Amazon function list required to run Omicsoft On Cloud

From Array Suite Wiki

Jump to: navigation, search

Contents

Amazon S3

  1. GetBucketLocation
  2. ListBuckets
  3. PutBucket
  4. DeleteBucket
  5. GetBucketLocation
  6. PutObject
  7. ListObjects
  8. DeleteObject
  9. DeleteObjects
  10. CopyObject
  11. GetObjectMetadata
  12. GetObject
  13. TransferUtilityUpload
  14. TransferUtilityDownload
  15. InitiateMultipartUpload
  16. UploadPart
  17. CompleteMultipartUpload
  18. AbortMultipartUpload

Both ArrayServer machine and EC2 instances are using keypairs to access S3 bucket folders.

Amazon EC2

All below are required:

  1. DescribeAvailabilityZones
  2. DescribeRegions
  3. DescribeVolumes
  4. DeleteVolume
  5. DeleteVolumes
  6. CreateVolume
  7. AttachVolume
  8. RunInstances
  9. TerminateInstances
  10. StopInstances
  11. StartInstances
  12. DescribeInstances
  13. DescribeInstanceStatus
  14. GetConsoleOutput
  15. DescribeKeyPairs
  16. CreateKeyPair (if this is not possible, Omicsoft.Launching must be created and .pem file must be downloaded/saved in a secure place)
  17. DescribeTags
  18. CreateTags
  19. DeleteTags
  20. ModifyInstanceAttribute


Amazon EC2/IAM

The following are optional if InstanceProfileArn is provided.

  1. ListInstanceProfiles
  2. ListRoles
  3. ListRolePolicies
  4. PutRolePolicy
  5. CreateRole
  6. CreateInstanceProfile
  7. AddRoleToInstanceProfile

Amazon SQS

  1. ListQueues
  2. SendMessage
  3. ReceiveMessage
  4. CreateQueue
  5. DeleteQueue
  6. DeleteMessage

Example of policy statement

  • Create a policy below
  • Create a new AMI user account
  • Create a new role
  • Then attach the same policy to a role AND to an account.
  • Use the AccessKey/SecretKey from the account, and InstanceProfileArn from role to configure the ArrayServer configuration.
  • Create a keypair (keypair to launch instances) named "Omicsoft.Launching".
    • Keep this Omicsoft.Launching.PEM file in a safe place!
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ArrayServerEC2",
            "Effect": "Allow",
            "Action": [
                "iam:PassRole",
                "iam:ListInstanceProfiles",
                "iam:ListRolePolicies",
                "ec2:Describe*",
                "ec2:AttachVolume",
                "ec2:CreateVolume",
                "ec2:CreateTags",
                "ec2:GetConsoleOutput",
                "ec2:ModifyInstanceAttribute",
                "ec2:RequestSpotInstances",
                "ec2:CancelSpotInstanceRequests",
                "ec2:RunInstances",
                "ec2:StartInstances",
                "ec2:DeleteTags",
                "ec2:DeleteVolume",
                "ec2:DetachVolume",
                "ec2:StopInstances",
                "ec2:TerminateInstances"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "ArrayServerSQS",
            "Effect": "Allow",
            "Action": [
                "sqs:ChangeMessageVisibility",
                "sqs:CreateQueue",
                "sqs:DeleteMessage",
                "sqs:DeleteQueue",
                "sqs:ReceiveMessage",
                "sqs:SendMessage",
                "sqs:GetQueueAttributes",
                "sqs:GetQueueUrl",
                "sqs:ListQueues"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowGroupToSeeBucketListInTheConsole",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Sid": "AllowRootAndHomeListingOfOmicsoftBucket",
            "Action": [
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:GetObject*",
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads",
                "s3:ListMultipartUploadParts",
                "s3:PutObject"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::s3folderExampleUseYourBucketName",
                "arn:aws:s3:::s3folderExampleUseYourBucketName/*"
            ]
        }
    ]
}