Professional Documents
Culture Documents
September 2019
JFrog Ltd
Chris Hirsch, Stephen Cole, Travis McVey, Trace3
Jay Yeras, Dylan Owen, AWS Quick Start team
Visit our GitHub repository for source files and to post feedback,
report bugs, or submit feature ideas for this Quick Start.
Contents
Overview .................................................................................................................................... 2
Artifactory on AWS ................................................................................................................ 3
Cost and licenses .................................................................................................................... 3
Architecture ............................................................................................................................... 4
Amazon ECS services ............................................................................................................. 7
Ansible init script ................................................................................................................... 7
Planning the deployment ..........................................................................................................8
Specialized knowledge ...........................................................................................................8
AWS account ..........................................................................................................................8
Technical requirements .........................................................................................................8
Deployment options ............................................................................................................. 10
Deployment steps .................................................................................................................... 10
Step 1. Sign in to your AWS account .................................................................................... 10
Step 2. Add the Artifactory license keys to AWS Secrets Manager ..................................... 10
Page 1 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
This Quick Start was created by JFrog and Trace3 in collaboration with Amazon Web
Services (AWS).
Quick Starts are automated reference deployments that use AWS CloudFormation
templates to deploy key technologies on AWS, following AWS best practices.
Overview
JFrog’s Artifactory is an enterprise universal repository manager, capable of hosting all
your binaries on AWS resources. This Quick Start provides a turnkey solution deploying
Artifactory Enterprise in a highly available (HA) configuration into AWS.
This Quick Start is for administrators who want the flexibility, scale, and availability of
AWS through products such as virtual private clouds (VPCs), Amazon Elastic Compute
Cloud (Amazon EC2), Amazon Elastic Container Service (Amazon ECS), Amazon Simple
Storage Service (Amazon S3), Elastic Load Balancing (ELB), and Amazon Relational
Database Service (Amazon RDS) to deploy Artifactory as their repository manager.
Amazon EC2 and Amazon ECS, along with Amazon S3 and Amazon RDS, form the
foundation for the deployment. By utilizing Amazon S3 and Amazon RDS as persistent
storage for artifacts and the configuration, respectively, Artifactory can be completely
redeployed, scaled up, or scaled down, depending on your requirements. This configuration
Page 2 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
allows organizations to save on costs for multiple secondary nodes and to pay only for
storage that is actually being used.
This Quick Start configures a single Amazon EC2 Auto Scaling group that configures
Amazon EC2 nodes for an Amazon ECS cluster. The EC2 nodes are specifically configured
for Artifactory, with configuration files mapped to the containers. Artifactory is configured
as two ECS services running the same task definition, which in turn deploys an Artifactory
and a NGINX container in each service:
The first service is configured to be the Artifactory primary and will have at most only
one task running at one given time.
The second service is configured to run the number of secondaries as desired. These
tasks within the service can scale up or down depending on the needs of the business.
The ECS tasks are monitored by a Network Load Balancer (NLB). The NLB is configured to
verify that port 443 is listening. This health check is important, because the NGINX
container listens on port 443 and depends on Artifactory starting successfully. Should the
endpoint fail to respond, the task will be shut down and a new task will be deployed.
Artifactory on AWS
Once you have deployed JFrog’s Quick Start Artifactory, you will be able to use it as a
production service. For further information regarding setting up Artifactory, see the Getting
started with Artifactory section later in this guide.
Deploying to AWS gives you freedom to scale up your deployment based on the needs of
your changing business easily and quickly by simply updating the CloudFormation stack
while still paying for only what you are using.
Page 3 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
The AWS CloudFormation template for this Quick Start includes configuration parameters
that you can customize. Some of these settings, such as instance type, will affect the cost of
deployment. For cost estimates, see the pricing pages for each AWS service you will be
using. Prices are subject to change.
Tip After you deploy the Quick Start, we recommend that you enable the AWS Cost
and Usage Report to track costs associated with the Quick Start. This report delivers
billing metrics to an S3 bucket in your account. It provides cost estimates based on
usage throughout each month and finalizes the data at the end of the month. For
more information about the report, see the AWS documentation.
