Amazon Web Services (AWS)
You can use Cloud 66 to provision and deploy your code to servers in any Amazon Web Services (AWS) region. Cloud 66 supports both VPC and (for AWS accounts created before 2014) EC2-Classic. We also support reserved instances. To use a VPC, your account must conform with the default VPC guidelines.
Granting Cloud 66 access to AWS
You need to configure AWS so that Cloud 66 to access your account. To to this:
- Log into the web interface for your AWS account
- Click on the name of your account in the top right corner of your AWS account, and select My Security Credentials.
On the next screen, some users will be asked to choose between Security Credentials and IAM users. We support both methods but we recommend that experienced users select IAM for better security.
IAM stands for Identity and Access Management. It allows you to set permissions for specific users. We will guide you through generating access keys based on both of these methods:
Option A: Using root credentials
After selecting the Security Credentials option:
- Select the Access Keys option from the menu.
- Click Create new access key
- Either download the key file or click Show access key and take note of your access key ID and secret access key. These are the credentials needed for Cloud 66 to access your account.
Option B: Identity Access Management (IAM)
Step 1: Create a user
After selecting the IAM option follow this guide in AWS docs to set up a new IAM user for Cloud 66. We recommend naming the user cloud66 for clarity.
Be sure to copy or save the Access Key ID and Secret Access Key for this user - you will need these credentials to connect your Cloud 66 account.
Step 2: Set up access policies
You’ll need to assign access policies for the cloud66 user so that it will have the access it requires to provision and manage your servers.
You can see them here: recommended minimum policies.
There are two method for assigning policies: using the AWS CLI or the web console:
Using the AWS CLI
If you have the AWS CLI tool installed, you can set up your access policies by running this command:
curl https://help.cloud66.com/c66_aws_iam_policy.json > c66_aws_iam_policy.json && aws iam put-user-policy --user-name cloud66 --policy-name ExamplePolicy --policy-document file://c66_aws_iam_policy.json
This downloads our JSON template to your machine and then submits it via the CLI. Note that this assumes you have named your user cloud66 as recommended. You can find more info in the AWS docs if you need it.
Using the web console
You can add policies via the IAM management console.
- Click on Access management → Users
- Click on your cloud66 user
- Click the Add inline policy button
- In another browser tab Open our JSON template copy the whole page to your clipboard
- Back in the IAM console, click the JSON tab and paste in the template you just copied
- Click Review Policy
- Give your policy a name
- Click Create Policy
If you need more detail please read the AWS docs on this subject.
Note
If you delete your application from Cloud 66, your servers will not be deleted on your cloud provider unless the physical server deletion setting is turned on.
Reserved instances
AWS reserved instances enable users to reserve instances for one to three years, which has pricing benefits when compared to on-demand instances.
To use Cloud 66 with AWS reserved instances:
- Reserve an instance with your size/region requirements.
- Use Cloud 66 to deploy to a server of that size in the same region, and we’ll use your reserved instance.
Using EC2-Classic
If your AWS account was created before 2014 you can choose to create servers on the EC2-Classic platform. Cloud 66 does support EC2-Classic, however we strongly recommend using VPC instead. Several instance types, such as the T2, require the use of VPC.
Please be sure to read the documentation for EC2-Classic before deploying to that platform.
