Skip to main content

AWS Configuration

This guide walks you through configuring your AWS account and Ownstak to enable provisioning and deployment on AWS.

Prerequisite

AWS Account

We recommend creating a dedicated AWS account within your organization for better isolation and cost management. This approach:

  • Clearly separates Ownstak deployments from other AWS resources
  • Makes it easier to track and manage costs related to Ownstak deployments
  • Simplifies security and access control management

To create a new AWS account within your organization, follow the AWS documentation.

AWS VPC

You can use the default AWS VPC, as internal resources are protected from Internet access via strict Security Groups. However, note that upstream API requests will use automatically assigned IPs.

If you need fixed IPs for outbound requests (for example, to whitelist them in third-party services), we recommend creating a VPC with private/public subnets and a NAT Gateway. This setup provides a static IP address for all outbound traffic from your Ownstak resources.

For detailed instructions, see the AWS guide on generating static outbound IP addresses.

Cloud > Credentials

To allow Ownstak to deploy resources to your AWS account, you must create appropriate credentials.

Creating an IAM user

There are two ways to set up the IAM user:

Create an IAM user with AdministratorAccess policy. This approach simplifies the setup process and allows Ownstak to automatically manage IAM roles as needed. When configuring your backend, make sure to check the "Create IAM roles" option.

Option 2: Custom IAM Roles

If you prefer to maintain strict control over IAM roles and permissions, you can use our predefined IAM roles template. We provide two templates:

For detailed information about the permissions in these templates, see the IAM Roles & Permissions documentation.

After deploying the template, there should be a new IAM user called "OwnstakCloudCredentialsUser" in your AWS IAM console.

Setting Up Credentials

Once you have created the IAM user using either option:

  1. In your AWS Console, open IAM and select the created user.
  2. Generate an Access Key for the user.
  3. Navigate to your Ownstak organization.
  4. Go to Cloud > Credentials.
  5. Create a new credential entry with your AWS access key and secret.

Cloud > Storage

Ownstak needs an S3 bucket to store deployment artifacts. This allows you to:

  • Restore previous deployments if needed
  • Inspect deployment history
  • Maintain an audit trail of changes

To set up storage:

  1. Create an S3 bucket in your AWS account.
  2. In your Ownstak organization, go to Cloud > Storage.
  3. Enter the bucket details.

You can also use another storage provider that is compatible with the S3 client protocol if you prefer.

Cloud > Backend

A backend consists of an AWS account and a dedicated region where your Lambda functions and public assets will be provisioned.

You can create multiple cloud backends for:

  • Multi-region deployments
  • Primary/failover setups

To set up a backend:

  1. In your Ownstak organization, go to Cloud > Backends.
  2. Create a new backend entry.
  3. Select AWS as the provider.
  4. Choose your desired region.
  5. Select the AWS credentials you created in the previous section.
  6. If you've created a custom VPC with private/public subnets, enter their corresponding IDs in the Network Configuration section. Leave blank to use the default VPC.
  7. Once your backend is configured, you can open it and start the provisioning process, which will prepare your AWS account for deployment.

For more detailed information about our integration with your AWS account, see the AWS Integration Guide.

Important: The name you give to your backend will be used to construct links to your deployments, so choose a name that makes sense for your organization and use case.