Problems with Launching Galaxy in AWS

Hi. I’m new to Galaxy cloud and I’m trying to launch Galaxy through AWS but I keep hitting an error. I’ve followed the tutorial (Getting Started with Galaxy on the Cloud) and have created the galaxy_cloudman user, giving it EC2 and S3 full permission. I tried to launch through the Genomics virtual lab using GVL 5.0 beta5 (Galaxy 20.09) and I’ve tried using different AWS targets. But I keep having the the same issue. Am I suppose the alter the role for the galaxy_cloudman user in AWS before launching the Galaxy instance? The error message is below:
FAILURE
Create appliance task failed: An error occurred (AccessDenied) when calling the GetRole operation: User: arn:aws:iam::223977771179:user/galaxy_cloudman is not authorized to perform: iam:GetRole on resource: role charlyn-transcriptome-bb-02112021-cm2-kube-role

The GVL is remains in beta and part of that is that the docs have not been updated on galaxyproject.org but are either missing or sprawled around github. The reason you’re getting the error message is because the IAM account you are using does not have sufficient privileges. Here is a comment describing the required account permissions for the GVL: Cannot launch cloudman despite having access key ID and secret key from AWS · Issue #198 · galaxyproject/cloudlaunch · GitHub

Hello,
Thanks so much for your response. I went back and gave the galaxy_cloudman Administrator Access through the add permissions tab (the first option in the link you provided). I’m attaching a screen shot of the permissions assigned to galaxy_cloudman.

However, I’m now receiving the error below.
I thought that maybe there was in issue with the code from the Admin Access policy, but the syntax for this policy document looks the same as in this example (Add an Administrator to your Amazon AWS account - SweetProcess).

I’m assuming I still not setting something up correctly, but after an extensive google search, I’m not sure what I’m doing wrong. Thanks for any input you can provide.

FAILURE
Create appliance task failed: An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.

That is an odd error given those settings. AdministratorAccess should be sufficient so try removing the other two policies and make sure the Admin one looks as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

Hello,

I removed the EC2 and S3 permissions and checked the syntax for the Admin policy (see image) and it is the same as posted above. However, I am still getting the same error (see below).

Just to ensure I understand the instructions correctly, these are permissions I should be attaching to the ‘galaxy_cloudman’ user, and I don’t need to change anything with the root settings?

FAILURE
Create appliance task failed: An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.

It turns out there was a bug in one of the internal policy templates and hence this was not a policy definition you select when creating an account. Thanks for helping identify this issue. A fix has been applied and the server updated so should be ok to launch now.

1 Like

Thank you!