Skip to content

Prerequisites

Prerequisite: AWS IAM Policy Configuration

For MMBatch to function correctly, the IAM user or role it uses must have specific AWS permissions. Verify that the assigned IAM policy includes all necessary actions.

Required Permissions

Functionality Required AWS IAM Actions
Dashboard pricing:GetProducts, ec2:DescribeSpotPriceHistory
Auto EBS ec2:CreateTags, ec2:CreateVolume, ec2:CreateSnapshot, ec2:DeleteVolume, ec2:DeleteSnapshot, ec2:DescribeVolumes, ec2:DescribeSnapshots, ec2:AttachVolume, ec2:DetachVolume ,batch:DescribeJobs

How to Verify AWS IAM Policies

Use the AWS Management Console to confirm policy permissions.

Method 1: IAM Policy Simulator (Recommended for quick checks)

  1. Log in to the AWS Console, go to IAM > Policy simulator.

  2. Under Users, Groups, and Roles, select the IAM identity [Your Application Name] uses.

  3. Under

Service and action selection:

  • Select Pricing and add GetProducts.

  • Select EC2 and add DescribeSpotPriceHistory, CreateTags, CreateVolume, CreateSnapshot, DeleteVolume, DeleteSnapshot, DescribeVolumes, DescribeSnapshots, AttachVolume, DetachVolume.

  • Click Run simulation.

  • Ensure all listed actions show "Allowed". If any are "Denied," the policy needs modification.

Method 2: Directly Inspecting Attached Policies

  1. Log in to the AWS Console, go to IAM > Users or Roles.
  2. Click on the IAM user or role name used by [Your Application Name].
  3. Go to the Permissions tab.
  4. Expand each attached policy and review its JSON document.
  5. Confirm that all required actions from the "Required Permissions" table are present within Action elements and have "Effect": "Allow".

If permissions are missing:

An AWS administrator must create or modify an IAM policy to include the missing actions and attach it to the IAM user or role.