previewflag | description | keywords | title |
---|---|---|---|
cloud-swarm |
Link your Amazon Web Services account |
AWS, Cloud, link |
Link Amazon Web Services to Docker Cloud |
You can create a role with AWS IAM (Identity and Access Management) so that Docker Cloud can provision and manage swarms on your behalf.
Note: Your AWS account must support EC2-VPC to deploy swarms, and you must also have an SSH key in each AWS region you deploy swarms in.
If you used Docker Cloud with AWS to deploy classic Node Clusters, you can add the new policy to your existing role by following the instructions below.
-
Go to the AWS IAM Role creation panel at https://console.aws.amazon.com/iam/home#roles. Click Create role.
-
Select Another AWS account to allow your Docker Cloud account to perform actions in this AWS account.
-
In the Account ID field, enter the ID for the Docker Cloud service:
689684103426
. -
Select Require external ID (Best practice when a third party will assume this role).
-
In the External ID field, enter the namespace to link.
This is either your Docker Cloud username, or if you are using Organizations in Docker Cloud, the organization name. Failure to use the correct name results in the following error message:
Invalid AWS credentials or insufficient EC2 permissions
when attempting to link your Docker account to your AWS account. -
Leave Require MFA unchecked.
Click Next: Permissions.
-
-
On the next screen, do not select a policy (you add the policy in a later step).
Click Next: Review.
-
Give the new role a name, such as
dockercloud-swarm-role
.Note: You must use one role per Docker Cloud account namespace, so if you use a single AWS account for multiple Docker Cloud accounts, you should add an identifying namespace to the end of the name. For example, you might have
dockercloud-swarm-role-moby
anddockercloud-swarm-role-teamawesome
. -
Click Create Role.
AWS IAM creates the new role and returns you to the Roles list.
-
Click the name of the role you just created to view its details.
-
On the Permissions tab, click + Add an inline policy.
-
Choose the JSON tab.
-
Copy and paste the policy document found in the Docker for AWS page.
-
Click Review Policy. The policy validator reports any syntax errors. Give the policy a name like
dockercloud-swarm-policy
and an optional description. -
Click Create Policy to save your work.
-
Back on the role view, click into the new role to view details, and copy the full Role ARN string.
The ARN string should look something like
arn:aws:iam::123456789123:role/dockercloud-swarm-role
. The next step requires the.
Now skip down to the topic on how to Add your AWS account credentials to Docker Cloud.
If you already have your AWS account connected to Docker Cloud and used the legacy node cluster functionality you need to create and attach a new policy, and re-link your account.
-
Go to the AWS IAM Roles list at https://console.aws.amazon.com/iam/home#roles.
-
Click your existing version of the
dockercloud-role
. -
On the Permissions tab, click + Add an inline policy.
-
On the next page, click Custom Policy and click Select.
-
On the Policy Editor page that appears, give the policy a name like
dockercloud-swarm-policy
. -
In the Policy Document section, copy and paste the policy document found in the Docker for AWS page.
-
Click Validate Policy.
-
If the validation succeeds, click Apply Policy.
-
Select and copy the Role ARN on the role screen. It shouldn't have changed, but you need it to re-link your account.
Because you edited the role's permissions, you need to re-link to your account. Back in Docker Cloud, click the account menu and select Cloud Settings, and in the Service providers section, click the green plug icon to unlink your AWS account.
Then, follow the instructions below to re-link your account.
Once you've created the a dockercloud-swarm-policy
,
added the dockercloud-swarm-role
inline, and have the role's
Role ARN, go back to Docker Cloud to connect the account.
-
In Docker Cloud, click the account menu at the upper right and select Cloud settings.
-
In the Service providers section, click the plug icon next to Amazon Web Services.
-
Enter the full
Role ARN
for the role you just created. -
Click Save.
You are now ready to deploy a swarm!
Ready to create swarms on AWS? See Create a new swarm on Amazon Web Services in Docker Cloud.
You can get an overivew of topics on swarms in Docker Cloud.
Using Standard Mode to managing Docker nodes on AWS? If you are setting up nodes on AWS in Standard Mode, go back to What's next in Standard Mode.