Forge and Amazon AWS Deployment, Server Creation, and IAM Policies

We all love Laravel Forge.  It makes things so, so easy.  That being said, when using AWS as your host sometimes AWS permissions can be a bit funny.

Specifically, you need a unique IAM user for Forge so you can assign permission policies.  IAM is Amazon’s way of allowing different users different permissions.  Forge utilizes this by asking for your Access Key ID and Secret Access Key when setting up the initial AWS account link.


A side note: you should be using IAM users, if you aren’t, take a quick break and read why you should be instead of using your root user.  Because yes, your root user also has a key and secret, but don’t use those. 🙂

Alright, so to the point – when assigning IAM users to AWS for Laravel Forge you may be asking the question of which policy to provide the forge IAM user.  There are scary policy names like AdministratorAccess or other Admin-named policies.  But we don’t want to give Forge too many permissions.  We had been trying to crack this question for a while, so I reached out to Taylor:

With that being said, here is the way I’ve used his comments to apply policies – namely two policies, AmazonEC2FullAccess and AmazonVPCFullAccess:


It is worth noting this is only if you want Forge to provision servers for you.  There is still the custom VPS option to have Forge manage a pre-existing server or you could go down the path of making a specific IAM policy that specifies the ARNs of the instances, but then that takes the fun out of Forge – it is supposed to be easy, right?

I have not seen specific AWS policies that manage subnets and SSH keys specifically – so this should work given that it allows for EC2 access.  If it doesn’t – hit me up in the comments and we can get this updated.

Happy Forging!
Tanner Hearne Signature



, , ,




16 responses to “Forge and Amazon AWS Deployment, Server Creation, and IAM Policies”

  1. Nathan Barrett Avatar
    Nathan Barrett

    Thanks! This was the perfect answer to my question.

  2. Alex Mansour Avatar
    Alex Mansour

    Hello @Tanner,

    Thanks for this article. I have tried to create new AWS server following the steps above, but I’m getting the following error in Forge:

    ‘The server provider was unable to create your server. Either try contacting your server provider for more details or add a new server provider credential in your account profile.’

    I have even tried with the root user but it doesn’t work.



    1. Tanner Hearne Avatar

      Hey Alex – that’s strange. Have you recently connected Forge to AWS or has it been a while since you connected your account? I know Forge re-did their AWS integration a while back.

      1. Alex Mansour Avatar
        Alex Mansour

        Thanks for your reply.

        Actually, I have tried with both cases and the result is the same.

        But could it be, because AWS has no Ubuntu 16.04 support yet and Forge require it?

        1. Josh Bruce Avatar

          Hi Alex,

          Came across this and having a similar issue. I get the same credentials error above when creating in any region that isn’t one of the US ones. Not sure how to fix this? Is there something I need to change? I checked and all regions are active and the account fully activated.

          Thanks 😊

      2. Alex Mansour Avatar
        Alex Mansour

        Never mind @tannerhearne:disqus I found that the issue related to the selected region and as new AWS account they activate only US East (Northern Virginia), US West (Oregon).

        1. Tanner Hearne Avatar

          Oh awesome! Alex – so do you mean that your AWS account was restricted from provisioning in other regions or that your Forge account was restricted from provisioning in other regions?

          1. Alex Mansour Avatar
            Alex Mansour

            Yes the AWS as new account it’s allowed to launch only in the mentioned regions.

          2. Tanner Hearne Avatar

            Ah ok – makes sense.

  3. Connor James Leech Avatar

    I had an issue with my AWS keys. I generated an IAM user and got the key + secret and enabled the policies you recommended. However for some reason I got back an error that my AWS credentials were invalid. I ended up putting in my DigitalOcean username in order to add Service Provider. Thank you for the post!

    1. Tanner Hearne Avatar

      Hi Connor,

      Did you ever figure out what was going on?


      1. Connor James Leech Avatar

        Not yet. I am deployed now with Digital Ocean. My next issue is that the images are displaying as 404 but works locally. I think it has something to do with the symlinking but not sure, kind of confused

      2. Connor James Leech Avatar

        I didn’t. It was really easy using digital ocean though! Haven’t really seen other people with the same issue yet but can keep an eye out and at least reported lol

    2. Andrew White Avatar
      Andrew White

      I have the same problem. Can’t seem to find an answer online. I’ve been using DO (super easy) but would like to swap to AWS.

      1. Connor James Leech Avatar

        Make sure you selected a service plan and that aws has your credit card stored for your account. Those issues fixed it for me!

        1. Andrew White Avatar
          Andrew White

          Thanks! It turns out I had everything configured correctly…I just needed to wait a couple of hours for AWS to ‘create’ the account. I realized that might be the issue when discovered I couldn’t create an EC2 instance on my own. After waiting a couple of hours, I got the email that said the account was ready and then Forge had no issue.