[StarCluster] Administration of StarCluster with AWS IAM

Rayson Ho raysonlogin at gmail.com
Mon Mar 24 14:13:57 EDT 2014


On Mon, Mar 24, 2014 at 2:02 PM, David Stuebe <DStuebe at asascience.com> wrote:
> Yes - I am specifically asking about sharing a config file to allow
> different IAM users to manage a cluster via:
>
> starcluster restart mycluster
> starcluster stop mycluster
> starcluster terminate mycluster
> starcluster addnode mycluster

Yup, so the user who invokes starcluster will have access to the IAM
user account.

And the correct way to use IAM is to create the IAM user, then select
the user by checking on the check box, go to the "Security
Credentials" tab, and click "Manage Access keys", and "Create Access
keys", then "Show User Security Credentials". Put that Access Key ID &
Secret Access Key in the SC config file instead of that of the AWS
root account.

Rayson

==================================================
Open Grid Scheduler - The Official Open Source Grid Engine
http://gridscheduler.sourceforge.net/
http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html


>
>
>
> On the other hand, if you are talking about the administration of the
> HPC cluster, then it is a different story. You will likely want to
> learn Grid Engine for your job scheduling policy, and use Linux
> commands to setup new users, and may want to add a parallel
> filesystem, etc.
>
>
> When I create a config file I can share it with other users as long as I get
> my AWS credentials from my ENV variables.
>
> What about the user id?
> Does this have to be the root AWS account ID or can I use my User ARN (of
> the form:  arn:aws:iam::123456789012:user/username)
> Can I set this as an environment variable as well?
>
>
> StarCluster does not need the power of the full AWS root account. You
> can just create an IAM user with "EC2 full access" in the Policy
> Template.
>
>
> Is this "User ARN" the correct ID to use? Should I use a group ID or a user
> ID?
>
> Thanks for the quick response!
>
> David
>
>
> If you want finer control, you can fire up the IAM Policy Generator
> and pick which ec2 APIs the IAM user can issue. StarCluster does not
> use the AWS ELB nor the ASG (SC has its implementations of them).
> However, since we introduce VPC support, the list of APIs that SC
> needs is slightly larger.
>
>
> What about PEM files - what is ec2_cert in the config file used for?
>
>
> That's for the permission to create a new AMI, IIRC.
>
> Rayson
>
> ==================================================
> Open Grid Scheduler - The Official Open Source Grid Engine
> http://gridscheduler.sourceforge.net/
> http://gridscheduler.sourceforge.net/GridEngine/GridEngineCloud.html
>
>
>
> David Stuebe
>
> Scientist & Software Engineer
>
> 55 Village Square Drive
> South Kingstown, RI 02879-8248
>
> Tel: +1 (401) 789-6224
>
> Email: David.Stuebe at rpsgroup.com
> www: asascience.com | rpsgroup.com
>
> A member of the RPS Group plc
>
>
> _______________________________________________
> StarCluster mailing list
> StarCluster at mit.edu
> http://mailman.mit.edu/mailman/listinfo/starcluster
>
>


More information about the StarCluster mailing list