--- AWSTemplateFormatVersion: '2010-09-09' Description: > This Cloudformation Template deploys the single server option of the BigBlueButton application server. Disclaimer: Not for production use. Demo and testing purposes only. Author: David Surey , Bastian Klein Parameters: BBBApplicationVersion: Description: Database engine version for Aurora PostgreSQL Type: String Default: bionic-230 BBBOperatorEMail: Description: E-Mail address to notify if there are any operational issues Type: String AllowedPattern: "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)" ConstraintDescription: Must be a valid email address. Default: johndoe@example.com BBBNotificationTopic: Description: Topic to be used for alarm notifications Type: String BBBPublicApplicationSubnets: Description: Comma separated list of the appserver's subnets Type: CommaDelimitedList BBBApplicationInstanceType: Description: Instance type for the appserver Type: String Default: t3a.xlarge AllowedValues: - t3a.medium - t3a.large - t3a.xlarge - t3a.2xlarge - c5a.large - c5a.xlarge - c5a.2xlarge - c5a.4xlarge - c5a.8xlarge - c5a.12xlarge - c5a.16xlarge - c5a.24xlarge - m5a.large - m5a.xlarge - m5a.2xlarge - m5a.4xlarge - m5a.8xlarge - m5a.12xlarge - m5a.16xlarge - m5a.24xlarge - r5a.large - r5a.xlarge - r5a.2xlarge - r5a.4xlarge - r5a.8xlarge - r5a.12xlarge - r5a.16xlarge - r5a.24xlarge - t3.medium - t3.large - t3.xlarge - t3.2xlarge - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge - c5.8xlarge - c5.12xlarge - c5.16xlarge - c5.24xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5.8xlarge - m5.12xlarge - m5.16xlarge - m5.24xlarge - r5.large - r5.xlarge - r5.2xlarge - r5.4xlarge - r5.8xlarge - r5.12xlarge - r5.16xlarge - r5.24xlarge BBBApplicationDataVolumeSize: Description: Size of the application instance data volume Type: Number Default: 20 BBBApplicationRootVolumeSize: Description: Size of the application instance data volume Type: Number Default: 20 BBBApplicationMaxInstances: Type: Number Description: Maximum number of appserver instances Default: 3 BBBApplicationMinInstances: Type: Number Description: Minimum number of appserver instances Default: 1 BBBApplicationDesiredInstances: Type: Number Description: Desired number of appserver instances Default: 1 BBBEnvironmentName: Description: An environment name that is prefixed to resource names Type: String Default: bbbonaws BBBEnvironmentStage: Type: String Description: Select the appropriate environment Default: stage AllowedValues: - stage - prod - dev BBBTurnSecret: Description: Secret string for the Turn server Type: String BBBApplicationSecurityGroup: Description: Security Group that should be assigned for the appserver Type: String BBBHostedZone: Description: Hosted zone in which the DNS entries for the app servers should be created Type: String BBBDomainName: Description: Base domain name used for the instance Type: String BBBStackBucketStack: Description: S3 Bucket Stack that contains scripts and sources Type: String BBBTurnHostnameParameter: Description: Parameter name that is used to store the Turn server host name Type: String BBBSystemLogsGroup: Description: Log group to be used for the system logs Type: String BBBApplicationLogsGroup: Description: Log group to be used for the Application logs Type: String BBBSystemLogsGroupArn: Description: Log group to be used for the system logs Type: String BBBApplicationLogsGroupArn: Description: Log group to be used for the Application logs Type: String BBBLatestApplicationAmiId: Description: AMI id that should be used for the appserver instaces Type: 'AWS::SSM::Parameter::Value' Default: 'bbbapplicationimageid' Resources: BBBApplicationAutoScaling: Type: AWS::AutoScaling::AutoScalingGroup Properties: VPCZoneIdentifier: !Ref BBBPublicApplicationSubnets LaunchTemplate: LaunchTemplateId: !Ref BBBApplicationInstanceLaunchTemplate Version: !GetAtt BBBApplicationInstanceLaunchTemplate.LatestVersionNumber TerminationPolicies: - DEFAULT MaxSize: !Ref BBBApplicationMaxInstances MinSize: !Ref BBBApplicationMinInstances DesiredCapacity: !Ref BBBApplicationDesiredInstances NotificationConfiguration: TopicARN: Ref: BBBNotificationTopic NotificationTypes: - autoscaling:EC2_INSTANCE_LAUNCH - autoscaling:EC2_INSTANCE_LAUNCH_ERROR - autoscaling:EC2_INSTANCE_TERMINATE - autoscaling:EC2_INSTANCE_TERMINATE_ERROR CreationPolicy: ResourceSignal: Timeout: PT30M UpdatePolicy: AutoScalingReplacingUpdate: WillReplace: true BBBApplicationEC2Role: Type: AWS::IAM::Role Properties: RoleName: BBBApplicationEC2Role AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: [ ec2.amazonaws.com ] Action: [ "sts:AssumeRole" ] Path: / Policies: - PolicyName: "root" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - route53:ChangeResourceRecordSets - route53:GetHostedZone - route53:ListResourceRecordSets Resource: !Sub "arn:aws:route53:::hostedzone/${BBBHostedZone}" - Effect: Allow Action: - secretsmanager:GetSecretValue Resource: - !Ref BBBTurnSecret - Effect: Allow Action: - s3:GetObject Resource: - !Sub "arn:aws:s3:::${BBBStackBucketStack}/*" - Effect: Allow Action: - ssm:GetParameter Resource: - !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/turnhostname" - Effect: Allow Action: - logs:PutLogEvents - logs:CreateLogStream - logs:DescribeLogStreams - logs:CreateLogGroup Resource: - !Ref BBBSystemLogsGroupArn - !Ref BBBApplicationLogsGroupArn ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore BBBApplicationEC2InstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref BBBApplicationEC2Role BBBApplicationInstanceLaunchTemplate: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateData: BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: VolumeType: gp2 VolumeSize: !Ref BBBApplicationRootVolumeSize Encrypted: true - DeviceName: /dev/sdf Ebs: VolumeSize: !Ref BBBApplicationDataVolumeSize VolumeType: gp2 Encrypted: true EbsOptimized: true IamInstanceProfile: Arn: !GetAtt BBBApplicationEC2InstanceProfile.Arn ImageId: !Ref BBBLatestApplicationAmiId InstanceType: !Ref BBBApplicationInstanceType Monitoring: Enabled: true NetworkInterfaces: - AssociatePublicIpAddress: true DeviceIndex: 0 Groups: - !Ref BBBApplicationSecurityGroup UserData: Fn::Base64: !Sub | #!/bin/bash -xe apt update -y while fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/null 2>&1; do sleep 1; done DEBIAN_FRONTEND='noninteractive' apt -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' full-upgrade apt autoremove -y apt autoclean while fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/null 2>&1; do sleep 1; done apt install -y git binutils python3-pip build-essential python-dev python-setuptools jq pip3 install -U awscli while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 1; done wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb dpkg -i -E ./amazon-cloudwatch-agent.deb # Adding cwagent user to all required groups useradd mongodb usermod -a -G adm cwagent usermod -a -G mongodb cwagent usermod -a -G mongodb mongodb mkdir /var/log/mongodb touch /var/log/mongodb/mongod.log chown -R mongodb:mongodb /var/log/mongodb chmod g+r /var/log/mongodb/mongod.log aws s3 cp s3://${BBBStackBucketStack}/bbb-cwagent-config.json /tmp/bbb-cwagent-config.json sed -i "s|SYSTEMLOGS_PLACEHOLDER|${BBBSystemLogsGroup}|g" /tmp/bbb-cwagent-config.json sed -i "s|APPLICATIONLOGS_PLACEHOLDER|${BBBSystemLogsGroup}|g" /tmp/bbb-cwagent-config.json sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/tmp/bbb-cwagent-config.json pip3 install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz # Set instance Hostname instance_ipv4=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4) instance_random=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 6 | head -n 1) instance_publichostname=vc-$instance_random instance_fqdn=$instance_publichostname.