b. Define a new IAM policy

Identity and Access Management (IAM) controls who or what can conduct actions on resources. For example, an instance can be allowed to access the APIs to create new instances. In the present case, you will enable the instances of your cluster to access the AWS Systems Manager (SSM) endpoints so commands triggered by your Lambda function can be executed on them using SSM.

In this section you will:

  • Create an Amazon S3 bucket to store your Slurm sbatch scripts and the SSM commands logs for auditing.
  • Define an new IAM policy that enables the cluster instances to access SSM endpoints and the S3 bucket.