For more details about EC2, nodes, refer to the official documentation for the EC2 Management Console.
In the Region field, select the same region that you used when creating your cloud credentials.
Your AWS account access information, stored in a cloud credential.
See Amazon Documentation: Creating Access Keys how to create an Access Key and Secret Key.
See Amazon Documentation: Creating IAM Policies (Console) how to create an IAM policy.
See Amazon Documentation: Adding Permissions to a User (Console) how to attach an IAM
See our three example JSON policies:
- Example IAM Policy
- Example IAM Policy with PassRole (needed if you want to use Kubernetes Cloud Provider or want to pass an IAM Profile to an instance)
- Example IAM Policy to allow encrypted EBS volumes policy to an user.
Authenticate & Configure Nodes
Choose an availability zone and network settings for your cluster.
Choose the default security group or configure a security group.
Please refer to Amazon EC2 security group when using Node Driver to see what rules are created in the
rancher-nodes Security Group.
If you provide your own security group for an EC2 instance, please note that Rancher will not modify it. As such, you will be responsible for ensuring that your security group is set to allow the necessary ports for Rancher to provision the instance. For more information on controlling inbound and outbound traffic to EC2 instances with security groups, refer here.
Configure the instances that will be created. Make sure you configure the correct SSH User for the configured AMI. It is possible that a selected region does not support the default instance type. In this scenario you must select an instance type that does exist, otherwise an error will occur stating the requested configuration is not supported.
If you need to pass an IAM Instance Profile Name (not ARN), for example, when you want to use a Kubernetes Cloud Provider, you will need an additional permission in your policy. See Example IAM policy with PassRole for an example policy.
In the Engine Options section of the node template, you can configure the container daemon. You may want to specify the container version or a container image registry mirror.