Launching Stash in AWS manually

This page describes how to launch the Atlassian Stash AMI manually, giving you complete control over the components enabled in the AMI and over AWS-specific configuration, network and security settings. If you are just looking for an automated way to spin up Stash in AWS, see Quick Start with Stash and AWS.

You can launch the Atlassian Stash AMI directly from the AWS Console, and running the EC2 launch wizard. See Launching EC2 Instances for detailed instructions.

On this page

Finding the Atlassian Stash AMI

You can find the Atlassian Stash AMI by clicking AWS Marketplace and searching for Atlassian Stash (2015.04.02_0403)

Be sure to use the correct AMI ID for your specific region. The following table lists the AMI ID of the Atlassian Stash AMI in each region.

Region Code Region Name AMI ID
ap-northeast-1

Asia Pacific (Tokyo)

ami-aa07fbaa
ap-southeast-1

Asia Pacific (Singapore)

ami-661d2e34
ap-southeast-2

Asia Pacific (Sydney)

ami-4d3a4877
eu-central-1

EU (Frankfurt)

ami-e47448f9
eu-west-1

EU (Ireland)

ami-1f781d68
sa-east-1

South America (São Paulo)

ami-27d9633a
us-east-1

US East (N. Virginia)

ami-a41a2bcc
us-west-1

US West (N. California)

ami-3d50b079
us-west-2

US West (Oregon)

ami-23ad8413

Choosing an instance type

When choosing an EC2 Instance type, see Recommendations for running Stash Server in AWS for recommended instance sizing.

(warning) Minimum hardware requirements

The default t2.micro (Free tier eligible), small, and medium instance types do not meet Stash's minimum hardware requirements, and are not supported for production deployments. See Recommendations for running Stash Server in AWS for the EC2 instance types supported by Stash. 

Configure instance details

When configuring your EC2 instance these are some important details to consider.

IAM Role

It is recommended to launch your instance with an Identity and Access Management (IAM) Role that allows native AWS DIY Backup to run without explicit credentials. See IAM Roles for Amazon EC2 for more information.

From Step 3: Configure Instance Details of the EC2 Launch wizard, you can create a new IAM Role by clicking Create new IAM role. The role should contain at least the following policy:

{
    "Statement": [
        {
            "Resource": [
                "*"
            ],
            "Action": [
                "ec2:AttachVolume",
                "ec2:CreateSnapshot",
                "ec2:CreateTags",
                "ec2:CreateVolume",
                "ec2:DescribeSnapshots",
                "ec2:DescribeVolumes",
                "ec2:DetachVolume"
            ],
            "Effect": "Allow"
        }
    ],
    "Version": "2012-10-17"
}

(warning) IAM Role must be configured at launch time

An IAM Role can only be configured for your EC2 instance during initial launch. You cannot associate an IAM role with a running EC2 instance after launch. See IAM Roles for more information.

Advanced Details

The Atlassian Stash AMI can be configured in a number of different ways at launch time:

  • The built-in PostgreSQL and Nginx components (enabled by default) can be disabled,
  • Self-signed SSL certificate generation (disabled by default) can be enabled.

You can control these options supplying User Data to your instance under Advanced Details in Step 3: Configure Instance Details of the EC2 launch wizard. All user-configurable behavior in the Atlassian Stash AMI can be controlled by creating a file /etc/atl containing shell variable definitions. On first boot, the Atlassian Stash AMI will source the file /etc/atl (if it exists), allowing its built-in default variable definitions to be overridden. 

For example, to enable self-signed SSL certificate generation (and force all Web access to Stash to use HTTPS), you can add User Data (As text) as follows:

#!/bin/bash
echo "ATL_SSL_SELF_CERT_ENABLED=true" >>/etc/atl

For a complete list of variables that can be overridden in User Data at launch time, see Launching your Stash instance

User Data is flexible and allows you to run arbitrary BASH commands on your instance at launch time, in addition to overriding variables in /etc/atlSee Running Commands on Your Linux Instance at Launch for more information.

(warning) Security considerations

See Securing Stash in AWS for more details about enabling HTTPS and self-signed certificates in the Atlassian Stash AMI.

Add storage

When attaching EBS volumes, use these storage device settings for your instance. 

