Google Git
Sign in
eclipse / gerrit / www.eclipse.org / che / 37361b67dab8a70a08fcbdc967a500c2d6ad956c / . / docs / che-7 / installation-guide / installing-che-on-aws / index.html
blob: 12f414d311ba9fbdab87f720840be397056b26cb [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Installing Che on AWS :: Eclipse Che Documentation</title>
<link rel="canonical" href="https://www.eclipse.org/che/docs/che-7/installation-guide/installing-che-on-aws/">
<meta name="keywords" content="overview, installing-che-on-aws">
<meta name="generator" content="Antora 2.3.4">
<link rel="stylesheet" href="../../../_/css/site.css">
<link rel="stylesheet" href="../../../_/css/extra.css">
<link rel="stylesheet" href="../../../_/font-awesome-4.7.0/css/font-awesome.min.css">
<link rel="icon" href="../../../favicon.ico" type="image/x-icon">
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-37306001-2"></script>
<script>function gtag(){dataLayer.push(arguments)};window.dataLayer=window.dataLayer||[];gtag('js',new Date());gtag('config','UA-37306001-2')</script>
<script>var uiRootPath = '../../../_'</script>
</head>
<body class="article">
<header class="header" role="banner">
<nav class="navbar">
<div class="navbar-brand">
<div class="navbar-item">
<button class="navbar-burger" data-target="topbar-nav">
<span></span>
<span></span>
<span></span>
</button>
<img src="../../../_/img/icon-eclipse-che.svg" class="navbar-logo" alt="Eclipse Che logo">
<a href="https://www.eclipse.org/che/docs">Eclipse Che Documentation</a>
</div>
</div>
<div id="topbar-nav" class="navbar-menu">
<div class="navbar-end">
<div class="navbar-item hide-for-print">
<script async src="https://cse.google.com/cse.js?cx=002898025167115630151:gnr5edrg2eo"></script>
<div class="gcse-searchbox" enableAutoComplete="true"></div>
</div>
<a class="navbar-item" href="https://www.eclipse.org/che/docs">Home</a>
<a class="navbar-item" href="https://che.eclipse.org/">Blog</a>
<a class="navbar-item" href="https://github.com/eclipse/che">Source Code</a>
</div>
</div>
</nav>
<div class="gcse-searchresults"></div>
</header><div class="body">
<div class="nav-container" data-component="che-7" data-version="master">
<aside class="nav">
<div class="panels">
<div class="nav-panel-menu is-active" data-panel="menu">
<nav class="nav-menu">
<h3 class="title"><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></h3>
<ul class="nav-list">
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../overview/introduction-to-eclipse-che/">Introduction to Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../overview/che-architecture/">Che architecture</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../hosted-che/hosted-che/">Eclipse Che hosted by Red Hat</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">End-user Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/navigating-che/">Navigating Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/navigating-che-using-the-dashboard/">Navigating Che: dashboard</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/importing-certificates-to-browsers/">Importing certificates to browsers</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/accessing-che-from-openshift-developer-perspective/">Navigating Che from OpenShift Developer Perspective</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/che-theia-ide-basics/">Che-Theia IDE basics</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/defining-custom-commands-for-che-theia/">Defining custom commands for Che-Theia</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/version-control/">Version Control</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/che-theia-troubleshooting/">Che-Theia Troubleshooting</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/differences-in-how-che-theia-webview-works-on-a-single-host-mode-comparing-to-a-multi-host-mode/">Differences in how Che-Theia Webview works on a single-host mode comparing to a multi-host mode</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/workspaces-overview/">Using developer workspaces</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-code-sample/">Creating a workspace from code sample</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-remote-devfile/">Creating a workspace from a remote devfile using the dashboard</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-local-devfile-using-chectl/">Creating a workspace from local devfile using chectl</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/creating-a-workspace-by-importing-the-source-code-of-a-project/">Creating a workspace by importing the source code of a project</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/configuring-a-workspace-with-dashboard/">Configuring a workspace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/running-a-workspace-with-dashboard/">Running a workspace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/importing-kubernetes-applications-into-a-workspace/">Importing Kubernetes applications into a workspace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/remotely-accessing-workspaces/">Remotely accessing workspaces</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/mounting-a-secret-as-a-file-or-an-environment-variable-into-a-workspace-container/">Mounting a secret as a file or an environment variable into a workspace container</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/authenticating-on-scm-server-with-a-personal-access-token/">Authenticating on SCM Server with a personal access token</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/authoring-devfiles/">Authoring devfiles</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/authoring-devfiles-version-1/">Authoring devfiles version 1</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/authoring-devfiles-version-2/">Authoring devfiles version 2</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/customizing-developer-environments/">Customizing developer environments</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/what-is-a-che-theia-plug-in/">What is a Che-Theia plug-in</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/adding-a-vs-code-extension-to-a-workspace/">Adding a VS Code extension to a workspace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/adding-a-vs-code-extension-to-the-che-plugin-registry/">Adding a VS Code extension to the Che plug-ins registry</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/publishing-metadata-for-a-vs-code-extension/">Publishing a VS