AWS IAM - VertebrateResequencing/vr-pipe GitHub Wiki

When using the 'ec2' or 'sge_ec2' schedulers, VRPipe is able to load-balance the work by launching and terminating EC2 instances as necessary. For this feature to work it needs to be configured with the required security credentials.

Security in Amazon's cloud is handled through the Identity and Access Management (IAM) system. Rather than give VRPipe your 'root' account information (that have from being the owner of your AWS account), you can create a group and user under your account with its own security credentials.

If you're just 1 person it's still a good idea to do this. If you're not the primary account holder (you have been given access to AWS via the IAM system of someone else's account), you'll have to get the primary account holder to do something similar to this guide, or configure VRPipe with your own security credentials.

The following guide assumes that you have full IAM permissions (eg. the AWS account belongs to you).

  1. Starting from your console home, click the IAM icon.
    click the IAM icon
  2. Select the Groups pane, then click the 'Create New Group' button.
    create new group
  3. Enter a name and continue.
    enter a name
  4. Select 'Amazon EC2 Full Access' from the policy temples. On the next screen just click continue. On the final screen click 'Create group'.
    select amazon ec2 full access
    click continue
    create group
  5. Go to the Users pane, then click the 'Create New Users' button.
    create new users
  6. Enter a user name, generate an access key, and click Create.
    enter name and create
  7. Carefully note down the Access Key ID and Secret Access Key (or click the 'Download Credentials' button), and keep these in a safe place (outside of AWS, on your local machine).
    note down credentials
  8. Select the user, and choose 'Add User to Groups' from the User Actions menu.
    add user to groups
  9. Pick the group name chosen in step 3., then click 'Add to Groups'.
    add user to groups

Now when configuring VRPipe, if it asks for your access key and secret key, use the details you noted down in step 7.