XWiki Installation on AWS
Description
There are two different ways of installing XWiki on AWS:
- Installation using CloudFormation Template (This method is for non-developers who want an easy 1-click installation solution, where you can install your production-ready XWiki in a couple of clicks on AWS).
- Installation using CDK code (this installation method is also straightforward, but it is specifically for developers as they will be able to tweak the configurations of the system as per their need since the CDK provides a high-level interface where developers can use high-level languages to interact with lower-level Cfn classes).
Overview
The computing and storage services from AWS provide highly-available global computing infrastructure and services that are easily scalable according to the user’s needs. AWS simplifies managing infrastructure, storage, and databases. With all this, AWS provides a Pay-as-you-go approach when it comes to pricing. That means you pay for the services you use and for as long as you use without any long-term contract. It also provides pay-less-by-using-more, for example, the more storage you require for S3, the lesser you pay per unit per month. In addition, data transfer into AWS is always free of charge. With the AWS infrastructure, companies can rapidly provision compute capacity, or quickly and flexibly extend existing on-premises infrastructure into the cloud.
Cost Of Deployment And Licenses
You can choose between different versions of XWiki to use (stable or long-term support). You are responsible for the cost incurred for using AWS resources and services to run the XWiki instance. There are no additional charges for using the CloudFormation Template or CDK code. The specific cost of services depends on the method you are using and the region where you are deploying the XWiki.
Terms You Need to Know About
Infrastructure as a code - Infrastructure as Code (IaC) is the managing and provisioning of infrastructure through code instead of through manual processes in a familiar programming language. With IaC, configuration files are created that contain your infrastructure specifications, which makes it easier to edit and distribute configurations. It also ensures that you provision the same environment every time.
CloudFormation Template - A CloudFormation Template is a declaration of the AWS resources that make up a stack. The template is stored as a text file whose format complies with the JavaScript Object Notation (JSON) or YAML standard. It provides an easy way to create a collection of related AWS and third-party resources, and provision and manage them in an orderly and predictable fashion.
CDK Code - Similar to cloudformation CDK is a software development framework for defining cloud infrastructure in code in High-level languages. The AWS CDK supports TypeScript, JavaScript, Python, Java, C#/.Net, and Go. Under the hood, it uses CloudFormation to provision resources. We have used Typescript.
AMI - An Amazon Machine Image (AMI) is a master image for the creation of virtual servers, known as EC2 instances in the AWS. You can use it to easily configure the EC2 instances easily with the same configuration that the EC2 instance had, which was used to make that AMI.
AWS Marketplace - The AWS Marketplace helps enable qualified partners to market and sell their software to AWS customers. AWS Marketplace is an online software store that helps customers find, buy, and immediately start using software and services that run on AWS.
The machine images are like templates that are configured with an operating system and other software that determine the user's operating environment.
AWS Services used
The core AWS components that will be used for this project are the following services. This is just to give you a brief idea about the services and their use. for details you can refer to AWS official documentation. For further help, few links are provided in the Additional Resources section of this page.
Amazon EC2 – The Amazon Elastic Compute Cloud (Amazon EC2) service enables you to launch virtual machine instances with a variety of operating systems. You can choose from existing Amazon Machine Images (AMIs) or import your own virtual machine images.
Amazon EFS - Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud. With Amazon EFS, you can create a file system, mount the file system on your EC2 instances, and then read and write data from your EC2 instances to and from your file system.
Amazon RDS – Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database such as Amazon Aurora or Amazon RDS MySQL in the cloud. With Amazon RDS, you can deploy scalable Amazon Aurora or Amazon RDS MySQL software in minutes with cost-efficient and resizable hardware capacity.
Amazon VPC – The Amazon Virtual Private Cloud (Amazon VPC) service lets you provision a private, isolated section of the AWS Cloud where you can launch AWS services and other resources in a virtual network that you define. You have complete control over your virtual networking environment, including a selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
Elastic Load Balancing – Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple Amazon EC2 instances. It detects unhealthy instances and reroutes traffic to healthy instances until the unhealthy instances have been restored. ELB automatically scales its request handling capacity in response to incoming traffic.
AWS IAM – AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. With IAM, you can manage users, security credentials such as access keys, and permissions that control which AWS resources users can access, from a central location.
