Clouds

Credentials to launch compute instances

An Anyscale cloud is a set of credentials used to launch compute instances in a particular cloud provider. Clouds must be created before launching clusters with Anyscale -- non-local compute resources can only be managed within the context of a cloud. With AWS, the credentials never travel across the network to Anyscale. Instead, Anyscale will create an IAM role in cloud account, grant it credentials to interact with EC2 and IAM in your account and allow Anyscale to assume that role. Anyscale then only stores the IAM role ARN that is created in your account.

An Anyscale cloud

A cloud is created by following the prompts on anyscale cloud setup. Alternatively, the cloud type and cloud name can be specified through arguments to the command to avoid prompting. The user who sets up a cloud for usage with Anyscale must have folloving privileges:

• For AWS, IAM and EC2 privileges

• For GCP, permissions to create a folder in either the organization's root or in the folder specified in setup and roles/billing.admin role in their organization.

After creating a cloud, it can be used when creating a cluster.

Clouds can be deleted from the CLI.

Clouds can be viewed from the CLI, which provides information like the cloud ID, cloud provider, region, and credential role name. This information can also provided in JSON for further automated parsing.

An organization owner can set a default cloud, which will be used throughout the product when starting a cluster without specifying a cloud (eg: from the SDK, or from Ray client). A cloud can only be set as the default if it has organization level permissions so everyone in the organization can access it. Anyscale will verify the permissions of a cloud before setting it as the default.

If a default cloud has been deleted, make sure to set a new organization level default cloud. Only organization owners will be able to delete a default cloud, because it has organization level permissions.