Code extension</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/testing-a-visual-studio-code-extension-in-che/">Testing a VS Code extension in Che</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/using-alternative-ides-in-che/">Using alternative IDEs in Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/support-for-jetbrains-ides/">JetBrains IDEs</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/using-jetbrains-intellij-idea-community-edition/">Using IntelliJ Idea Community Edition</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/using-jetbrains-intellij-idea-ultimate-edition/">Using IntelliJ Idea Ultimate Edition</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/configuring-an-existing-workspace-to-use-intellij-idea/">Configuring an existing workspace to use IntelliJ IDEA</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/using-jetbrains-webstorm/">Using WebStorm</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../../end-user-guide/provisioning-jetbrains-activation-code-for-offline-use/">Provisioning activation code for offline use</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/support-for-theia-based-ides/">Theia-based IDEs</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/adding-tools-to-che-after-creating-a-workspace/">Adding tools to Che after creating a workspace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-private-container-registries/">Using private container registries</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/using-artifact-repositories-in-a-restricted-environment/">Using artifact repositories in a restricted environment</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-maven-artifact-repositories/">Using Maven artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-gradle-artifact-repositories/">Using Gradle artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-python-artifact-repositories/">Using Python artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-go-artifact-repositories/">Using Go artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-nuget-artifact-repositories/">Using NuGet artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-npm-artifact-repositories/">Using npm artifact repositories</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/troubleshooting-che/">Troubleshooting Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/viewing-che-workspaces-logs/">Viewing Che workspaces logs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/investigating-failures-at-a-workspace-start-using-the-verbose-mode/">Troubleshooting workspace start failures</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/troubleshooting-slow-workspaces/">Troubleshooting slow workspaces</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/troubleshooting-network-problems/">Troubleshooting network problems</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Installation Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../supported-platforms/">Supported platforms</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../configuring-the-che-installation/">Configuring the Che installation</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../installing-che/">Installing Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../installing-che-in-cloud/">Installing Che in cloud</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-openshift-4-using-operatorhub/">Installing Che on OpenShift 4 using OperatorHub</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-openshift-4-using-cli/">Installing Che on OpenShift 4 using CLI</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-openshift-3-using-the-operator/">Installing Che on OpenShift 3</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-kubespray/">Installing Che on Kubespray</a>
</li>
<li class="nav-item is-current-page" data-depth="3">
<a class="nav-link" href="./">Installing Che on AWS</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-google-cloud-platform/">Installing Che on Google Cloud</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-microsoft-azure/">Installing Che on Microsoft Azure</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../installing-che-locally/">Installing Che locally</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-codeready-containers/">Installing Che on CodeReady Containers</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-docker-desktop/">Installing Che on Docker Desktop</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-minikube/">Installing Che on Minikube</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-minishift/">Installing Che on Minishift</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-kind/">Installing Che on Kind</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../using-the-chectl-management-tool/">Using the chectl management tool</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../installing-che-in-a-restricted-environment/">Installing Che in restricted environment</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../advanced-configuration/">Advanced configuration</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../advanced-configuration-options-for-the-che-server-component/">Advanced configuration options for Che server</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-namespace-strategies/">Configuring workspace target namespace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-storage-strategies/">Configuring storage strategies</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-storage-types/">Configuring storage types</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-the-number-of-workspaces-that-a-user-can-run/">Configuring the number of workspaces that a user can run</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-the-number-of-workspaces-that-a-user-can-create/">Configuring the number of workspaces that a user can create</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-workspace-exposure-strategies/">Configuring workspace exposure strategies</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-workspaces-nodeselector/">Configuring workspaces nodeSelector</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-che-hostname/">Configuring Che hostname</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-ingresses/">Configuring Kubernetes Ingress</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-routes/">Configuring OpenShift Route</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../deploying-che-with-support-for-git-repositories-with-self-signed-certificates/">Deploying Che with support for Git repositories with self-signed certificates</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../installing-che-using-storage-classes/">Installing Che using storage classes</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../importing-untrusted-tls-certificates/">Importing untrusted TLS certificates to Che</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../switching-between-external-and-internal-communication/">Switching between external and internal ways in inter-component communication</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../setting-up-the-keycloak-che-username-readonly-theme-for-the-eclipse-che-login-page/">Setting up the Keycloak che-username-readonly theme for the Eclipse Che login page</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../mounting-a-secret-as-a-file-or-an-environment-variable-into-a-container/">Mounting a Secret or a ConfigMap as a file or an environment variable into a Eclipse&#160;Che container</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../enabling-dev-workspace-engine/">Enabling Dev Workspace engine</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../upgrading-che/">Upgrading Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-using-operatorhub/">Upgrading Che using OperatorHub</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-using-the-cli-management-tool/">Upgrading Che using the CLI management tool</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-using-the-cli-management-tool-in-restricted-environment/">Upgrading Che in restricted environment</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-namespace-strategies-other-than-per-user/">Updating Che namespace strategies other than 'per user'</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../uninstalling-che/">Uninstalling Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../uninstalling-che-after-operatorhub-installation-using-openshift-web-console/">Using the OpenShift web console</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../uninstalling-che-after-operatorhub-installation-using-openshift-cli/">Using OpenShift CLI</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../uninstalling-che-after-chectl-installation/">Using chectl</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Administration Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../administration-guide/che-architecture-overview/">Che architecture</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/che-workspace-controller/">Che workspace controller</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/che-workspaces-architecture/">Che workspaces architecture</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../administration-guide/calculating-che-resource-requirements/">Calculating Che resource requirements</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../administration-guide/customizing-the-registries/">Customizing the registries</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/building-custom-registry-images/">Building custom registry images</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/running-custom-registries/">Running custom registries</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../administration-guide/retrieving-che-logs/">Retrieving Che logs</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/configuring-server-logging/">Configuring server logging</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/viewing-kubernetes-events/">Accessing Kubernetes events on OpenShift</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/viewing-operator-events/">Viewing the Operator events on OpenShift</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/viewing-che-server-logs/">Viewing Che server logs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/viewing-external-service-logs/">Viewing external service logs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/viewing-plug-in-broker-logs/">Viewing Plug-in broker logs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/collecting-logs-using-chectl/">Collecting logs using chectl</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../administration-guide/monitoring-che/">Monitoring Che</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../administration-guide/tracing-che/">Tracing Che</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../administration-guide/backup-and-disaster-recovery/">Backup and disaster recovery</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/external-database-setup/">External database setup</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/persistent-volumes-backups/">Persistent Volumes backups</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../administration-guide/caching-images-for-faster-workspace-start/">Caching images for faster workspace start</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/defining-the-list-of-images-to-pull/">Defining the list of images</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/defining-the-memory-parameters-for-the-image-puller/">Defining the memory settings</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/installing-image-puller-using-che-operator/">Installing using the Che Operator</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/installing-image-puller-on-kubernetes-using-the-image-puller-operator/">Installing using the Kubernetes Image Puller Operator</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/installing-image-puller-on-openshift-using-operatorhub/">Installing on OpenShift 4</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/installing-image-puller-on-openshift-using-openshift-templates/">Installing on OpenShift 3</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/installing-image-puller-on-kubernetes-using-helm/">Installing using Helm</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../administration-guide/managing-identities-and-authorizations/">Managing identities and authorizations</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/authenticating-users/">Authenticating users</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/authorizing-users/">Authorizing users</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/configuring-authorization/">Configuring authorization</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/configuring-openshift-oauth/">Configuring OpenShift