Amazon Route 53 - Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to internet applications by translating names like www.domain.com into numeric IP addresses like 134.65.89.54 that computers use to connect to one other. Amazon Route 53 is fully compliant with IPv6
AWS CDK - AWS CDK or Cloud Development Kit is used in order to provision resources inside an AWS Account without the hassle of creating them manually and helps to lock down on configurations required for provisioning those resources so as to maintain consistency across various stages and installs. With CDK we can write infrastructure as code in languages like typescript, python, java, NET. CDK code when built gives us CloudFormation Templates which are then used for rendering/provisioning various resources in an AWS Account.
Regions And Availability Zones
Before we begin with the Deployment steps, let’s familiarize ourselves with the basics of regions and availability zones in AWS.
AWS regions are geographic locations across the world. Currently, there are 25 AWS regions in the world (as of July 2021). Every region consists of two or more clusters of data centers known as availability zones. While deploying AWS services in the AWS account you can choose the region to deploy the services in. Every region has a name and a corresponding code to represent it, for example, the code for the N. Virginia region is us-east-1, for the Mumbai region is ap-south-1, etc. When you store data in a specific region, it is not replicated outside that region. It is your responsibility to replicate data across regions if your business requires that. AWS provides information about the country, and, where applicable, the state where each region resides; you are responsible for selecting the region to store data, taking into consideration your compliance and network latency requirements.
Different availability zones within a region are generally built on different flood plains and the power supply to these AZs are from the different power lines. The reason for this is if one AZ goes down due to some factor. We will have the other AZ in the region ready for usage. All availability zones within a region are the same for practical purposes.
Which Deployment Method You Choose
As mentioned above we provide you with two different ways to install XWiki. The end product of each method will be XWiki installed using AWS resources. But the Architecture and hence the cost incurred are different.
Deployment Using CloudFormation Template
AWS CloudFormation is an easy way to model a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their lifecycles, by treating infrastructure as code. A CloudFormation template describes desired resources and their dependencies so you can launch and configure them together as a stack. This method requires almost zero technical knowledge, and you can install your XWiki in a few clicks by using only the AWS console. The AWS CloudFormation Template bootstraps the AWS infrastructure and automates the deployment of XWiki from scratch. The only thing you'll need to choose from will be the version of XWiki that you want to deploy. This is the easiest method and we recommend you to use this if you want quick deployment. You can do the installation using AWS Console only and you won’t need to use the command line if you’ll use the CloudFormation Template. Follow the step-by-step guide Deployment Using CloudFormation Template the deploy your own XWiki instance on AWS
Deployment Using CDK Code
The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud application resources using familiar programming languages. The second method uses AWS CDK to deploy XWiki. The architecture is more or less the same as we will deploy using the first method(i.e. cloudformation template). The main reason for providing CDK code is if you want to tweak the configuration according to you, you can do it better as CDK uses high-level language, unlike cloudformation. You'll need CLI installed and configured in your machine for using this method. Follow the step-by-step guide for installing XWiki using CDK code Deployment Using CDK Code
Security
The AWS Cloud provides a scalable, highly reliable platform that helps customers deploy applications and data quickly and securely. When we build systems on the AWS infrastructure, security responsibilities are shared between you and AWS. This shared model can reduce our operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. In turn, we assume responsibility and management of the guest operating system (including updates and security patches), other associated applications, as well as the configuration of the AWS-provided security group firewall.
AWS Identity and Access Management And Security Groups
Here we will be using an IAM role with the least privileged access. We will not store SSH keys, secret keys, or access keys on the provisioned instances. A security group acts as a firewall that controls the traffic for one or more instances. When we launch an instance, we associate one or more security groups with the instance. we add rules to each security group that allows traffic to or from its associated instances. Here we will configure the security group to have inbound access to TCP 22 (permission to allow SSH from the internet), TCP 80 (permission to allow HTTP access from the internet), TCP 443 (permission to allow HTTPS access from the internet), and also will allow port 8080 access.
Here's a list of the IAM policies and roles required to run this deployment. If you are using an IAM user make sure to attach a minimum of these policies to your user.
- AmazonRDSfullAccess
- AmazonS3fullAccess
- AmazonECS_FullAccess
- AWSKeyManagementServicePowerUser
- AWSCloudFormationFullAccess
- EFSAII
- IAMCreateRole
- IAMDeleteRole
- IAMGetRole
- IAMRolePolicy
- KMSAII
- KMSPutKeyPolicy
- SecretsAll