Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal


  • Give kudos
  • Received
  • Given


  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Introducing Atlassian CloudFormation Forge

Atlassian Cloudformation Forge

Atlassian CloudFormation Forge is a tool for the creation and administration of CloudFormation stacks of Atlassian products, for users without physical access to the underlying AWS services.

The IT Operations team at Atlassian built this tool internally to allow product teams to manage their own instances of Confluence, Jira, and Crowd without having access to the AWS console itself

What can Forge do?

Forge can manage Cloudformation instances of Jira Data Center, Confluence Data Center and Crowd Data Center. You can perform the following actions:

  • Upgrade: enter the version you want to upgrade to, Forge will destroy the current nodes and create new ones on the new version
  • Full Restart: restart all nodes in the cluster immediately
  • Rolling Restart: restart all nodes in the cluster one by one
  • Create: create new instances of Jira, Confluence or Crowd
  • Destroy: tear stacks down
  • Update Stack Configuration: update template parameters for a stack
  • Tag Stack: add tags to the stack, and all its resources
  • Diagnostics: run thread and heap dumps again each node in the cluster
  • Clone Stack: create a clone of an instance from database and filesystem snapshots
  • Run SQL: run a predefined SQL script against an instance(NB: script needs to be added to the service by an administrator - this is not free-form SQL)

The code

Forge can be downloaded here:

Pre-deployment configuration

  1. You will need an AWS account, with either the AWS managed "AdministratorAccess" policy or the effective "Allow *" for the following services:
    1. EC2
    2. ECS
    3. ElasticLoadBalancing
    4. IAM
    5. CloudWatch
    6. Route53
    7. S3
    8. SSM 
  2. Decide which AWS regions you want to create stacks in
  3. Set up Route53 (optional)


Forge is deployed using the Cloudformation template in the Forge repository.

The template creates:

  1. An IAM role with all the access Forge needs to operate
  2. An EC2 node that downloads, configures and runs Forge
  3. A load balancer that can be either internal only or public facing
  4. A CNAME for Forge in your hosted zone (optional)

Post-deployment configuration

Forge currently stores some configuration parameters in:

  • (populated by the template)
  • permissions.json (optional - for SAML)
  • static/js/global-variables.js (optional - can be used to store default VPCs, Subnets, SSH keynames, and Hosted Zones, to pre-populate parameters in the templates)

These can all be modified, but will be overwritten by the values in the template if you recreate the Forge node.


We have enabled simple Google analytics to get an idea of how many people are using Forge. 

Analytics can be disabled in the Cloudformation template. If analytics are disabled after Forge is created, spin down to 0 nodes using the template and back up to 1 to apply the change.


Forge can use SAML authentication to define who can perform which actions, on which instances, in which regions.

For more information on how to enable SAML, see


Generally, Forge needs the stacks to have been updated or created with the templates in the atlassian-aws-deployment repository, or the Quickstarts. We are in the process of adding functionality for you to specify your own template repository, so you can use your own templates.


Atlassian CloudFormation Forge is not supported by Atlassian. It is provided as is.

More information

More detailed information about Forge, and migrating to AWS CloudFormation in general, is provided in this video.


Hi @Denise Unterwurzacher,

we just talked down in the Lobby great to meet you here - just reading your post, seems like your link under the SAML Section goes nowhere. Ends up in a "Forbidden".


Hi @Christian Reichert _resolution_, great to meet you yesterday! That link should be open now, give it another go.

Hi Denise,

Thanks for taking the time at Summit to demo this great tool. Definitely planning on checking it out and seeing how it can benefit our team.



@Denise UnterwurzacherExcited to try this!

Ran into an issue using the cf template to deploy forge, the CfnStackR53NodesSelfupdater policy does not exist - do we need to set that up first?  I see mention of it in the templates repo but it is no longer in the template, did it need removing from forge as well?



@Denise Unterwurzacher There's a change in itsdangerous that prevents Flask/Forge from running. You can get around it by installing a version of itsdangerous<1.0.0

Can anyone help me locate a cloudformation template for Mysql Jira?

@Denise Unterwurzacher

When running locally (from the README)


Used for configuring which AWS regions are available for stack creation/management, analytics collection, and S3 bucket definitions. A version of Forge deployed with the provided CloudFormation template will create this file on the EC2 node, but to run locally you'll need to create one on your local system.


There is no sample included in the project for running locally. While I could tell what it wants from code, it wasn't readily apparent what format to put it in.  I was able to reverse engineer the CloudFormation template to create the file. There is no permissions on the repository currently to submit a PR against the project so Ill include an example of the contents here in case anyone else has this problem:


# Regions in format 'aws_region: region_name'

# Names are for reference only, so can be AWS region names or Staging/Production etc

# Enter default region first"


enabled: <true|false>


bucket: <bucket-name>


# aws_region: region_name
us-east-1: N.Virginia
Like Steffen Opel _Utoolity_ likes this

Hi Dan. Thanks very much for bringing the issue to our attention. A sample has now been added to the repo.

Like # people like this

Thanks for adding this, perhaps one other request is to open up PRs to the community? I'd like to add a more friendly experience around the properties file. The tool should exit if a properties file is not present and direct the user to the example if its missing, something like the following:


diff --git a/ b/

index 66d6bdb..447737c 100755

--- a/

+++ b/

@@ -46,6 +46,13 @@ args = parser.parse_args()

# using dict of dicts called stackstate to track state of a stack's actions

stackstate = defaultdict(dict)


+# if local is missing exit


+    file = open('', 'r')

+except Exception:

+    print(' file is missing. See')

+    sys.exit(1)


# create and initialize app

print(f'Starting Atlassian CloudFormation Forge v{__version__}')

app = Flask(__name__).  
Like Steffen Opel _Utoolity_ likes this



Can anyone please help me out how to pass s3 keys to forge. I am getting following error when I try to deploy jira stack

Traceback (most recent call last):
  File "/home/forge/atl-cfn-forge/forge/aws_cfn_stack/", line 968, in create
  File "/home/forge/.local/share/virtualenvs/atl-cfn-forge-Sg4iAl_8/local/lib/python3.6/site-packages/botocore/", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/forge/.local/share/virtualenvs/atl-cfn-forge-Sg4iAl_8/local/lib/python3.6/site-packages/botocore/", line 661, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (ValidationError) when calling the CreateStack operation: S3 error: Access Denied



Hi @Denise UnterwurzacherThis looks like some great work.  Still completely maintained right?  (Fully understand it's not officially supported by Atlassian.)



@JarrettGoetz Absolutely it's still maintained :) Though yes, not officially supported.

Like Dave Liao likes this


Log in or Sign up to comment
Community showcase
Published in Data Center

Introducing Data Center Community licenses

I'm Alison Huselid, Head of Product for Data Center at Atlassian. As we shared in our last post, we’ve been working on a solution for those of you who work for charitable non-profit organizations tha...

1,149 views 12 54
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you