Remember the architecture?
When we use AWS batch to schedule and run multiple containers in parallel, each container needs to be able to access S3 to store the simulation results. To grant permission for the containers to access S3 securely, the best way to achieve this is creating an IAM role that the containers will use. With IAM roles, temporary security credentials are created dynamically that are only usable by the entities you specify.
To create this IAM role:
-
Go to the IAM console
-
Go to Roles, then Create role
-
In the Select type of trusted entity screen, select Elastic Container Service under list of services, then select Elastic Container Service Task
-
In the Attach permissions policies screen, look for S3 in the search bar and pick AmazonS3FullAccess
-
For Role name, pick a unique name e.g.
<your-user-name>-monte-carlo, and click Create role
Move on to Module 7: Create AWS Batch job