How to remove the Bastion host from an existing AWS Quick Start deployment

Still need help?

The Atlassian Community is here for you.

Ask the community


Infrastructure notice: AWS Quick Start only - This article only applies to Atlassian products deployed on AWS through any of our AWS Quick Starts.

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Purpose

As of  , the Crowd Data Center Quick Start on AWS now allows you to deploy without a Bastion host. This also means you can safely remove the Bastion host from existing deployments created through the AWS Quick Starts.

Solution

We strongly recommend you test this in a staging environment before updating your production deployment.

This solution involves updating two stacks in AWS:

  • The Crowd Data Center stack, where you need to remove the application nodes' dependency on the Bastion node.
  • The Atlassian Standard Infrastructure (ASI) stack, where you remove the Bastion host altogether. 

You can only remove the Bastion host from the ASI stack once you've updated the Crowd Data Center stack.

Step 1: Identify your Atlassian Standard Infrastructure (ASI) stack

The Bastion host is provisioned in the ASI's stack. You'll need to identify this stack now so you can plan when to remove the Bastion host. You can only remove a Bastion host when there are no longer any application nodes that depend on it. 

The ASI's stack is always the root stack of a deployment. To view all the root stacks in your region:

  1. In the AWS console, go to Services > CloudFormation.
  2. Toggle the View nested option to exclude all nested (as in, non-root) stacks.
  3. Find your deployment's root stack from the Stack name column. It'll have the same Stack name you provided during the original deployment.

If your deployment's root stack has the description Atlassian Cowd Data Center in new VPC License: Apache 2.0, then this will be your ASI stack as well. Once you've identified this, proceed to Step 2.

If your deployment's root stack has the description Atlassian Crowd Data Center QS(0037), then your ASI stack is another deployment's root stack. This stack uses any of the following Descriptions:

  • Master Template for Atlassian Services (qs-1p9o4n3sq)
  • Atlassian Jira Data Center with VPC

  • Atlassian Confluence Data Center with VPC

  • Atlassian Bitbucket Data Center in new VPC License: Apache 2.0

  • Atlassian Crowd Data Center with VPC

Your deployment's corresponding ASI stack should have the same ExportPrefix as your root stack. To view a stack's ExportPrefix:

  1. In the AWS console, go to Services > CloudFormation.
  2. Select your deployment via Stack name.
  3. From the Stack details page, select the Parameters tab.
  4. Find the ExportPrefix value.

Step 2: Update the templates used by your existing deployment

If you deployed directly from the original AWS Quick Start, your templates will already be updated. You can then move on to Step 3.

If you deployed from your own copy of the AWS Quick Start (as recommended in Launching the Quick Start from your own S3 bucket), then you'll need to re-upload the updated templates to your S3 bucket:

  1. Clone the Quick Start templates (including all of its submodules) to your local machine. From the command line, run:

    git clone --recurse-submodules https://github.com/aws-quickstart/quickstart-atlassian-crowd.git

  2. (Optional)The Quick Start templates repository uses the directory structure required by the Quick Start interface. If needed (for example, to minimize storage costs), you can remove all other files except the following:

    quickstart-atlassian-crowd 
    ├─ submodules 
    │  └─ quickstart-atlassian-services 
    │    └─ templates 
    │     └── quickstart-vpc-for-atlassian-services.yaml 
    └─ templates 
       ├── quickstart-crowd-dc-with-vpc.template.yaml 
       └── quickstart-crowd-dc.template.yaml

  3. Choose which Quick Start template your deployment is based on:

    • quickstart-crowd-dc-with-vpc.template.yaml

    • quickstart-crowd-dc.template.yaml

  4. In the template you’ve chosen, the QSS3BucketName default value is set to aws-quickstart. Replace this default with the name of your S3 bucket.
  5. On the S3 bucket where your templates are stored, rename the root directory of your Quick Start templates:

    aws s3 --recursive mv s3://<bucket-name>/quickstart-atlassian-crowd s3://<bucket-name>/quickstart-atlassian-crowd-old

    This will allow you to upload a new version of those templates later on. See AWS CLI Command Reference -mv for more details.

  6. Go into the parent directory of your local clone of the Quick Start templates. From there, upload all the files in local clone to your S3 bucket:

    aws s3 cp quickstart-atlassian-crowd s3://<bucket-name> --recursive --acl public-read

Step 3: Unlink the Crowd Data Center stack nodes from the Bastion host

Right now, some nodes in your deployment are dependent on the Bastion host. You need to remove this dependency before removing the Bastion host.

To do that, you'll need to first find your deployment's product stack. This stack should have the same Stack name as your deployment, and its Description will be  Atlassian Crowd Data Center QS(0037). Once you find it, update it accordingly:

  1. In the AWS console, go to Services > CloudFormation.
  2. Toggle the View nested option to include all nested (as in, non-root) stacks.
  3. Find your deployment's product stack. 
  4. Select your product stack. When its stack information screen appears, click Update.

    If you're prompted by a recommendation to update through the root stack, it's because your product stack is nested. Select Update nested stack and click through to the next screen.

  5. From the Select Template screen, select Use current template and click Next.

  6. Set the new Use Bastion host parameter to false.

  7. Click Next. Click through the next pages, and then to apply the change using the Update button.

At this point, the Crowd Data Center stack nodes can no longer be accessed through the Bastion host. You can now safely remove it.

Step 4: Remove the Bastion host 

Now that the Crowd nodes are no longer dependent on the Bastion host, you can remove the latter. You'll need to remove it from the ASI stack you identified in Step 1.

  1. In the AWS console, go to Services > CloudFormation.
  2. Select your ASI stack.
  3. In the Stack Details screen, click Update Stack.

  4. From the Select Template screen, select Use current template and click Next.

  5. Set the new Deploy Bastion host parameter to false.

  6. Click Next. Click through the next pages, and then to apply the change using the Update button.

Descriptionremove bastion
Productcrowd
Last modified on May 28, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.