OAuth</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../administration-guide/removing-user-data/">Removing user data</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Contributor Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/branding-che-theia/">Branding Che-Theia</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/developing-che-theia-plug-ins/">Developing Che-Theia plug-ins</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/testing-che-theia-plug-ins/">Testing Che-Theia plug-ins</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/publishing-che-theia-plug-ins/">Publishing Che-Theia plug-ins</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/adding-support-for-a-new-language/">Adding support for a new language</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/adding-support-for-a-new-debugger/">Adding support for a new debugger</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../contributor-guide/che-extensibility-reference/">Che extensibility reference</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../contributor-guide/che-extension-points/">Che extension points</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../contributor-guide/che-theia-plug-in-api/">Che-Theia plug-in API</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../contributor-guide/debug-adapter-protocol/">Debug Adapter Protocol</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../contributor-guide/language-server-protocol/">Language Server Protocol</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Extensions</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../extensions/eclipse-che4z/">eclipse-che4z.adoc</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../extensions/openshift-connector-overview/">OpenShift Connector</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/features-of-openshift-connector/">Features of OpenShift Connector</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/installing-openshift-connector-in-che/">Installing OpenShift Connector in Eclipse Che</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/authenticating-with-openshift-connector-from-che/">Authenticating with OpenShift Connector from Eclipse Che</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/creating-components-with-openshift-connector-in-che/">Creating Components with OpenShift Connector in Eclipse Che</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/connecting-source-code-from-github-to-a-openshift-component-using-openshift-connector/">Connecting source code from GitHub to a OpenShift Component</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../extensions/telemetry/">Telemetry</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/creating-a-telemetry-plugin/">Creating A Telemetry Plugin</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/the-woopra-telemetry-plugin/">The Woopra Telemetry Plugin</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../extensions/java-lombok/">Java Lombok</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../glossary/che-glossary/">Che glossary</a>
</li>
</ul>
</li>
</ul>
</nav>
</div>
<div class="nav-panel-explore" data-panel="explore">
<div class="context">
<span class="title">Documentation</span>
<span class="version">master</span>
</div>
<ul class="components">
<li class="component is-current">
<a class="title" href="../../overview/introduction-to-eclipse-che/">Documentation</a>
<ul class="versions">
<li class="version is-current is-latest">
<a href="../../overview/introduction-to-eclipse-che/">master</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</aside>
</div>
<main class="article">
<div class="toolbar" role="navigation">
<button class="nav-toggle"></button>
<a href="../../overview/introduction-to-eclipse-che/" class="home-link"></a>
<nav class="breadcrumbs" aria-label="breadcrumbs">
<ul>
<li><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></li>
<li>Installation Guide</li>
<li><a href="../installing-che/">Installing Che</a></li>
<li><a href="../installing-che-in-cloud/">Installing Che in cloud</a></li>
<li><a href="./">Installing Che on AWS</a></li>
</ul>
</nav>
<div class="edit-this-page"><a href="https://github.com/eclipse/che-docs/edit/master/modules/installation-guide/pages/installing-che-on-aws.adoc">Edit this Page</a></div>
</div>
<div class="content">
<aside class="toc sidebar" data-title="Contents" data-levels="2">
<div class="toc-menu"></div>
</aside>
<article class="doc">
<h1 class="page">Installing Che on AWS</h1>
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>This article describes how to deploy Eclipse&#160;Che on the Amazon Web Services (AWS) cloud.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="preparing-the-aws-system-for-installing-che_che"><a class="anchor" href="#preparing-the-aws-system-for-installing-che_che"></a>Preparing the AWS system for installing Che</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The following sections describe how to Configure Kubernetes for Eclipse&#160;Che
on Amazon Elastic Compute Cloud (Amazon EC2).</p>
</div>
<div class="ulist">
<div class="title">Prerequisites</div>
<ul>
<li>
<p>A running instance of Kubernetes, version 1.9 or higher, and Ingress.</p>
</li>
<li>
<p>The <code>kubectl</code> tool installed.</p>
</li>
<li>
<p>The <code>chectl</code> tool installed.</p>
</li>
</ul>
</div>
<div class="sect2">
<h3 id="_installing_kubernetes_on_amazon_ec2"><a class="anchor" href="#_installing_kubernetes_on_amazon_ec2"></a>Installing Kubernetes on Amazon EC2</h3>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Configure the AWS Command Line Interface (AWS CLI). For detailed installation instructions, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html">Installing the AWS CLI</a>.</p>
</li>
<li>
<p>Check the <code>PATH</code> environment variable if the <code>aws</code> tool is not available.</p>
</li>
<li>
<p>Install Kubernetes on EC2. There are several ways to have a running Kubernetes instance on EC2. Here, the <code>kops</code> tool is used to install Kubernetes. For details, see <a href="https://kubernetes.io/docs/setup/production-environment/tools/kops/">Installing Kubernetes with <code>kops</code></a>.</p>
</li>
</ol>
</div>
<div class="paragraph">
<p>This document assumes that Eclipse&#160;Che must be configured to run on following domain: <code><a href="http://che.aws.my-ide.cloud" class="bare">http://che.aws.my-ide.cloud</a></code>.</p>
</div>
</div>
<div class="sect2">
