Menu
AWS OpsWorks
User Guide (API Version 2013-02-18)

Step 1: Create an Amazon S3 Bucket

You must first create an Amazon S3 bucket. You can do this directly by using the Amazon S3 console, API, or CLI, but a simpler way to create resources is often to use a AWS CloudFormation template. The following template creates an Amazon S3 bucket for this example and sets up instance profile with an IAM role that grants unrestricted access to the bucket. You can then use a layer setting to attach the instance profile to the stack's application server instances, which allows the application to access the bucket, as described later. The usefulness of instance profiles isn't limited to Amazon S3; they are valuable for integrating a variety of AWS services.

Copy
{ "AWSTemplateFormatVersion" : "2010-09-09", "Resources" : { "AppServerRootRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/" } }, "AppServerRolePolicies": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "AppServerS3Perms", "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": { "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "AppBucket" } , "/*" ] ] } } ] }, "Roles": [ { "Ref": "AppServerRootRole" } ] } }, "AppServerInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "AppServerRootRole" } ] } }, "AppBucket" : { "Type" : "AWS::S3::Bucket" } }, "Outputs" : { "BucketName" : { "Value" : { "Ref" : "AppBucket" } }, "InstanceProfileName" : { "Value" : { "Ref" : "AppServerInstanceProfile" } } } }

Several things happen when you launch the template:

  • The AWS::S3::Bucket resource creates an Amazon S3 bucket.

  • The AWS::IAM::InstanceProfile resource creates an instance profile that will be assigned to the application server instances.

  • The AWS::IAM::Role resource creates the instance profile's role.

  • The AWS::IAM::Policy resource sets the role's permissions to allow unrestricted access to Amazon S3 buckets.

  • The Outputs section displays the bucket and instance profile names in AWS CloudFormation console after you have launched the template.

    You will need these values to set up your stack and app.

For more information on how to create AWS CloudFormation templates, see Learn Template Basics.

To create the Amazon S3 bucket

  1. Copy the example template to a text file on your system.

    This example assumes that the file is named appserver.template.

  2. Open the AWS CloudFormation console and click Create Stack.

  3. In the Stack Name box, enter the stack name.

    This example assumes that the name is AppServer.

  4. Click Upload template file, click Browse, select the appserver.template file that you created in Step 1, and click Next Step.

  5. On the Specify Parameters page, select I acknowledge that this template may create IAM resources, then click Next Step on each page of the wizard until you reach the end. Click Create.

  6. After the AppServer stack reaches CREATE_COMPLETE status, select it and click its Outputs tab.

    You might need to click refresh a few times to update the status.

  7. On the Outputs tab, record the BucketName and InstanceProfileName values for later use.

Note

AWS CloudFormation uses the term stack to refer to the collection of resources that are created from a template; it is not the same as an AWS OpsWorks Stacks stack.