During cluster provisioning Oracle installation files will be downloaded from an S3 bucket. The list of files that must be placed in the S3 bucket is shown on the Oracle Files tab of the FlashGrid cluster Launcher tool.
Two options are available for allowing access to the files in the S3 bucket for the cluster node instances:
- Enabling public access to each file for the duration of cluster deployment
OR - Assigning the cluster node instances an IAM role that has permissions for accessing files in the bucket
To allow public access to the files in S3
- Create an S3 bucket/folder for uploading the installation files
- Upload the required files to the S3 bucket/folder
- In S3 Management Console navigate to the bucket and the folder to see the list of files
- Select all files
- Click More -> Make Public
- You can disable public access after the cluster completes initialization
To use an IAM role for access to the files in S3
- Create an S3 bucket/folder for uploading the installation files
- Upload the required files to the S3 bucket/folder
- In IAM Management Console create a new policy named GetOracleFilesFromS3 that allows s3:GetObject action on all uploaded files. See an example below.
- In IAM Management Console create a new role named GetOracleFilesFromS3 for the EC2 service and attach the GetOracleFilesFromS3 policy to it.
Note: If you have to use CLI (instead of Management Console) for creating an IAM Role, then additionally need to create Instance Profile with the same name as the IAM Role: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html - Use the GetOracleFilesFromS3 role when configuring cluster parameters in the FlashGrid cluster Launcher tool.
Example of an IAM policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1508867055000", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::mybucket/mydirectory/*" ] } ] }