Skip to content

AWS Access

SeqCMD is needs to be authorized to perform certain operations on AWS, for example upload files to s3 and submit workflow execution requests to AWS Batch.

SeqCMD Application Permissions

The SeqCMD Application is authorized to perform necessary actions on AWS via the Instance Profile of the EC2 instance running SeqCMD. Permissions required by SeqCMD include:

  • Submit Jobs to AWS Batch
  • Manage objects in specific buckets
  • Query cost of workflow associated compute resources

An example policy granting SeqCMD access to an s3 bucket called "seqcmd" is:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::seqcmd"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": ["arn:aws:s3:::seqcmd/*"]
    }
  ]
}