Step 4 – Retrieve and store the cluster secret - AWS PCS

Step 4 – Retrieve and store the cluster secret

These instructions require the AWS CLI. For more information, see Install or update to the latest version of the AWS CLI in the AWS Command Line Interface User Guide for Version 2.

Store the cluster secret with the following commands.

Create the configuration directory for Slurm.
```
sudo mkdir -p /etc/slurm
```
Retrieve, decode, and store the cluster secret. Before running this command, replace region-code with the Region where the target cluster is running, and replace secret-arn with the value for secretArn retrieved in Step 1.
```
aws secretsmanager get-secret-value \
 --region region-code \
 --secret-id 'secret-arn' \
 --version-stage AWSCURRENT \
 --query 'SecretString' \
 --output text | base64 -d | sudo tee /etc/slurm/slurm.key
```
Warning
In a multiuser environment, any user with access to the instance might be able to fetch the cluster secret if they can access the instance metadata service (IMDS). This, in turn, could allow them to impersonate other users. Consider restricting access to IMDS to root or administrative users only. Alternatively, consider using a different mechanism that doesn't rely on the instance profile to fetch and configure the secret.
Set ownership and permissions on the Slurm key file.
```
sudo chmod 0600 /etc/slurm/slurm.key
sudo chown slurm:slurm /etc/slurm/slurm.key
```
Note
The Slurm key must be owned by the user and group that the sackd service runs as.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Step 3 – Install Slurm on the instance

Step 5 – Configure the connection to the AWS PCS cluster