Install AWS EB CLI
Follow the instructions on the AWS Beanstalk Guide to install AWS EB CLI:
Clone the Repository
Clone this repository and cd to its directory in Terminal
Add elasticbeanstalk config
Download the file elasticbeanstalk_config.zip, copy the zip file to root of the cloned repository folder, and unzip it. Inside is a hidden folder called “.elasticbeanstalk” that contains configuration files.
Add required config values
Use a text editor (such as TextEdit) to open the file at:
This file will contain some configuration values that should remain unchanged, as well as some that require a new value to be entered.
######### ENTER VALUE are shown for each area that requires a new value. Remove
######### ENTER VALUE and replace it with new values as follows:
Skip if a value has already been provided.
Otherwise, generate a long secure value to use. If Ruby on Rails is already installed, this can be done by going to the repo root in Terminal. Type
rake secret | pbcopy to generate a secret key base, copy it to the clipboard, and paste in your text editor.
Add an email address to display as the sender when the application sends email.
Enter the domain name to be used for the application (you can add or change this later via the AWS Console):
Add values for an email service such as Mandrill (can be initially skipped):
MAIL_HOST MAIL_USERNAME MAIL_PASSWORD
Enter a secure value for
DBPassword to use for the database created.
If desired, you can also edit the value for
DBUser to any valid value to use as the database user name. If not, just leave the default value.
Use AWS Certificate Manager to create an SSL certificate, copy-pasting its ARN.
An email address entered here will receive notifications monitoring AWS application health.
In Terminal from the repo root, run the command
eb init; follow the prompts to select or create an SSH key pair:
Set up SSH:
Select a key pair: Create new key pair named aws-eb —or— Select an existing key pair
The Elastic Beanstalk configuration file references two standard AWS IAM roles used for permissions when deploying to Elastic Beanstalk.
If Elastic Beanstalk was previously used for the current AWS account, no new values are needed: these IAM roles were previously created. You can confirm this in the AWS web console by opening the IAM section, clicking “Roles”, and checking that both roles below are shown:
If these IAM roles do not exist, the easiest way to add them is to run the command below; this will create an environment for the application without specifying any configuration:
eb create temp-env
After running the above command, proceed immediately to the next section to create the environment.
(If needed, use Control-C (^-C) to quit the command above for
In Terminal from the repo root, run this command to create the environment:
eb create signing-service-env --cfg signing_service_template
The command will run for about 15 minutes, creating an environment for the application using the configuration template file.
Once Terminal prints the output message saying it is safe to do so, use Control-C (^-C).
Then, run these commands:
eb use signing-service-env eb console
Wait for environment creation to be completed, then proceed to the next section.
AWS Application Configuration
In Terminal, run the command
eb open to open the application in a browser. Click through any security warnings to load the page: initially, there is a mismatch between the app URL and the SSL certificate, though this is later resolved in the Domain section below.
Once the application is loaded in a browser, sign in with your initial credentials. These initial credentials are sent via email and must be changed at first login.
Enter the license key file provided and accept the User Agreement.
Click on “Users” to change the administrator password and email address.
temp-env was created as specified in the section for IAM Roles,
temp-env will need to be removed once the main app environment is confirmed. From the AWS web console, go to Elastic Beanstalk environments and find
Once on its page, find the “Actions” button in the top right, then click “Terminate environment”. Enter the name
temp-env when prompted to confirm.
To resolve the SSL warnings, configure a domain for the application. If the domain is managed in AWS Route 53, create an alias record pointing to an Elastic Beanstalk environment. Then, select the environment for this application.
In Terminal, type
eb ssh to SSH to the instance if needed. The app content is located at