Hi, I have been using Seqera platform for years, but I recently had a to create a new user for a new AWS account. I am following the new instructions found here AWS Batch | Seqera Docs
First off, seems like there are two errors in the the Required Platform IAM permissions, when I copy and paste the policies, the following two lines error, I had to remove them from the OptionalLineageIntegrationSQSAndS3 section:
"s3:GetBucketNotificationConfiguration", "s3:PutBucketNotificationConfiguration",
Then, I wire the seqera user per the instructions and wire that use within the Seqera Platform credential. I next create an AWS Compute Environment, no issues there, so I am assuming all my configs are good.
However, when I try to test the launchpad with a quick launch using nextflow-io/hello Hello World test, I get the following errror:
Unable to create Batch Job definition for container image: public.cr.seqera.io/platform/nf-launcher:j21-26.04 - Reason: User: arn:aws:sts::XXXXX:assumed-role/Seqera_Tower_Role/tower-nf is not authorized to perform: iam:PassRole on resource: arn:aws:iam::XXXXXXX:role/TowerForge-3P4nQckQY8Eoi2xBYThqT5-FargateRole because no identity-based policy allows the iam:PassRole action (Service: Batch, Status Code: 403, Request ID: 7a0c96d5-6678-400c-bce3-342dfb667218) (SDK Attempt Count: 1)
What is going on? thanks for you help