Skip to content

Amazon AWS Configuration

Jump to bottom Edit New page
Ron. A edited this page Oct 22, 2015 · 4 revisions

These configuration changes are required to run docker containers in Amazon ECS via Elastic Beanstalk. Before you try to deploy Dockdj to AWS, run through these required setup steps to create IAM roles.

Policies

These policies grant permissions that our roles will utilize. Create these in the Amazon IAM policy editor using the "Create Policy" and "Create Your Own Policy" options.

This policy allows Elastic Beanstalk to run tasks on Amazon Elastic Container Service.

Policy Name: BeanstalkECSAccess

Policy Document:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecs:StartTask",
                "ecs:StopTask",
                "ecs:RegisterContainerInstance",
                "ecs:DeregisterContainerInstance",
                "ecs:DescribeContainerInstances",
                "ecs:DiscoverPollEndpoint",
                "ecs:Submit*",
                "ecs:Poll",
                "ecs:CreateCluster",
                "ecs:DeleteCluster",
                "ecs:RegisterTaskDefinition"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::elasticbeanstalk-*/resources/environments/logs/*"
        }
    ]
}

Roles

These roles need to be created in the IAM Role console to grant Elastic Beanstalk certain permissions.

aws-elasticbeanstalk-ec2-role

This role is used by Elastic Beanstalk to use other Amazon AWS resources. Attach the following policies to this role:

Select an "AWS Service Roles" "Amazon EC2" service, and when selecting policies, check the following 2.

Managed policies:

  • BeanstalkECSAccess (Created above)
  • AmazonS3ReadOnlyAccess (Provided by Amazon)

aws-elasticbeanstalk-service-role

This role is used by Elastic Beanstalk to run various services on Amazon AWS.

Select an "AWS Service Roles" "Amazon EC2" service, and when selecting policies, check the following 1.

Managed policies:

  • AmazonS3ReadOnlyAccess

Once created, view the new role, drop down "Inline Policies" and create new custom policy.

Inline policies: Policy name: aws-elasticbeanstalk-service-role

Policy document:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "elasticloadbalancing:DescribeInstanceHealth",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "ec2:GetConsoleOutput",
        "ec2:AssociateAddress",
        "ec2:DescribeAddresses",
        "ec2:DescribeSecurityGroups",
        "sqs:GetQueueAttributes",
        "sqs:GetQueueUrl",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:DescribeAutoScalingInstances",
        "autoscaling:DescribeScalingActivities",
        "autoscaling:DescribeNotificationConfigurations"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
Add a custom footer
Add a custom sidebar

Clone this wiki locally