This section guides you through setting up client configuration and building tools to deploy Orca directly onto an EC2 instance.

Managing your own EC2 instance "manually" will use certificates issued by Let's Encrypt.

1. Launch an EC2 instance configured as follows:

• Choose an instance of type Amazon Linux 2023 AMI (e.g.: ami-0fc3317b37c1269d3).

• Pick a preconfigured Security Group that opens HTTP (:80/tcp), HTTPS (:443/tcp) and SSH (:22/tcp).

  • Also ensure that [::]:80, [::]:443 and [::]:22 are open, for IPv6 support.

• Grant it the ec2-orca-install IAM Role that allows:

  Policy	Service	Reason
  AmazonEC2ReadOnlyAccess	EC2	List instance tags
  AmazonS3ReadOnlyAccess	S3	Get client-specific configuration
  AmazonEC2ContainerRegistryReadOnly	ECR	Access Orca's docker container

2. Create the DNS record for <client-id>.orca-solution.com pointing to the right instance (use an Elastic IP).

3. Set the expected environment variables:

   • Edit the configuration template
   • Upload it as <client-id>.conf in the orca-clients S3 bucket (arn:aws:s3:::orca-clients).

4. Connect onto the machine and install the latest release via the setup script on master branch:

   ssh -i /path/to/key.pem ec2-user@<client-id>.orca-solution.com
   bash <(curl -s https://raw.githubusercontent.com/ccjmne/orca-deploy/master/ec2/utils/deploy.sh)

Use the update.sh script installed during the deployment in your home directory (/home/ec2-user) as follows:

./update.sh <version>

Where <version> corresponds to a tag for our web app's Docker container and defaults to latest.

Create a new release on GitHub and upload the setup.tar.gz archive as an asset, generated as follows:

tar --directory setup -czvf setup.tar.gz .