It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Introducing Atlassian CloudFormation Forge

Atlassian Cloudformation Forge

Atlassian CloudFormation Forge is a tool for the creation and administration of CloudFormation stacks of Atlassian products, for users without physical access to the underlying AWS services.

The IT Operations team at Atlassian built this tool internally to allow product teams to manage their own instances of Confluence, Jira, and Crowd without having access to the AWS console itself

What can Forge do?

Forge can manage Cloudformation instances of Jira Data Center, Confluence Data Center and Crowd Data Center. You can perform the following actions:

  • Upgrade: enter the version you want to upgrade to, Forge will destroy the current nodes and create new ones on the new version
  • Full Restart: restart all nodes in the cluster immediately
  • Rolling Restart: restart all nodes in the cluster one by one
  • Create: create new instances of Jira, Confluence or Crowd
  • Destroy: tear stacks down
  • Update Stack Configuration: update template parameters for a stack
  • Tag Stack: add tags to the stack, and all its resources
  • Diagnostics: run thread and heap dumps again each node in the cluster
  • Clone Stack: create a clone of an instance from database and filesystem snapshots
  • Run SQL: run a predefined SQL script against an instance(NB: script needs to be added to the service by an administrator - this is not free-form SQL)

The code

Forge can be downloaded here: https://bitbucket.org/atlassian/atl-cfn-forge/src/master/

Pre-deployment configuration

  1. You will need an AWS account, with either the AWS managed "AdministratorAccess" policy or the effective "Allow *" for the following services:
    1. EC2
    2. ECS
    3. ElasticLoadBalancing
    4. IAM
    5. CloudWatch
    6. Route53
    7. S3
    8. SSM 
  2. Decide which AWS regions you want to create stacks in
  3. Set up Route53 (optional)

Deployment

Forge is deployed using the Cloudformation template in the Forge repository.

The template creates:

  1. An IAM role with all the access Forge needs to operate
  2. An EC2 node that downloads, configures and runs Forge
  3. A load balancer that can be either internal only or public facing
  4. A CNAME for Forge in your hosted zone (optional)

Post-deployment configuration

Forge currently stores some configuration parameters in:

  • forge.properties (populated by the template)
  • permissions.json (optional - for SAML)
  • static/js/global-variables.js (optional - can be used to store default VPCs, Subnets, SSH keynames, and Hosted Zones, to pre-populate parameters in the templates)

These can all be modified, but forge.properties will be overwritten by the values in the template if you recreate the Forge node.

Analytics

We have enabled simple Google analytics to get an idea of how many people are using Forge. 

Analytics can be disabled in the Cloudformation template. If analytics are disabled after Forge is created, spin down to 0 nodes using the template and back up to 1 to apply the change.

SAML

Forge can use SAML authentication to define who can perform which actions, on which instances, in which regions.

For more information on how to enable SAML, see https://confluence.atlassian.com/display/KB/Forge%3A+enabling+SAML

Templates

Generally, Forge needs the stacks to have been updated or created with the templates in the atlassian-aws-deployment repository, or the Quickstarts. We are in the process of adding functionality for you to specify your own template repository, so you can use your own templates.

Support

Atlassian CloudFormation Forge is not supported by Atlassian. It is provided as is.

More information

More detailed information about Forge, and migrating to AWS CloudFormation in general, is provided in this video.

9 comments

Hi @Denise Unterwurzacher,

we just talked down in the Lobby great to meet you here - just reading your post, seems like your link under the SAML Section goes nowhere. Ends up in a "Forbidden".


Cheers,
Christian

Hi @cr, great to meet you yesterday! That link should be open now, give it another go.

Hi Denise,

Thanks for taking the time at Summit to demo this great tool. Definitely planning on checking it out and seeing how it can benefit our team.

 

CCM

@Denise UnterwurzacherExcited to try this!

Ran into an issue using the cf template to deploy forge, the CfnStackR53NodesSelfupdater policy does not exist - do we need to set that up first?  I see mention of it in the templates repo but it is no longer in the template, did it need removing from forge as well?

 

cheers!

@Denise Unterwurzacher There's a change in itsdangerous that prevents Flask/Forge from running. You can get around it by installing a version of itsdangerous<1.0.0

https://stackoverflow.com/questions/52900312/flask-session-cant-import-want-bytes-from-itsdangerous

Can anyone help me locate a cloudformation template for Mysql Jira?

@Denise Unterwurzacher

When running locally (from the README)

FORGE.PROPERTIES

Used for configuring which AWS regions are available for stack creation/management, analytics collection, and S3 bucket definitions. A version of Forge deployed with the provided CloudFormation template will create this file on the EC2 node, but to run locally you'll need to create one on your local system.

--

There is no sample forge.properties included in the project for running locally. While I could tell what it wants from acforge.py code, it wasn't readily apparent what format to put it in.  I was able to reverse engineer the CloudFormation template to create the forge.properties file. There is no permissions on the repository currently to submit a PR against the project so Ill include an example of the contents here in case anyone else has this problem:

--

# Regions in format 'aws_region: region_name'

# Names are for reference only, so can be AWS region names or Staging/Production etc

# Enter default region first"

[analytics]

enabled: <true|false>

[s3]

bucket: <bucket-name>

[regions]

# aws_region: region_name
us-east-1: N.Virginia
Like Steffen Opel -Utoolity- likes this

Hi Dan. Thanks very much for bringing the forge.properties issue to our attention. A sample has now been added to the repo.

Like # people like this

Thanks for adding this, perhaps one other request is to open up PRs to the community? I'd like to add a more friendly experience around the properties file. The tool should exit if a properties file is not present and direct the user to the example if its missing, something like the following:

 

diff --git a/acforge.py b/acforge.py

index 66d6bdb..447737c 100755

--- a/acforge.py

+++ b/acforge.py

@@ -46,6 +46,13 @@ args = parser.parse_args()

# using dict of dicts called stackstate to track state of a stack's actions

stackstate = defaultdict(dict)

 

+# if local forge.properties is missing exit

+try:

+    file = open('forge.properties', 'r')

+except Exception:

+    print('forge.properties file is missing. See forge.properties.example')

+    sys.exit(1)

+

# create and initialize app

print(f'Starting Atlassian CloudFormation Forge v{__version__}')

app = Flask(__name__).  
Like Steffen Opel -Utoolity- likes this

Comment

Log in or Sign up to comment
Community showcase
Posted in Data Center

Calling Community members who have upgraded to Data Center (or are thinking about it)

Hey Community, my name is Jacob and I’m a Product Marketing Manager on the Data Center team. We want to hear from you! We understand that the move to our Data Center products doesn’t happen overnight...

330 views 10 8
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you