aws-parallelcluster: sanity check error when providing custom EC2 instance role

Environment:

  • AWS ParallelCluster version 2.4.1
  • OS: alinux
  • Scheduler: Slurm
  • Master instance type: t2.micro
  • Compute instance type: t2.micro

Bug description and how to reproduce: When I try to provide a custom ec2_iam_role and sanity_check is enabled I receive an error: IAM role error on user provided role parallelcluster-ec2-instance-role: action ec2:DescribeVolumes is implicitDeny

When turning sanity_check off, the cluster creation seems to work fine and the permissions seem to be added as expected. A quick test showed the cluster working with no apparent issues.

Additional context: My IAM policy is pretty much a copy of the one use by default (or documented). I just add permissions for SSM, so I can login without SSH. I even used a role name that is compatible with the existing PassRole permission. I also double checked that the ec2:DescribeVolumes permission is Allowed on all resources.

Any pointers would be much appreciated.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (8 by maintainers)

Most upvoted comments

Does not sound familiar, no. Btw: I just pushed my cluster setup (excluding the EC2 role) to GH, in case you want to try and see if the error is reproducible. Again, the create worked fine (as far as I can tell) if I disable the sanity_check.

https://github.com/umccr/infrastructure/tree/parallel_cluster/parallel_cluster/testcluster

+1
reisingerf on Nov 11, 2019
Read more comments on GitHub
← aws-parallelcluster: Parallelcluster 2.1.1 with raid 0 config on Cent OS 7 fails in create cluster
aws-parallelcluster: SSL Verification Error during cluster creation →