JFrog Artifactory Enterprise and Xray on the AWS Cloud

Quick Start Reference Deployment

QS

April 2021
Vinay Aggarwal and Alex Hung, JFrog
Dylan Owen, AWS Quick Start team

Visit our GitHub repository for source files and to post feedback, report bugs, or submit feature ideas for this Quick Start.

This Quick Start was created by JFrog Ltd. in collaboration with Amazon Web Services (AWS). Quick Starts are automated reference deployments that use AWS CloudFormation templates to deploy key technologies on AWS, following AWS best practices.

Overview

JFrog’s Artifactory is an enterprise universal repository manager, capable of hosting all of your binaries in one place. This Quick Start deploys Artifactory Enterprise in a highly available (HA) configuration into AWS.

JFrog Xray works with JFrog Artifactory to perform universal analysis of binary software components at any stage of the application lifecycle, providing radical transparency that leads to trust in your software. Xray is an optional installation that you can choose during the Quick Start deployment.

This Quick Start is for administrators who want the flexibility, scale, and availability of AWS through products such as virtual private clouds (VPCs), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), Elastic Load Balancing (ELB), and Amazon Relational Database Service (Amazon RDS) to deploy Artifactory as their repository manager.

Amazon EC2, along with Amazon S3 and Amazon RDS, forms the foundation for the deployment. By using Amazon S3 and Amazon RDS as persistent storage for artifacts and the configuration, respectively, Artifactory and Xray can be completely redeployed, scaled up, or scaled down, depending on your requirements. This configuration allows organizations to save on costs for multiple secondary nodes and to pay only for storage used.

The default installation creates two Amazon EC2 Auto Scaling groups:

  • The first Auto Scaling group is responsible for the primary node and ensures that the node.id for HA is set to primary and that there is always only one primary node.

  • The second Auto Scaling group is responsible for ensuring that the node.id for the secondaries is unique and therefore sets it to the hostname. This Auto Scaling group is also responsible for scaling up or down the number of secondaries to the amount specified by the administrator.

The optional Xray installation creates two additional Amazon EC2 Auto Scaling groups:

  • The first Auto Scaling group is responsible for the primary node. Xray is installed into the primary subnet.

  • The second Auto Scaling group is responsible installing Xray into the secondary subnet. This Auto Scaling group is also responsible for scaling up or down the number of secondaries to the amount specified by the administrator.

The Auto Scaling groups are monitored by the Network Load Balancer, which is configured with health checks that validate that the Artifactory service is up and running. If the endpoint returns an error response, a new node is recovered within 10 minutes.

Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.

JFrog Artifactory Enterprise and Xray on AWS

Once you deploy JFrog’s Artifactory with the option to install Xray, you can use it as a production service. For more information about setting up Artifactory, see the Get started with JFrog_Artifactory section later in this guide.

The deployment is configured as infrastructure as code. Any changes to the infrastructure should be done by updating the CloudFormation stack. Any changes performed on the boxes themselves (including reverse-proxy configurations) are lost when an instance reboots. By design, upon shutdown of an instance, or when Artifactory is unavailable, an Auto Scaling group replaces the node, following a load-balancing health check.

AWS costs

You are responsible for the cost of the AWS services and any third-party licenses used while running this Quick Start. There is no additional cost for using the Quick Start.

The AWS CloudFormation templates for Quick Starts include configuration parameters that you can customize. Some of the settings, such as the instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.

After you deploy the Quick Start, create AWS Cost and Usage Reports to deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. These reports provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, see What are AWS Cost and Usage Reports?

Software licenses

This Quick Start requires a subscription to the CentOS AMIand an Enterprise or Enterprise+ license for Artifactory. You can subscribe to the CentOS AMI on the AWS CentOS Marketplace page. If you choose to install Xray, you must have an Enterprise+ license or an Enterprise license with the Xray add-on.

To use the Quick Start in your production environment, sign up for a free trial license, which includes three Artifactory Enterprise licenses. Add the license keys to AWS Secrets Manager, as described in the Deployment steps section in this guide.

Enterprise or Enterprise+ licenses are required for high availability. If the license isn’t an Enterprise or Enterprise+ license, the license is invalid, or the license is not included, the deployment will fail. Also, ensure that the number of secondary Artifactory servers is at most the amount licensed minus one, for the primary server. If you specify too many servers, see the FAQ section for instructions.

If you use a free trial, convert to a permanent license before your trial ends, otherwise the nodes will become unresponsive. You can request a quote by contacting JFrog.

Architecture

Deploying this Quick Start for a new virtual private cloud (VPC) with default parameters builds the following JFrog Artifactory Enterprise and Xray environment in the AWS Cloud.

Architecture
Figure 1. Quick Start architecture for JFrog Artifactory Enterprise and Xray on AWS

As shown in Figure 1, the Quick Start sets up the following:

  • A highly available architecture that spans two Availability Zones.*

  • A VPC configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*

  • A Network Load Balancer attached to the public subnets connecting via port 80 or 443 to the Artifactory primary and secondary nodes in the private subnets.

  • A Network Load Balancer attached to the public subnets for Xray to connect via port 80 to the Artifactory primary and secondary nodes residing in the private subnets.

  • A private and encrypted Amazon S3 bucket for repository storage.

  • In the public subnets:

    • Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.*

    • A Linux bastion host in an Auto Scaling group to allow inbound Secure Shell (SSH) access from the RemoteAccess Classless Inter-Domain Routing (CIDR) to the Amazon EC2 instances in public and private subnets.

  • In the private subnets:

  • Two Amazon EC2 Auto Scaling groups, one for the primary node and one for the secondary nodes.

  • (Optional) One Amazon EC2 Auto Scaling group for the Xray nodes.

  • A PostgreSQL instance on Amazon RDS that can be accessed from the private subnets on port 3306 or 5532.

For more information, see PostgreSQL on Amazon RDS.

The purpose of the Auto Scaling groups is for automatic deployment of the primary node into another Availability Zone if a failure occurs. Do not modify the number of instances.

*The template that deploys the Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

Auto Scaling groups

The Auto Scaling groups are designed to have one primary node and multiple secondary nodes. When an EC2 node or service fail, Auto Scaling groups automatically recreate the instances. For this reason, all configurations are made on boot and result in a loss of any data that are not stored in the Amazon RDS instance or S3 bucket.

For more information, see AWS Auto Scaling.

Ansible init script

Ansible is installed and configured to run only on initial boot. Ansible, in cooperation with the Auto Scaling group, initiates the required configuration to configure, install, and run Artifactory and Xray. As a part of this configuration, the nodes automatically join the HA cluster.

Do not change the master key of the stack when updating the stack. Doing so results in an unsupported configuration that future nodes cannot join. To update an expired Secure Sockets Layer (SSL) certificate, change the CloudFormation stack certificate and certificate key inputs, and then redeploy the nodes (see Updating Artifactory).

If you change the certificate and certificate key manually on the Amazon EC2 instances (instead of updating the CloudFormation stack), your manual changes are lost at the next update or reboot, which results in an unwanted configuration.

Planning the deployment

Specialized knowledge

This deployment requires a moderate level of familiarity with AWS services. If you’re new to AWS, see Getting Started Resource Center and AWS Training and Certification. These sites provide materials for learning how to design, deploy, and operate your infrastructure and applications on the AWS Cloud.

This Quick Start assumes familiarity with JFrog Artifactory, JFrog Xray, and infrastructure as code. It also requires a moderate level of familiarity with AWS services. If you’re new to AWS, visit the Getting Started Resource Center and the AWS Training and Certification website for materials and programs that can help you develop the skills to design, deploy, and operate your infrastructure and applications on the AWS Cloud.

AWS account

If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions. Part of the sign-up process involves receiving a phone call and entering a PIN using the phone keypad.

Your AWS account is automatically signed up for all AWS services. You are charged only for the services you use.

Technical requirements

Before you launch the Quick Start, review the following information and ensure that your account is properly configured. Otherwise, deployment might fail.

Resource quotas

If necessary, request service quota increases for the following resources. You might need to request increases if your existing deployment currently uses these resources and if this Quick Start deployment could result in exceeding the default quotas. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, see What is Service Quotas? and AWS service quotas.

Resource This deployment uses

VPCs

1

Elastic IP addresses

3

AWS Identity and Access Management (IAM) security groups

1

IAM roles

2

Security groups

4

Auto Scaling groups

3

Load Balancers

2

m5.xlarge instances

4

t3.micro instances

1

db.m5.large (RDS)

1

S3 Buckets

1

Supported AWS Regions

For any Quick Start to work in a Region other than its default Region, all the services it deploys must be supported in that Region. You can launch a Quick Start in any Region and see if it works. If you get an error such as “Unrecognized resource type,” the Quick Start is not supported in that Region.

For an up-to-date list of AWS Regions and the AWS services they support, see AWS Regional Services.

Certain Regions are available on an opt-in basis. For more information, see Managing AWS Regions.

Amazon EC2 key pairs

Ensure that at least one Amazon EC2 key pair exists in your AWS account in the Region where you plan to deploy the Quick Start. Note the key-pair name because you will use it during deployment. To create a key pair, see Amazon EC2 key pairs and Linux instances.

For testing or proof-of-concept purposes, we recommend creating a new key pair instead of using one that’s already being used by a production instance.

IAM permissions

Before launching the Quick Start, you must sign in to the AWS Management Console with IAM permissions for the resources that the templates deploy. The AdministratorAccess managed policy within IAM provides sufficient permissions, although your organization may choose to use a custom policy with more restrictions. For more information, see AWS managed policies for job functions.

Prepare for the deployment

Prepare the certificate and certificate key

Open the certificate into an editor of your choice and copy the certificate and paste it directly in the text box in next step. This results in the entire certificate being on a single line, and it automatically converts all Carriage Return and Line Feed (CRLF) or Line Feed (LF) characters to spaces. Follow the same process for the certificate key.

Add the license keys and certificate to AWS Secrets Manager

Perform these steps:

  1. Open AWS Secrets Manager in the same Region in which you deploy the Quick Start.

  2. Choose Store a new secret.

  3. Choose Other type of secret.

  4. For the secret key value, create six rows for the Artifactory licenses.

  5. Add the following key names and Artifactory license keys (see Secrets Manager key-value licenses page):

    • ArtifactoryLicense1

    • ArtifactoryLicense2

    • ArtifactoryLicense3

    • ArtifactoryLicense4

    • ArtifactoryLicense5

    • ArtifactoryLicense6

image_placeholder
Figure 2. Secrets Manager key-value licenses page
  1. Choose Next.

  2. Provide a secret name to use when deploying this Quick Start.

  3. Choose Next twice.

  4. Choose Store.

  1. Repeat the above steps for storing the certificate details in AWS Secrets Manager.

  2. Create three rows for the certificate information retrieved in the preparation of the certificate in the Prepare the certificate and certificate key section:

    • Certificate

    • CertificateKey

    • CertificateDomain

image_placeholder
Figure 3. Secrets Manager key-value certificates page
Subscribe to the CentOS AMI

This Quick Start requires a subscription to the Amazon Machine Image (AMI) for CentOS in AWS Marketplace.

Perform the following steps:

  1. Sign in to your AWS account.

  2. Open the page for the CentOS AMI in AWS Marketplace, and then choose Continue to Subscribe.

  3. Review the terms and conditions for software usage, and then choose Accept Terms.
    A confirmation page loads, and an email confirmation is sent to the account owner. For detailed subscription instructions, see the AWS Marketplace documentation.

  4. When the subscription process is complete, exit out of AWS Marketplace without further action. Do not provision the software from AWS Marketplace — the Quick Start deploys the AMI for you.

Deployment options

This Quick Start provides two deployment options:

  • Deploy Artifactory and Xray into a new VPC. This option builds a new AWS environment consisting of the VPC, subnets, NAT gateways, security groups, bastion hosts, and other infrastructure components. It then deploys Artifactory and Xray into this new VPC.

  • Deploy Artifactory and Xray into an existing VPC. This option provisions Artifactory and Xray in your existing AWS infrastructure.

The Quick Start provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and Artifactory and Xray settings, as discussed later in this guide.

Deployment steps

Sign in to your AWS account

  1. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has the necessary permissions. For details, see Planning the deployment earlier in this guide.

  2. Make sure that your AWS account is configured correctly, as discussed in the Technical requirements section.

Launch the Quick Start

If you’re deploying JFrog Artifactory Enterprise and Xray into an existing VPC, make sure that your VPC has two private subnets in different Availability Zones for the workload instances, and that the subnets aren’t shared. This Quick Start doesn’t support shared subnets. These subnets require NAT gateways in their route tables, to allow the instances to download packages and software without exposing them to the internet.

Each deployment takes about 30 minutes to complete.

  1. Sign in to your AWS account, and choose one of the following options to launch the AWS CloudFormation template. For help with choosing an option, see deployment options earlier in this guide.

Deploy JFrog Artifactory Enterprise and Xray into a new VPC on AWS

View template

Deploy JFrog Artifactory Enterprise and Xray into an existing VPC on AWS

View template

  1. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar, and change it if necessary. This Region is where the network infrastructure for JFrog Artifactory Enterprise and Xray is built. The template is launched in the us-east-1 Region by default.

  1. On the Create stack page, keep the default setting for the template URL, and then choose Next.

  2. On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. For details on each parameter, see the Parameter reference section of this guide. When you finish reviewing and customizing the parameters, choose Next.

  3. On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next.

  4. On the Review page, review and confirm the template settings. Under Capabilities, select the two check boxes to acknowledge that the template creates IAM resources and might require the ability to automatically expand macros.

  5. Choose Create stack to deploy the stack.

  6. Monitor the status of the stack. When the status is CREATE_COMPLETE, the Artifactory and Xray deployment is ready.

  7. To view the created resources, see the values displayed in the Outputs tab for the stack.

Get started with JFrog Artifactory

  1. Connect to Artifactory from ArtifactoryURL. You can find ArtifactoryUrl on the Outputs tab of the Artifactory primary stack. Verify that you can view the login screen (see Figure 4).

image_placeholder
Figure 4. JFrog Artifactory login screen
If you use a non-CA-signed certificate, you will receive a certificate warning when you attempt to access the page. This happens because the certificate doesn’t match the ELB DNS unless you configure Amazon Route 53.
  1. The default user name and password for Artifactory are admin and password, respectively. Enter your credentials, and choose Login. For more information, see JFrog Users and Groups.

This loads the setup wizard for initial configuration. Choose Get Started. (see Figure 5).

image_placeholder
Figure 5. JFrog Artifactory welcome screen

This Quick Start handles the license key configuration during the deployment, so you are not prompted to activate your license.

  1. Set a secure administrator password for your deployment, and then choose Next (see Figure 6).

image_placeholder
Figure 6. Set administrator password
  1. Optionally, configure the base URL setting. Because this deployment uses a proxy, it’s highly recommended that you update the base URL of Artifactory. More information regarding this setting can be found in the Getting Started guide (see Figure 7).

image_placeholder
Figure 7. Set Base URL screen
  1. Optionally, configure proxy settings for remote resources. (see Figure 8).

image_placeholder
Figure 8. SConfigure proxy settings if required
  1. Select the repositories that you require, and then choose Create (see Figure 9).

image_placeholder
Figure 9. Select repositories
  1. Choose Finish (see Figure 10).

image_placeholder
Figure 10. SFinal wizard screen
  1. Complete the administrative tasks by configuring the following:

Backups save to the local file system and do not persist if the EC2 instance is terminated. It is recommended to create snapshots of the primary instance.

Update Artifactory and Xray

If you perform maintenance on the stack, update the CloudFormation stack rather than updating the infrastructure manually (this also applies to updating Artifactory). The Artifactory version for this Quick Start is 7.15.x, and the Xray version is 3.17.x (see Figure 11).

If you plan to upgrade Artifactory and Xray, update Xray first.
image_placeholder
Figure 11. JFrog Artifactory status page shows the current version

Upgrade Xray

  1. Choose the Xray stack, and then choose Update (see Figure 12).

image_placeholder
Figure 12. JFrog Artifactory status page shows the current version
  1. Choose Update nested stack, and then choose Update stack (see Figure 13).

image_placeholder
Figure 13. JFrog Artifactory status page shows the current version
  1. Choose Use current template, and then choose Next (see Figure 14).

image_placeholder
Figure 14. JFrog Artifactory status page shows the current version
  1. Modify the Xray version that is supported by the template, and then choose Next twice, the two I acknowledge check boxes, and Update Stack (see Figure 15).

image_placeholder
Figure 15. JFrog Artifactory status page shows the current version
  1. Shut down the Xray nodes one by one. Shutting down the nodes one at a time initiates a health check failure on the load balancer. The load balancer then deletes the current running node and deploys a net new primary node with the updated version. (see Figure 16).

image_placeholder
Figure 16. JFrog Artifactory status page shows the current version

Upgrade Artifactory

  1. Choose the root stack, and then choose Update (see Figure 17).

image_placeholder
Figure 17. Stack list and update button on the CloudFormation console
  1. On the Prerequisite screen, choose Use current template, and then choose Next (see Figure 18).

image_placeholder
Figure 18. Update stack, prerequisite information
  1. Scroll down the page and locate the Artifactory version field (see Figure 19).

image_placeholder
Figure 19. CloudFormation console update page (before you change the version)
  1. Enter the version number that you want to run (see Figure 20).

image_placeholder
Figure 20. CloudFormation console update page (after you change the version)
  1. Scroll down, and choose Next. Choose Next again, unless you want to change any other tags or policies. Select the two I acknowledge check boxes, and choose Update stack (see Figure 21).

image_placeholder
Figure 21. Completing the update process
  1. Shut down the ArtifactoryMaster node. The proper process shuts down the nodes one at a time, starting with the Artifactory primary node. This shutdown initiates a health check failure on the load balancer. The load balancer then deletes the current running primary node and deploys a new primary node with the updated version (see Figure 22).

image_placeholder
Figure 22. Shutting down Artifactory’s primary node

The Artifactory status page shows which instances are offline (see Figure 23).

image_placeholder
Figure 23. JFrog Artifactory service status page
To prevent issues and downtime, update only one node at a time. Shut down the ArtifactoryPrimary node first. When the new version starts, shut down the secondary nodes one by one.

Security

By default, the load balancer does not match your certificate. You must configure the DNS according to your organization’s configuration, which is highly recommended for a production deployment. When you create a new VPC, the private subnet CIDR is automatically provided to the database security group Artifactory-rds-sg. In the new VPC, the private subnet is accessible only from the public subnet. When you deploy to an existing VPC, ensure similar rules are followed so that your Artifactory nodes are not accessible directly from the internet. Also, ensure that the private CIDR is correct and locked down. Avoid using 0.0.0.0/0. If the subnet is a public subnet, it will allow your SQL database to be available from the internet.

Storage

A major difference between running on-premises and on AWS is storage. Because Amazon S3 is used, you are charged for what is currently in use rather than what may be allocated on premises. Ensure to monitor your usage.

FAQ

Q. . I provisioned more secondary nodes than I have licenses, and I cannot access Artifactory. What do I do?

A. In the AWS CloudFormation console, choose Update stack, and reduce the number of secondary nodes to the number of licenses you purchased, minus one license for the master.

Q. My license ran out and Artifactory is unresponsive. How do I fix this?

A. Reduce the number of secondary nodes to zero, and contact JFrog for a new license.

Q. My certificate is out of date. How do I update it?

A. The certificate is handled via Ansible or Helm. In the AWS CloudFormation console, choose Update stack, change the certificate and certificate key values. Then, by rolling restart, update the master node first, and then, one at a time, the secondary nodes. This will rebuild each node with the correct certificate.

Q. I encountered a CREATE_FAILED error when I launched the Quick Start.

A. If AWS CloudFormation fails to create the stack, we recommend that you relaunch the template with Rollback on failure set to No. This setting is under Advanced in the AWS CloudFormation console on the Configure stack options page. With this setting, the stack’s state is retained and the instance is left running, so you can troubleshoot the issue. (For Windows, look at the log files in %ProgramFiles%\Amazon\EC2ConfigService and C:\cfn\log.)

When you set Rollback on failure to Disabled, you continue to incur AWS charges for this stack. Please make sure to delete the stack when you finish troubleshooting.

For additional information, see Troubleshooting AWS CloudFormation on the AWS website.

Q. I encountered a size limitation error when I deployed the AWS CloudFormation templates.

A. Launch the Quick Start templates from the links in this guide or from another S3 bucket. If you deploy the templates from a local copy on your computer or from a location other than an S3 bucket, you might encounter template size limitations. For more information about AWS CloudFormation quotas, see the AWS documentation.

Customer responsibility

After you successfully deploy this Quick Start, confirm that your resources and services are updated and configured — including any required patches — to meet your security and other needs. For more information, see the AWS Shared Responsibility Model.

Parameter reference

Unless you are customizing the Quick Start templates for your own deployment projects, keep the default settings for the parameters labeled Quick Start S3 bucket name, Quick Start S3 bucket Region, and Quick Start S3 key prefix. Changing these parameter settings automatically updates code references to point to a new Quick Start location. For more information, see the AWS Quick Start Contributor’s Guide.

Parameters for launching into a new VPC

Table 1. Security configuration
Parameter label (name) Default value Description

SSH key name (KeyPairName)

Requires input

Name of an existing key pair, which allows you to connect securely to your instance after it launches. This is the key pair you created in your preferred Region.

Permitted IP range (AccessCidr)

Requires input

CIDR IP range permitted to access Artifactory. It is recommended that you set this value to a trusted IP range. For example, you may want to limit software access to your corporate network.

Remote access CIDR (RemoteAccessCidr)

Requires input

Remote CIDR range that allows you to connect to the bastion instance by using SSH. It is recommended that you set this value to a trusted IP range. For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol.

Table 2. Network configuration
Parameter label (name) Default value Description

Availability Zones (AvailabilityZones)

Requires input

List of Availability Zones to use for the subnets in the VPC. Two Availability Zones are used for this deployment.

VPC CIDR (VpcCidr)

10.0.0.0/16

CIDR block for the VPC.

Private subnet 1 CIDR (PrivateSubnet1Cidr)

10.0.0.0/19

CIDR block for private subnet 1 located in Availability Zone 1.

Private subnet 2 CIDR (PrivateSubnet2Cidr)

10.0.32.0/19

CIDR block for private subnet 2 located in Availability Zone 2.

Public subnet 1 CIDR (PublicSubnet1Cidr)

10.0.128.0/20

CIDR block for the public (DMZ) subnet 1 located in Availability Zone 1.

Public subnet 2 CIDR (PublicSubnet2Cidr)

10.0.144.0/20

CIDR block for the public (DMZ) subnet 2 located in Availability Zone 2.

Table 3. Bastion configuration
Parameter label (name) Default value Description

Bastion instance (ProvisionBastionHost)

Enabled

To skip creating a bastion instance, choose Disabled. Because Artifactory nodes are created in private subnets, it’s highly recommended to set this value to Enabled.

Bastion instance type (BastionInstanceType)

t3.micro

Size of the bastion instances.

Bastion operating system (BastionOs)

Amazon-Linux2-HVM

Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.

Bastion root volume size (BastionRootVolumeSize)

10

Size of the root volume in the bastion instances.

Bastion enable TCP forwarding (BastionEnableTcpForwarding)

true

Choose whether to enable TCP forwarding via bootstrapping of the bastion instance.

Number of bastion instances (NumBastionHosts)

1

Number of bastion instances to create.

Bastion enable X11 forwarding (BastionEnableX11Forwarding)

false

Choose true to enable X11 via bootstrapping of the bastion host. Setting this value to true enables X Windows over SSH. X11 forwarding can be useful, but it is also a security risk, so it’s recommended that you keep the default (false) setting.

Table 4. Amazon EC2 configuration
Parameter label (name) Default value Description

EBS root volume size (VolumeSize)

200

Size in gigabytes of available storage (min 10GB). The Quick Start creates an Amazon Elastic Block Store (Amazon EBS) volumes of this size.

EC2 instance type (InstanceType)

m5.xlarge

EC2 instance type for the Artifactory instances.

Table 5. JFrog Artifactory configuration
Parameter label (name) Default value Description

Artifactory version (ArtifactoryVersion)

7.24.3

Version of Artifactory that you want to deploy into the Quick Start. To select the correct version, see the release notes at https://www.jfrog.com/confluence/display/RTF/Release+Notes.

Secondary instances (NumberOfSecondary)

2

Number of secondary Artifactory servers to complete your HA deployment. To align with Artifactory best practices, the minimum number is two, and the maximum is seven. Do not select more instances than you have licenses for.

Artifactory licenses secret name (SmLicenseName)

Blank string

Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.

Artifactory certificate secret name (SmCertName)

Blank string

Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.

Artifactory server name (ArtifactoryServerName)

Requires input

Name of your Artifactory server. Ensure that this matches your certificate.

Master server key (MasterKey)

Requires input

Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.

Extra Java options (ExtraJavaOptions)

-Xss256k -XX:+UseG1GC

Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings.

Default Java memory settings (DefaultJavaMemSettings)

true

Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing.

Table 6. Amazon RDS configuration
Parameter label (name) Default value Description

Database name (DatabaseName)

artdb

Name of your database instance. The name must be unique across all instances owned by your AWS account in the current Region. The database instance identifier is case-insensitive, but it’s stored in lowercase (as in "mydbinstance").

Database user (DatabaseUser)

artifactory

Login ID for the master user of your database instance.

Database password (DatabasePassword)

Requires input

Password for the Artifactory database user.

Database instance type (DatabaseInstance)

db.m5.large

Size of the database to be deployed as part of the Quick Start.

Database allocated storage (DatabaseAllocatedStorage)

10

Size in gigabytes of available storage for the database instance.

High-availability database (MultiAzDatabase)

true

Choose false to create an Amazon RDS instance in a single Availability Zone.

Table 7. AWS Quick Start configuration
Parameter label (name) Default value Description

Quick Start S3 bucket name (QsS3BucketName)

aws-quickstart

S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

Quick Start S3 key prefix (QsS3KeyPrefix)

quickstart-jfrog-artifactory/

S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).

Quick Start S3 bucket region (QsS3BucketRegion)

us-east-1

AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.

Table 8. JFrog Xray Configuration
Parameter label (name) Default value Description

Install JFrog Xray (InstallXray)

true

Choose true to install JFrog Xray instance(s).

Version of Xray to install (XrayVersion)

3.29.2

The version of Xray that you want to deploy into the Quick Start.

Number of JFrog Xray secondary instances (XrayNumberOfSecondary)

0

The number of Xray secondary instances servers to complete your HA deployment. The minimum number is zero; the maximum is six. Do not select more than instances than you have licenses for.

Xray instance type (XrayInstanceType)

c5.2xlarge

The EC2 instance type for the Xray instances.

Xray Database user (XrayDatabaseUser)

xray

The login ID for the Xray database user.

Xray Database password (XrayDatabasePassword)

Requires input

The password for the Xray database user.

Parameters for launching into an existing VPC

Table 9. Security configuration
Parameter label (name) Default value Description

SSH key name (KeyPairName)

Requires input

Name of an existing key pair, which allows you to connect securely to your instance after it launches. This is the key pair you created in your preferred Region.

Permitted IP range (AccessCidr)

Requires input

CIDR IP range that is permitted to access Artifactory. We recommend that you set this value to a trusted IP range. For example, you might want to grant only your corporate network access to the software.

Remote access CIDR (RemoteAccessCidr)

Requires input

Remote CIDR range that allows you to connect to the bastion instance by using SSH. We recommend that you set this value to a trusted IP range. For example, you might want to grant specific ranges inside your corporate network SSH access.

Table 10. Network configuration
Parameter label (name) Default value Description

VPC ID (VpcId)

Requires input

ID of your existing VPC (e.g., vpc-0343606e).

VPC CIDR (VpcCidr)

10.0.0.0/16

CIDR block for the VPC.

Availability Zones (AvailabilityZones)

Requires input

List of Availability Zones to use for the subnets in the VPC. Two Availability Zones are used for this deployment.

Public subnet 1 ID (PublicSubnet1Id)

Requires input

ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).

Public subnet 2 ID (PublicSubnet2Id)

Requires input

ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84).

Private subnet 1 ID (PrivateSubnet1Id)

Requires input

ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd).

Private subnet 2 ID (PrivateSubnet2Id)

Requires input

ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67).

Private subnet 1 CIDR (PrivateSubnet1Cidr)

10.0.0.0/19

CIDR of the private subnet in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19).

Private subnet 2 CIDR (PrivateSubnet2Cidr)

10.0.32.0/19

CIDR of the private subnet in Availability Zone 2 of your existing VPC (e.g., 10.0.32.0/19).

Elastic Load Balancing scheme (ELBScheme)

internet-facing

Choose whether this is internet facing or internal.

Table 11. Bastion configuration
Parameter label (name) Default value Description

Bastion instance (ProvisionBastionHost)

Enabled

Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being created in private subnets, the default setting of Enabled this is highly recommended.

Bastion instance type (BastionInstanceType)

t3.micro

Size of the bastion instances.

Bastion operating system (BastionOs)

Amazon-Linux2-HVM

Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.

