Date: Mon, 24 Mar 2014 13:40:14 -0400

On Mon, Mar 24, 2014 at 1:13 PM, David Stuebe <> wrote:
> I am planning to setup an HPC cluster for an operational forecasting
> project. I have created a new AWS account for this purpose and setup up IAM
> for various users on the project to have access and control over resources
> with proper unique users, role separation and least privilege.
> What are best practices for sharing administration of StarCluster resources?

Note that StarCluster bootstraps an HPC cluster in EC2 for you. After
the cluster has been started, StarCluster exits cleanly unless you
need the StarCluster load balancer:

On the other hand, if you are talking about the administration of the
HPC cluster, then it is a different story. You will likely want to
learn Grid Engine for your job scheduling policy, and use Linux
commands to setup new users, and may want to add a parallel
filesystem, etc.

> When I create a config file I can share it with other users as long as I get
> my AWS credentials from my ENV variables.
> What about the user id?
> Does this have to be the root AWS account ID or can I use my User ARN (of
> the form: arn:aws:iam::123456789012:user/username)
> Can I set this as an environment variable as well?

StarCluster does not need the power of the full AWS root account. You
can just create an IAM user with "EC2 full access" in the Policy

If you want finer control, you can fire up the IAM Policy Generator
and pick which ec2 APIs the IAM user can issue. StarCluster does not
use the AWS ELB nor the ASG (SC has its implementations of them).
However, since we introduce VPC support, the list of APIs that SC
needs is slightly larger.

> What about PEM files - what is ec2_cert in the config file used for?

That's for the permission to create a new AMI, IIRC.


