# Deploy on AWS {% hint style="success" %} This is the official documentation of the `@forestadmin/agent` Node.js agent. {% endhint %} This tutorial is designed to assist you with a step-by-step guide to deploy the admin backend to Amazon Web Services, using EC2, ELB, ACM and Route53. First, please ensure you have an AWS account. You can sign up [here](https://aws.amazon.com/). #### 1. Launch an EC2 Instance: * Navigate to the EC2 dashboard and click on `Launch Instance`. * Choose an Amazon Machine Image (AMI) such as `Amazon Linux 2023 AMI`. * Select `t2.micro` (part of the AWS Free Tier). * Select `Proceed without a key pair` ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-cc4ec0b7e5e285e2bbdaf0b4d8e0acc7e3433254%2Fdeploy-on-aws-key-pair.png?alt=media) * On the `Configure Security Group` step, create a new security group: * allow `ssh traffic`. * allow `HTTPS traffic`. * allow `HTTP traffic`. ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-211ac7bdc75ba0a65bfd85ede15f7735e7dbac29%2Fdeploy-on-aws-security-group.png?alt=media) * Review and launch the instance. #### 2. Connect to the EC2 instance: * Navigate to your EC2 instance and click on `Connect`. * Leave the default parameters and click on `Connect` again. * Your are now connected to your instance. #### 3. Set up your instance: {% hint style="info" %} The command lines in this step demonstrate how to install a Node.js agent. If you are running Forest Admin on another agent, please adapt the following to your specific stack. {% endhint %} * Update the instance: ```bash sudo yum update -y ``` * Install Git: ```bash sudo yum install git -y ``` * Clone your repo: ```bash git clone your-repo-link ``` * Install Node.js and npm: ```bash sudo yum install npm -y ``` * Navigate to your project directory and install the necessary packages: ```bash cd your-repo-directory npm install ``` * Set up all the necessary environment variables provided by the Forest Admin environment creation wizard. * Add the `APPLICATION_PORT` environment variable to be able to contact the server from outside. In this example, we will choose `APPLICATION_PORT=3310`. If you choose another port, please adapt the next steps accordingly. * Start the agent ```bash npm run start:watch ``` #### 4. Adjust security group rules: * Navigate to your EC2 instance's security group. * Click on `Edit inbound rules`. * Add a Custom TCP inbound rule to allow on port `3310`. ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-ce0e5ee5798070828a4acd7bd951ac114e2d9e13%2Fdeploy-on-aws-inbound-rules.png?alt=media) #### 5. Create a target group: * In the AWS Management Console, navigate to the EC2 service. * Under "Target Groups", click `Create Target Groups`. * Ensure target type is instance. * Choose HTTP to `3310`. * Ensure VPC is set to the same VPC as your EC2 instance. * Setup the health checks as set to `/forest`. * On the next step, select instance and click on `Include as pending below`. * Finally create the target group. #### 6. Request a certificate using AWS Certificate Manager (ACM): * Navigate to ACM and click on `Request a certificate`. * Enter your domain name and validate the domain ownership using DNS validation. * After viewing the new created certificate, click on `Create records in Route 53`. * Wait for the certificate to be validated (this can take some time < 1mn). #### 7. Set up an Application Load Balancer (ALB): * In the AWS Management Console, navigate to the EC2 service. * Under "Load Balancers", click `Create Load Balancer`. * Choose `Application Load Balancer` and follow the setup. * Ensure the ALB is set to the same VPC as your EC2 instance. * Select all regions. ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-6f80907f29721cb76c6cf21c85f0116053edafa6%2Fdeploy-on-aws-alb-regions.png?alt=media) * Remove default security group and select the group associated to the newly created instance. ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-467d488ffd82fee3d093b3ae8f543a1cd62b5235%2Fdeploy-on-aws-alb-security.png?alt=media) * Add an HTTPS listener and choose previously created target group and certificate. ![](https://3861847666-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F9UN5oBJhgzLadOqi7jx6%2Fuploads%2Fgit-blob-ad6c784823df20e44f001c709966bbcdfdb73579%2Fdeploy-on-aws-alb-https-listener.png?alt=media) * After creating the ALB copy the `DNS name`. #### 8. Add CNAME to Route53: * Navigate to Route53 and choose your hosted zone (domain). * Create a `CNAME` record with the domain name filled in the certificate and the `DNS name` of the ALB. #### 9. Finalize: Check your domain. You should be able to access your Forest Admin panel environment hosted on AWS. 🎉 {% hint style="info" %} This is a basic setup, and there are many optimizations and security enhancements (like using RDS, tightening security groups, etc.) that can be done for a production-ready deployment. Please refer to the [AWS documentation](https://docs.aws.amazon.com/index.html) to go deeper. {% endhint %}