Skip to content

Setup AWS for Erwhi Simulation

Giovanni Bruno edited this page Apr 11, 2019 · 4 revisions

1. Create S3 buckets

  1. Go to console.aws.amazon.com/s3
  2. Press on + Create bucket
  3. Give a unique name (e.g. erwhi-source), choose a Region and press next
  4. Choose your settings basing on your requirements and press next
  5. If you want your S3 Bucket private, check all marks and "Do not grant ...". Then press next
  6. Review if everything is ok! Then press Create bucket
  7. You have successfully created a S3 bucket to contain source files of your Erwhi robot
  8. Repeat steps from 2 to 6 to create an output bucket used for logs and bags (e.g. erwhi-output)
  9. You have successfully created a S3 bucket to contain output files of your running Erwhi robot

2. Create a policy for Robomaker

  1. Go to console.aws.amazon.com/iam/policies
  2. Press on Create Policy
  3. Then click on JSON tab and cancel everything
  4. edit following JSON changing bucket-source, bucket-output and yourAWScode:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "s3:ListBucket",
            "Resource": [
                "arn:aws:s3:::bucket-source"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-source/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": "s3:Put*",
            "Resource": [
                "arn:aws:s3:::bucket-output/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogStreams"
            ],
            "Resource": [
                "arn:aws:logs:*:yourAWScode:log-group:/aws/robomaker/SimulationJobs*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "ec2:CreateNetworkInterfacePermission"
            ],
            "Resource": [
                "arn:aws:ec2:*:yourAWScode:*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "ec2:AssociateRouteTable",
                "ec2:CreateSubnet",
                "ec2:DeleteNetworkInterface",
                "ec2:DeleteSubnet",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

and paste in JSON tab
NOTE: bucket-source and bucket-output are your S3 buckets. You can find yourAWScode in IAM dashboard as https://yourAWScode.signin.aws.amazon.com/console
5. click on Review your policy
6. Give a name (e.g. erwhi-robomaker-policy) and press Create policy

3. Create a role for Robomaker

  1. Go to roles
  2. Press on Create role
  3. Choose RoboMaker and RoboMaker - Simulation, then press Next: Permissions
  4. Add policy you created before (e.g. erwhi-robomaker-policy) and press Next: Tags
  5. This is optional, so click on Next: Review
  6. Give a name to the role (e.g. erwhi-robomaker), then click on Create role
  7. Opening your new role, you should see this in "trust relationships -> edit trust relationships":
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "robomaker.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

4. Next step

Your AWS account has all you need to simulate Erwhi.
Now you can go to next step.