Creating Cloud Authorization for Amazon Web Services (AWS)
To allow Resource Manager to schedule jobs using your AWS account, you must first authorize MissingLink to access the account using standard AWS cross-account authorization.
From the outset, be aware that any and all MissingLink activity in your AWS account is tracked and available as part of AWS’s cloud trail. In addition, the access you grant MissingLink can be revoked from your AWS account at any time.
The procedure itself involves a few short commands. To better understand the actions and configurations that are made behind the scenes, see AWS Authorization Process.
Before you enable authorization, ensure that you have:
- Installed MissingLink's CLI as detailed here.
Properly configured AWS on the host. Run the following commands:
pip install awscli aws configure
For more information, see Configuring the AWS CLI.
Granted your user administrator's privileges to access AWS.
- (Optional) Created a separate SSH key to be used by MissingLink for Git cloning and other encryption related operations. By default, your default SSH key will be used. For more information, see Confidential Data.
The basic authorization command is:
ml resources aws init
In addition, you can use the following additional flags:
ml resources aws --region REGION init --ssh-key-path PATH --queue TEXT
--regionspecifies which region hosts the authorization and the default S3 bucket.
--ssh-key-pathallows you to specify which SSH key to use instead of your default SSH key for SSH access for running instances (can be changed per resource group), performing Git clone (can be changed per job) and encryption functionality.
--queuespecifies the queue to use at cloud initialization.
For more information about the command and the flags, see the CLI reference.
The authorization process takes a few minutes. The outcome is a basic, default resource group for this authorization. The resource group is configured with a capacity of one p3.2xlarge instance. You can use MissingLink's dashboard to modify basic configuration settings, or the
ml resources group command to modify more advanced settings.
AWS Authorization Process describes what occurs "under the hood" when you issue the
ml resources aws init command.