Creating Cloud Authorization for AWS
To allow Resource Manager to schedule jobs using your AWS account, you must first authorize MissingLink to access the account using standard AWS cross-account authorization.
From the outset, be aware that any and all MissingLink activity in your AWS account is tracked and available as part of AWS’s cloud trail. In addition, the access you grant MissingLink can be revoked from your AWS account at any time.
The procedure itself involves a few short commands. To better understand the actions and configurations that are made behind the scenes, see AWS authorization process.
Before you enable authorization, ensure that you have:
- Installed MissingLink's CLI as detailed here.
You have properly configured AWS on the host. Run the following commands:
$ pip install awscli $ aws configure
For more information, see Configuring the AWS CLI.
Granted your user administrator's privileges to access AWS.
- (Optional) You have created a separate SSH key to be used by MissingLink for Git cloning and other encryption related operations. By default, your default SSH key will be used. For more information, see Using confidential data.
The basic authorization command is:
ml resources aws init
In addition you can use the following additional flags:
ml resources aws --region REGION init --ssh-key-path PATH
--regionspecifies which region hosts the authorization and the default S3 bucket.
--ssh-key-pathallows you to specify which SSH key to use instead of your default SSH key for SSH access for running instances (can be changed per resource group), performing Git clone (can be changed per job) and encryption functionality.
The authorization process takes a few minutes. The outcome is a basic, default resource group for this authorization. The resource group is configured with a capacity of one p3.2xlarge instance. You can use MissingLink's dashboard or the
ml resources group command to modify the configuration.