Bastion root volume size (BastionRootVolumeSize)

10

Size of the root volume on the bastion instances.

Bastion enable TCP forwarding (BastionEnableTcpForwarding)

true

Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance or not.

Number of bastion instances (NumBastionHosts)

1

Number of bastion instances to create.

Bastion enable X11 forwarding (BastionEnableX11Forwarding)

false

Choose true to enable X11 via the bootstrapping of the bastion host. Setting this value to true will enable X Windows over SSH. X11 forwarding can be useful, but it is also a security risk, so it’s recommended that you keep the default (false) setting.

Table 12. Amazon EC2 configuration
Parameter label (name) Default value Description

EBS root volume size (VolumeSize)

200

Size in gigabytes of the available storage (min 10GB); the Quick Start will create an Amazon Elastic Block Store (Amazon EBS) volumes of this size.

EC2 instance type (InstanceType)

m5.xlarge

EC2 type for the Artifactory instances.

Table 13. JFrog Artifactory configuration
Parameter label (name) Default value Description

Artifactory version (ArtifactoryVersion)

7.24.3

Version of Artifactory that you want to deploy into the Quick Start. See the release notes to select the version you want to deploy at https://www.jfrog.com/confluence/display/RTF/Release+Notes.

Secondary instances (NumberOfSecondary)

2

Number of secondary Artifactory servers to complete your HA deployment. To align with Artifactory best practices, the minimum number is two and the maximum is seven. Do not select more instances than you have licenses for.

Artifactory licenses secret name (SmLicenseName)

Blank string

Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.

Artifactory certificate secret name (SmCertName)

Blank string

Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.

Artifactory server name (ArtifactoryServerName)

Requires input

Name of your Artifactory server. Ensure that this matches your certificate.

Master server key (MasterKey)

Requires input

Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.

Extra Java options (ExtraJavaOptions)

-Xss256k -XX:+UseG1GC

Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings.

Default Java memory settings (DefaultJavaMemSettings)

true

Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing.

Table 14. Amazon RDS configuration
Parameter label (name) Default value Description

Database name (DatabaseName)

artdb

Name of your database instance. The name must be unique across all instances owned by your AWS account in the current Region. The database instance identifier is case-insensitive, but it’s stored in lowercase (as in "mydbinstance").

Database user (DatabaseUser)

artifactory

Login ID for the master user of your database instance.

Database password (DatabasePassword)

Requires input

Password for the Artifactory database user.

Database instance type (DatabaseInstance)

db.m5.large

Size of the database to be deployed as part of the Quick Start.

Database allocated storage (DatabaseAllocatedStorage)

10

Size in gigabytes of the available storage for the database instance.

High-availability database (MultiAzDatabase)

true

Choose false to create an Amazon RDS instance in a single Availability Zone.

Table 15. AWS Quick Start configuration
Parameter label (name) Default value Description

Quick Start S3 bucket name (QsS3BucketName)

aws-quickstart

S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

Quick Start S3 key prefix (QsS3KeyPrefix)

quickstart-jfrog-artifactory/

S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).

Quick Start S3 bucket region (QsS3BucketRegion)

us-east-1

AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.

Table 16. JFrog Xray Configuration
Parameter label (name) Default value Description

Install JFrog Xray (InstallXray)

true

Choose true to install JFrog Xray instance(s).

Version of Xray to install (XrayVersion)

3.29.2

The version of Xray that you want to deploy into the Quick Start.

Number of JFrog Xray secondary instances (XrayNumberOfSecondary)

0

The number of Xray secondary instances servers to complete your HA deployment. The minimum number is zero; the maximum is six. Do not select more than instances than you have licenses for.

Xray instance type (XrayInstanceType)

c5.2xlarge

The EC2 instance type for the Xray instances.

Xray Database user (XrayDatabaseUser)

xray

The login ID for the Xray database user.

Xray Database password (XrayDatabasePassword)

Requires input

The password for the Xray database user.

Send us feedback

To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub repository for this Quick Start. To submit code, see the Quick Start Contributor’s Guide.

Quick Start reference deployments

GitHub repository

Visit our GitHub repository to download the templates and scripts for this Quick Start, to post your comments, and to share your customizations with others.


Notices

This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either expressed or implied. See the License for specific language governing permissions and limitations.