Type Device Purpose Size (GiB) Volume Type IOPS Delete on Termination
Root /dev/xvda Linux root volume 10 General Purpose (SSD) 30 No
EBS /dev/xvdf Stash data: repositories, attachments, avatars, etc. 100+ General Purpose (SSD) / Provisioned IOPS * 300+ * No
Instance Store /dev/xvdb Stash temporary files and caches N/A N/A N/A N/A

* Provisioned IOPS with at least 500 – 1000 IOPS is recommended for instances with more than 500 active users. See Recommendations for running Stash Server in AWS for more information. 

The Atlassian Stash AMI will not use any other block devices attached to the instance. The EBS volume for /dev/xvdf will be initialized and formatted at launch time, unless a snapshot id is provided (see the capture below in the page), in which case it will only format it if it's not already formatted. See Managing EBS Volumes for more information about storage options in Amazon EC2.

Attach an existing EBS snapshot

You can also attach an existing EBS volume based on a snapshot during launch. To attach an existing EBS volume, within the Device field, change the EBS volume device to /dev/sdf and enter the Snapshot ID of the snapshot. 

See Administering Stash in AWS - Moving your Stash data volume between instances for more details.

Configure your Security Group

When configuring your Security Group, you must allow allow incoming traffic to all the following ports. For more information, see Using Security Groups.

Type Protocol Port Description
SSH TCP 22 SSH port, allowing access to administrative functions
HTTP TCP 80  
HTTPS TCP 443  
Custom TCP Rule TCP 7999 Stash SSH port for Git hosting operations

What's next?

Now you're ready to configure your AWS version of Stash.

View your new instance

Once your new EC2 instance has launched, find it within the EC2 console and navigate to the URL provided so you can continue to configuring Stash.

To find the URL of your new EC2 instance

  1. From within the EC2 Console, in the Description tab of your new instance, copy the Public DNS.
     
  2. Paste the URL into a browser window to view start using Stash.

Set up your AWS instance of Stash

Once you've followed the URL of the EC2 instance you are presented with the Stash Setup Wizard.

Once you have launched Stash within AWS you can use it like any other Stash Server instance. So be sure to check out the rest of the Getting Started with Stash documentation.

Redirection notice

This page will redirect to /display/BitbucketServer/Launching+Bitbucket+Server+in+AWS+manually .

This page describes how to launch the Atlassian Stash AMI manually, giving you complete control over the components enabled in the AMI and over AWS-specific configuration, network and security settings. If you are just looking for an automated way to spin up Stash in AWS, see Quick Start with Stash and AWS.

You can launch the Atlassian Stash AMI directly from the AWS Console, and running the EC2 launch wizard. See Launching EC2 Instances for detailed instructions.

On this page

Finding the Atlassian Stash AMI

You can find the Atlassian Stash AMI by clicking AWS Marketplace and searching for Atlassian Stash (2015.04.02_0403)

Be sure to use the correct AMI ID for your specific region. The following table lists the AMI ID of the Atlassian Stash AMI in each region.

Region Code Region Name AMI ID
ap-northeast-1

Asia Pacific (Tokyo)

ami-aa07fbaa
ap-southeast-1

Asia Pacific (Singapore)

ami-661d2e34
ap-southeast-2

Asia Pacific (Sydney)

ami-4d3a4877
eu-central-1

EU (Frankfurt)

ami-e47448f9
eu-west-1

EU (Ireland)

ami-1f781d68
sa-east-1

South America (São Paulo)

ami-27d9633a
us-east-1

US East (N. Virginia)

ami-a41a2bcc
us-west-1

US West (N. California)

ami-3d50b079
us-west-2

US West (Oregon)

ami-23ad8413

Choosing an instance type

When choosing an EC2 Instance type, see Recommendations for running Stash Server in AWS for recommended instance sizing.

(warning) Minimum hardware requirements

The default t2.micro (Free tier eligible), small, and medium instance types do not meet Stash's minimum hardware requirements, and are not supported for production deployments. See Recommendations for running Stash Server in AWS for the EC2 instance types supported by Stash. 

Configure instance details

When configuring your EC2 instance these are some important details to consider.

IAM Role

It is recommended to launch your instance with an Identity and Access Management (IAM) Role that allows native AWS DIY Backup to run without explicit credentials. See IAM Roles for Amazon EC2 for more information.

