Amazon Web Services (AWS)

Qovery lets you quickly deploy applications to your Amazon Web Services (AWS) account. No knowledge needed, and it takes less than 20 minutes to install Qovery on your AWS account.

Getting started

Connect your AWS account

To link your AWS account to Qovery you need to provide an AWS access key id and secret access key with the required IAM permissions.

Create your AWS credentials - access key id and secret access key

  1. Connect to your AWS console

  2. Go to My Security Credentials

  3. Create Admins group without any permissions

  4. Create one IAM user called qovery.

    Go to the last step and copy your access key id and secret access key.

  5. Setup IAM permissions to the qovery user.

    Then, follow the arrows in AWS console to create AWS credentials with required IAM permissions:

Well done!! You now have your AWS access key id and secret access key and your permissions are setups; It is time to connect Qovery to your AWS account.

Install a new cluster on Qovery

You will be able to use the credentials you just generated when creating a cluster via the Qovery console. This cluster will be linked to your Qovery organization. Follow these steps to create a new cluster.

  1. Go to your organizations settings.

  2. On this page, you will be able to see the information and status or your clusters.

    Click on Add cluster button.

  3. A modal is displayed, where you can specify the name of your cluster and the Cloud Provider.

    Select the following Cloud Provider: Amazon Web Services.

    Once you have selected the cloud provider, you will be able to define the Region of your Cluster.

  4. Here you can choose to set your cluster credentials straight away or later. To set them now, select the Do you want to set credentials? option.

    If you have already set credentials on another cluster, they have been linked to your Qovery account and can be reused here. Just click on the one you want to use in the drop-down list.

    If you want to use other credentials (or if you do not have any defined), click + new credentials in the drop-down list.

  5. A new modal pops up where you can specify the Name of the certificate, the Access key identifier and the Secret access key.

    Click on Saveto save the new credential and then Next.

  6. On this step, you can select specific features you want to activate or deactivate on the cluster.

  7. Once your new cluster is created, it will be listed in the cluster list. If you have finished configuring your cluster, click on the ... and Install menu to start the cluster installation.

  8. Your cluster is now installing and will be ready in the coming 20 minutes!

Deployed AWS components

Network ServicesOptionalDescription
A dedicated multi AZ VPCnoEverything Qovery will deploy, will be deployed inside this VPC
Subnets, routing tables, subnet groups and security groups for RDS (multi AZ)noDedicated network fand security rules for RDS
Subnets, routing tables, subnet groups and security groups for DocumentDB (multi AZ)noDedicated network fand security rules for DocumentDB
Subnets, routing tables, subnet groups and security groups for Elasticache (multi AZ)noDedicated network fand security rules for Elasticache
An internet gateway for the VPCnoRequired to let containers having access to Internet
Dedicated NLB to redirect 443 traffic to Nginx IngressnoHigh Availability network load balancer, pointing to Nginx Ingress inside EKS
NAT gateways (multi AZ) + EIP addresses (multi AZ) + subnet groups + routing tableyesUseful to get outgoing static IP
Dedicated VPC routes for VPC peeringyesUseful to perform VPC peering with others VPC on the same or different account
Kubernetes ServicesOptionalDescription
A dedicated EKS cluster (multi AZ) for this VPCnoDedicated Kubernetes cluster managed by AWS with nodes (instances type) defined by the customer
IAM dedicated user for AWS EBS CSI to access EC2 volumes + a dedicated policynoRequired to allow EKS cluster having access to volume and mount them to containers
IAM dedicated user for AWS IAM User Sync + a dedicated policynoRequired to sync desired IAM account to EKS to let them connect directly ot Kubernetes
IAM dedicated user for a Cluster Autoscaler+ a dedicated policynoRequired to let autoscaler having access to EC2 autoscaling groups
IAM dedicated policies for AWS EKS CNI, EC2 container registry + EKS worker nodesnoRequired to let EKS having access to container registry and configure the Kubernetes network
Security group for EKS remote access (dual authentication: TLS + IAM authenticator)noRequired to have a secure remote access on the Kubernetes cluster
Security group for 443 port pointing to Nginx ingress inside EKSnoExternal access to web services inside the Kubernetes cluster
Other ServicesOptionalDescription
Cloudwatch log groups for the EKS clusternoKubernetes logs, useful for the AWS and EKS support to diagnose an issue
Dedicated S3 bucket for application's logs + a dedicated IAM accountnoApplication's logs are stored in an KMS encrypted S3 pivate bucket
Dedicated S3 bucket to store the kubeconfignoKubernetes Kubeconfig is stored in an KMS encrypted, private and versionned bucket, used by Qovery for application's deployment

Remove your AWS account

this section is under development - join us and be part of the first to try it

Delete Qovery from your AWS account

To delete Qovery from your AWS account you must be the owner of the Organization. Once your AWS account removed from Qovery, everything configured (VPC, Kubernetes, ...) by Qovery will be deleted forever.

