AWS stacks

An AWS stack is a single EC2 instance (or, optionally, an autoscaling group) running dokku in your AWS account. OwnStack provisions it via your IAM credentials, opens the right security group ports, and installs the platform.

Prerequisites

An AWS account where you have permission to create EC2 instances, security groups, and (optionally) Elastic IPs.
An IAM access key + secret key with the policy below, or an OAuth-style integration if you've connected the account already.

Minimum IAM policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:RunInstances",
        "ec2:TerminateInstances",
        "ec2:DescribeInstances",
        "ec2:CreateTags",
        "ec2:CreateSecurityGroup",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeImages",
        "ec2:DescribeKeyPairs",
        "ec2:CreateKeyPair",
        "ec2:AllocateAddress",
        "ec2:AssociateAddress",
        "ec2:ReleaseAddress",
        "ec2:DescribeAddresses"
      ],
      "Resource": "*"
    }
  ]
}

Create the stack

In the dashboard, Stacks → New → AWS. Pick:

Field	What to set
Region	Where to provision. Closer is faster; a single region is fine for v1.
Instance type	`t3.small` (2 vCPU, 2 GiB) is enough for small apps. Bump to `t3.medium` or `m6i.large` if you'll run real traffic.
EBS volume size	30 GiB minimum (dokku images add up). 50–100 GiB is comfortable.
Elastic IP	Recommended — DNS won't break on instance restart.

Hit Provision. It takes 3–5 minutes — you'll see the instance come up, dokku install, and the stack flip to provisioned.

Network

OwnStack creates a security group with these inbound rules:

Port	From	Purpose
22 (SSH)	0.0.0.0/0	Control-plane and CLI SSH. Restrict to known IPs in production.
80 (HTTP)	0.0.0.0/0	nginx — Let's Encrypt HTTP-01 challenges, then redirected to 443.
443 (HTTPS)	0.0.0.0/0	nginx — your apps' traffic.

Sizing for real workloads

Workload	Recommended
One Rails app, low traffic	`t3.small` + 30 GiB EBS
One Rails app, real traffic + Postgres	`t3.medium` + 50 GiB
Multiple apps + multiple Sidekiq workers	`m6i.large` + 100 GiB
Heavy Postgres workload	Move Postgres off-box (RDS) and keep the stack small. See Databases.

Backups

OwnStack supports app-level and stack-level backups to S3. Configure under Stack → Backups with an S3 bucket in the same account (or cross-account with appropriate IAM). See Stack backups.

Decommissioning

$ ownstack stack destroy <stack>

Terminates the EC2 instance, releases the Elastic IP, removes the security group. Apps deployed only to this stack become unreachable; move them to another stack first.