From Step 3: Configure Instance Details of the EC2 Launch wizard, you can create a new IAM Role by clicking Create new IAM role. The role should contain at least the following policy:

{
    "Statement": [
        {
            "Resource": [
                "*"
            ],
            "Action": [
                "ec2:AttachVolume",
                "ec2:CreateSnapshot",
                "ec2:CreateTags",
                "ec2:CreateVolume",
                "ec2:DescribeSnapshots",
                "ec2:DescribeVolumes",
                "ec2:DetachVolume"
            ],
            "Effect": "Allow"
        }
    ],
    "Version": "2012-10-17"
}

(warning) IAM Role must be configured at launch time

An IAM Role can only be configured for your EC2 instance during initial launch. You cannot associate an IAM role with a running EC2 instance after launch. See IAM Roles for more information.

Advanced Details

The Atlassian Stash AMI can be configured in a number of different ways at launch time:

  • The built-in PostgreSQL and Nginx components (enabled by default) can be disabled,
  • Self-signed SSL certificate generation (disabled by default) can be enabled.

You can control these options supplying User Data to your instance under Advanced Details in Step 3: Configure Instance Details of the EC2 launch wizard. All user-configurable behavior in the Atlassian Stash AMI can be controlled by creating a file /etc/atl containing shell variable definitions. On first boot, the Atlassian Stash AMI will source the file /etc/atl (if it exists), allowing its built-in default variable definitions to be overridden. 

For example, to enable self-signed SSL certificate generation (and force all Web access to Stash to use HTTPS), you can add User Data (As text) as follows:

#!/bin/bash
echo "ATL_SSL_SELF_CERT_ENABLED=true" >>/etc/atl

For a complete list of variables that can be overridden in User Data at launch time, see Launching your Stash instance

User Data is flexible and allows you to run arbitrary BASH commands on your instance at launch time, in addition to overriding variables in /etc/atlSee Running Commands on Your Linux Instance at Launch for more information.

(warning) Security considerations

See Securing Stash in AWS for more details about enabling HTTPS and self-signed certificates in the Atlassian Stash AMI.

Add storage

When attaching EBS volumes, use these storage device settings for your instance. 

Type Device Purpose Size (GiB) Volume Type IOPS Delete on Termination
Root /dev/xvda Linux root volume 10 General Purpose (SSD) 30 No
EBS /dev/xvdf Stash data: repositories, attachments, avatars, etc. 100+ General Purpose (SSD) / Provisioned IOPS * 300+ * No
Instance Store /dev/xvdb Stash temporary files and caches N/A N/A N/A N/A

* Provisioned IOPS with at least 500 – 1000 IOPS is recommended for instances with more than 500 active users. See Recommendations for running Stash Server in AWS for more information. 

The Atlassian Stash AMI will not use any other block devices attached to the instance. The EBS volume for /dev/xvdf will be initialized and formatted at launch time, unless a snapshot id is provided (see the capture below in the page), in which case it will only format it if it's not already formatted. See Managing EBS Volumes for more information about storage options in Amazon EC2.

Attach an existing EBS snapshot

You can also attach an existing EBS volume based on a snapshot during launch. To attach an existing EBS volume, within the Device field, change the EBS volume device to /dev/sdf and enter the Snapshot ID of the snapshot. 

See Administering Stash in AWS - Moving your Stash data volume between instances for more details.

Configure your Security Group

When configuring your Security Group, you must allow allow incoming traffic to all the following ports. For more information, see Using Security Groups.

Type Protocol Port Description
SSH TCP 22 SSH port, allowing access to administrative functions
HTTP TCP 80  
HTTPS TCP 443  
Custom TCP Rule TCP 7999 Stash SSH port for Git hosting operations

What's next?

Now you're ready to configure your AWS version of Stash.

View your new instance

Once your new EC2 instance has launched, find it within the EC2 console and navigate to the URL provided so you can continue to configuring Stash.

To find the URL of your new EC2 instance

  1. From within the EC2 Console, in the Description tab of your new instance, copy the Public DNS.
     
  2. Paste the URL into a browser window to view start using Stash.

Set up your AWS instance of Stash

Once you've followed the URL of the EC2 instance you are presented with the Stash Setup Wizard.

Once you have launched Stash within AWS you can use it like any other Stash Server instance. So be sure to check out the rest of the Getting Started with Stash documentation.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport