Hi - Does Cloudman support IAM_PROFILES? We run our instances within a VPC and assign an IAM_PROFILE to the ec2 instances so that they have access to resouces. Does Cloudman have this support?
Hi Ryan, I'm not sure I really understand your question but CloudMan can run under an IAM account - it is just necessary to give the IAM user permissions to create EC2 and S3 resources. Let us know if that's not what you had in mind or if you have any more questions. Cheers, Enis On Mon, Mar 14, 2016 at 1:56 PM, Ryan G <ngsbioinformatics@gmail.com> wrote:
Hi - Does Cloudman support IAM_PROFILES? We run our instances within a VPC and assign an IAM_PROFILE to the ec2 instances so that they have access to resouces. Does Cloudman have this support?
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Hi Ryan, I've never been able to get cloudman to function within a private VPC so if this is your architecture as well and you manage to make progress I'd be interested in learning your methods. Thanks! Regards, Chris Enis Afgan wrote:
Hi Ryan, I'm not sure I really understand your question but CloudMan can run under an IAM account - it is just necessary to give the IAM user permissions to create EC2 and S3 resources. Let us know if that's not what you had in mind or if you have any more questions.
Cheers, Enis
We actually have galaxy running within a VPC now. The problem we're running into is that when ec2 instances get created they don't have an I_am profile attached to them so they can't get access to S3 resources. This should just be a parameter past to AWS when the instances get created to attach the Iam profile. I just need to know where the code for creating ec2 instances is and I can test it out. Please excuse any typos -- Sent from my iPhone
On Mar 15, 2016, at 10:46 PM, Chris Dagdigian <dag@bioteam.net> wrote:
Hi Ryan,
I've never been able to get cloudman to function within a private VPC so if this is your architecture as well and you manage to make progress I'd be interested in learning your methods. Thanks!
Regards, Chris
Enis Afgan wrote:
Hi Ryan, I'm not sure I really understand your question but CloudMan can run under an IAM account - it is just necessary to give the IAM user permissions to create EC2 and S3 resources. Let us know if that's not what you had in mind or if you have any more questions.
Cheers, Enis
The instances get launched here: https://github.com/galaxyproject/cloudman/blob/master/cm/clouds/ec2.py#L434 I guess you're talking about the `instance_profile_name` parameter from boto's run_instances method ( https://github.com/boto/boto/blob/develop/boto/ec2/connection.py#L738)? On Tue, Mar 15, 2016 at 11:25 PM, Ryan G <ngsbioinformatics@gmail.com> wrote:
We actually have galaxy running within a VPC now. The problem we're running into is that when ec2 instances get created they don't have an I_am profile attached to them so they can't get access to S3 resources. This should just be a parameter past to AWS when the instances get created to attach the Iam profile. I just need to know where the code for creating ec2 instances is and I can test it out.
Please excuse any typos -- Sent from my iPhone
On Mar 15, 2016, at 10:46 PM, Chris Dagdigian <dag@bioteam.net> wrote:
Hi Ryan,
I've never been able to get cloudman to function within a private VPC so if this is your architecture as well and you manage to make progress I'd be interested in learning your methods. Thanks!
Regards, Chris
Hi Ryan, I'm not sure I really understand your question but CloudMan can run under an IAM account - it is just necessary to give the IAM user
Enis Afgan wrote: permissions to create EC2 and S3 resources. Let us know if that's not what you had in mind or if you have any more questions.
Cheers, Enis
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Ryan; Chris: I just added the ability to launch instances into non-default VPCs to CloudLaunch. This is live on https://launch.usegalaxy.org/, under Advanced startup options. Feel free to give it a shot and let me know if you encounter any issues. On Thu, Mar 17, 2016 at 10:09 AM, Enis Afgan <enis.afgan@irb.hr> wrote:
The instances get launched here: https://github.com/galaxyproject/cloudman/blob/master/cm/clouds/ec2.py#L434
I guess you're talking about the `instance_profile_name` parameter from boto's run_instances method ( https://github.com/boto/boto/blob/develop/boto/ec2/connection.py#L738)?
On Tue, Mar 15, 2016 at 11:25 PM, Ryan G <ngsbioinformatics@gmail.com> wrote:
We actually have galaxy running within a VPC now. The problem we're running into is that when ec2 instances get created they don't have an I_am profile attached to them so they can't get access to S3 resources. This should just be a parameter past to AWS when the instances get created to attach the Iam profile. I just need to know where the code for creating ec2 instances is and I can test it out.
Please excuse any typos -- Sent from my iPhone
On Mar 15, 2016, at 10:46 PM, Chris Dagdigian <dag@bioteam.net> wrote:
Hi Ryan,
I've never been able to get cloudman to function within a private VPC so if this is your architecture as well and you manage to make progress I'd be interested in learning your methods. Thanks!
Regards, Chris
Hi Ryan, I'm not sure I really understand your question but CloudMan can run under an IAM account - it is just necessary to give the IAM user
Enis Afgan wrote: permissions to create EC2 and S3 resources. Let us know if that's not what you had in mind or if you have any more questions.
Cheers, Enis
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Hi Chris, Using non-default VPCs are difficult to get going at the moment but work is underway that should make that easier for starters and we can then look at other issues that may arise. Is a user-defined VPC your typically scenario? I remember you mentioning something about a highly isolated VPC at some point but we never got far on that discussion. On Tue, Mar 15, 2016 at 10:46 PM, Chris Dagdigian <dag@bioteam.net> wrote:
Hi Ryan,
I've never been able to get cloudman to function within a private VPC so if this is your architecture as well and you manage to make progress I'd be interested in learning your methods. Thanks!
Regards, Chris
Enis Afgan wrote:
Hi Ryan, I'm not sure I really understand your question but CloudMan can run under an IAM account - it is just necessary to give the IAM user permissions to create EC2 and S3 resources. Let us know if that's not what you had in mind or if you have any more questions.
Cheers, Enis
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
participants (3)
-
Chris Dagdigian -
Enis Afgan -
Ryan G