(re)implement SSM access to batch workers (#75)

* bug fix

* explicitly stop ecs before starting ebs autoscale on /var/lib/docker
* move nextflow additions to before start ecs

* fix autoexpanding docker data volume

add steps missing that are documented here:
https://docs.docker.com/storage/storagedriver/btrfs-driver/

* fix scratch mount point mapping

* Adding SSM agent and permissions to Batch hosts to allow SSM capabili… (#74)

* Adding SSM agent and permissions to Batch hosts to allow SSM capabilities like Session Manager to facilitate troubleshooting via SSH without needing an EC2 keypair.

* Missed the already existing managed arn section.

Author: wleepang

src/templates/aws-genomics-iam.template.yaml

@@ -94,6 +94,7 @@ Resources:
       ManagedPolicyArns:
       - "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
       - "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
+      - "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
   GenomicsEnvBatchInstanceProfile:
     Type: AWS::IAM::InstanceProfile
     Properties:

src/templates/aws-genomics-launch-template.template.yaml

@@ -143,11 +143,14 @@ Resources:
               - python27-pip
               - sed
               - wget
+              - amazon-ssm-agent
 
               runcmd:
               - pip install -U awscli boto3
               - scratchPath="${ScratchMountPoint}"
               - artifactRootUrl="${ArtifactRootUrl}"
+              - start amazon-ssm-agent
+
               ${ECSAdditions}
 
               --==BOUNDARY==--