Deploying Nextcloud on AWS ECS with Pulumi
#devops#aws#pulumi#nextcloud
joe b

joe b @bzhrxqmksxr

About: https://joeb.is-a.dev

Joined:
Jul 3, 2025

Deploying Nextcloud on AWS ECS with Pulumi

Publish Date: Jul 24
0 0
i am not a devops engineer.

code: gitlab github

This Pulumi program deploys a highly-available, cost-effective Nextcloud service on AWS Fargate with a serverless Aurora PostgreSQL database.

Deployment Option 1 (Gitops)

The first few items are high-level instructions only. You can follow the instructions from the hyperlinked web pages.

  1. A Pulumi account. This is needed for creating personal access token upon provisioning the AWS resources.
  2. Create a non-root AWS IAM User.
  3. Create an IAM User Group called pulumi
  4. Add your IAM User to the User Group.
  5. Attach the IAMFullAccess policy to it. The IAMFullAccess allows your IAM User to add the remaining required IAM policies to the IAM User Group using the automation script later.
  6. Create an access key for your non-root IAM User.
  7. On your Pulumi account, go to Personal access tokens and create a token.
  8. Also create a password for the Aurora Database. You can use a password generator.
  9. Clone this repository either to your Gitlab or Github.
  10. This works either on Gitlab CI/CD or Github Actions. On Gitlab, go to the cloned repository settings -> Settings -> Variables. On Github, go to the cloned repository settings -> Secrets and variables -> Actions -> Secrets.
  11. Store the credentials from steps 6-8 as AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, PULUMI_ACCESS_TOKEN, and POSTGRES_PASSWORD. These will be used as environment variables by the deployment script.
  12. On AWS Console, go to EC2 -> Load Balancers. The DNS name is where you access the Nextcloud Web Interface to establish your new credentials.

The automatic deployment will be triggered if there are changes made on the main.go, .gitlab-ci.yml, or the ci.yml file upon doing a git push. On main.go, you can adjust the specifications of the resources to be manifested. Notable ones are in lines 327, 328, 571, 572, 602, 603, 640.

Deployment Option 2 (Manual)

  1. Install Go, AWS CLI, and Pulumi.
  2. Follow steps 1-8 above.
  3. Add the required IAM policies to the IAM User Group to allow Pulumi to interact with AWS resources: 
printf '%s\n' "arn:aws:iam::aws:policy/AmazonS3FullAccess" "arn:aws:iam::aws:policy/AmazonECS_FullAccess" "arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess" "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess" "arn:aws:iam::aws:policy/AmazonEC2FullAccess" "arn:aws:iam::aws:policy/AmazonVPCFullAccess" "arn:aws:iam::aws:policy/SecretsManagerReadWrite" "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess" "arn:aws:iam::aws:policy/AmazonRDSFullAccess" | xargs -I {} aws iam attach-group-policy --group-name pulumi --policy-arn {}
Enter fullscreen mode Exit fullscreen mode
  1. Add the environment variables. 
export PULUMI_ACCESS_TOKEN="value" && export AWS_ACCESS_KEY_ID="value" && export AWS_SECRET_ACCESS_KEY="value" && export POSTGRES_PASSWORD="value"
Enter fullscreen mode Exit fullscreen mode
  1. Clone the repository and deploy. 
mkdir pulumi-aws && \
cd pulumi-aws && \
pulumi new aws-go && \
rm * && \
git clone https://gitlab.com/joevizcara/pulumi-aws.git . && \
pulumi up
Enter fullscreen mode Exit fullscreen mode

Deprovisioning 

pulumi destroy --yes
Enter fullscreen mode Exit fullscreen mode

Local Testing

The Pulumi.aws-go-dev.yaml file contains a code block to use with Localstack for local testing.

Features

  1. Subscription-free application - Nextcloud is a free and open-source cloud storage and file-sharing platform.
  2. Serverless management - using Fargate and Aurora Serverless reduces infrastructure management.
  3. Reduced cost - can be scaled and highly available as an AWS EKS cluster, but with lower per hour.
  4. Go coding language - a popular language for cloud-native applications, eliminating syntax barriers for engineers

Diagramme

Diagramme

Comments 0 total

    Add comment