Configuring AWS credentials

This section explains how to configure AWS credentials.

This initial phase of the worker life cycle is bootstrapping. In this phase the worker agent software creates a worker in your fleet, and obtains AWS credentials from your fleet's role for further operation.

AWS credentials for Amazon EC2

To configure AWS credentials for Amazon EC2

1. Open the IAM console at https://console.aws.amazon.com/iam/.

2. Select Roles in the navigation pane, then Create role.

3. Select AWS service.

4. Select EC2 as the Service or use case, then select Next.

5. Attach the AWSDeadlineCloud-WorkerHost AWS managed policy.

On-premise AWS credentials

To configure AWS on-premise credentials

1. Open the IAM console at https://console.aws.amazon.com/iam/.

2. Select Roles in the navigation pane, then Create role.

3. Select AWS account, then select Next.

4. Attach the AWSDeadlineCloud-WorkerHost AWS managed policy.

5. Generate AWS IAM access and secret keys for the IAM user:

   1. For IAM Role Anywhere, see IAM Roles Anywhere.

   2. For the most secure way to set up credentials on the host, see Obtaining temporary security credentials from AWS Identity and Access Management Roles Anywhere.

   3. You can also use CLI as alternative authentication, for more information see Authenticate with IAM user credentials.

6. Store these keys in the agent-user’s AWS credentials file on the worker host filesystem.

   1. On Linux, this is located at ~/.aws/credentials

   2. On Windows, this is located at %USERPROFILE%\.aws\credentials

   Note

   Credentials should only be accessible by the OS user name (deadline-worker-agent) who installed the worker agent.

   # Replace keys below
   [default]
   aws_access_key_id=ACCESS_KEY_ID
   aws_secret_access_key=SECRET_ACCESSS_KEY

7. Change the deadline-worker-agent owner and permissions.

   Note

   If you changed the OS user (deadline-worker-agent) name when you installed the worker agent, use that name instead.