For more details about EC2, nodes, refer to the official documentation for the EC2 Management Console.

Region

In the Region field, select the same region that you used when creating your cloud credentials.

Cloud Credentials

Your AWS account access information, stored in a cloud credential.

See Amazon Documentation: Creating Access Keys how to create an Access Key and Secret Key.

See Amazon Documentation: Creating IAM Policies (Console) how to create an IAM policy.

See Amazon Documentation: Adding Permissions to a User (Console) how to attach an IAM

See our three example JSON policies:

Authenticate & Configure Nodes

Choose an availability zone and network settings for your cluster.

Security Group

Choose the default security group or configure a security group.

Please refer to Amazon EC2 security group when using Node Driver to see what rules are created in the rancher-nodes Security Group.


New in v2.6.4

If you provide your own security group for an EC2 instance, please note that Rancher will not modify it. As such, you will be responsible for ensuring that your security group is set to allow the necessary ports for Rancher to provision the instance. For more information on controlling inbound and outbound traffic to EC2 instances with security groups, refer here.

Instance Options

Configure the instances that will be created. Make sure you configure the correct SSH User for the configured AMI. It is possible that a selected region does not support the default instance type. In this scenario you must select an instance type that does exist, otherwise an error will occur stating the requested configuration is not supported.

If you need to pass an IAM Instance Profile Name (not ARN), for example, when you want to use a Kubernetes Cloud Provider, you will need an additional permission in your policy. See Example IAM policy with PassRole for an example policy.

Engine Options

In the Engine Options section of the node template, you can configure the Docker daemon. You may want to specify the docker version or a Docker registry mirror.