How to remove the Bastion host from an existing AWS Quick Start deployment
Infrastructure notice: AWS Quick Start only - This article only applies to Atlassian products deployed on AWS through any of our AWS Quick Starts.
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Purpose
As of , the Bitbucket Data Center Quick Start on AWS now allows you to deploy without a Bastion host.
This also means you can safely remove the Bastion host from existing deployments created through the AWS Quick Starts. In this article, we explain how you can do this.
Solution
We strongly recommend you test this in a staging environment before updating your production deployment.
This solution involves updating two stacks in AWS:
- The Bitbucket Data Center stack, where you need to remove the application nodes' dependency on the Bastion node.
- The Atlassian Standard Infrastructure (ASI) stack, where you remove the Bastion host altogether.
You can only remove the Bastion host from the ASI stack once you've updated the Bitbucket Data Center stack.
Step 1: Identify your Atlassian Standard Infrastructure (ASI) stack
The ASI's stack is always the root stack of a deployment. To view all the root stacks in your region:
- In the AWS console, go to Services > CloudFormation.
- Toggle the View nested option to exclude all nested (as in, non-root) stacks.
- Find your deployment's root stack from the Stack name column. It'll have the same Stack name you provided during the original deployment.
If your deployment's root stack has the description Atlassian Bitbucket Data Center in new VPC License: Apache 2.0
, then this will be your ASI stack as well. Once you've identified this, proceed to Step 2.
If your deployment's root stack has the description Atlassian Bitbucket Data Center QS(0034)
, then your ASI stack is another deployment's root stack. This stack uses any of the following Descriptions:
Master Template for Atlassian Services (qs-1p9o4n3sq)
Atlassian Jira Data Center with VPC
Atlassian Confluence Data Center with VPC
Atlassian Bitbucket Data Center in new VPC License: Apache 2.0
Atlassian Crowd Data Center
with VPC
Your deployment's corresponding ASI stack should have the same ExportPrefix
as your root stack. To view a stack's ExportPrefix
:
- In the AWS console, go to Services > CloudFormation.
- Select your deployment via Stack name.
- From the Stack details page, select the Parameters tab.
- Find the
ExportPrefix
value.
Step 2: Update the templates used by your existing deployment
If you deployed directly from the original AWS Quick Start, your templates will already be updated. You can then move on to Step 3.
If you deployed from your own copy of the AWS Quick Start (as recommended in Launching the Quick Start from your own S3 bucket), then you'll need to re-upload the updated templates to your S3 bucket:
- Clone the Quick Start templates (including all of its submodules) to your local machine. From the command line, run:
git clone --recurse-submodules https://github.com/aws-quickstart/quickstart-atlassian-bitbucket
- (Optional) The Quick Start templates repository uses the directory structure required by the Quick Start interface. If needed (for example, to minimize storage costs), you can remove all other files except the following:
quickstart-atlassian-bitbucket
├─ submodules
│ └─ quickstart-atlassian-services
│ └─ templates
│ └── quickstart-vpc-for-atlassian-services.yaml
└─ templates
├── quickstart-bitbucket-dc-with-vpc.template.yaml
└── quickstart-bitbucket-dc.template.yaml
Choose which Quick Start template your deployment is based on:
quickstart-bitbucket-dc-with-vpc.template.yaml
quickstart-bitbucket-dc.template.yaml
- In the template you’ve chosen, the
QSS3BucketName
default value is set toaws-quickstart
. Replace this default with the name of your S3 bucket. On the S3 bucket where your templates are stored, rename the root directory of your Quick Start templates:
aws s3 --recursive mv s3://<bucket-name>/quickstart-atlassian-bitbucket s3://<bucket-name>/quickstart-atlassian-bitbucket-old
This will allow you to upload a new version of those templates later on. See AWS CLI Command Reference -mv for more details.
- Go into the parent directory of your local clone of the Quick Start templates. From there, upload all the files in local clone to your S3 bucket:
aws s3 cp quickstart-atlassian-bitbucket s3://<bucket-name> --recursive --acl public-read
Step 3: Unlink the Bitbucket Data Center stack nodes from the Bastion host
Right now, some nodes in your deployment are dependent on the Bastion host. You need to remove this dependency before removing the Bastion host.
To do that, you'll need to first find your deployment's product stack. This stack should have the same Stack name as your deployment, and its Description will be Atlassian Bitbucket Data Center QS(0034)
. Once you find it, update it accordingly:
- In the AWS console, go to Services > CloudFormation.
- Toggle the View nested option to include all nested (as in, non-root) stacks.
- Find your deployment's product stack.
Select your product stack. When its stack information screen appears, click Update.
If you're prompted by a recommendation to update through the root stack, it's because your product stack is nested. Select Update nested stack and click through to the next screen.
From the Select Template screen, select Use current template and click Next.
Set the new Use Bastion host parameter to
false
.- Click Next. Click through the next pages, and then to apply the change using the Update button.
At this point, the Bitbucket Data Center stack nodes can no longer be accessed through the Bastion host. You can now safely remove it.
Step 4: Remove the Bastion host
Now that the Bitbucket nodes are no longer dependent on the Bastion host, you can remove the latter. You'll need to remove it from the ASI stack you identified in Step 1.
- In the AWS console, go to Services > CloudFormation.
- Select your ASI stack.
In the Stack Details screen, click Update Stack.
From the Select Template screen, select Use current template and click Next.
Set the new Deploy Bastion host parameter to
false
.- Click Next. Click through the next pages, and then to apply the change using the Update button.