Actions
Bug #12212
closed
[arvados-node-manager] Instance-profile ARN request
Story points:
-
Description
When creating a instance, is good to have the option of an instance-profile ARN so some policies con be applied ( for example as in https://aws.amazon.com/premiumsupport/knowledge-center/iam-policy-restrict-vpc/ )
the config file should have instance_profile_arn that is something similar to: "arn:aws:iam::ACCOUNTNUMBER:instance-profile/ROLENAME"
Updated by Lucas Di Pentima over 6 years ago
- Status changed from New to In Progress
- Assigned To set to Lucas Di Pentima
Updated by Lucas Di Pentima over 6 years ago
Reading nodemanager's code I noticed this bit on services/nodemanager/arvnodeman/config.py:
def new_cloud_client(self):
module = importlib.import_module('arvnodeman.computenode.driver.' +
self.get('Cloud', 'provider'))
driver_class = module.ComputeNodeDriver.DEFAULT_DRIVER
if self.has_option('Cloud', 'driver_class'):
d = self.get('Cloud', 'driver_class').split('.')
mod = '.'.join(d[:-1])
cls = d[-1]
driver_class = importlib.import_module(mod).__dict__[cls]
auth_kwargs = self.get_section('Cloud Credentials')
if 'timeout' in auth_kwargs:
auth_kwargs['timeout'] = int(auth_kwargs['timeout'])
return module.ComputeNodeDriver(auth_kwargs,
self.get_section('Cloud List'),
self.get_section('Cloud Create'),
driver_class=driver_class)
It seems that simply adding the following at the [Cloud Create] config file section, will do the trick:
ex_iamprofile = arn:aws:iam::ACCOUNTNUMBER:instance-profile/ROLENAME
Updated by Nico César over 6 years ago
- Status changed from In Progress to Resolved
Updated by Lucas Di Pentima over 6 years ago
Should I merge the small update (fdfa24a94)?
Updated by Lucas Di Pentima over 6 years ago
Also added the example to the online docs - ef5d9a98b
Actions