본문으로 건너뛰기

Spot Role

AmazonEC2SpotFleetTaggingRole

import * as aws from "@pulumi/aws";
import * as variable from "@src/variable";

const roleName = "AmazonEC2SpotFleetTaggingRole";
const role = new aws.iam.Role(roleName, {
name: roleName,
assumeRolePolicy: {
Statement: [
{
Effect: "Allow",
Principal: {
Service: "spotfleet.amazonaws.com",
},
Action: "sts:AssumeRole",
},
],
Version: "2012-10-17",
},
tags: {
Name: roleName,
"loliot.net/stack": variable.stackName,
},
});

const policyARNs = {
"0": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole",
};

const rpas = Object.entries(policyARNs).map(
([i, arn]) =>
new aws.iam.RolePolicyAttachment(`AmazonEC2SpotFleetTaggingRole-rpa-${i}`, {
policyArn: arn,
role: role.name,
}),
);

AWSServiceRoleForEC2Spot

aws iam create-service-linked-role --aws-service-name spot.amazonaws.com

AWSServiceRoleForEC2SpotFleet

aws iam create-service-linked-role --aws-service-name spotfleet.amazonaws.com