Connect AWS Account

Connect your AWS account to Encore Cloud to deploy your Leap application directly to your own AWS infrastructure. This gives you full data sovereignty while leveraging Encore’s deployment automation.

Prerequisites

AWS Account Access

Active AWS account with appropriate permissions
Ability to create IAM roles in your AWS account
Understanding of which AWS region you want to deploy to

Leap Application Ready

Your application built and tested with Leap
Preview environment validated and working
Ready to deploy to production infrastructure

Connection Process

Access the Connect Cloud page

In your Leap project:

Go to the Encore Cloud dashboard
Select your application
Navigate to App Settings → Integrations → Connect Cloud
Select Amazon Web Services (AWS)

Create IAM Role in AWS

Follow the detailed instructions provided on the Connect Cloud page to:

Create a new IAM Role in your AWS account
Configure the trust relationship with Encore Cloud
Attach the necessary permissions for infrastructure provisioning

Security requirement: Make sure to check “Require external ID” and specify the external ID provided in the Encore Cloud instructions. This is critical for security.

Connect the Role

Back in Encore Cloud:

Enter the ARN of the IAM role you created
Verify the external ID matches what you configured
Test the connection to ensure Encore can assume the role

Choose Deployment Region

Select which AWS region you want Encore Cloud to provision resources in:

Consider latency to your users
Review AWS region capabilities and compliance requirements
Factor in your existing AWS infrastructure location

Learn more about AWS regions

What Gets Deployed

When you deploy to your AWS account through Encore Cloud, the following infrastructure is automatically provisioned:

Compute Resources

Container-based application hosting

AWS services appropriate for your application architecture
Auto-scaling based on demand
Load balancing for high availability
Security groups with proper network isolation

Database Infrastructure

Managed database services

Amazon RDS for PostgreSQL (or your configured database)
Automated backups and maintenance
Multi-AZ deployment for production environments
Proper security configuration and access controls

Networking & Security

Production-ready network configuration

VPC with appropriate subnet configuration
Security groups following least-privilege principles
SSL/TLS certificates for secure communication
IAM roles and policies for service access

Monitoring & Logging

Observability integration

CloudWatch integration for metrics and logs
Integration with Encore’s monitoring dashboard
Alerting configuration for critical events
Performance monitoring and optimization insights

IAM Permissions

The IAM role you create needs appropriate permissions to provision and manage infrastructure in your AWS account. The exact permissions required will be specified in the Connect Cloud setup instructions, but typically include:

Essential AWS services for application deployment

Compute: ECS, Fargate, or EC2 for running your application
Database: RDS for managed database services
Networking: VPC, subnets, security groups, and load balancers
Storage: S3 for application assets and backups

Managing Your Deployment

Encore Cloud Dashboard

Monitor and manage through Encore

View application performance and health
Access logs and distributed tracing
Manage deployments and rollbacks
Configure environments and settings

AWS Console

Direct access to your infrastructure

View and manage AWS resources directly
Access detailed CloudWatch metrics
Configure additional AWS services
Manage billing and cost optimization

Important Considerations

Resource Management

Understanding infrastructure lifecycle

Encore Cloud provisions infrastructure in your AWS account
Resources are billed directly to your AWS account
Manual approval required for resource deletion for safety
If you disconnect or delete environments, you must explicitly approve infrastructure deletion in the Encore Cloud dashboard

Cost Management

Controlling AWS costs

Use AWS Cost Explorer to monitor spending
Set up billing alerts in your AWS account
Leverage existing AWS Reserved Instances or Savings Plans
Consider AWS resource optimization recommendations

Security & Compliance

Maintaining security standards

Your data remains in your AWS account at all times
Leverage your existing AWS security policies
Use AWS CloudTrail for audit logging
Implement your organization’s compliance requirements

Troubleshooting

Role Assumption Issues

Common IAM role problemsProblem: Encore Cloud cannot assume the IAM role Solution:

Verify the external ID is correctly configured
Check that the trust relationship includes Encore’s account
Ensure the role has necessary permissions
Confirm you’re using the correct role ARN

Permission Errors

Insufficient permissions during deploymentProblem: Deployment fails due to missing permissions Solution:

Review the permissions required in the Connect Cloud instructions
Check AWS CloudTrail logs for specific permission denials
Ensure the IAM role has all required service permissions
Contact support if you need clarification on required permissions

Region Issues

Deployment region problemsProblem: Resources cannot be created in selected region Solution:

Verify the region supports all required AWS services
Check for any organization-level region restrictions
Ensure your AWS account has appropriate limits in the region
Consider selecting an alternative region if needed

Getting Help

If you encounter issues during the AWS connection process:

Encore Support

Direct support channels

Email: support@encore.dev
Encore Discord community
Detailed setup instructions in Connect Cloud page

AWS Documentation

Additional AWS resources

AWS IAM Roles Documentation
AWS Regions and Availability Zones
AWS Support for account-specific issues

Next steps: After connecting your AWS account, you can deploy your application by clicking Deploy in your Leap project and selecting your AWS environment. The first deployment typically takes 10-15 minutes as infrastructure is provisioned.

Getting started

Understanding your Leap app

Best practices

Tutorials

Deployment

Integrations

Comparisons

Connect AWS Account

Prerequisites

Connection Process

What Gets Deployed

IAM Permissions

Managing Your Deployment

Encore Cloud Dashboard

AWS Console

Important Considerations

Troubleshooting

Getting Help

Encore Support

AWS Documentation

Getting started

Understanding your Leap app

Best practices

Tutorials

Deployment

Integrations

Comparisons

​Prerequisites

​Connection Process

​What Gets Deployed

​IAM Permissions

​Managing Your Deployment

Encore Cloud Dashboard

AWS Console

​Important Considerations

​Troubleshooting

​Getting Help

Encore Support

AWS Documentation

Prerequisites

Connection Process

What Gets Deployed

IAM Permissions

Managing Your Deployment

Important Considerations

Troubleshooting

Getting Help