AWS Deployment
Deploy the FailZero agent on AWS using EC2 or ECS/Fargate.EC2
1. Create IAM Role
2. Attach IAM Policies
Scope permissions to specific resources in production. These examples use wildcards for simplicity.
3. Create Instance Profile
4. Launch EC2 Instance
ECS/Fargate
1. Create Task Execution Role
2. Create Task Definition
3. Create ECS Service
IAM Permissions
Minimum Required
| Service | Actions | Purpose |
|---|---|---|
| RDS | rds:PromoteReadReplica, rds:DescribeDBInstances | Promote replicas |
| Route53 | route53:ChangeResourceRecordSets | Update DNS records |
Optional (Based on DR Plan)
| Service | Actions | Purpose |
|---|---|---|
| Auto Scaling | autoscaling:UpdateAutoScalingGroup | Scale compute |
| ECS | ecs:UpdateService | Scale containers |
| Secrets Manager | secretsmanager:GetSecretValue | Read secrets |
| S3 | s3:GetObject, s3:PutObject | Backup operations |
| SNS | sns:Publish | Notifications |
Verify Deployment
EC2
ECS
Troubleshooting
Permission denied errors:- Verify IAM role/policy is attached correctly
- Check task role (not execution role) has DR permissions
- Ensure Secrets Manager permissions for token retrieval
- Verify security group allows outbound HTTPS (port 443)
- Check NAT gateway if running in private subnet
- Ensure VPC endpoints or internet gateway is configured
- Check CloudWatch logs for error messages
- Verify Secrets Manager secret exists and is accessible
- Confirm AWS_ACCOUNT_ID and AWS_REGION are correct
Next Steps
Example Plans
AWS-specific DR configurations
Multi-Cloud
Fail over between AWS and GCP

