Amazon Web Services (AWS)

Qovery lets you quickly deploy applications to your Amazon Web Services (AWS) account. No knowledge needed, and it takes less than 20 minutes to install Qovery on your AWS account.

Do you want to know more about how Qovery works on your AWS account? Here is explained how Qovery works under the hood.

Getting started

Before you begin, this page assumes the following:

• You have a Qovery account
• You have created an Organization
• You have an AWS account

Connect your AWS account

To link your AWS account to Qovery you need to provide an AWS access key id and secret access key with the required IAM permissions.

You can link more than one AWS account. Qovery also support multiple Cloud providers within the same Organization. Meaning, you can balance your workload on different Cloud providers. Read more.

Create your AWS credentials - access key id and secret access key

1. Connect to your AWS console

2. Go to My Security Credentials

   

3. Create Admins group without any permissions

   The name of the group MUST be Admins. If you use another name, this will not work

   

4. Create one IAM user called qovery.

   

   Go to the last step and copy your access key id and secret access key.

   

5. Setup IAM permissions to the qovery user.

   Download IAM permissions JSON

   ---

   Or copy it from below:

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": [
                   "iam:*",
                   "s3:*",
                   "cloudwatch:*",
                   "autoscaling:*",
                   "application-autoscaling:*",
                   "elasticloadbalancing:*",
                   "organizations:DescribeAccount",
                   "organizations:DescribeOrganization",
                   "organizations:DescribeOrganizationalUnit",
                   "organizations:DescribePolicy",
                   "organizations:ListChildren",
                   "organizations:ListParents",
                   "organizations:ListPoliciesForTarget",
                   "organizations:ListRoots",
                   "organizations:ListPolicies",
                   "organizations:ListTargetsForPolicy",
                   "dynamodb:*",
                   "ecr:*",
                   "ec2:*",
                   "elasticache:*",
                   "cloudtrail:LookupEvents",
                   "kms:DescribeKey",
                   "kms:ListAliases",
                   "dynamodb:*",
                   "tag:GetResources",
                   "rds:*",
                   "ecs:*",
                   "eks:*",
                   "logs:*",
                   "events:DescribeRule",
                   "events:DeleteRule",
                   "events:ListRuleNamesByTarget",
                   "events:ListTargetsByRule",
                   "events:PutRule",
                   "events:PutTargets",
                   "es:AddTags",
                   "es:RemoveTags",
                   "es:ListTags",
                   "es:DeleteElasticsearchDomain",
                   "es:DescribeElasticsearchDomain",
                   "es:CreateElasticsearchDomain",
                   "events:RemoveTargets",
                   "kms:*"
               ],
               "Resource": "*"
           }
       ]
   }

   Then, follow the arrows in AWS console to create AWS credentials with required IAM permissions:

   

How was it? Did this tutorial work?  Yes  No

Well done!! You now have your AWS access key id and secret access key and your permissions are setups; It's time to connect Qovery to your AWS account.

Use AWS credentials with Qovery

this section is under development - join us and be part of the first to try it

Remove your AWS account

this section is under development - join us and be part of the first to try it

Delete Qovery from your AWS account

Your applications and your data will be deleted.

To delete Qovery from your AWS account you must be the owner of the Organization. Once your AWS account removed from Qovery, everything configured (VPC, Kubernetes, ...) by Qovery will be deleted forever.

IAM permissions

Qovery required IAM permissions to create, update and managed the infrastructure.

• IAM is used to create IAM roles
• S3 is used to store our generated configuration files
• Cloudwatch, for creating a group stream for each Kubernetes clusters
• Autoscaling for RDS and autoscaling rules for the Kubernetes cluster
• Elastic load-balancing for ELB / ALB / NLB.
• DynamoDB to have a distributed lock on infrastructure deployment.
• ECR for managing the container registry, create/update/delete repository.
• KMS to load and store keys (RDS, SSH, …)
• EKS to create and update the Kubernetes cluster.

Regions

Qovery supports the following AWS regions:

	name	description	supported
🇺🇸	us-west-2	US West (Oregon)	Yes
🇺🇸	us-east-2	US East (Ohio)	Yes
🇺🇸	us-east-1	US East (N. Virginia)	Yes
🇺🇸	us-west-1	US West (N. California)	No (Only 2 Availability Zone)
🇿🇦	af-south-1	Africa (Cape Town)	Yes
🇭🇰	ap-east-1	Asia Pacific (Hong Kong)	Yes
🇮🇳	ap-south-1	Asia Pacific (Mumbai)	Yes
🇯🇵	ap-northeast-1	Asia Pacific (Tokyo)	Yes
🇰🇷	ap-northeast-2	Asia Pacific (Seoul)	Yes
🇯🇵	ap-northeast-3	Asia Pacific (Osaka)	Yes
🇸🇬	ap-southeast-1	Asia Pacific (Singapore)	Yes
🇦🇺	ap-southeast-2	Asia Pacific (Sydney)	Yes
🇨🇦	ca-central-1	Canada (Toronto)	Yes
🇨🇳	cn-north-1	China (Beijing)	Yes
🇨🇳	cn-northwest-1	China (Ningxia)	Yes
🇩🇪	eu-central-1	Europe (Frankfurt)	Yes
🇮🇪	eu-west-1	Europe (Ireland)	Yes
🏴󠁧󠁢󠁥󠁮󠁧󠁿	eu-west-2	Europe (London)	Yes
🇫🇷	eu-west-3	Europe (Paris)	Yes
🇮🇹	eu-south-1	Europe (Milan)	Yes
🇸🇪	eu-north-1	Europe (Stockholm)	Yes
🇧🇭	me-south-1	Middle East (Bahrain)	Yes
🇧🇷	sa-east-1	South America (São Paulo)	Yes

Qovery supports regions where Amazon EKS is supported.

How Qovery works on AWS

Qovery is an abstraction layer on top of AWS and Kubernetes. Qovery manages the configuration of AWS account, and helps you to deploy production ready apps in seconds. To make it works, Qovery rely on Kubernetes for stateless apps (containers), and AWS for stateful apps (databases, storage...).

Read more on how Qovery works behind the scene.

Kubernetes

The first time you set up your AWS account, Qovery creates a Kubernetes cluster in your chosen region. Qovery managed it for you - no action required. It takes ~15 minutes to configure and bootstrap a Kubernetes cluster. Once bootstrapped, your Kubernetes cluster runs the Qovery app and is ready to deploy your applications.

Read more on how Qovery works with Kubernetes.

Managed services

AWS provides managed services for PostgreSQL, MySQL, Redis, MongoDB. Qovery gives you access to those services when you set the environment mode to Production. In Development mode, Qovery provides containers equivalent, which is cheaper and faster to start.

Security and compliance

Qovery runs your Kubernetes cluster and is autonomous to manage your applications, which means:

• Your configuration are stored on your AWS account.
• Your configuration is encrypted on your AWS account.
• Qovery can't access to your data.
• Suppose Qovery stops to run, your applications are not impacted.

FAQ

How to choose a region?

Different datacenters are located in different geographic areas, and you may want to keep your site physically close to the bulk of your user base for reduced latency.

I don't find a region that is provided by AWS

We are probably testing the support of this region, please contact us to know what's the status

Migrate between Cloud providers and regions

Today, you can't migrate an environment from one region to another after it has been created. Vote here if you need this feature.