${BBBDomainName} # register in route53 wget --tries=10 https://github.com/barnybug/cli53/releases/download/0.8.18/cli53-linux-amd64 -O /usr/local/bin/cli53 sudo chmod +x /usr/local/bin/cli53 # create script for route53-handler aws s3 cp s3://${BBBStackBucketStack}/route53-handler.service /etc/systemd/system/route53-handler.service aws s3 cp s3://${BBBStackBucketStack}/route53-handler.sh /usr/local/bin/route53-handler.sh chmod +x /usr/local/bin/route53-handler.sh sed -i "s/INSTANCE_PLACEHOLDER/$instance_publichostname/g" /etc/systemd/system/route53-handler.service sed -i "s/ZONE_PLACEHOLDER/${BBBHostedZone}/g" /etc/systemd/system/route53-handler.service systemctl daemon-reload systemctl enable route53-handler systemctl start route53-handler mkdir -p /var/bigbluebutton if test -e "/dev/nvme1n1"; then DEVICE=/dev/nvme1n1 parted -s -a optimal -- $DEVICE mklabel gpt mkpart primary 1MiB -2048s sleep 20s mkfs.ext4 -F $DEVICE\p1 UUID=$(blkid |grep "$DEVICE\p1" | awk '{print $2}' |sed 's/"//g') else DEVICE=/dev/sdf parted -s -a optimal -- $DEVICE mklabel gpt mkpart primary 1MiB -2048s sleep 20s mkfs.ext4 -F $DEVICE\1 UUID=$(blkid |grep "$DEVICE\1" | awk '{print $2}' |sed 's/"//g') fi echo "$UUID /var/bigbluebutton ext4 defaults,nofail 0 2" >> /etc/fstab mount -a turn_hostname=$(aws ssm get-parameter --region ${AWS::Region} --name "${BBBTurnHostnameParameter}" --with-decryption --output text --query Parameter.Value) turn_fqdn=$turn_hostname.${BBBDomainName} turnsecret=$(aws secretsmanager get-secret-value --region ${AWS::Region} --secret-id ${BBBTurnSecret} --query SecretString --output text | jq -r .turnkeyvalue) sleep 1m x=1 while [ $x -le 5 ] do until host $instance_fqdn | grep -m 1 "has address $instance_ipv4"; do sleep 5 ; done x=$(( $x + 1 )) done wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret -g # create script for turn-handler aws s3 cp s3://${BBBStackBucketStack}/turn-handler.service /etc/systemd/system/turn-handler.service aws s3 cp s3://${BBBStackBucketStack}/turn-handler.timer /etc/systemd/system/turn-handler.timer aws s3 cp s3://${BBBStackBucketStack}/turn-handler.sh /usr/local/bin/turn-handler.sh chmod +x /usr/local/bin/turn-handler.sh sed -i "s/AWSREGION_PLACEHOLDER/${AWS::Region}/g" /etc/systemd/system/turn-handler.service sed -i "s|PARAMETER_PLACEHOLDER|${BBBTurnHostnameParameter}|g" /etc/systemd/system/turn-handler.service systemctl daemon-reload systemctl enable turn-handler.timer systemctl start turn-handler.timer /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource BBBApplicationAutoScaling --region ${AWS::Region} || true Outputs: BBBApplicationEC2InstanceProfile: Description: Big Blue Button Application Instance Profile Value: Ref: BBBApplicationEC2InstanceProfile BBBApplicationEC2Role: Description: Big Blue Button Application Instance Role Value: Ref: BBBApplicationEC2Role BBBApplicationAutoScaling: Description: Big Blue Button Application Instance Autoscaling Group Value: Ref: BBBApplicationAutoScaling BBBApplicationInstanceLaunchTemplate: Description: Big Blue Button Application Instance Launch Template Value: Ref: BBBApplicationInstanceLaunchTemplate