Skip to content

AWS Connection

This guide will help you connect a Coherence app to AWS.


This guide assumes:

Set up your cloud provider

In the Coherence console, click on the application you wish to connect to your cloud provider.

Application preview tab

Click the Add Preview cloud button and complete the popup form. Note that all the fields are required.

AWS preview cloud

  1. Select Amazon AWS from the provider drop-down list.
  2. Fill in your AWS account ID. Find this on your AWS console by clicking on the dropdown behind your username on the top right-hand side of the AWS console. AWS find account ID
  3. Select the AWS region where you want to host your infrastructure.

{% callout type="note" title="" %} Please take note of the requirements and check the checkboxes: - You must have admin privileges on the AWS account. - Sufficient quotas must be available. If unsure, follow the on-screen requirements link to find out more. {% /callout %}

Click the Next button to continue.

The Add Preview cloud IAM role dialog will open.

AWS add preview cloud IAM role

Create a new role in AWS

Sign in to your AWS console.

Search "IAM" in the service search bar at the top and select the IAM option from the search results.

Go to IAM

In the IAM configuration page, click the Roles tab in the left sidebar and click the Create role button.

Create a role in AWS console

Select the Custom trust policy.

Set up custom trust policy

In the Add Preview cloud IAM role dialog in Coherence, copy the custom trust policy JSON snippet and paste it into the AWS custom trust policy configuration field.

Click Next.

In the search box for permissions policies, search for "AdministratorAccess".

In the search results, check the box for the "AdministratorAccess" policy with the type "AWS managed - job function".

Give admin access to a custom trust policy in the AWS console

Click Next.

Return to the Add Preview cloud IAM role dialog in Coherence and copy the role name from the role name field. Paste the copied role name into the role name field in the AWS create role dialog.

Verify the role details and click Create role.

If there are any validation errors, they will be noted on the screen. If the role was successfully created, a confirmation notification will display at the top of the AWS roles list view.

Role created

Return to the Coherence Add Preview cloud IAM role dialog and click Continue.

Coherence will check if it can access the newly created role. If the role is not detected, you'll receive the notification, "We didn't detect an IAM role. Please wait a minute and try again."

Import variables

Next, you can optionally enter or configure variables to be used in conjunction with your cloud provider.

import variables

These variables are stored in your AWS Secrets Manager.

Coherence securely integrates with cloud build pipelines and container runtimes and automatically injects variables for managed resources like databases, eliminating the need to manually copy items such as DATABASE_URL or REDIS_URL. See more on environment variables in the documentation.

If you don't need environment variables, you can click Skip this.

Configure infrastructure

Coherence uses the coherence.yml file to set up the infrastructure your app needs.

In the configure infrastructure step, you will be presented with a list of the resources defined in the coherence.yml file that Coherence has detected.

Select the resources that are applicable to your project and click Continue.

Coherence configuring the infrastructure

Coherence will now create the resources defined in the coherence.yml file and provision the preview cloud. Note that provisioning the preview cloud will make changes to your AWS environment and might lead to cost implications if left unattended.

You will be redirected to the Infrastructure Logs tab.

Coherence magic

Provisioning the preview cloud can take 5-30 minutes, depending on the complexity of the configuration. Once Coherence successfully submits a build to your integration branch, you’re up and running.

If Coherence doesn't successfully provision the preview cloud, look at the infrastructure logs to help you address the issue, make any necessary changes, and retry.

Troubleshooting initial configuration errors

If you are using Coherence with your AWS environment for the first time, you might run into an error like this:

Error: creating CloudFront Distribution: AccessDenied: Your account must be verified before you can add new CloudFront
resources. To verify your account, please contact AWS Support ( and
include this error message. status code: 403, request id: 0089832f-a155-470a-91cb-e7a988b94db Error:
aws_cloudfront_distribution.main_coherencedemoapp1_ZnJvbnRIbnQ_cdn: Creation errored after 8s For more help, please
contact support at

To solve this error, do the following:

  • If your AWS account is newly created, double-check that it is verified.
  • Make sure that the correct quotas are available on your AWS account.
  • If the issue is still not resolved, navigate to Support Center in your AWS console. AWS support center
  • Click the Create Case button.
  • Create a case under the "Account and Billing Section".
  • Under Service, select Account.
  • Under Category, select Other Account Issues.
  • Paste the error text from Coherence into the description and submit the case.

When the issue is resolved, repeat the set-up steps.

Using the Preview cloud

In the Coherence console, navigate to the Preview tab for the application.

Preview tab

  1. The checklist on the top right should show all items checked. If all items aren't checked, consult the Infrastructure Logs to troubleshoot, correct any issues, and repeat the steps in the guide to complete setup.
  2. The app integration branch name and status are displayed under Integration branches.
  3. The menu button next to the integration branch contains links to:
  4. View details: View more details about the build. Preview cloud details Click Submit build to start a new automated build and deployment process. Coherence will pull the latest source from the configured GitHub account, push it to AWS code build pipelines, and deploy it to the AWS cloud.

  5. View live: View the live preview of the deployed application. This will take you to the deployed application that links to the static route 53 hosted zone URL configured in the AWS cloud environment, configured by Coherence. Live preview

{% callout type="note" title="" %} A change to the integration branch in GitHub will trigger a build and deploy to the Preview cloud environment with the latest changes. {% /callout %}

AWS resources reference

The resources and environments created by Coherence on your AWS cloud will differ depending on your specific use case and configuration.

Here's a short outline of a few important resources that may be created on your AWS cloud. You should monitor your AWS environment, as some configurations may have cost implications.

View services in the AWS console.

Route 53

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. Read more about Route 53 in the AWS documentation.

  • Coherence sets up a hosted zone in Route 53 for the live view of your deployed app.
  • Access the hosted zone by searching for "Route 53" in the console search bar and clicking "Route 53" in the results. Route 53
  • On the Route 53 page, click Hosted zones in the sidebar. AWS Route 53 hosted zone
  • The Hosted zones page lists the hosted zones in the region.
  • Hosted zones created by Coherence will have or similar in their name.


Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. Read about Amazon S3 in the Amazon documentation.

  • Coherence sets up buckets in your S3 storage to store your application's build files.
  • Access the S3 service by searching for "S3" in the console search bar and selecting "S3" from the results.
  • The Amazon S3 page lists the buckets created while configuring your app. AWS S3 storage


Amazon Elastic Container Registry (Amazon ECR) is a fully managed container registry offering high-performance hosting, so you can reliably deploy application images and artifacts anywhere. For more information on Amazon ECR, read the Amazon documentation.

  • Coherence sets up private repositories in your Amazon ECR service to host your applications.
  • Access the ECR service by searching for "ECR" in the console search bar and selecting "Elastic Container Registry" from the results.
  • Select "Repositories" under "Private registry" in the sidebar to see a list of the repositories created while configuring your app. Amazon ECR


Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content such as .html, .css, .js, and image files to your users. Read more about Amazon CloudFront in the Amazon documentation.

  • Access the Amazon CloudFront service by searching for "CloudFront" in the console search bar and selecting "CloudFront" from the results.
  • The CloudFront page lists the CloudFront distributions created while configuring your app. CloudFront distributions initial creation


AWS Key Management Service (AWS KMS) lets you create, manage, and control cryptographic keys across your applications and AWS services. For more information on AWS KMS, read the Amazon documentation.

  • Access AWS KMS by searching for "KMS" in the console search bar and selecting "Key Management Service" from the results.
  • The Amazon KMS page lists the keys created while configuring your app. AWS KMS keys