Amazon Web Services

You can use Cloud 66 to provision and deploy your code to servers in any Amazon Web Services (AWS) region. Cloud 66 supports both VPC and (for AWS accounts created before 2014) EC2-Classic. We also support reserved instances.

To use a VPC, your account must conform with the default VPC guidelines.


If you delete your application from Cloud 66, your servers will not be deleted on your cloud provider unless the physical server deletion setting is turned on.

Granting Cloud 66 access to AWS

You need to configure AWS so that Cloud 66 to access your account. To to this:

  1. Log into the web interface for your AWS account
  2. Click on the name of your account in the top right corner of your AWS account, and select My Security Credentials.

On the next screen, some users will be asked to choose between Security Credentials and IAM users. We support both methods but we recommend that experienced users select IAM for better security.

IAM stands for Identity and Access Management. It allows you to set permissions for specific users. We will guide you through generating access keys based on both of these methods:

Option A: Using root credentials

After selecting the Security Credentials option:

  1. Select the Access Keys option from the menu.
  2. Click Create new access key
  3. Either download the key file or click Show access key and take note of your access key ID and secret access key. These are the credentials needed for Cloud 66 to access your account.

Option B: Identity Access Management (IAM)

Step 1: Create a user

After selecting the IAM option follow this guide in AWS docs to set up a new IAM user for Cloud 66. We recommend naming the user cloud66 for clarity.

Be sure to copy or save the Access Key ID and Secret Access Key for this user - you will need these credentials to connect your Cloud 66 account.

Step 2: Set up access policies

You’ll need to assign access policies for the cloud66 user so that it will have the access it requires to provision and manage your servers.

You can see them here: recommended minimum policies.

There are two method for assigning policies: using the AWS CLI or the web console:

Using the AWS CLI

If you have the AWS CLI tool installed, you can set up your access policies by running this command:

curl > c66_aws_iam_policy.json && aws iam put-user-policy --user-name cloud66 --policy-name ExamplePolicy --policy-document file://c66_aws_iam_policy.json

This downloads our JSON template to your machine and then submits it via the CLI. Note that this assumes you have named your user cloud66 as recommended. You can find more info in the AWS docs if you need it.

Using IAM instance profiles with your servers

Instance profiles are a way to set specific roles on new servers that you spin up with AWS. You can read more about creating your own instance profiles in the AWS docs.

You can use your instance profiles via Cloud 66 by calling them in the manifest file of your application. You can set a different profile for each component of an application (e.g. MySQL or Redis). We will then use that profile whenever we provision a server for that component.

Cloud 66 Security Groups on AWS

Whenever we provision servers for a new application on AWS, we configure separate AWS Security Groups for each type of server (e.g. application servers or database servers).

This requires Cloud 66 to have IAM permissions on your AWS account, so please be sure to set them up as explained above.

If new servers are added to a group on Cloud 66 (e.g. scaling up your web servers), then they are added to the corresponding Security Group on AWS. If servers are removed from Cloud 66, they are also removed from their Security Group on AWS.

Reserved instances

AWS reserved instances enable users to reserve instances for one to three years, which has pricing benefits when compared to on-demand instances.

To use Cloud 66 with AWS reserved instances:

  1. Reserve an instance with your size/region requirements.
  2. Use Cloud 66 to deploy to a server of that size in the same region, and we’ll use your reserved instance.

Using EC2-Classic

If your AWS account was created before 2014 you can choose to create servers on the EC2-Classic platform. Cloud 66 does support EC2-Classic, however we strongly recommend using VPC instead. Several instance types, such as the T2, require the use of VPC.

Please be sure to read the documentation for EC2-Classic before deploying to that platform.

ELB Websocket support

AWS Classic Load Balancers do not support Websocket natively. We recommend switching to one of Amazon’s newer load balancers - either Application Load Balancer or Network Load Balancer depending on your specific use-case.

Cloud 66 tag propagation

AWS supports the propagation of (some) component tags from Cloud 66. This means that if you tag your servers or load balancers in Cloud 66, those tags will be added to the corresponding components on your AWS account (after some transformations).

For more details on how this works please read our full guide on the propagation of tags to cloud providers.