AWSThinkboxDeadlineSpotEventPluginWorkerPolicy

You can attach the AWSThinkboxDeadlineSpotEventPluginWorkerPolicy policy to your IAM identities.

This policy grants operative permissions that allow an EC2 instance to run the Spot Event Plugin as a Deadline Worker.

Permissions details

This policy includes the following permissions.

• ec2 - Used to query Spot Fleet Request Id from the instance’s tag. DescribeInstances is required to query the up time of the instance. TerminateInstances is used by the instance for self-termination when it is idle.

• sqs - Used by the instance to report its status to the Deadline Resource Tracker system.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeTags"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:ARN": "${ec2:SourceInstanceARN}"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "sqs:GetQueueUrl",
                "sqs:SendMessage"
            ],
            "Resource": [
                "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*"
            ]
        }
    ]
}