Closed blakemertz closed 1 year ago
Can you confirm that the role you are using to run the UI has permissions to read the secrets? See the example Base AWS ParallelCluster pcluster user policy
section in https://docs.aws.amazon.com/parallelcluster/latest/ug/iam-roles-in-parallelcluster-v3.html
Hi @blakemertz
the PasswordSecretArnValidator
is executed on the CLI side, so as suggested by Ryan probably the role you're using for the CLI doesn't have the permissions to read that secret. Anyway this is not an issue by itself, the CLI is unable to validate it but this doesn't mean that it is wrong, indeed this is a WARNING and not an ERROR.
The important part is that the Role associated to the head node instance has the permission to read that secret. If your cluster is created correctly this is the case.
If the cluster creation fails you can think to add additional IAM policies, through AdditionalIamPolicies
parameter.
Enrico
This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.
I'm trying to generate a cluster with 1) microsoft active directory for multiple users and 2) shared EFS partition for convenience of storing big data to our virtual drive. I have managed to accomplish #2, and also have managed to create a microsoft AD. However, when I did a dry run in the ParallelCluster UI, I get the following warning:
I will still be able to create the cluster, but I want to know where I can properly locate my secret ARN for the microsoft AD? I thought I had properly copied it from my cloud formation console:
but then I wouldn't be getting that validation warning, correct? Is there a different ARN that I should be referencing? The only other possibility I can see is DomainCertificateSecretArn or DomainCertificateSecretReadPolicy.
Below is my configuration script: