Skip to main content

AWS CLI Configuration

Configure the AWS CLI with your credentials to enable Terraform and Docker to interact with AWS services.

Configure AWS Credentials

Run the AWS configuration wizard: 
aws configure
You’ll be prompted for the following information:
1

AWS Access Key ID

Enter the Access Key ID from your IAM user:
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
2

AWS Secret Access Key

Enter the Secret Access Key from your IAM user:
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
3

Default Region

Choose your preferred AWS region (us-east-1 recommended):
Default region name [None]: us-east-1
4

Output Format

Set output format to JSON:
Default output format [None]: json

Verify AWS Access

Confirm your AWS credentials are correctly configured: 
aws sts get-caller-identity
Expected output: 
{
    "UserId": "AIDAI...",
    "Account": "123456789012",
    "Arn": "arn:aws:iam::123456789012:user/your-username"
}
If you see your account information, AWS CLI is properly configured!
If you receive an authentication error, double-check your Access Key ID and Secret Access Key.

AWS Region Selection

Choose the AWS region closest to your users for optimal performance.
RegionLocationRegion Code
US East (N. Virginia)North Americaus-east-1
US West (Oregon)North Americaus-west-2
EU (Ireland)Europeeu-west-1
EU (Frankfurt)Europeeu-central-1
Asia Pacific (Singapore)Asiaap-southeast-1
Asia Pacific (Tokyo)Asiaap-northeast-1
This guide uses us-east-1 in examples. Replace with your chosen region throughout the deployment.

VPC and Subnet Configuration

ECS Fargate requires a VPC and at least 2 subnets in different availability zones for high availability. Most AWS accounts have a default VPC that works out of the box.

Get Default VPC ID

aws ec2 describe-vpcs \
  --filters "Name=isDefault,Values=true" \
  --query "Vpcs[0].VpcId" \
  --output text
Expected output: 
vpc-0a1b2c3d4e5f6g7h8
Save this VPC ID - you’ll need it for Terraform configuration.

Get Default Subnets

Retrieve all subnets in your default VPC: 
# Replace vpc-xxxxx with your VPC ID from above
aws ec2 describe-subnets \
  --filters "Name=vpc-id,Values=vpc-0a1b2c3d4e5f6g7h8" \
  --query "Subnets[*].[SubnetId,AvailabilityZone,CidrBlock]" \
  --output table
Expected output: 
----------------------------------------------------------
|                    DescribeSubnets                     |
+----------------------+-------------+-------------------+
|  subnet-abc123def456 |  us-east-1a |  172.31.0.0/20   |
|  subnet-ghi789jkl012 |  us-east-1b |  172.31.16.0/20  |
|  subnet-mno345pqr678 |  us-east-1c |  172.31.32.0/20  |
+----------------------+-------------+-------------------+
Select at least 2 subnets from different availability zones (e.g., us-east-1a and us-east-1b).
Example subnet selection: 
# Save these subnet IDs
SUBNET_1="subnet-abc123def456"  # us-east-1a
SUBNET_2="subnet-ghi789jkl012"  # us-east-1b

Option 2: Create Custom VPC

If you prefer to isolate the llms.txt Generator in its own VPC:

Create VPC

aws ec2 create-vpc \
  --cidr-block 10.0.0.0/16 \
  --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=llmstxt-vpc}]' \
  --query 'Vpc.VpcId' \
  --output text

Enable DNS Hostnames

# Replace vpc-xxxxx with your new VPC ID
aws ec2 modify-vpc-attribute \
  --vpc-id vpc-xxxxx \
  --enable-dns-hostnames

Create Subnets

# Subnet 1 (us-east-1a)
aws ec2 create-subnet \
  --vpc-id vpc-xxxxx \
  --cidr-block 10.0.1.0/24 \
  --availability-zone us-east-1a \
  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=llmstxt-subnet-1a}]'

# Subnet 2 (us-east-1b)
aws ec2 create-subnet \
  --vpc-id vpc-xxxxx \
  --cidr-block 10.0.2.0/24 \
  --availability-zone us-east-1b \
  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=llmstxt-subnet-1b}]'

Create Internet Gateway

# Create gateway
IGW_ID=$(aws ec2 create-internet-gateway \
  --tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value=llmstxt-igw}]' \
  --query 'InternetGateway.InternetGatewayId' \
  --output text)

# Attach to VPC
aws ec2 attach-internet-gateway \
  --internet-gateway-id $IGW_ID \
  --vpc-id vpc-xxxxx

Configure Route Table

# Get main route table
RTB_ID=$(aws ec2 describe-route-tables \
  --filters "Name=vpc-id,Values=vpc-xxxxx" \
  --query 'RouteTables[0].RouteTableId' \
  --output text)

# Add route to internet gateway
aws ec2 create-route \
  --route-table-id $RTB_ID \
  --destination-cidr-block 0.0.0.0/0 \
  --gateway-id $IGW_ID
If creating a custom VPC, update the security group configuration in Terraform to allow outbound internet access.

Network Configuration Summary

Before proceeding, ensure you have identified:
  • VPC ID: vpc-xxxxxxxxxxxxx
  • Region: us-east-1 (or your chosen region)
  • Internet Access: Enabled (via Internet Gateway)
  • Subnet 1 ID: subnet-xxxxxxxxxxxxx
  • Subnet 1 AZ: us-east-1a
  • Subnet 2 ID: subnet-yyyyyyyyyyyyy
  • Subnet 2 AZ: us-east-1b
Subnets must be in different availability zones for ECS high availability.
  • DNS Hostnames: Enabled
  • DNS Resolution: Enabled
Verify with:
aws ec2 describe-vpc-attribute \
  --vpc-id vpc-xxxxx \
  --attribute enableDnsHostnames

Security Considerations

IAM Permissions

The IAM user or role running Terraform needs these permissions:
  • EC2: Full access (VPC, subnets, security groups)
  • ECS: Full access (clusters, services, task definitions)
  • ECR: Full access (repositories, images)
  • IAM: Create/manage roles and policies
  • Application Load Balancer: Full access
  • CloudWatch: Logs and metrics
  • Lambda: Full access
  • EventBridge: Full access
  • ACM: Certificate management
  • S3: Bucket creation and object storage
For production, use a more restrictive custom policy. For initial deployment, AdministratorAccess simplifies setup.

AWS Service Limits

Check your AWS account limits for key services: 
# Check VPC limits
aws service-quotas get-service-quota \
  --service-code vpc \
  --quota-code L-F678F1CE

# Check ECS limits
aws service-quotas get-service-quota \
  --service-code ecs \
  --quota-code L-D78D97F6
Default limits are typically sufficient. Request increases if you plan to run multiple environments.

Testing Network Connectivity

Verify Subnet Internet Access

Ensure your subnets can reach the internet (required for ECS to pull Docker images): 
# Check route tables
aws ec2 describe-route-tables \
  --filters "Name=vpc-id,Values=vpc-xxxxx" \
  --query "RouteTables[*].Routes[?GatewayId!=null]"
You should see a route to an Internet Gateway (igw-xxxxx): 
[
  {
    "DestinationCidrBlock": "0.0.0.0/0",
    "GatewayId": "igw-xxxxxxxxxxxxx",
    "State": "active"
  }
]

Next Steps

Database & Storage Setup

Configure Supabase database and Cloudflare R2 storage

Build docs developers (and LLMs) love

Get started for freeTalk to us