Create the policy - Amazon ParallelCluster
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create the policy

In this tutorial, you will create a policy for configuring shared storage encryption with an Amazon KMS key.

Create a policy.

  1. Go to the IAM Console: https://console.amazonaws.cn/iam/home.

  2. Choose Policies.

  3. Choose Create policy.

  4. Choose the JSON tab and paste in the following policy. Make sure to replace all occurrences of 123456789012 with your Amazon Web Services account ID and the key Amazon Resource Name (ARN) and Amazon Web Services Region with that of your own.

    
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kms:DescribeKey",
                "kms:ReEncrypt*",
                "kms:CreateGrant",
                "kms:Decrypt"
            ],
            "Resource": [
                "arn:aws:kms:region-id:123456789012:key/abcd1234-ef56-gh78-ij90-abcd1234efgh5678"
            ]
        }
    ]
}

  5. For this tutorial, name the policy ParallelClusterKmsPolicy, and then choose Create Policy.

  6. Make a note of the policy ARN. You need it to configure your cluster.