Manual AWS Batch configuration
This page describes how to set up AWS roles and Batch queues manually for the deployment of Nextflow workloads with Seqera Platform Enterprise.
Manual configuration of AWS Batch is only necessary if you don't use Tower Forge. Tower Forge will automatically create the required AWS Batch queues.
Complete the following procedures to configure AWS Batch manually:
- Create a user policy.
- Create the instance role policy.
- Create the AWS Batch service role.
- Create an EC2 Instance role.
- Create an EC2 SpotFleet role.
- Create a launch template.
- Create the AWS Batch compute environments.
- Create the AWS Batch queue.
Create a user policy#
Create the policy for the user launching Nextflow jobs:
- Go to the IAM Console.
- Go to the Policy page.
-
Create a new policy with the following content:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1530313170000", "Effect": "Allow", "Action": [ "batch:CancelJob", "batch:RegisterJobDefinition", "batch:DescribeComputeEnvironments", "batch:DescribeJobDefinitions", "batch:DescribeJobQueues", "batch:DescribeJobs", "batch:ListJobs", "batch:SubmitJob", "batch:TerminateJob" ], "Resource": [ "*" ] } ] } -
Save with it the name
nf-tower-user.
Create the instance role policy#
Create the policy with a role that allows Seqera to submit Batch jobs on your EC2 instances:
- Go to the IAM Console.
- Go to the Policy page.
-
Create a new policy with the following content:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "batch:DescribeJobQueues", "batch:CancelJob", "batch:SubmitJob", "batch:ListJobs", "batch:DescribeComputeEnvironments", "batch:TerminateJob", "batch:DescribeJobs", "batch:RegisterJobDefinition", "batch:DescribeJobDefinitions", "ecs:DescribeTasks", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ecs:DescribeContainerInstances", "ec2:DescribeInstanceStatus", "logs:Describe*", "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:TestMetricFilter", "logs:FilterLogEvents" ], "Resource": "*" } ] } -
Save it with the name
nf-tower-batchjob.
Create the Batch Service role#
Create a service role used by AWS Batch to launch EC2 instances on your behalf:
- Go to the IAM Console.
- Select Roles.
- Select Create role.
- Select AWS service as the trusted entity.
- Select Batch as the service to use the role.
- Select Next: Permissions.
- In Attached permissions policies, the
AWSBatchServiceRoleis already attached. - Select Next: Tags (adding tags is optional).
- Select Next: Review.
- Set the Role Name to
nf-tower-servicerole. - Select Create role.
Create an EC2 instance role#
Create a role that controls which AWS resources the EC2 instances launched by AWS Batch can access:
- Go to the IAM Console.
- Select Roles.
- Select Create role.
- Select AWS service as the trusted entity.
- Select EC2 from the larger services list.
- Select EC2 - Allows EC2 instances to call AWS services on your behalf as the use case.
-
Select Next: Permissions.
- Enter
ContainerServicein the search field for policies - Select the checkbox next to AmazonEC2ContainerServiceforEC2Role to attach the policy
- Enter
S3in the search field for policies - Select the checkbox next to AmazonS3FullAccess to attach the policy (you may want to use to use a custom policy to allow access only on specific S3 buckets)
- Enter
-
Search for and attach the custom policy
nf-tower-batchjob. - Select Next: Tags (adding tags is optional).
- Select Next: Review.
- Set the Role Name to
nf-tower-instancerole. - Select Create role.
Create an EC2 SpotFleet role#
The EC2 SpotFleet role allows you to use Spot instances when you run jobs in AWS Batch. Create a role for the creation and launch of Spot fleets — Spot instances with similar compute capabilities (i.e., vCPUs and RAM):
- Go to the IAM Console.
- Select Roles.
- Select Create role.
- Select AWS service as the trusted entity.
- Select EC2 from the larger services list.
- Select EC2 - Spot Fleet Tagging as the use case.
- In Attached permissions policies, the
AmazonEC2SpotFleetTaggingRoleis already attached.
- In Attached permissions policies, the
- Select Next: Tags (adding tags is optional).
- Select Next: Review.
- Set the Role Name to
nf-tower-fleetrole. - Select Create role.
Create a launch template#
Create a launch template to configure the EC2 instances deployed by Batch jobs:
- Go to the EC2 Console.
- Select Launch template.
-
Create a new launch template which uses the
User Data(in the Advanced details section) shown below:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="//" --// Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/sh su - root << 'EOF' ( set -x ## install awscli USER=/home/ec2-user export PATH=/usr/local/bin:$PATH yum install -y jq python27-pip sed wget bzip2 pip install -U boto3 wget -q https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh bash Miniconda3-latest-Linux-x86_64.sh -b -f -p $USER/miniconda $USER/miniconda/bin/conda install -c conda-forge -y awscli rm Miniconda3-latest-Linux-x86_64.sh chown -R ec2-user:ec2-user $USER/miniconda ) &>> ~/boot.log EOF cp ~/boot.log ~ec2-user/boot.log --//-- -
Save it with the name
nf-tower-launchtemplate.
Create the Batch compute environments#
Create your AWS Batch compute environment from the Batch console:
- Go to the Batch Console.
- Create a new compute environment specifying the Instance profile, Service role, Fleet role and Launch template created previously.
- Save it with a name of your choice.
Create the Batch queue#
Create a Batch queue to be associated with your compute environment:
- Go to the Batch Console.
- Create a new queue.
- Associate the queue with the compute environment created in the previous step.
- Save it with a name of your choice.