<h3 id="_setting_up_dns"><a class="anchor" href="#_setting_up_dns"></a>Setting up DNS</h3>
<div class="paragraph">
<p>One way to Configure Domain Name System (DNS) is to create the Amazon Route53 to manage the <code>aws.my-ide.cloud</code> domain.</p>
</div>
<div class="paragraph">
<p>To Configure DNS:</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Create the zone on AWS:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ aws route53 create-hosted-zone --name aws.my-ide.cloud --caller-reference 1
\{
"Location": "https://route53.amazonaws.com/2013-04-01/hostedzone/<em>&lt;ZONE-ID&gt;</em>",
"HostedZone": \{
"Id": "/hostedzone/<em>&lt;ZONE-ID&gt;</em>",
"Name": "aws.my-ide.cloud.",
"CallerReference": "1",
"Config": \{
"PrivateZone": false
},
"ResourceRecordSetCount": 2
},
"ChangeInfo": \{
"Id": "/change/C1ZNLBU45DJUJL",
"Status": "PENDING",
"SubmittedAt": "2019-07-08T08:14:39.772Z"
},
"DelegationSet": \{
"NameServers": [
"ns-1693.awsdns-19.co.uk",
"ns-1133.awsdns-13.org",
"ns-150.awsdns-18.com",
"ns-965.awsdns-56.net"
]
}
}</pre>
</div>
</div>
</li>
<li>
<p>Configure the four DNS <code>nameservers</code> on the <code>my-ide.cloud</code> DNS. Note that when a custom DNS provider, updating the record takes a few hours.</p>
<div class="imageblock">
<div class="content">
<img src="../_images/installation/dns-nameservers.png" alt="DNS name servers">
</div>
</div>
</li>
<li>
<p>Create the Simple Storage Service (s3) storage to store the <code>kops</code> configuration.</p>
<div class="listingblock">
<div class="content">
<pre>$ aws s3 mb s3://clusters.aws.my-ide.cloud
make_bucket: clusters.aws.my-ide.cloud</pre>
</div>
</div>
</li>
<li>
<p>Inform <code>kops</code> of this new service:</p>
<div class="listingblock">
<div class="content">
<pre>$ export KOPS_STATE_STORE=s3://clusters.aws.my-ide.cloud</pre>
</div>
</div>
</li>
<li>
<p>Create the <code>kops</code> cluster by providing the cluster zone. For example, for Europe, the zone is <code>eu-west-1c</code>.</p>
<div class="listingblock">
<div class="content">
<pre>$ kops create cluster --zones=eu-west-1c eu.aws.my-ide.cloud</pre>
</div>
</div>
</li>
<li>
<p>Create the cluster:</p>
<div class="listingblock">
<div class="content">
<pre>$ kops update cluster eu.aws.my-ide.cloud --yes</pre>
</div>
</div>
</li>
<li>
<p>After the cluster is ready, validate it:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ kops validate cluster
Using cluster from {orch-cli} context: eu.aws.my-ide.cloud
Validating cluster eu.aws.my-ide.cloud
INSTANCE GROUPS
NAME ROLE MACHINETYPE MIN MAX SUBNETS
master-eu-west-1c Master m3.medium 1 1 eu-west-1c
nodes Node t2.medium 2 2 eu-west-1c
NODE STATUS
NAME ROLE READY
ip-172-20-38-26.eu-west-1.compute.internal node True
ip-172-20-43-198.eu-west-1.compute.internal node True
ip-172-20-60-129.eu-west-1.compute.internal master True
Your cluster eu.aws.my-ide.cloud is ready</pre>
</div>
</div>
</li>
<li>
<p>Check the cluster using the <code>kubectl ` command. The `kubectl ` context is also configured automatically by the `kops</code> tool:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ {orch-cli} config current-context
eu.aws.my-ide.cloud
$ {orch-cli} get pods --all-namespaces
All the pods in the running state are displayed.</pre>
</div>
</div>
</li>
</ol>
</div>
</div>
<div class="sect2">
<h3 id="_installing_ingress_nginx"><a class="anchor" href="#_installing_ingress_nginx"></a>Installing Ingress-nginx</h3>
<div class="paragraph">
<p>To install Ingress-nginx:</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Install the configuration for AWS.</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ {orch-cli} apply \
-f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.0/deploy/static/provider/aws/deploy.yaml</pre>
</div>
</div>
<div class="paragraph">
<p>The following output confirms that the Ingress controller is running.</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ {orch-cli} get pods --namespace ingress-nginx
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-76c86d76c4-gswmg 1/1 Running 0 9m3s</pre>
</div>
</div>
</li>
<li>
<p>Find the external IP of ingress-nginx.</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ {orch-cli} get services --namespace ingress-nginx -o jsonpath='{.items[].status.loadBalancer.ingress[0].hostname}'
Ade9c9f48b2cd11e9a28c0611bc28f24-1591254057.eu-west-1.elb.amazonaws.com</pre>
</div>
</div>
<div class="paragraph">
<p><strong>Troubleshooting</strong>: If the output is empty, it implies that the cluster has configuration issues. Use the following command to find the cause of the issue:</p>
</div>
<div class="listingblock">
<div class="content">
<pre>$ {orch-cli} describe service -n ingress-nginx ingress-nginx</pre>
</div>
</div>
<div class="paragraph">
<p>Output similar to the following means a needed role must be created manually:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="nowrap">arn:aws:sts::269287474311:assumed-role...4bff is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::269287474311:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing</pre>
</div>
</div>
<div class="paragraph">
<p>Run the following command to create the role:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com"</pre>
</div>
</div>
</li>
<li>
<p>Add hosts on route 53 with this given host name <code><a href="https://console.aws.amazon.com/route53/home?region=eu-west-1#hosted-zones" class="bare">https://console.aws.amazon.com/route53/home?region=eu-west-1#hosted-zones</a>:</code>. Ensure that you include the colon (<code>:</code>) at the end of this URL.</p>
</li>
<li>
<p>Create the wildcard DNS <code><strong></code> (for <code></strong>.aws-my-ide.cloud</code>) with the previous host name and ensure to add the dot (<code>.</code>) at the end of the host name. In the <strong>Type</strong> drop-down list, select <strong>CNAME</strong>.</p>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/create-record-set.png"><img src="../_images/installation/create-record-set.png" alt="create record set"></a>
</div>
</div>
<div class="paragraph">
<p>The following is an example of the resulting window after adding all the values.</p>
</div>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/create-record-set-all-values.png"><img src="../_images/installation/create-record-set-all-values.png" alt="create record set all values"></a>
</div>
</div>
<div class="paragraph">
<p>The <code>che.aws.my-ide.cloud</code> address must resolve to an IP address.</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ host che.aws.my-ide.cloud
