Creating a Role for the MapR Installer

During the provisioning process, you must supply an IAM role name that can be passed on to the MapR Installer. IAM roles allow instances to delegate permissions in the absence of AWS credentials.

To create the role for the MapR Installer:

  1. Log on to the AWS Management Console.
  2. In the list of Services, under Security, Identity, and Compliance, click IAM.
  3. Click the Policies link.
  4. Click Create policy.
  5. Give the policy a name and a description.
  6. In the Policy Document field, paste the following policy statement:
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "autoscaling:Describe*",
                    "autoscaling:CreateLaunchConfiguration",
                    "autoscaling:DeleteLaunchConfiguration",
                    "autoscaling:SuspendProcesses",
                    "autoscaling:UpdateAutoScalingGroup",
                    "cloudformation:DescribeStack*",
                    "cloudformation:GetTemplate",
                    "cloudformation:UpdateStack",
                    "ec2:CreateKeyPair",
                    "ec2:DeleteKeyPair",			
                    "ec2:ImportKeyPair",
                    "ec2:DescribeKeyPairs",
                    "ec2:DescribeInstances",
                    "ec2:DescribeInstanceAttribute",
                    "ec2:ModifyInstanceAttribute",
                    "ec2:DescribeSubnets",
                    "ec2:RunInstances",
                    "ec2:StartInstances",
                    "ec2:StopInstances",
                    "ec2:CreateVolume",
                    "ec2:AttachVolume",
                    "ec2:DescribeVolumes"
                ],
                "Resource": "*"
            }
        ]
    }
    
  7. Click Create policy.
  8. Navigate to Services > IAM > Roles.
  9. Click Create new role.
  10. For the role type, select the AWS Service Role > Amazon EC2.
  11. Filter by Customer Managed.
  12. Select the policy created earlier.
  13. Give the role a name and description.
  14. Click Create role.
Later, during the provisioning process, you will provide the role name as an input to the reference template.