Table of Contents
This article describes a simple and elegant way to allow write access to ASP.NET apps to the App_Data folder. This is required for applications to work properly when deployed in AWS Beanstalk.
ASP.NET applications and websites usually write user content and files in the App_Data folder. Examples of such files could be SQL Server compact (.mdf), Xml files, text files, etc. Therefore, when an ASP.NET site is hosted, the AppPool under which the application or website runs must have write permissions on the App_Data folder.
When an ASP.NET application is hosted on AWS Beanstalk, we do not have direct access to the file system of the application. But AWS provides a way to grant permission on specific folders through config files.
The solution is to include a YAML file to your Visual Studio project that instructs the deployment tool to grant the necessary access permissions.
Add a top-level folder to your Visual Studio project and name it ‘.ebextensions’
Add a file named <ApplicationName>.config where <ApplicationName> is the name of your AWS application
The config file can either contain YAML script or Json. AWS first tries to parse the file using YAML parser, if the parsing fails, then it tries to parse it using Json parser. If both parsing fails, the deployment is aborted and you can see the error in the log in your Beanstalk application console.
Add the following YAML code to the config file:
If your project is a web site hosted on Default Web Site/, use this script
container_commands: 01storage_permissions: command: "icacls C:\\inetpub\\wwwroot\\App_Data /grant DefaultAppPool:(OI)(CI)F"
Or if your Visual Studio project is a web project hosted under a Virtual Directory, use this script
container_commands: 01storage_permissions: command: "icacls C:\\inetpub\\wwwroot\\[MyApp]\\App_Data /grant DefaultAppPool:(OI)(CI)F"
Replace [MyApp] with your Visual Studio Project name (not Solution name)
When this project is deployed to AWS Beanstalk using Visual Studio Tools for AWS add-in, this script will be executed and Full permission will be granted on the folder for DefaultAppPool. If you’re using a custom AppPool, use the custom AppPool name instead of DefaultAppPool in the script.
A detailed description of the icacls utility can be found here.