This Quick Start requires an Enterprise or Enterprise+ license for Artifactory. To use the
Quick Start in your production environment, you can sign up for a Free Trial license, which
includes three Artifactory Enterprise licenses. You’ll need to place the license keys in the
specified fields when you launch the Quick Start. Enterprise or Enterprise+ licenses are
required due to the following features being used by the deployment:
High availability
S3 object storage
Note If the license isn’t an Enterprise or Enterprise+ license, the license is invalid,
or the license is not included, the deployment will fail. Also, ensure that the number
of secondary Artifactory servers is at most the amount licensed minus one, for the
primary server. If you specify too many servers, see the FAQ section for instructions.
If you use a Free Trial, ensure that you convert to a permanent license before your trial is
up; otherwise, the nodes will become unresponsive until a permanent license is in place.
You can request a quote by contacting JFrog.
Architecture
If you want to set up Artifactory with Amazon ECS, deploying this Quick Start for a new
VPC with default parameters builds the following Artifactory environment in the AWS
Cloud.
Page 4 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Figure 1: Quick Start architecture for Artifactory with Amazon ECS on AWS
Page 5 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Page 6 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
– Two Amazon ECS service groups, one for the primary node, and the other for the
secondaries.
– Artifactory and NGINX containers.
– An Auto Scaling group configured specifically to boot instances ready to host
Artifactory.
A private and encrypted S3 bucket for repository storage.
* The template that deploys the Quick Start into an existing VPC skips the components
marked by asterisks and prompts you for your existing VPC configuration.
Important Do not change the master key of the stack when updating the stack.
This will result in future nodes being unable to join the cluster and an unsupported
configuration.
To update a Secure Sockets Layer (SSL) certificate, you will need to update the
CloudFormation stack by changing the certificate and certificate key inputs, and re-
deploying the nodes (see ECS upgrade section). If you change the certificate and
certificate key manually on the EC2 instances, instead of updating the
CloudFormation stack, the manual changes will be lost during the next upgrade or
reboot, resulting in an unwanted configuration.
Page 7 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
AWS account
If you don’t already have an AWS account, create one at https://aws.amazon.com by
following the on-screen instructions. Part of the sign-up process involves receiving a phone
call and entering a PIN using the phone keypad.
Your AWS account is automatically signed up for all AWS services. You are charged only for
the services you use.
Technical requirements
By default, all options of the Quick Start will create a load balancer and output its HTTP
Domain Name System (DNS) on the Outputs tab of the CloudFormation console. This is
how you initially access Artifactory.
Note During the Quick Start deployment, you will be asked for an SSL Certificate
and Certificate Key. All deployments terminate SSL on the NGINX (instance, service,
or container). The SSL certificate is configured via Ansible on startup and is not
terminated on the ELB.
Before you launch the Quick Start, your account must be configured as specified in the
following table. Otherwise, deployment might fail.
Page 8 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Resources If necessary, request service limit increases for the following resources. You might
need to do this if you already have an existing deployment that uses these resources,
and you think you might exceed the default limits with this deployment. For default
limits, see the AWS documentation.
AWS Trusted Advisor offers a service limits check that displays your usage and limits
for some aspects of some services.
VPCs 1
Elastic IP addresses 3
IAM roles 2
Security groups 4
Load balancers 1
m4.xlarge instances 4
t2.micro instances 1
db.m4.large (RDS) 1
S3 Buckets 1
ECS cluster 1
ECS service 2
Key pair Make sure that at least one Amazon EC2 key pair exists in your AWS account in the
region where you are planning to deploy the Quick Start. Make note of the key pair
name. You’ll be prompted for this information during deployment. To create a key
pair, follow the instructions in the AWS documentation.
If you’re deploying the Quick Start for testing or proof-of-concept purposes, we
recommend that you create a new key pair instead of specifying a key pair that’s
already being used by a production instance.
IAM permissions To deploy the Quick Start, you must log in to the AWS Management Console with IAM
permissions for the resources and actions the templates will deploy. The
AdministratorAccess managed policy within IAM provides sufficient permissions,
although your organization may choose to use a custom policy with more restrictions.
Page 9 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
S3 buckets Unique S3 bucket names are automatically generated based on the account number
and region. If you delete a stack, the Artifactory storage bucket is not deleted. If
you plan to re-deploy this Quick Start in the same region, you must first manually
delete the S3 buckets that were created during the previous deployment; otherwise,
the re-deployment will fail.
Deployment options
This Quick Start provides two deployment options:
Deploy Artifactory running as an Amazon ECS service into a new VPC (end-
to-end deployment). This option builds a new AWS environment consisting of the
VPC, subnets, NAT gateways, security groups, bastion hosts, ECS cluster, EC2 nodes to
support the ECS cluster, an S3 bucket, and an Amazon RDS instance, and then deploys
Artifactory as a service onto the ECS cluster in this new VPC.
Deploy Artifactory running as an ECS Service into an existing VPC. This
option provisions Artifactory in your existing AWS infrastructure, and creates an S3
bucket and an Amazon RDS instance. Optionally, an ECS cluster can be specified
instead of creating a new one; however, new EC2 nodes will be created and configured
as mentioned earlier in this guide to support running the Artifactory tasks.
The Quick Start provides separate templates for each of these options. It also lets you
configure CIDR blocks, instance types, and Artifactory settings, as discussed later in this
guide.
Deployment steps
Step 1. Sign in to your AWS account
1. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has
the necessary permissions. For details, see Planning the deployment earlier in this
guide.
2. Make sure that your AWS account is configured correctly, as discussed in the Technical
requirements section.
Page 10 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
b. ArtifactoryLicense2
c. ArtifactoryLicense3
d. ArtifactoryLicense4
5. Choose Next.
6. Provide a Secret name. This name will be used when deploying the Quick Start.
7. Choose Next twice.
8. Choose Store.
Page 11 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
To do this, copy the certificate into an editor of your choice and edit the settings to show
line endings. On a Windows system, you will see CR FL characters. On a Linux system, you
will see LF characters.
Replace all CRFL or LF characters with | (pipe) characters. This will result in the entire
certificate being on a single line. Follow the same process for the certificate key.
Notes The instructions in this section reflect the older version of the AWS
CloudFormation console. If you’re using the redesigned console, some of the user
interface elements might be different.
You are responsible for the cost of the AWS services used while running this Quick
Start reference deployment. There is no additional cost for using this Quick Start.
For full details, see the pricing pages for each AWS service you will be using in this
Quick Start. Prices are subject to change.
1. Sign in to your AWS account, and choose one of the following options to launch the
AWS CloudFormation template. For help choosing an option, see deployment options
earlier in this guide.
• new VPC
Deploy Deploy • workload only
• workload
Page 12 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Important If you’re deploying Artifactory into an existing VPC, make sure that
your VPC has two private subnets in different Availability Zones for the workload
instances, you know the CIDRs, and that the subnets aren’t shared. This Quick Start
doesn’t support shared subnets. These subnets require NAT gateways in their route
tables, to allow the instances to download packages and software without exposing
them to the internet. The VPC also requires two similar public networks for the load
balancer. You will also need the domain name option configured in the DHCP
options as explained in the Amazon VPC documentation. You will be prompted for
your VPC settings when you launch the Quick Start.
3. On the Select Template page, keep the default setting for the template URL, and then
choose Next.
4. On the Specify Details page, change the stack name if needed. Review the parameters
for the template. Provide values for the parameters that require input. For all other
parameters, review the default settings and customize them as necessary.
In the following tables, parameters are listed by category and described separately for
the two deployment options:
– Parameters for deploying Artifactory with ECS into a new VPC
– Parameters for deploying Artifactory with ECS into an existing VPC
When you finish reviewing and customizing the parameters, choose Next.
OPTION 1: PARAMETERS FOR DEPLOYING ARTIFACTORY WITH ECS INTO A NEW VPC
View template
Security configuration:
Parameter label Default Description
(name)
SSH key name Requires input The name of an existing public/private key pair, which allows
(KeyPairName) you to securely connect to your instance after it launches. This is
the key pair you created in your preferred Region; see the
Technical requirements section.
Page 13 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Permitted IP range Requires input The CIDR IP range that is permitted to access Artifactory. We
(AccessCIDR) recommend that you set this value to a trusted IP range. For
example, you might want to grant only your corporate network
access to the software.
Remote access CIDR Requires input The remote CIDR range for allowing SSH into the Bastion
(RemoteAccessCIDR) instance. We recommend that you set this value to a trusted IP
range. For example, you might want to grant specific ranges
inside your corporate network SSH access.
Network configuration:
Parameter label Default Description
(name)
Availability Zones us-west-2a, us- The list of Availability Zones to use for the subnets in the VPC.
