This repository provides AWS CloudFormation configs that streamline the process of creating application resources on AWS that we commonly use in our applications. For instance, it is best practice to create a unique IAM user per app and follow the Principle of Least Privilege, meaning that user's permissions should be limited to only what is needed for the app.
There are currently two configurations and instructions below.
These configurations require the AWS CLI. Follow these instructions to get started
Our apps use S3 to store user-uploaded files and other static media. Use this cloud formaiton to quickly spin up a Bucket, IAM User, and secure Bucket Policies.
Please note if you have multiple aws accounts configured you will need to pass the profile key and if a region is not set the region key
aws <command> --profile <profile-name> --region <aws-region>
For this to work, you will need to download the YAML file or clone this repository.
aws cloudformation create-stack --stack-name <STACK-NAME> --template-body file://<FILE-PATH> --region us-east-1 --parameters ParameterKey=BucketNameParameter,ParameterValue=<BUCKET-NAME> --capabilities CAPABILITY_NAMED_IAM
For convenience, the configs are also available on a public S3 bucket, so that you do not need to download them.
aws cloudformation create-stack --stack-name <STACK-NAME> --template-url 'https://tn-s3-cloud-formation.s3.amazonaws.com/aws-s3-cloud-formation.yaml' --region us-east-1 --parameters ParameterKey=BucketNameParameter,ParameterValue=<BUCKET-NAME> --capabilities CAPABILITY_NAMED_IAM
The following arguments are required:
--stack-name <STACK-NAME>this must be unique--parameters ParameterKey=BucketNameParameter,ParameterValue=<BUCKET-NAME>BUCKET-NAME must be unique and lowercased--capabilities CAPABILITY_NAMED_IAM--template-body file://<FILE-PATH>path should start with file:// one of--template-bodyor--template-url--template-url <FILE-URL>one of--template-bodyor--template-url
You can also run the "stack" from the AWS Console:
- Visit the console, sign in and navigate to the CloudFormation Dashboard
- Click create stack (with new resources)
- select Template is ready
- Select Amazon S3 URL and provide the yaml file from this repo uploaded to S3 as the link
- Click next and pass in the required parameter value (S3 Bucket Name)
When the cloud formation is done you can get the Access Key ID, Secret, and Bucket name from the outputs
aws cloudformation describe-stacks --stack-name <STACK-NAME> from the previously create command
This will return a json object to retrieve the variables tab down to the Outputs key
Visit the CloudFormation Dashboard, click into the new stack you created and then tap the Outputs Tab
If you do not want to use the cloud formation here are instructions for manually creating the appropriate resources
Our apps use AWS Bedrock for fast and low-cost LLM features. An IAM User with the proper permissions is required.
First, an AWS Administrator will need to enable Amazon Bedrock organization-wide. They will have to request access to the models we want to use. To do this: Go to AWS Bedrock in the console and follow the instructions there. I've done this for our TN Staging and Production AWS orgs
aws cloudformation create-stack --stack-name <STACK-NAME> --template-body file://bedrock-user-permissions.yaml --region us-east-1 --parameters ParameterKey=ProjectName,ParameterValue=<PROJECTNAME> ParameterKey=<SOME_MODEL_ARN_OR_*_FOR_DEFAULT_ALL> --capabilities CAPABILITY_NAMED_IAM
aws cloudformation create-stack --stack-name <STACK-NAME> --template-url 'https://tn-s3-cloud-formation.s3.amazonaws.com/bedrock-user-permissions.yaml' --region us-east-1 --parameters ParameterKey=ProjectName,ParameterValue=<PROJECTNAME> ParameterKey=<SOME_MODEL_ARN_OR_*_FOR_DEFAULT_ALL> --capabilities CAPABILITY_NAMED_IAM
aws cloudformation describe-stacks --stack-name <STACK-NAME>
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent