Create an instance profile for AWS PCS
- AWS PCS console
-
Select Create a basic profile when you create a compute node group to have AWS PCS create one for you with the minimum required policy.
- Amazon EC2 console
-
You can create an instance profile directly from the Amazon EC2 console. For more information, see Using instance profiles in the AWS Identity and Access Management User Guide.
Important
Make sure to use the required prefix
AWSPCSin the IAM role name. - AWS CLI
-
Setting up Basic instance profile using AWS CLI
Note
Replace
example-rolein the following examples with the name of your IAM role.-
Create IAM role with
/aws-pcs/as the path attribute or a name that starts withAWSPCS.-
Copy and paste the following content to a new text file named
trust_policy.json.-
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }
-
Use 1 of the following commands to create the IAM role.
aws iam create-role --path /aws-pcs/ --role-nameexample-role--assume-role-policy-document file://trust_policy.jsonor
aws iam create-role --role-nameAWSPCS-example-role--assume-role-policy-document file://trust_policy.json
-
-
Attach permissions.
-
Copy and paste the following content to a new text file named
policy_document.json.-
{ "Version":"2012-10-17", "Statement": [ { "Action": [ "pcs:RegisterComputeNodeGroupInstance" ], "Resource": "*", "Effect": "Allow" } ] }
-
Attach the policy document to the role. This command attaches the policy as an inline policy.
aws iam put-role-policy \ --role-nameexample-role\ --policy-name pcsRegisterInstancePolicy \ --policy-document file://policy_document.json
-
-
Create an instance profile. Replace
example-profilewith the name of your instance profile.aws iam create-instance-profile --instance-profile-nameexample-profile -
Associate the IAM role with the instance profile.
aws iam add-role-to-instance-profile \ --instance-profile-nameexample-profile\ --role-nameexample-role
-
