Connect AWS Account
Deploy your Leap application to your own AWS account through Encore Cloud
Connect your AWS account to Encore Cloud to deploy your Leap application directly to your own AWS infrastructure. This gives you full data sovereignty while leveraging Encore’s deployment automation.
Prerequisites
AWS Account Access
- Active AWS account with appropriate permissions
- Ability to create IAM roles in your AWS account
- Understanding of which AWS region you want to deploy to
Leap Application Ready
- Your application built and tested with Leap
- Preview environment validated and working
- Ready to deploy to production infrastructure
Connection Process
Access the Connect Cloud page
In your Leap project:
- Go to the Encore Cloud dashboard
- Select your application
- Navigate to App Settings → Integrations → Connect Cloud
- Select Amazon Web Services (AWS)
Create IAM Role in AWS
Follow the detailed instructions provided on the Connect Cloud page to:
- Create a new IAM Role in your AWS account
- Configure the trust relationship with Encore Cloud
- Attach the necessary permissions for infrastructure provisioning
Security requirement: Make sure to check “Require external ID” and specify the external ID provided in the Encore Cloud instructions. This is critical for security.
Connect the Role
Back in Encore Cloud:
- Enter the ARN of the IAM role you created
- Verify the external ID matches what you configured
- Test the connection to ensure Encore can assume the role
Choose Deployment Region
Select which AWS region you want Encore Cloud to provision resources in:
- Consider latency to your users
- Review AWS region capabilities and compliance requirements
- Factor in your existing AWS infrastructure location
What Gets Deployed
When you deploy to your AWS account through Encore Cloud, the following infrastructure is automatically provisioned:
IAM Permissions
The IAM role you create needs appropriate permissions to provision and manage infrastructure in your AWS account. The exact permissions required will be specified in the Connect Cloud setup instructions, but typically include:
Essential AWS services for application deployment
- Compute: ECS, Fargate, or EC2 for running your application
- Database: RDS for managed database services
- Networking: VPC, subnets, security groups, and load balancers
- Storage: S3 for application assets and backups
Essential AWS services for application deployment
- Compute: ECS, Fargate, or EC2 for running your application
- Database: RDS for managed database services
- Networking: VPC, subnets, security groups, and load balancers
- Storage: S3 for application assets and backups
IAM and security service permissions
- IAM: Create and manage service roles
- Secrets Manager: Store and manage application secrets
- Certificate Manager: Provision SSL certificates
- CloudWatch: Monitoring and logging
Recommended security configuration
✅ Use external ID: Always require external ID for role assumption ✅ Least privilege: Only grant permissions necessary for deployment ✅ Regular review: Periodically review and update permissions ✅ Condition policies: Use condition policies to restrict access further
Managing Your Deployment
Encore Cloud Dashboard
Monitor and manage through Encore
- View application performance and health
- Access logs and distributed tracing
- Manage deployments and rollbacks
- Configure environments and settings
AWS Console
Direct access to your infrastructure
- View and manage AWS resources directly
- Access detailed CloudWatch metrics
- Configure additional AWS services
- Manage billing and cost optimization
Important Considerations
Troubleshooting
Getting Help
If you encounter issues during the AWS connection process:
Encore Support
Direct support channels
- Email: support@encore.dev
- Encore Discord community
- Detailed setup instructions in Connect Cloud page
AWS Documentation
Additional AWS resources
- AWS IAM Roles Documentation
- AWS Regions and Availability Zones
- AWS Support for account-specific issues
Next steps: After connecting your AWS account, you can deploy your application by clicking Deploy in your Leap project and selecting your AWS environment. The first deployment typically takes 10-15 minutes as infrastructure is provisioned.