Amazon Web Services (AWS)
You can use Cloud 66 to provision and deploy your code to servers in any Amazon Web Services (AWS) region. Cloud 66 supports both VPC and (for AWS accounts created before 2014) EC2-Classic. We also support reserved instances. To use a VPC, your account must conform with the default VPC guidelines.
Granting Cloud 66 access to AWS
You need to configure AWS so that Cloud 66 to access your account. To to this:
- Log into the web interface for your AWS account
- Click on the name of your account in the top right corner of your AWS account, and select My Security Credentials.
On the next screen, some users will be asked to choose between Security Credentials and IAM users. We support both methods but we recommend that experienced users select IAM for better security.
IAM stands for Identity and Access Management. It allows you to set permissions for specific users. We will guide you through generating access keys based on both of these methods:
Option A: Using root credentials
After selecting the Security Credentials option:
- Select the Access Keys option from the menu.
- Click Create new access key
- Either download the key file or click Show access key and take note of your access key ID and secret access key. These are the credentials needed for Cloud 66 to access your account.
Option B: Identity Access Management (IAM)
Step 1: Create a user
After selecting the IAM option follow this guide in AWS docs to set up a new IAM user for Cloud 66. We recommend naming the user cloud66 for clarity.
Be sure to copy or save the Access Key ID and Secret Access Key for this user - you will need these credentials to connect your Cloud 66 account.
Step 2: Set up access policies
You’ll need to assign access policies for the cloud66 user so that it will have the access it requires to provision and manage your servers.
You can see them here: recommended minimum policies.
There are two method for assigning policies: using the AWS CLI or the web console:
Using the AWS CLI
If you have the AWS CLI tool installed, you can set up your access policies by running this command:
curl https://help.cloud66.com/c66_prepress_aws_iam_policy.json > c66_prepress_aws_iam_policy.json && aws iam put-user-policy --user-name cloud66 --policy-name ExamplePolicy --policy-document file://c66_prepress_aws_iam_policy.jsonThis downloads our JSON template to your machine and then submits it via the CLI. Note that this assumes you have named your user cloud66 as recommended. You can find more info in the AWS docs if you need it.
Using the web console
You can add policies via the IAM management console.
- Click on Access management → Users
- Click on your
cloud66user - Click the Add inline policy button
- In another browser tab Open our JSON template copy the whole page to your clipboard
- Back in the IAM console, click the JSON tab and paste in the template you just copied
- Click Review Policy
- Give your policy a name
- Click Create Policy
If you need more detail please read the AWS docs on this subject.
Cloud 66 Security Groups on AWS
Whenever we provision servers for a new application on AWS, we configure separate AWS Security Groups for each type of server (e.g. application servers or database servers).
This requires Cloud 66 to have IAM permissions on your AWS account, so please be sure to set them up as explained above.
If new servers are added to a group on Cloud 66 (e.g. scaling up your web servers), then they are added to the corresponding Security Group on AWS. If servers are removed from Cloud 66, they are also removed from their Security Group on AWS.