che.aws.my-ide.cloud is an alias for ade9c9f48b2cd11e9a28c0611bc28f24-1591254057.eu-west-1.elb.amazonaws.com.
ade9c9f48b2cd11e9a28c0611bc28f24-1591254057.eu-west-1.elb.amazonaws.com has address 54.77.155.195</pre>
</div>
</div>
<div class="paragraph">
<p>The existing Kubernetes instance is prepare to host an Che installation.</p>
</div>
</li>
</ol>
</div>
</div>
<div class="sect2">
<h3 id="_enabling_the_tls_and_dns_challenge"><a class="anchor" href="#_enabling_the_tls_and_dns_challenge"></a>Enabling the TLS and DNS challenge</h3>
<div class="paragraph">
<p><!-- vale IBM.Terms = NO --></p>
</div>
<div class="paragraph">
<p>To use the Cloud DNS and TLS, some service accounts must be enabled to have cert-manager managing the DNS challenge for the <em>Let&#8217;s Encrypt</em> service.</p>
</div>
<div class="paragraph">
<p><!-- vale IBM.Terms = YES --></p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Create a new <code>permission</code> file.</p>
</li>
<li>
<p>Use the following command to obtain the zone ID:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ aws route53 list-hosted-zones
{
"HostedZones": [
{
"Id": "/hostedzone/ABCDEFGH",
"Name": "aws.my-ide.cloud.",
"CallerReference": "1",
"Config": {
"PrivateZone": false
},
"ResourceRecordSetCount": 5
}
]
}</pre>
</div>
</div>
</li>
<li>
<p>Copy the following content and replace <code>INSERT_ZONE_ID</code> with the route53 zone ID:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ListHostedZonesByName"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/&lt;INSERT_ZONE_ID&gt;"
]
}
]
}</pre>
</div>
</div>
</li>
<li>
<p>In the <strong>EC2 Dashboard</strong>, identify the <strong>IAM role</strong> used by the master node.</p>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/aws-lauch-instance.png"><img src="../_images/installation/aws-lauch-instance.png" alt="start AWS instance"></a>
</div>
</div>
<div class="paragraph">
<p>It is located under the <strong>Description</strong> tab, in the <strong>IAM role</strong> field.</p>
</div>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/describtion-tab-iam-role.png"><img src="../_images/installation/describtion-tab-iam-role.png" alt="Description tab IAM role"></a>
</div>
</div>
</li>
<li>
<p>Click the <strong>IAM role</strong> link (<code>masters.eu.aws.my-ide.cloud</code>, in this case).</p>
</li>
<li>
<p>Click the <strong>Add inline policy</strong> link at the bottom of the window.</p>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/aws-summary-iam-role.png"><img src="../_images/installation/aws-summary-iam-role.png" alt="AWS summary IAM role"></a>
</div>
</div>
</li>
<li>
<p>In the <strong>Create policy</strong> window, on the <strong>JSON</strong> tab, paste the content of the JSON file created earlier and click the <strong>Review policy</strong> button.</p>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/aws-create-policy.png"><img src="../_images/installation/aws-create-policy.png" alt="aws create policy"></a>
</div>
</div>
</li>
<li>
<p>In the <strong>Name</strong> field, type <code>eclipse-che-route53</code> and click <strong>Create Policy</strong>.</p>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/create-policy-review-policy.png"><img src="../_images/installation/create-policy-review-policy.png" alt="create policy review policy"></a>
</div>
</div>
</li>
</ol>
</div>
</div>
<div class="sect2">
<h3 id="_installing_cert_manager"><a class="anchor" href="#_installing_cert_manager"></a>Installing cert-manager</h3>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>To install cert-manager, run the following commands (for details, see <a href="https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html">Installing Cert on Kubernetes</a>):</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ {orch-cli} create namespace cert-manager
namespace/cert-manager created
$ {orch-cli} label namespace cert-manager certmanager.k8s.io/disable-validation=true
namespace/cert-manager labeled</pre>
</div>
</div>
</li>
<li>
<p>Set <code>validate=false</code>. If set to <code>true</code>, it will only work with the latest Kubernetes:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ {orch-cli} apply \
-f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.yaml \
--validate=false</pre>
</div>
</div>
</li>
<li>
<p>Create the Che namespace if it does not already exist:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ kubectl create namespace eclipse-che
namespace/eclipse-che created</pre>
</div>
</div>
</li>
<li>
<p>Create the <strong>cert-manager</strong> user:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ aws iam create-user --user-name cert-manager
{
"User": {
"Path": "/",
"UserName": "cert-manager",
"userId": "ABCDEF",
"Arn": "arn:aws:iam::1234:user/cert-manager",
"CreateDate": "2019-07-30T13:50:48Z"
}
}</pre>
</div>
</div>
</li>
<li>
<p>Create the access key:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ aws iam create-access-key --user-name cert-manager
{
"AccessKey": {
"UserName": "cert-manager",
"AccessKeyId": "ABCDEF",
"Status": "Active",
"SecretAccessKey": "mySecret",
"CreateDate": "2019-07-30T13:52:59Z"
}
}</pre>
</div>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Remember the access key for later use.
</td>
</tr>
</table>
</div>
</li>
<li>
<p>Create a secret from the <code>SecretAccessKey</code> content.</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ {orch-cli} create secret generic aws-cert-manager-access-key \
--from-literal=CLIENT_SECRET=&lt;REPLACE WITH SecretAccessKey content&gt; -n cert-manager</pre>
</div>
</div>
</li>
<li>
<p>Use the <strong>Add inline policy</strong> link to add the inline policy to <a href="https://console.aws.amazon.com/iam/home#/users/cert-manager">AWS Cert-Manager</a>.</p>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/aws-summary-iam-role.png"><img src="../_images/installation/aws-summary-iam-role.png" alt="AWS summary IAM role"></a>
</div>
</div>
</li>
<li>
<p>Paste the following inline policy in the <strong>JSON</strong> tab:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:GetChange",
"Resource": "arn:aws:route53:::change/*"
},
{
"Effect": "Allow",
"Action": "route53:ChangeResourceRecordSets",
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
}
]
}</pre>
</div>
</div>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/json-review-policy.png"><img src="../_images/installation/json-review-policy.png" alt="json review policy"></a>
</div>
</div>
</li>
