Access resources from AWS
This page describes how you can access AWS resources from your Anyscale Cloud deployed on AWS. If you want to access AWS resources from Anyscale Clouds deployed on GCP, contact our support team.
Anyscale Cluster IAM Role
Each Anyscale Cloud on AWS has a default IAM Role assigned to all nodes managed by Anyscale.
- Clouds deployed via Anyscale Managed Resources use a role that looks like:
arn:aws:iam::<your_aws_account_id>:role/<cloud_id>-cluster_node_role
- Clouds deployed via Customer Defined Resources use the Role provided in the
instance-iam-rolefield.
Determine the IAM role on a running Anyscale Cluster by running:
aws sts get-caller-identity
If you want to use existing IAM Roles for Clusters, follow the instructions here.
Access data in S3
You can perform operations on your S3 data on any Cluster as long as the IAM Role it runs with has proper permissions.
- Learn more about how to grant permission to your own S3 buckets
Access Docker images in ECR
You can use images in your ECR as Cluster Environments for any Cluster as long as the Cluster's IAM Role has proper permissions.
- Learn more about how to grant permission to your ECR
Access Secret stored in AWS Secrets Manager
There are many situations where your application or Cluster needs access to Secrets stored in AWS Secrets Manager.