How to Deploy Signing Service To AWS

You are here:

Install eb-cli

Follow these instructions to install AWS eb-cli.

Clone the Repository

Clone this repository and cd to its directory in Terminal.

Add elasticbeanstalk config

Download the file, copy the zip file to root of the cloned repository folder, and unzip it. Inside will be a hidden folder called “.elasticbeanstalk” that contains configuration files.

Add required config values

Use a text editor such as TextEdit to open the file at: 


This file will contain some configuration values that should remain unchanged as well as some that require a new value to be entered. The text ######### ENTER VALUE will be shown for each area that requires a new value. Remove ######### ENTER VALUE and replace it with new values as follows.


Skip this if a value has already been provided for this. Otherwise generate a long secure value to use for this. If Ruby on Rails is already installed, this can be done by going to the repo root in Terminal. Type rake secret | pbcopy to generate a secret key base and copy it to the paste board. 


Add an email address to display as the sender when the application sends email.


Enter the domain name to be used for the application. (This can be added or changed later if needed using AWS Console.)

EMAIL Service

Add values for an email service such as Mandrill. This can be skipped initially if needed.



Enter a secure value for DBPassword to use for the database created. 

If desired, edit the value for DBUser as well to any valid value to use as the database user name. Or just leave the default value.


Use AWS Certificate Manager to create an SSL certificate. Copy the ARN for the certificate and paste it for this section. 

Notification Endpoint

Add an email address to be notified for AWS application health monitoring events. 

EB Init

In Terminal from the repo root, run the command eb init and follow prompts to select or create an SSH keypair. 

CodeCommit: no

Set up SSH: yes

Select a keypair: create new keypair called aws-eb or select an existing one.

IAM Roles

The Elastic Beanstalk configuration file references two standard AWS IAM roles used for permissions when deploying to Elastic Beanstalk. If Elastic Beanstalk has previously been used for the current AWS account then these IAM roles will have already been created and nothing further is needed. This can be confirmed by going to AWS web console, opening the IAM section, clicking on Roles, and checking that both of these roles are shown: 


If these IAM roles do not exist the easiest way to add them is to run the command below. This will create an environment for the application without specifying any configuration. After running this command proceed immediately to the next section to create the real environment.

eb create temp-env

Create Environment

Press Control-C if needed to quit the command above for create temp-env. 

In Terminal from the repo root, run this command to create the environment: 

eb create signing-service-env --cfg signing_service_template

This will then run for about 15 minutes and create an environment for the application using the configuration template file. 

Once Terminal prints the output message saying it is safe to do so, press Control-C. Then run these commands 

eb use signing-service-env
eb console

Wait for environment creation to be completed.

EB Open

In Terminal run the command eb open to open the application in a browser. Click through security warnings as needed to load the page, as initially there will be a mismatch between the app url and the SSL certificate. 

Once the application is loaded in a browser, sign in with initial credentials. These initial credentials are sent via email and must be changed on first login.

Enter the license key file provided and accept the user agreement. 

Click on Users to change the admin password and email address.

Remove temp-env

If temp-env was created as specified in the section for IAM Roles, temp-env will need to be removed once the main app environment is confirmed. From the AWS web console go to Elastic Beanstalk environments and find temp-env. Once on the page for temp-env find the button toward the top right called Actions, then click Terminate environment. Enter the name temp-env when prompted to confirm. 


Configure a domain for the application to resolve the SSL warnings. If the domain is managed in AWS Route 53, create an alias record pointing to an Elastic Beanstalk environment, and select the environment for this application.

SSH Access

In Terminal type “eb ssh” to SSH to the instance if needed. The app content will be located at /var/app/current