-
-
Save avoidik/4848656a111ee97fbd6129b2f6558fdf to your computer and use it in GitHub Desktop.
EC2 Create Role for Docker Compose
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create an IAM role | |
aws iam create-role --role-name Laravel-EC2-Role \ | |
--assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}' | |
# Add an IAM policy granting access to CloudWatch | |
aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-CloudWatch-EC2-Permissions \ | |
--policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["logs:CreateLogStream","cloudwatch:PutMetricData","ec2:DescribeTags","logs:DescribeLogStreams","logs:CreateLogGroup","logs:PutLogEvents","ssm:GetParameter"],"Resource":"*"}]}' | |
# Add an IAM policy granting access to your S3 bucket | |
aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-S3-EC2-Permissions \ | |
--policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:*","Resource":["arn:aws:s3:::your-laravel-bucket-name-here", "arn:aws:s3:::your-laravel-bucket-name-here/*"]}]}' | |
# Create an instance profile from that role | |
aws iam create-instance-profile --instance-profile-name Laravel-EC2-Instance-Profile | |
aws iam add-role-to-instance-profile --instance-profile-name Laravel-EC2-Instance-Profile \ | |
--role-name Laravel-EC2-Role | |
# Necessary if you have multiple profiles configured for your AWS CLI | |
AWS_ACCESS_KEY_ID=$(aws --profile getlionel configure get aws_access_key_id) | |
AWS_SECRET_ACCESS_KEY=$(aws --profile getlionel configure get aws_secret_access_key) | |
# Create your Docker Machine with the extra --amazonec2-iam-instance-profile parameter | |
docker-machine create -d amazonec2 --amazonec2-access-key $AWS_ACCESS_KEY --amazonec2-secret-key $AWS_SECRET_KEY \ | |
--amazonec2-instance-type t2.large --amazonec2-region us-east-1 --amazonec2-open-port 80 --amazonec2-open-port 443 \ | |
--amazonec2-iam-instance-profile Laravel-EC2-Instance-Profile laravel |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
docker/machine#1655 (comment)