Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Administrator
  • All Products

Table of Contents

Search

  1. Preface
  2. Advanced clusters
  3. Setting up AWS
  4. Setting up Google Cloud
  5. Setting up Microsoft Azure
  6. Setting up a self-service cluster
  7. Setting up a local cluster
  8. Advanced configurations
  9. Troubleshooting
  10. Appendix A: Command reference

Advanced Clusters

Advanced Clusters

Back Next

Amazon EC2 actions

Amazon EC2 actions

Amazon Elastic Compute Cloud (EC2) provides computing resources on the cloud. Amazon EC2 actions must apply to all AWS resources.

Account

The cluster operator role requires the
ec2:DescribeAccountAttributes
 action to get attributes of your AWS account.

Internet gateway

The following table describes the actions for internet gateways:
Action
Description
ec2:CreateInternetGateway
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:AttachInternetGateway
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:DescribeInternetGateway
Required. Describes the internet gateway.
ec2:DetachInternetGateway
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:DeleteInternetGateway
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.

Key pair

The cluster operator creates AWS EC2 key pairs, which allows end users to connect to EC2 instances. The cluster operator role requires the following actions to manage key pairs: 
ec2:CreateKeyPair
ec2:ImportKeyPair
ec2:DescribeKeyPair
ec2:DeleteKeyPair

Network

The cluster operator role requires the
ec2:DescribeNetworkInterfaces
 action to describe network interfaces.

Route

The cluster operator role requires the following actions only when the Secure Agent creates a VPC and subnets for the cluster: 
ec2:CreateRoute
ec2:DeleteRoute
The Secure Agent creates a VPC and subnets by default.

Route table

The following table describes the actions for route tables:
Action
Description
ec2:CreateRouteTable
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:DescribeRouteTables
Required. Returns route table details.
ec2:ReplaceRouteTableAssociation
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:AssociateRouteTable
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:DisassociateRouteTable
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:DeleteRouteTable
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.

VPC

The following table describes the actions for VPCs:
Action
Description
ec2:CreateVpc
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:DescribeVpcs
Required. Describes VPC details.
ec2:ModifyVpcAttribute
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:DeleteVpc
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.

Subnet

The following table describes the actions for subnets:
Action
Description
ec2:CreateSubnet
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.
ec2:DescribeSubnet
Required. Describe subnet details.
ec2:DeleteSubnet
Required only when the Secure Agent creates a VPC and subnets for the cluster. The Secure Agent creates a VPC and subnets by default.

Security group

The following table describes the actions for security groups:
Action
Description
ec2:CreateSecurityGroup
Optional. Required only if you want to create and use user-defined Amazon EC2 security groups.
ec2:DescribeSecurityGroups
Required. Describes security group details.
ec2:AuthorizeSecurityGroupEgress
Optional. Required only if you want to create and use user-defined Amazon EC2 security groups.
ec2:AuthorizeSecurityGroupIngress
Optional. Required only if you want to create and use user-defined Amazon EC2 security groups.
ec2:RevokeSecurityGroupEgress
Optional. Required only if you want to create and use user-defined Amazon EC2 security groups.
ec2:RevokeSecurityGroupIngress
Optional. Required only if you want to create and use user-defined Amazon EC2 security groups.
ec2:DeleteSecurityGroup
Optional. Required only if you want to create and use user-defined Amazon EC2 security groups.
For more information about user-defined security groups, see Step 4. Create user-defined security groups for Amazon EC2.

Tags

The following table describes the actions for tags:
Action
Description
ec2:CreateTags
Required. Adds tags for Kubernetes infrastructure, such as Amazon EC2.
Kubernetes identifies resources through tags. Tags allow you to manage resources and add conditional statements.
ec2:DescribeTags
Required. Describes tags for Kubernetes infrastructure, such as Amazon EC2.
ec2:DeleteTags
Required. Deletes tags for Kubernetes infrastructure, such as Amazon EC2.

Volumes

The cluster operator manages etcd volumes directly. An
advanced cluster
 uses etcd volumes to store metadata. The cluster operator role requires the following actions to manage etcd volumes: 
ec2:CreateVolumes
ec2:DescribeVolumes
ec2:DeleteVolumes

Image

The cluster operator role requires the
ec2:DescribeImages
 action to get the AMI (Amazon Machine Image) details from the Amazon EC2 instance.

Instances

The following table describes the actions for instances:
Action
Description
ec2:DescribeInstanceAttribute
Required. Gets details of the created Amazon EC2 instances.
ec2:ModifyInstanceAttribute
Required. Allows the cluster operator to manage and create Amazon EC2 instances.
ec2:RunInstances
Required. Allows the cluster operator to manage and create Amazon EC2 instances.
ec2:DescribeInstances
ec2:DescribeInstanceType
Required. Gets details of the created Amazon EC2 instances.
ec2:TerminateInstances
Required. Terminates EC2 instances created by the cluster operator role.

Region

The following table describes the actions for regions:
Action
Description
ec2:DescribeRegions
Required. Describes the region you selected in the
advanced configuration
.
ec2:DescribeAvailabilityZones
Required. Describes details of availability zones.

Launch template

The cluster operator uses a launch template to launch EC2 instances. The cluster operator role requires the following actions to manage launch templates: 
ec2:CreateLaunchTemplate
ec2:DescribeLaunchTemplates
ec2:DeleteLaunchTemplate
ec2:CreateLaunchTemplateVersion
ec2:DescribeLaunchTemplateVersions
ec2:DeleteLaunchTemplateVersions
ec2:GetLaunchTemplateData
ec2:ModifyLaunchTemplate
0 COMMENTS
We’d like to hear from you!