(AvailabilityZones) west-1b Two Availability Zones are used for this deployment, and the
logical order of your selections is preserved.
Private subnet 1 CIDR 10.0.0.0/19 The CIDR block for private subnet 1 located in Availability
(PrivateSubnet1CIDR) Zone 1.
Private subnet 2 CIDR 10.0.32.0/19 The CIDR block for private subnet 2 located in Availability
(PrivateSubnet2CIDR) Zone 2.
Public subnet 1 CIDR 10.0.128.0/20 The CIDR block for the public (DMZ) subnet 1 located in
(PublicSubnet1CIDR) Availability Zone 1.
Public subnet 2 CIDR 10.0.144.0/20 The CIDR block for the public (DMZ) subnet 2 located in
(PublicSubnet2CIDR) Availability Zone 2.
Bastion configuration:
Parameter label Default Description
(name)
Bastion host Enabled Choose whether to boot a Bastion host or not. Due to the
(ProvisionBastionHost) Artifactory nodes being created in private subnets, this is highly
recommended.
Bastion operating Amazon-Linux- The Linux distribution for the AMI to be used for the bastion
system HVM instances.
(BastionOS)
Bastion root volume size 10 The size of the root volume on the bastion instances.
(BastionRootVolumeSize)
Page 14 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Bastion enable TCP true Choose whether to enable TCP forwarding via the bootstrapping
forwarding of the bastion host.
(BastionEnableTCP
Forwarding)
Number of Bastion 1 The number of bastion hosts to create. The maximum number is
hosts four.
(NumBastionHosts)
ECS configuration:
Parameter label Default Description
(name)
ECS cluster name JFrog The name for your ECS cluster.
(ClusterName)
EC2 instance type m4.xlarge The EC2 instance type for the Artifactory Docker hosts.
(InstanceType)
EBS root volume size 200 The size in GB of the available storage; the Quick Start will create
(VolumeSize) EBS volumes of this size.
Artifactory version 6.11.1 The version of Artifactory that you want to deploy into the Quick
(ArtifactoryVersion) Start. Please see the release notes to select the version you want
to deploy.
Number of EC2 nodes 3 The number of EC2 nodes to create for the ECS cluster. There
(NumberOfEC2Nodes) must be enough nodes to run the number of secondaries plus
the primary task.
Artifactory licenses Requires input The secret name created in AWS Secrets Manager, which
secret name contains the Artifactory licenses.
(SMLicensesName)
Certificate key Requires input The private key for the certificate.
(CertificateKey)
Page 15 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Certificate domain Requires input The certificate domain, which must match the domain specified
(CertificateDomain) on your certificate.
Artifactory server Requires input The name of your Artifactory server. Ensure that this matches
name your certificate.
(ArtifactoryServer
Name)
Master server key Requires input Master The master key for the Artifactory cluster. Generate a
(MasterKey) master by key using the command $openssl rand -hex 16.
Extra Java options -Xmx4g Setting Java memory parameters for Artifactory. For more
(ExtraJavaOptions) information, see the Artifactory system requirements.
Ansible Vault password Requires input The Ansible Vault password to protect the Artifactory YAML
(AnsibleVaultPass) configuration file generated during the Artifactory deployment.
This YAML file is stored on the EC2 nodes and secured with this
password.
Database name artdb The name for your DB instance. The name must be unique
(DatabaseName) across all DB instances owned by your AWS account in the
current AWS Region. The DB instance identifier is case-
insensitive, but is stored as all lowercase (as in
mydbinstance).
Database engine MySQL The database engine that you want to run, currently locked to
(DatabaseEngine) MySQL.
Database version 5.7 The major version of the MySQL database engine you wish to
(DatabaseVersion) run, currently locked to MySQL versions supported by
Artifactory and RDS.
Database user artifactory The login ID for the master user of your DB instance.
(DatabaseUser)
Database password Requires input The password for the Artifactory database user.
(DatabasePassword)
Database instance type db.m4.large The size of the database to be deployed as part of the Quick
(DatabaseInstance) Start.
Database allocated 10 The size in GB of the available storage for the database
storage instance.
(DBAllocatedStorage)
High availability true Choose false to create an Amazon RDS instance in a single
database Availability Zone.
(MultiAZDatabase)
Page 16 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Note We recommend that you keep the default settings for the following two
parameters, unless you are customizing the Quick Start templates for your own
deployment projects. Changing the settings of these parameters will automatically
update code references to point to a new Quick Start location. For additional details,
see the AWS Quick Start Contributor’s Guide.
Quick Start S3 bucket aws-quickstart The S3 bucket you created for your copy of Quick Start assets,
name if you decide to customize or extend the Quick Start for your
(QSS3BucketName) own use. The bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens, but should not start or
end with a hyphen.
Quick Start S3 key quickstart-jfrog- The S3 key name prefix used to simulate a folder for your copy
prefix artifactory/ of Quick Start assets, if you decide to customize or extend the
(QSS3KeyPrefix) Quick Start for your own use. This prefix can include numbers,
lowercase letters, uppercase letters, hyphens, and forward
slashes.
SSH key name Requires input The name of an existing public/private key pair, which allows
(KeyPairName) you to securely connect to your instance after it launches. This
is the key pair you created in your preferred Region; see the
Technical requirements section.
Permitted IP range Requires input The CIDR IP range that is permitted to access Artifactory. We
(AccessCIDR) recommend that you set this value to a trusted IP range. For
example, you might want to grant only your corporate network
access to the software.
Remote access CIDR Requires input The remote CIDR range for allowing SSH into the Bastion
(RemoteAccessCIDR) instance. We recommend that you set this value to a trusted IP
range. For example, you might want to grant specific ranges
inside your corporate network SSH access.
Network configuration:
Page 17 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
VPC ID Requires input The ID of your existing VPC for deployment (e.g., vpc-
(VPCID) 0343606e).
Public subnet 1 ID Requires input The ID of the public subnet in Availability Zone 1 in your existing
(PublicSubnet1ID) VPC (e.g., subnet-z0376dab).
Public subnet 2 ID Requires input The ID of the public subnet in Availability Zone 2 in your existing
(PublicSubnet2ID) VPC (e.g., subnet-a29c3d84).
Private subnet 1 ID Requires input The ID of the private subnet in Availability Zone 1 in your
(PrivateSubnet1ID) existing VPC (e.g., subnet-a0246dcd).
Private subnet 2 ID Requires input The ID of the private subnet in Availability Zone 2 in your
(PrivateSubnet2ID) existing VPC (e.g., subnet-b58c3d67).
Private subnet 1 CIDR 10.0.0.0/19 The CIDR of the private subnet in Availability Zone 1 in your
(PrivateSubnet1CIDR) existing VPC (e.g., 10.0.0.0/19).
Private subnet 2 CIDR 10.0.32.0/19 The CIDR of the private subnet in Availability Zone 2 in your
(PrivateSubnet2CIDR) existing VPC (e.g., 10.0.32.0/19).
Bastion configuration:
Parameter label Default Description
(name)
Provision Bastion host Enabled Choose Disabled to skip booting a bastion host. Due to the
(ProvisionBastionHost) Artifactory nodes being created in private subnets, the default
setting of Enabled is highly recommended.
Bastion operating Amazon-Linux- The Linux distribution for the AMI to be used for the bastion
system HVM instances.
(BastionOS)
Bastion root volume 10 The size of the root volume on the Bastion instance.
size
(BastionRootVolumeSize)
Bastion enable TCP true Choose whether to enable TCP forwarding via the
forwarding bootstrapping of the bastion host.
(BastionEnableTCP
Forwarding)
Bastion enable X11 false Choose whether to enable X11 via the bootstrapping of the
forwarding bastion host. Setting this value to true will enable X Windows
(BastionEnableX11 over SSH. X11 forwarding can be very useful but it is also a
Forwarding) security risk, so we recommend that you keep the default
(false) setting unless required.
Page 18 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
ECS Configuration:
Parameter label Default Description
(name)
ECS cluster name JFrog The name for your ECS cluster.
(ClusterName)
Create new ECS Enabled Choose whether to create a new ECS cluster with the name
cluster specified in the ClusterNameparameter. If you choose
(CreateNewECSCluster) Disabled, an ECS cluster with the name specified in
CluserName must already exist.
EC2 instance type m4.xlarge The EC2 instance type for the Artifactory Docker hosts.
(InstanceType)
EBS root volume size 200 The size in GB of the available storage; the Quick Start will
(VolumeSize) create EBS volumes of this size.
Artifactory version 6.11.1 The version of Artifactory that you want to deploy into the Quick
(ArtifactoryVersion) Start. Please see the release notes to select the version you want
to deploy.
Number of EC2 nodes 3 The number of EC2 nodes to create for the ECS cluster. There
(NumberOfEC2Nodes) must be enough nodes to run the number of secondaries plus the
primary task.
Artifactory licenses Requires input The secret name created in AWS Secrets Manager, which
secret name contains the Artifactory licenses.
( SMLicensesName)
Certificate key Requires input The private key for the certificate.
(CertificateKey)
Page 19 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Certificate domain Requires input The certificate domain, which must match the domain specified
(CertificateDomain) on your certificate.
Artifactory server name Requires input The name of your Artifactory server. Ensure that this matches
(ArtifactoryServer your certificate.
Name)
Master server key Requires input The master key for the Artifactory cluster. Generate a master key
(MasterKey) by using the command $openssl rand -hex 16.
Extra Java options -Xmx4g Setting Java memory parameters for Artifactory. Learn about
(ExtraJavaOptions) system requirements for Artifactory.
Ansible Vault password Requires input The Ansible Vault password to protect the Artifactory YAML
(AnsibleVaultPass) configuration file generated during the Artifactory deployment.
This YAML file is stored on the EC2 nodes and secured with this
password.
Database name artdb The name for your DB instance. The name must be unique
(DatabaseName) across all DB instances owned by your AWS account in the
current AWS Region. The DB instance identifier is case-
insensitive, but is stored as all lowercase (as in
mydbinstance).
Database engine MySQL The database engine that you want to run, currently locked to
(DatabaseEngine) MySQL.
Database version 5.7 The major version of the MySQL database engine you wish to
(DatabaseVersion) run, currently locked to MySQL versions supported by
Artifactory and RDS.
Database user artifactory The login ID for the master user of your DB instance.
(DatabaseUser)
Database password Requires input The password for the Artifactory database master user.
(DatabasePassword)
Database instance type db.m4.large The size of the database to be deployed as part of the Quick
(DatabaseInstance) Start.
Database allocated 10 The size in GB of the available storage for the database
storage instance.
(DBAllocatedStorage)
High availability true Choose false to create an Amazon RDS instance in a single
database Availability Zone.
(MultiAZDatabase)
Page 20 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Note We recommend that you keep the default settings for the following two
parameters, unless you are customizing the Quick Start templates for your own
deployment projects. Changing the settings of these parameters will automatically
update code references to point to a new Quick Start location. For additional details,
see the AWS Quick Start Contributor’s Guide.
Parameter label
Default Description
(name)
Quick Start S3 bucket aws-quickstart The S3 bucket you have created for your copy of Quick Start
name assets, if you decide to customize or extend the Quick Start for
(QSS3BucketName) your own use. The bucket name can include numbers,
lowercase letters, uppercase letters, and hyphens, but should
not start or end with a hyphen.
Quick Start S3 key quickstart-jfrog- The S3 key name prefix used to simulate a folder for your copy
prefix artifactory/ of Quick Start assets, if you decide to customize or extend the
(QSS3KeyPrefix) Quick Start for your own use. This prefix can include numbers,
lowercase letters, uppercase letters, hyphens, and forward
slashes.
Page 21 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Note If you used a non CA-Signed certificate, you will receive a certificate warning
when you attempt to access the page because the certificate will not match the ELB
DNS name, unless you configure Amazon Route 53.
2. Choose Next to run through the Artifactory setup wizard for the initial configuration.
This Quick Start handles the license key configuration during the deployment, and you
will not be prompted to activate your license during the initial wizard.
3. Set a secure Admin password for your deployment, and then choose Next.
Page 22 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
5. Select the repositories that are required for your use case, and choose Create.
Page 23 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Updating Artifactory
If any maintenance needs to be performed on the stack, ensure that you update the
CloudFormation stack rather than updating the infrastructure manually. This includes
updating Artifactory. The Artifactory version for this Quick Start is 6.11.1.
Page 24 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
1. To perform an upgrade, select the Root stack, and then choose Update. Please see
Figure 9.
Figure 10: CloudFormation console update page (before you change the version)
Page 25 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Figure 11: CloudFormation console update page (after you change the version)
4. Scroll down, choose Next, and choose Next again, unless you want to change any other
tags or policies. Then select the two I acknowledge check boxes, and choose Update
Stack.
