IAM Roles
testgrinder service will be discontinued on January 31, 2025
testgrinder SMPC was discontinued as of February 1, 2024
You'll need to create two IAM Roles - one for tg-app and the other for tg-bot instances. The roles will be assigned to the launched tg-app and tg-bot instances and give them the necessary access rights.
You can manage IAM Roles from the Roles page of the AWS IAM console at https://console.aws.amazon.com/iamv2
If you plan to have several testgrinder deployments, to ensure proper access to S3 buckets, it is recommended to create a separate set of roles for each testgrinder deployment. Use descriptive role names, such as tg-eval-app and tg-prod-app, to distinguish between them.
Role tg-app
Create a role named tg-app and assign the following policy to it:
Replace YOUR_MEDIA_S3_BUCKET and YOUR_USER_FILES_S3_BUCKET below with the name of the buckets you created earlier.
If you are using an AWS Key Management Service key for encrypting objects in the S3 buckets, replace YOUR_KMS_KEY_ARN below with the key's ARN.
If you are not using encryption, or using Amazon S3-managed keys, then remove the entire section of the policy granting permission to kms action.
Role tg-bot
Create a role named tg-bot and assign the following policy to it:
Replace YOUR_MEDIA_S3_BUCKET and YOUR_USER_FILES_S3_BUCKET below with the name of the buckets you created earlier.
If you are using an AWS Key Management Service key for encrypting objects in the S3 buckets, replace YOUR_KMS_KEY_ARN below with the key's ARN.
If you are not using encryption, or using Amazon S3-managed keys, then remove the entire section of the policy granting permission to kms action.
Last updated
Was this helpful?