volume Size	The size (GB) of the root partition of the transfer nodes. The default is 20 GB.

{
    "type": "AWS_EC2",
    "aws_credentials": {
        "iam_role_name": "node_iam_role"
    },
    "ami_identifier": "ami-identifier",
    "instance_type": "type.size",
    "subnet_ids": [
        "subnet-identifier",
        "subnet-identifier"
    ],
    "security_groups": [
        "security_group"
    ],
    "key_name": "key_name",
    "eip_pool": "10.0.100.10,10.0.100.100,10.100.100.100,10.0.10.10",
    "region": "region",
    "availability_zones": [ "...", "..." ]
    "tags": {
        "Department": "department",
        "Project_ID": "ID"
    }
    "volume_size": "disk_size"
}

Tip: Alternatively, you can authenticate with your Amazon Access amd Secret Access Keys instead.

Setting	Description
Access Key ID	You can find your Access Key ID by following the steps on the Amazon website: http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html.
Secret Access Key ID	You can find your Secret Access Key ID by following the steps on the Amazon website: http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html.

{    
    ...
    "aws_credentials": { 
        "access_key_id": "access_key",
        "secret_access_key": "secret_key"
    ...
}

Note: When the Cluster Manager is running outside of AWS but you want to launch a cluster in AWS where the nodes are running with an IAM role, you have to specify both an Access Key and an IAM Role in the cluster template. The Cluster Manager uses the Access Key, but instructs the EC2 instances to run with the given role.

{      
    ...
    "aws_credentials": {
          "access_key_id": "access_key",
          "secret_access_key": "secret_key",
          "iam_role_name" : "node_iam_role"
    ...
}

Enter the following information in the DNS Configuration section.

Setting	Description
Type	Set the type to "AWS_Route 53". This is the only DNS service currently supported.
Hosted Zone	The hosted zone name. The name must include the final dot (for example, `my.hostedzone.com.`).
Hosted Zone ID	The hosted zone ID is optional and is only needed if you have multiple hosted zones with the same name (for example, thesame zone for both private and public networks).
TTL	The time to live in seconds for DNS responses.

Configuration with IAM Roles

Cluster nodes connect to Route 53 using the permissions with which the EC2 node is running. If the node is running with an IAM role (in other words, the "iam_role_name" option is used in the Provider section), then that role needs the necessary permissions to access Route 53. The Cluster Manager must also be running in EC2 and using an IAM role with the same Route 53 policy as the node (see Creating IAM Roles).

{
    "type": "AWS_Route 53",
    "hosted_zone": "hosted_zone",
    "hosted_zone_id": "hosted_zone_id
    "ttl": 1
}

Using an Assume Role for Authentication

If you are not using the IAM roles, you need to add an "aws_credentials" object with an "assume role" or "access keys" for authentication. Cluster nodes connects to Route 53 using a specified IAM role with Route 53 permissions. Add an "aws_credentials" object with an assume role specifying the IAM role.

{
    "type": "AWS_Route 53",
    "aws_credentials": {
        "assume_role_arn" : "arn:aws:iam::YOUR_AWS_ACCOUNT_ID:role/YOUR_ROLE"
    },
    "hosted_zone": "hosted_zone",
    "hosted_zone_id": "hosted_zone_id
    "ttl": 1
}

Using AWS Access Keys for Authentication

If you are not using the IAM roles, you need to add an "aws_credentials" object with an "assume role" or "access keys" for authentication. Cluster nodes connect to Route 53 using the given access key. The access key is associated with an AWS user that needs to have the permissions to manipulate Route 53. You need both your Access Key and Secret Access Key IDs. You can find them by following the steps on the Amazon website: http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html.

{
    "type": "AWS_Route 53",
    "aws_credentials": {
        "access_key_id": "access_key",
        "secret_access_key": "secret_key"
    },
    "hosted_zone": "hosted_zone",
    "hosted_zone_id": "hosted_zone_id
    "ttl": 1
}