<li>
<p>Click <strong>Review policy</strong>.</p>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/create-policy-review.png"><img src="../_images/installation/create-policy-review.png" alt="create policy review"></a>
</div>
</div>
</li>
<li>
<p>In the <strong>Name</strong> field, type <code>route53</code>, and click <strong>Create policy</strong>.</p>
</li>
<li>
<p>To create the certificate issuer, change the email address and specify the <code>accessKeyID</code>:</p>
<div class="listingblock">
<div class="content">
<pre>$ cat &lt;&lt;EOF | {orch-cli} apply -f -
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: che-certificate-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: your-email@example.com
privateKeySecretRef:
name: letsencrypt
solvers:
- selector:
dnsZones:
- "YOUR DOMAIN"
dns01:
route53:
region: eu-west-1
accessKeyID: &lt;USE ACCESS_KEY_ID_CREATED_BEFORE&gt;
secretAccessKeySecretRef:
name: aws-cert-manager-access-key
key: CLIENT_SECRET
EOF</pre>
</div>
</div>
</li>
<li>
<p>Add the certificate by editing the domain name value (<code>aws.my-ide.cloud</code>, in this case) and the <code>dnsName</code> value:</p>
<div class="listingblock">
<div class="content">
<pre>$ cat &lt;&lt;EOF | {orch-cli} apply -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: che-tls
namespace: __&lt;{prod-namespace}&gt;__
spec:
secretName: che-tls
issuerRef:
name: che-certificate-issuer
kind: ClusterIssuer
dnsNames:
- '*.aws.my-ide.cloud'
acme:
config:
- dns01:
provider: route53
domains:
- '*.aws.my-ide.cloud'
EOF</pre>
</div>
</div>
</li>
<li>
<p>Check if the <code>issuerRef</code> name is the same as the <code>ClusterIssuer</code>. A new DNS challenge is being added to the DNS zone for <em>Let’s encrypt</em>.</p>
<div class="imageblock">
<div class="content">
<a class="image" href="../_images/installation/aws-hosted-zones-dns.png"><img src="../_images/installation/aws-hosted-zones-dns.png" alt="AWS hosted zones DNS"></a>
</div>
</div>
<div class="paragraph">
<p>The cert-manager logs contain information about the DNS challenge.</p>
</div>
</li>
<li>
<p>Obtain the name of the Pods:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ {orch-cli} get pods --namespace cert-manager
NAME READY STATUS RESTARTS AGE
cert-manager-6587688cb8-wj68p 1/1 Running 0 6h
cert-manager-cainjector-76d56f7f55-zsqjp 1/1 Running 0 6h
cert-manager-webhook-7485dd47b6-88m6l 1/1 Running 0 6h</pre>
</div>
</div>
</li>
<li>
<p>Obtain the logs using the following command (here, <code>cert-manager-8d478bb45-sdfmz</code> is the name of the cert-manager Pod):</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ {orch-cli} logs -f cert-manager-8d478bb45-sdfmz -n cert-manager
I0730 14:46:25.382385 1 sync.go:274] Need to create 0 challenges
I0730 14:46:25.382401 1 sync.go:319] Waiting for all challenges for order "che-tls-3365293372" to enter 'valid' state
I0730 14:46:25.382431 1 controller.go:204] cert-manager/controller/orders "level"=0 "msg"="finished processing work item" "key"="che/che-tls-3365293372"
I0730 14:46:25.382813 1 controller.go:219] cert-manager/controller/challenges "level"=0 "msg"="finished processing work item" "key"="che/che-tls-3365293372-0"
I0730 14:46:25.382843 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="che/che-tls-3365293372-0"
I0730 14:46:25.383037 1 dns.go:101] Presenting DNS01 challenge for domain "aws.my-ide.cloud"
I0730 14:47:03.061546 1 dns.go:112] Checking DNS propagation for "aws.my-ide.cloud" using name servers: [100.64.0.10:53]
I0730 14:47:03.220952 1 dns.go:124] Waiting DNS record TTL (60s) to allow propagation of DNS record for domain "_acme-challenge.aws.my-ide.cloud.”</pre>
</div>
</div>
</li>
<li>
<p>Ensure that the certificate is ready:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ kubectl describe certificate/che-tls -n eclipse-che
Status:
Conditions:
Last Transition Time: 2019-07-30T14:46:23Z
Message: Certificate issuance in progress. Temporary certificate issued.
Reason: TemporaryCertificate
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal OrderCreated 50s cert-manager Created Order resource "che-tls-3365293372"</pre>
</div>
</div>
</li>
<li>
<p>Wait for the status to become <code>OK</code> and ensure that the log contains the following entry:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">I0729 13:56:26.140886 1 conditions.go:143] Found status change for Certificate "che-tls" condition "Ready": "False" -&gt; "True"; setting lastTransitionTime to 2019-07-29 13:56:26.140866531 +0000 UTC m=+4557.134131468</pre>
</div>
</div>
</li>
<li>
<p>Ensure that the status is up-to-date using the following command:</p>
<div class="listingblock">
<div class="content">
<pre class="nowrap">$ kubectl describe certificate/che-tls -n eclipse-che
Status:
Conditions:
Last Transition Time: 2019-07-30T14:48:07Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2019-10-28T13:48:05Z
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal OrderCreated 5m29s cert-manager Created Order resource "che-tls-3365293372"
Normal OrderComplete 3m46s cert-manager Order "che-tls-3365293372" completed successfully
Normal CertIssued 3m45s cert-manager Certificate issued successfully</pre>
</div>
</div>
</li>
</ol>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="installing-che-on-kubernetes-using-chectl_and_helm_che"><a class="anchor" href="#installing-che-on-kubernetes-using-chectl_and_helm_che"></a>Installing Che on AWS using chectl</h2>
<div class="sectionbody">
<div class="ulist">
<div class="title">Prerequisites</div>
<ul>
<li>
<p>The <code>chectl</code> management tool is available. See <a href="../using-the-chectl-management-tool/" class="page">Using the chectl management tool</a>.</p>
</li>
<li>
<p>The <code>helm</code> tool is available, with version 2.15 or higher. See <a href="https://helm.sh/">Helm</a>.</p>
</li>
</ul>
</div>
<div class="olist arabic">
<div class="title">Procedure</div>
<ol class="arabic">
<li>
<p>Run the following <code>chectl</code> command to install Che on AWS:</p>
<div class="listingblock">
<div class="content">
<pre>$ chectl server:deploy --installer=helm --platform=k8s --domain=aws.my-ide.cloud --multiuser
› Current Kubernetes context: 'current-context'
✔ Verify Kubernetes API...OK
✔ 👀 Looking for an already existing Eclipse&#160;Che instance
✔ Verify if Eclipse&#160;Che is deployed into namespace "eclipse-che"...it is not
✔ ✈️ Kubernetes preflight checklist
✔ Verify if kubectl is installed
✔ Verify remote kubernetes status...done.
