- VPC with two public subnets
- A bunch of security groups (WAN to ALB, ALB to EC2, EC2 to RDS, RDS to EC2, EC2 to WAN)
- ALB and Target Group (Health check on
/
for200,302
) - Route53 Hosted Zone (Public) and A-record to ALB
- ACM certificate (DNS validation)
- RDS Instance with Subnet group
- IAM Instance Profile (
AmazonSSMManagedInstanceCore
, inlinekms:Decrypt
andsecretsmanager:GetSecretValue
)
EC2
#cloud-config
package_update: false
package_upgrade: false
ssh_authorized_keys:
- 'ssh-ed25519 ... '
runcmd:
- while fuser /var/lib/rpm/.rpm.lock > /dev/null 2>&1 ; do sleep 1 ; done
- dnf install -y docker
- systemctl enable docker.service
- systemctl start docker.service
- usermod -a -G docker ec2-user
- dnf install -y postgresql15
- wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -qO /usr/bin/yq
- chmod +x /usr/bin/yq
Test connection to RDS
$ PGPASSWORD="$(aws secretsmanager get-secret-value --secret-id 'rds!db-d81525e6-9e56-46b9-85ca-67fe487ed6c9' --region eu-south-2 --query 'SecretString' | yq e 'from_json | .password')" \
psql \
--host=jira.xyz.eu-south-2.rds.amazonaws.com \
--port=5432 \
--username=postgres \
--dbname=jiradb
Run Jira
$ docker volume create --name jiraVolume
$ docker run \
-d \
-v jiraVolume:/var/atlassian/application-data/jira \
--name='jira' \
-p 8080:8080 \
--restart unless-stopped \
-e ATL_PROXY_NAME='jira.ahe.em' \
-e ATL_PROXY_PORT='443' \
-e ATL_TOMCAT_SCHEME='https' \
-e ATL_TOMCAT_SECURE='true' \
-e ATL_JDBC_URL='jdbc:postgresql://jira.xyz.eu-south-2.rds.amazonaws.com:5432/jiradb' \
-e ATL_JDBC_USER='postgres' \
-e ATL_DB_DRIVER='org.postgresql.Driver' \
-e ATL_DB_TYPE='postgres72' \
-e ATL_JDBC_SECRET_CLASS='com.atlassian.secrets.store.aws.AwsSecretsManagerStore' \
-e ATL_JDBC_PASSWORD='{"region": "eu-south-2", "secretId": "rds!db-d81525e6-9e56-46b9-85ca-67fe487ed6c9", "secretPointer": "/password"}' \
-e ATL_FORCE_CFG_UPDATE='true' \
atlassian/jira-software
https://atlassian.github.io/data-center-helm-charts/containers/JIRA/