Prerequisites
Prerequisite: AWS IAM Policy Configuration
For MMBatch to function correctly, the IAM user or role it uses must have specific AWS permissions. Verify that the assigned IAM policy includes all necessary actions.
Required Permissions
Functionality | Required AWS IAM Actions |
---|---|
Dashboard | pricing:GetProducts , ec2:DescribeSpotPriceHistory |
Auto EBS | ec2:CreateTags , ec2:CreateVolume , ec2:CreateSnapshot , ec2:DeleteVolume , ec2:DeleteSnapshot , ec2:DescribeVolumes , ec2:DescribeSnapshots , ec2:AttachVolume , ec2:DetachVolume ,batch:DescribeJobs |
How to Verify AWS IAM Policies
Use the AWS Management Console to confirm policy permissions.
Method 1: IAM Policy Simulator (Recommended for quick checks)
-
Log in to the AWS Console, go to IAM > Policy simulator.
-
Under Users, Groups, and Roles, select the IAM identity [Your Application Name] uses.
-
Under
Service and action selection:
- Select
Pricing
and addGetProducts
. -
Select
EC2
and addDescribeSpotPriceHistory
,CreateTags
,CreateVolume
,CreateSnapshot
,DeleteVolume
,DeleteSnapshot
,DescribeVolumes
,DescribeSnapshots
,AttachVolume
,DetachVolume
. -
Click Run simulation.
-
Ensure all listed actions show "Allowed". If any are "Denied," the policy needs modification.
Method 2: Directly Inspecting Attached Policies
- Log in to the AWS Console, go to IAM > Users or Roles.
- Click on the IAM user or role name used by [Your Application Name].
- Go to the Permissions tab.
- Expand each attached policy and review its JSON document.
- Confirm that all required actions from the "Required Permissions" table are present within
Action
elements and have"Effect": "Allow"
.
If permissions are missing:
An AWS administrator must create or modify an IAM policy to include the missing actions and attach it to the IAM user or role.