Setting up your MEAN (Node.js) website in AWS ElasticBeanstalk: IAM Configuration
--
I walk through step by step how to get a Node.JS MEAN.JS that uses Grunt and Bower working on Amazon Web Services ElasticBeanstalk. In this section we’ll configure our AWS credentials and ElasticBeanstalk service role.
Go to parent article — Build a robust MEAN website in under an hour for less than $1/day
Go to previous article —Preparing your Windows box for AWS and a MEAN (Node) website: git init
If you’ve already done aws configure and setup your elasticbeanstalk service role, then go to the next article — Setting up your MEAN (Node.js) website in AWS ElasticBeanstalk: Setup your VPC
Create your service role in IAM
Login to your AWS console.
https://aws.amazon.com/console
Click on Sign In to the Console
Enter your login information
Go to Identity & Access Management (IAM)
Click on Roles on the left
Click on Create New Role
I gave it a role name of aws-elasticbeanstalk-service-role. Click Next Step.
I click Select next to AWS Elastic Beanstalk and that takes me to the next step.
Out the door that gives me these two policies.
I can’t add any policies so I hit Next Step.
Not much I can do here so I will hit Create Role.
Now that I’ve got my role created, I’m going to click on aws-elasticbeanstalk-service-role and then add the policies I wanted to earlier.
Click on Attach Policy.
I’ll search through and select all of these policies.
Based on adding everything and seeing which policies were actually used, I’m also going to search and check the checkbox next to each of these five canned policies.
AmazonEC2FullAccess
AmazonRDSReadOnlyAccess
AmazonVPCFullAccess
AWSElasticBeanstalkFullAccess
AmazonRoute53FullAccess
When I’m done it will look like this with my attached policies.
Hooray! We have our service role that ElasticBeanstalk will use for auto scaling and creating new environments.
Configure your user that you’ll use with the AWS-CLI tools
Now I’m going to go to users and make sure my account has access to perform these functions as well.
For the sake of demonstration, I’m going to create a new account just for ElasticBeanstalk. This account will not need a password, it is only being created for using the aws-cli and awsebcli tools.
Click Create New User
I’m calling my new user ebnodetest
Click Create
Then click Download Credentials
When I open up the downloaded file I see this information that I’ll need to save permanently. The secret key cannot be recovered once it is lost.
I click Close back on the internet browser window from earlier. That takes me back to Users.
Click on your new user. Ebnodetest is what I am using.
Click on Permissions tab.
Click on Attach Policy.
I’m going to add the same policies from earlier that I used for the role.
AmazonEC2FullAccess
AmazonRDSReadOnlyAccess
AmazonVPCFullAccess
AWSElasticBeanstalkFullAccess
AWSElasticBeanstalkService
AmazonRoute53FullAccessI click Attach Policies and now I’ve got phenomenal cosmic power in an itty-bitty living space.
One more thing to do on the web before we bring up the Bash.
Go to Services drop-down at the top and select EC2 (Elastic Cloud Computer)
Click on Key Pairs
Click on Create Key Pair
Before you name it, remember that this keypair is like creating a key for a car. Except if you lose this key you will never be able to get inside the car again. So don’t lose this key and name it appropriately. It’s your choice whether you want to reuse one keypair over and over again or if you want to mix it up and have different keypairs for each type of virtual machine you create in the future.
So I will call my keypair… imwithslalom
I love working at Slalom and how else would I mention them? ;)
You see at the bottom of the window or wherever your downloads show up? There’s the file that you should not lose. Back it up to a USB disk, and put that USB disk in a lockbox that you will then put under your car where only you and Al Gore will know where it is.
A side note: if you read other walkthroughs, it’ll tell you that you need to use some tool to export the keypair to another format in order to use with PuttySSH in Windows. However, and this is one of the reasons why I like Git Bash, with Git Bash we do not need to do that. If you want to SSH into a machine, you can do so with Git Bash using this pattern.
ssh -i imwithslalom.pem ec2-user@ip.add.re.ss^ that’s for ElasticBeanstalk and Linux based Amazon Machine Images
ssh -i imwithslalom.pem ubuntu@ip.add.re.ss^ that’s for any Ubuntu machine image you use.
We’ll be using both of these methods of SSH, so I’m not nerding out on SSH for no reason.
Set your default account credentials in Git Bash
So now that we’ve got our keypair created, it’s time to open up our handy dandy notebook- Git Bash.
If you still have it open, that’s great. If not go back to your projects directory to thedude directory.
cd /c/projects/awesomewebsite/thedudeOr whatever you named your website.
Then type in this command
aws configureRemember that CSV file from earlier that had our access key and access secret key? That’s what we need now.
I’m going to copy these into Git Bash.
Hopefully you have gotten prompted for your Access Key and Secret Key, but sometimes I don’t get prompted, especially if I’ve already run aws configure previously.
After I paste in the Access Key Id, I press enter.
Now I copy and paste in the Secret Access Key from the excel sheet.
After I hit enter, the next prompt will be for my region.
My preferred region is us-east-1, so that’s what I use.
The next question I always hit enter to and use the default value.
And now I see the prompts- after already entering the answers. :)
Guess what, it’s that time again. Do a little Snoopy dance and move on to the next section.
Go to parent article — Build a robust MEAN website in under an hour for less than $1/day
Go to previous article — Preparing your Windows box for AWS and a MEAN (Node) website: git init
Go to next article — Setting up your MEAN (Node.js) website in AWS ElasticBeanstalk: Setup your VPC
