I recently ran into a problem when hosting an ASP.NET app on Elastic Beanstalk. By default, ASP.NET apps deployed on the Beanstalk do not have write access for files or directories inside of a solution.

The fix is fairly simple for this. You need to enable write access for the default user linked to the App Pool as you would when setting up a website for the first time.

Now when setting up an IIS development site locally I usually just right click on the project folder in Windows Explorer and go to "Properties", and then configure the ACLs for IIS_IUSRS and IUSR (e.g. sledgehammer to crack a nut) in the "Security" tab for the folder.

However on Elastic Beanstalk I didn't have the usual Windows GUI to help me achieve this task. So the alternative is making use of the icalcls command (more information here) to configure the directories you want to be writeable instead. AWS provide a means of running Windows commands in Beanstalk through the use of a configuration file.

First step is to create a new folder called .ebextensions at the top level of your ASP.NET solution. Note the period (.) in the folder name. I used the Mac command line to generate this using the command `mkdir .ebextensions` as I knew from experience creating dotfiles with the Windows Explorer GUI was a pain in the arse.

Next up create a new file inside of the .ebextensions folder called app.config where "app" is the name of your Beanstalk application name (as configured in AWS).

Finally your app.config file contents will look something like the below. Ensure that you change the application name in the file path to your Beanstalk's application name and also change the name of the directory you want to enable write access for. In the example below, I have opted for write access to be enabled for the `~/App_Data/uploads` directory:

    "containercommands": {
        "01-aclchange": {
            "command": "icacls \"C:/inetpub/wwwroot/MyApp_deploy/App_Data/uploads\" /grant DefaultAppPool:(OI)(CI)"

Adam 'n out