Create an instance profile for AWS PCS

AWS PCS console

Select Create a basic profile when you create a compute node group to have AWS PCS create one for you with the minimum required policy.

Amazon EC2 console

You can create an instance profile directly from the Amazon EC2 console. For more information, see Using instance profiles in the AWS Identity and Access Management User Guide.

Important

Make sure to use the required prefix AWSPCS in the IAM role name.

AWS CLI

Setting up Basic instance profile using AWS CLI

Note

Replace example-role in the following examples with the name of your IAM role.

Create IAM role with /aws-pcs/ as the path attribute or a name that starts with AWSPCS.

Copy and paste the following content to a new text file named trust_policy.json.


{  
    "Version":"2012-10-17",		 	 	   
    "Statement": [  
        {  
            "Effect": "Allow",  
             "Principal": {  
                "Service": [  
                    "ec2.amazonaws.com"  
                ]  
            },  
            "Action": [  
                "sts:AssumeRole"  
            ]  
        }  
    ]  
}

Use 1 of the following commands to create the IAM role.


aws iam create-role --path /aws-pcs/ --role-name example-role --assume-role-policy-document file://trust_policy.json


aws iam create-role --role-name AWSPCS-example-role --assume-role-policy-document file://trust_policy.json

Attach permissions.

Copy and paste the following content to a new text file named policy_document.json.


{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Action": [
                "pcs:RegisterComputeNodeGroupInstance"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

Attach the policy document to the role. This command attaches the policy as an inline policy.


aws iam put-role-policy \  
    --role-name example-role \  
    --policy-name pcsRegisterInstancePolicy \  
    --policy-document file://policy_document.json

Create an instance profile. Replace example-profile with the name of your instance profile.
```
aws iam create-instance-profile --instance-profile-name example-profile
```

Associate the IAM role with the instance profile.


aws iam add-role-to-instance-profile \  
   --instance-profile-name example-profile \  
   --role-name example-role

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Instance profiles

Find instance profiles