Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Updated VPC Docs Page#1645

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
SilasMarvin merged 3 commits intomasterfromsilas/vpc-updates
Oct 22, 2024
Merged
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 89 additions & 0 deletionspgml-cms/docs/cloud/enterprise/vpc.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -7,3 +7,92 @@ PostgresML can be launched in your Virtual Private Cloud (VPC) account on AWS, A
The PostgresML control plane provides a complete management solution to control the resources in your cloud account:
- Responsible for PostgresML instance launches, backups, monitoring and failover operations. This requires permission to create and destroy AWS EC2, EBS and AMI resources inside the designated VPC.
- Does not read/write any data inside PostgresML databases other than status metadata inside system tables or the pgml schema necessary to perform the previously mentioned operations.

## Creating an AWS role for VPC

To launch a VPC in AWS you must have a user with the correct permissions.

1. Sign in to the AWS Management Console and open the IAM console.
2. In the navigation pane, choose "Roles" and then "Create role".
3. Select "AWS account" as the trusted entity type, and choose "This account".
4. Click "Next" to proceed to permissions.
5. Click "Create policy" and switch to the JSON tab.
6. Paste the following policy document:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:RebootInstances",
"ec2:ModifyInstanceAttribute",
"ec2:DescribeSecurityGroups",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:CreateTags",
"ec2:DescribeKeyPairs",
"ec2:DescribeRouteTables",
"ec2:DescribeRegions",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:CreateVolume",
"ec2:DeleteVolume",
"ec2:AttachVolume",
"ec2:DetachVolume",
"ec2:ModifyVolume",
"imagebuilder:CreateImage",
"imagebuilder:CreateImagePipeline",
"iam:SimulatePrincipalPolicy",
"iam:PassRole",
"iam:GetRole",
"iam:ListRoles",
"iam:CreateRole",
"iam:CreateInstanceProfile",
"iam:CreatePolicy",
"iam:GetInstanceProfile",
"iam:ListAttachedRolePolicies",
"iam:AttachRolePolicy",
"iam:AddRoleToInstanceProfile",
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:PutBucketPolicy",
"s3:ListBucket",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:GetBucketTagging",
"s3:PutBucketTagging",
"kms:DescribeKey",
"kms:CreateGrant",
"kms:Decrypt",
"kms:ReEncryptFrom",
"kms:ReEncryptTo",
"kms:GenerateDataKey",
"kms:GenerateDataKeyPair",
"kms:GenerateDataKeyPairWithoutPlaintext",
"kms:GenerateDataKeyWithoutPlaintext"
],
"Resource": "*"
}
]
}
```
7. Review and create the policy, giving it a descriptive name like "PGMLVPCSetupPolicy".
8. Back in the role creation process, attach this newly created policy to the role.
9. Name the role (e.g., "PGMLVPCSetupRole") and create it.
10. Go to the IAM Users section, select your user, and attach the created role.
11. Generate new access keys for this user if you haven't already.

[8]ページ先頭
©2009-2025 Movatter.jp