Page 26 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
1. In the Amazon ECS console, select the ECS cluster. If you used the default option, the
cluster name is JFrog.
Page 27 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
3. Choose the current Task definition. In the following screenshot, the task definition is
ArtifactoryPrimary-Task:13.
4. Scroll down and expand the Container definitions to ensure that the version has
been updated.
Page 28 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
5. After you verify that the task has been updated, you need to find where the primary task
is running. Navigate back to the ESC console Cluster screen (shown in Figure 17), and
select the ECS Instances tab.
Figure 18: ECS console showing ECS instances running the container instances
6. Select the first container instance to determine which EC2 instance is running the
primary node.
7. On the Container Instance page, look for the ArtifactoryPrimary task definition.
Page 29 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Page 30 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
9. Select the instance that you determined was running the primary container instance,
and choose Remove. This will ensure no outage is experienced while the new primary
node is created.
10. Next, you need to stop the ArtifactoryPrimary-Task task. Return to the Amazon ECS
console, select the cluster, choose the Tasks tab, select the ArtifactoryPrimary-Task
task, and choose Stop.
Page 31 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Figure 23: Pop up window that opens when you choose to stop a task
After a few minutes, the service will recognize the stopped task, and will kick off the
latest-version TaskDefinition.
The proper version will also be updated on the JFrog Artifactory High Availability
Configuration page.
Page 32 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
11. Repeat steps 1-10 for the ArtifactorySecondary service. Please do one task at a time.
Important: Ensure you remove the instances from the Registered Targets list
(step 9 in this procedure). Failure to do so may cause unwanted downtime.
Security
By default, the load balancer will not match your certificate. You will need to configure DNS
according to your organization’s configuration, which is highly recommended for a
production deployment.
Page 33 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
When you create a new VPC, the private subnet CIDR is automatically provided to the
database security group ArtifactoryBDSG. In the new VPC, the private subnet is accessible
only from the public subnet.
When you deploy to an existing VPC, ensure similar rules are followed so that your
Artifactory nodes are not accessible directly from the internet. Also, ensure that the private
CIDR is correct and locked down. Avoid using 0.0.0.0/0. If the subnet is a public subnet, it
will allow your MySQL database to be available from the internet.
Storage
A major difference between running on premises and on AWS is the use of storage. As
Amazon S3 is being used, you will be charged for what is currently in use, rather than what
may be allocated on premises. Please be sure to monitor your usage.
Troubleshooting
Q. I provisioned more secondary nodes than I have licenses, and I cannot access
Artifactory. What do I do?
A. In the AWS CloudFormation console, choose Update Stack, and reduce the number of
secondary nodes to the number of licenses you purchased minus one license for the master.
Page 34 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Important When you set Rollback on failure to No, you will continue to incur
AWS charges for this stack. Please make sure to delete the stack when you finish
troubleshooting.
Send us feedback
To post feedback, submit feature ideas, or report bugs, use the Issues section of the
GitHub repository for this Quick Start. If you’d like to submit code, please review the Quick
Start Contributor’s Guide.
Additional resources
AWS resources
Getting Started Resource Center
AWS General Reference
AWS Glossary
AWS services
AWS CloudFormation
Amazon EBS
Amazon EC2
IAM
Amazon VPC
Amazon RDS
Page 35 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
Amazon S3
Amazon ECS
Elastic Load Balancing
Amazon RDS
Amazon S3
Artifactory documentation
Artifactory User Guide
Document revisions
Date Change In sections
Page 36 of 37
Amazon Web Services – Artifactory with Amazon ECS on the AWS Cloud September 2019
© 2019, Amazon Web Services, Inc. or its affiliates, and JFrog. All rights reserved.
Notices
This document is provided for informational purposes only. It represents AWS’s current product offerings
and practices as of the date of issue of this document, which are subject to change without notice. Customers
are responsible for making their own independent assessment of the information in this document and any
use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether
express or implied. This document does not create any warranties, representations, contractual
commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities
and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of,
nor does it modify, any agreement between AWS and its customers.
The software included with this paper is licensed under the Apache License, Version 2.0 (the "License"). You
may not use this file except in compliance with the License. A copy of the License is located at
http://aws.amazon.com/apache2.0/ or in the "license" file accompanying this file. This code is distributed on
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.
Page 37 of 37