IAM permissions

Qovery required IAM permissions to create, update and managed the infrastructure.

  • IAM is used to create IAM roles
  • S3 is used to store our generated configuration files
  • Cloudwatch, for creating a group stream for each Kubernetes clusters
  • Autoscaling for RDS and autoscaling rules for the Kubernetes cluster
  • Elastic load-balancing for ELB / ALB / NLB.
  • DynamoDB to have a distributed lock on infrastructure deployment.
  • ECR for managing the container registry, create/update/delete repository.
  • KMS to load and store keys (RDS, SSH, …)
  • EKS to create and update the Kubernetes cluster.


Qovery supports the following AWS regions:

🇺🇸us-west-2US West (Oregon)Yes
🇺🇸us-east-2US East (Ohio)Yes
🇺🇸us-east-1US East (N. Virginia)Yes
🇺🇸us-west-1US West (N. California)No (Only 2 Availability Zone)
🇿🇦af-south-1Africa (Cape Town)Yes
🇭🇰ap-east-1Asia Pacific (Hong Kong)Yes
🇮🇳ap-south-1Asia Pacific (Mumbai)Yes
🇯🇵ap-northeast-1Asia Pacific (Tokyo)Yes
🇰🇷ap-northeast-2Asia Pacific (Seoul)Yes
🇯🇵ap-northeast-3Asia Pacific (Osaka)Yes
🇸🇬ap-southeast-1Asia Pacific (Singapore)Yes
🇦🇺ap-southeast-2Asia Pacific (Sydney)Yes
🇨🇦ca-central-1Canada (Toronto)Yes
🇨🇳cn-north-1China (Beijing)Yes
🇨🇳cn-northwest-1China (Ningxia)Yes
🇩🇪eu-central-1Europe (Frankfurt)Yes
🇮🇪eu-west-1Europe (Ireland)Yes
🏴󠁧󠁢󠁥󠁮󠁧󠁿eu-west-2Europe (London)Yes
🇫🇷eu-west-3Europe (Paris)Yes
🇮🇹eu-south-1Europe (Milan)Yes
🇸🇪eu-north-1Europe (Stockholm)Yes
🇧🇭me-south-1Middle East (Bahrain)Yes
🇧🇷sa-east-1South America (São Paulo)Yes

Qovery supports regions where Amazon EKS is supported.

Manually configure VPC subnet

VPC subnet is automatically defined by Qovery on cluster creation. However, you may want to choose your own VPC subnet, for example to perform VPC Peering.

During the adding of a new cluster in your organization, you will have the opportunity to choose and set up the features of your cluster. In this list of features, you can activate the VPC subnet feature and choose in the drop-down menu the subnet you want to use.

VPC subnet cluster

Configure routing table

You may want to create and edit a network routing table to perform VPC peering. This can be done by accessing to the parameters of a cluster, in the settings of your organization.

  1. Go in the settings of your organization.

    Organization setting

  2. Go in the Cluster tab and in the ... menu of a cluster to access to its Settings.

    Cluster setting

  3. In the Cluster setting modal, go in Network tab.

    Cluster network settings

  4. Add a line to the routing table by clicking on the Add route button. In this modal, you can specify the Target, the Destination and add a description to justify the new route.

    Routing table

How Qovery works on AWS

Qovery is an abstraction layer on top of AWS and Kubernetes. Qovery manages the configuration of AWS account, and helps you to deploy production ready apps in seconds. To make it works, Qovery rely on Kubernetes for stateless apps (containers), and AWS for stateful apps (databases, storage...).

Read more on how Qovery works behind the scene.


The first time you set up your AWS account, Qovery creates a Kubernetes cluster in your chosen region. Qovery managed it for you - no action required. It takes ~15 minutes to configure and bootstrap a Kubernetes cluster. Once bootstrapped, your Kubernetes cluster runs the Qovery app and is ready to deploy your applications.

Managed services

AWS provides managed services for PostgreSQL, MySQL, Redis, MongoDB. Qovery gives you access to those services when you set the environment mode to Production. In Development mode, Qovery provides containers equivalent, which is cheaper and faster to start.

Security and compliance

Qovery runs your Kubernetes cluster and is autonomous to manage your applications, which means:

  • Your configuration are stored on your AWS account.
  • Your configuration is encrypted on your AWS account.
  • Qovery can't access to your data.
  • Suppose Qovery stops to run, your applications are not impacted.


How to choose a region?

Different datacenters are located in different geographic areas, and you may want to keep your site physically close to the bulk of your user base for reduced latency.

I don't find a region that is provided by AWS

We are probably testing the support of this region, please contact us to know what's the status

Migrate between Cloud providers and regions

Today, you can't migrate an environment from one region to another after it has been created. Vote here if you need this feature.