- Go to S3 → Create bucket
- Name:
yourcompany-product-images-prod(unique name) - Region: Same as your EC2 (e.g.,
us-east-1) - Encryption: Enable (SSE-S3)
- Save bucket name
- Go to IAM → Policies → Create policy
- Use JSON tab, paste:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:HeadObject"],
"Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/*"
},
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": "arn:aws:s3:::YOUR-BUCKET-NAME"
}
]
}- Replace
YOUR-BUCKET-NAMEwith your bucket name - Name:
ProductServiceS3Policy
- Go to IAM → Roles → Create role
- Select EC2 → Next
- Attach
ProductServiceS3Policy→ Next - Name:
EC2-S3-Access-Role→ Create role
- Go to EC2 → Instances
- Select your instance → Actions → Security → Modify IAM role
- Select
EC2-S3-Access-Role→ Update
Create application-prod.properties or use environment variables:
aws.region=us-east-1
aws.s3.bucket=your-bucket-name-here
aws.s3.endpoint-override=
aws.s3.path-style-enabled=false
aws.access-key-id=
aws.secret-access-key=Note: Leave access keys empty if using IAM role (recommended)
# Build
mvn clean package
# Copy to EC2
scp -i key.pem target/product-service.jar ec2-user@your-ec2-ip:~/app/
# SSH into EC2
ssh -i key.pem ec2-user@your-ec2-ip
# Run with production config
cd ~/app
java -jar product-service.jar --spring.config.location=application-prod.propertiesIf not using IAM role, create IAM user:
- IAM → Users → Create user
- Attach
ProductServiceS3Policy - Create access key → Save keys securely
- Set environment variables on EC2:
export AWS_ACCESS_KEY_ID=your-key-id
export AWS_SECRET_ACCESS_KEY=your-secret-keySee AWS_DEPLOYMENT_GUIDE.md for detailed step-by-step instructions.