Actions
Bug #12212
closed[arvados-node-manager] Instance-profile ARN request
Story points:
-
Description
When creating a instance, is good to have the option of an instance-profile ARN so some policies con be applied ( for example as in https://aws.amazon.com/premiumsupport/knowledge-center/iam-policy-restrict-vpc/ )
the config file should have instance_profile_arn that is something similar to: "arn:aws:iam::ACCOUNTNUMBER:instance-profile/ROLENAME"
Updated by Lucas Di Pentima over 6 years ago
- Status changed from New to In Progress
- Assigned To set to Lucas Di Pentima
Updated by Lucas Di Pentima over 6 years ago
Reading nodemanager's code I noticed this bit on services/nodemanager/arvnodeman/config.py
:
def new_cloud_client(self): module = importlib.import_module('arvnodeman.computenode.driver.' + self.get('Cloud', 'provider')) driver_class = module.ComputeNodeDriver.DEFAULT_DRIVER if self.has_option('Cloud', 'driver_class'): d = self.get('Cloud', 'driver_class').split('.') mod = '.'.join(d[:-1]) cls = d[-1] driver_class = importlib.import_module(mod).__dict__[cls] auth_kwargs = self.get_section('Cloud Credentials') if 'timeout' in auth_kwargs: auth_kwargs['timeout'] = int(auth_kwargs['timeout']) return module.ComputeNodeDriver(auth_kwargs, self.get_section('Cloud List'), self.get_section('Cloud Create'), driver_class=driver_class)
It seems that simply adding the following at the [Cloud Create]
config file section, will do the trick:
ex_iamprofile = arn:aws:iam::ACCOUNTNUMBER:instance-profile/ROLENAME
Updated by Nico César over 6 years ago
- Status changed from In Progress to Resolved
Updated by Lucas Di Pentima over 6 years ago
Should I merge the small update (fdfa24a94)?
Updated by Lucas Di Pentima over 6 years ago
Also added the example to the online docs - ef5d9a98b
Actions