✔ Check Kubernetes version: Found v1.15.12-gke.2.
✔ Verify domain is set...set to aws.my-ide.cloud.
↓ Check if cluster accessible [skipped]
✔ Following Eclipse&#160;Che logs
↓ Start following Operator logs [skipped]
✔ Start following Eclipse&#160;Che server logs...done
✔ Start following Postgres logs...done
✔ Start following Keycloak logs...done
✔ Start following Plugin registry logs...done
✔ Start following Devfile registry logs...done
✔ Start following namespace events...done
✔ 🏃‍ Running Helm to install Eclipse&#160;Che
✔ Verify if helm is installed
✔ Check Helm Version: Found v3.4.1+gc4e7485
✔ Create Namespace (eclipse-che)...does already exist.
✔ Check Eclipse&#160;Che TLS certificate...self-signed TLS certificate secret found
✔ Check Cluster Role Binding...does not exists.
✔ Preparing Eclipse&#160;Che Helm Chart...done.
✔ Updating Helm Chart dependencies...done.
✔ Deploying Eclipse&#160;Che Helm Chart...done.
✔ ✅ Post installation checklist
✔ PostgreSQL pod bootstrap
✔ Scheduling...done
✔ Downloading images...done
✔ Starting...done
✔ Devfile registry pod bootstrap
✔ Scheduling...done
✔ Downloading images...done
✔ Starting...done
✔ Plugin registry pod bootstrap
✔ Scheduling...done
✔ Downloading images...done
✔ Starting...done
✔ Eclipse&#160;Che pod bootstrap
✔ Scheduling...done
✔ Downloading images...done
✔ Starting...done
✔ Eclipse&#160;Che status check...done
✔ Prepare post installation output...done
✔ Show important messages
✔ Eclipse&#160;Che 7.33 has been successfully deployed.
✔ Documentation : https://www.eclipse.org/che/docs
✔ -------------------------------------------------------------------------------
✔ Users Dashboard : https://eclipse-che-eclipse-che.aws.my-ide.cloud
✔ Admin user login : "XXX:XXX". NOTE: must change after first login.
✔ -------------------------------------------------------------------------------
✔ Plug-in Registry : https://plugin-registry-eclipse-che.aws.my-ide.cloud/v3
✔ Devfile Registry : https://devfile-registry-eclipse-che.aws.my-ide.cloud
✔ -------------------------------------------------------------------------------
✔ Identity Provider URL : https://keycloak-eclipse-che.aws.my-ide.cloud/auth
✔ Identity Provider login : "XXX:XXX".
✔ -------------------------------------------------------------------------------</pre>
</div>
</div>
</li>
</ol>
</div>
<div class="olist arabic">
<div class="title">Verification steps</div>
<ol class="arabic">
<li>
<p>Investigate Eclipse&#160;Che logs:</p>
<div class="listingblock">
<div class="content">
<pre>$ chectl server:logs --namespace eclipse-che</pre>
</div>
</div>
</li>
<li>
<p>Verify that certificates are set correctly</p>
<div class="olist loweralpha">
<ol class="loweralpha" type="a">
<li>
<p>Open Eclipse&#160;Che server URL from the output above</p>
</li>
<li>
<p>Click on the lock in address bar</p>
</li>
<li>
<p>Verify it has <strong>Connection is secure</strong></p>
</li>
</ol>
</div>
</li>
</ol>
</div>
<div class="ulist">
<div class="title">Additional resources</div>
<ul>
<li>
<p><a href="../../end-user-guide/navigating-che-using-the-dashboard/" class="page">Navigating Che using the Dashboard</a>.</p>
</li>
</ul>
</div>
</div>
</div>
</article>
</div>
</main>
</div>
<footer class="footer">
<div><a href="https://www.eclipse.org" target="_blank">Eclipse Foundation</a> |
<a href="https://www.eclipse.org/legal/privacy.php" target="_blank">Privacy Policy</a> |
<a href="https://www.eclipse.org/legal/termsofuse.php" target="_blank">Terms of Use</a> |
<a href="https://www.eclipse.org/legal/epl-2.0/" target="_blank">Eclipse Public License</a> |
<a href="https://www.eclipse.org/legal" target="_blank">Legal Resources</a></div>
</footer>
<script src="../../../_/js/site.js"></script>
<script async src="../../../_/js/vendor/highlight.js"></script>
</body>
</html>