JFrog Artifactory Enterprise and JFrog Xray on the AWS Cloud

JFrog Artifactory Enterprise and JFrog Xray on the AWS Cloud - Operational Guide

Quick Start Operational Guide

February 2022
Giridharan Ramasamy, JFrog Ltd.
Dylan Owen, AWS Integration & Automation team

Visit our GitHub repository to view source files, report bugs, submit feature ideas, or post other feedback on this Quick Start. To comment on the documentation, see Feedback on this guide.

This Quick Start was created by JFrog Ltd. in collaboration with Amazon Web Services (AWS). Quick Starts are automated reference deployments that use AWS CloudFormation templates to deploy key technologies on AWS, following AWS best practices.

Overview

This operational guide provides instructions for updating JFrog Artifactory and JFrog Xray after you deploy the Quick Start, and information on security and storage. For help deploying the Quick Start, see the deployment guide.

Update Artifactory and Xray

To perform maintenance on the stack, update the CloudFormation stack rather than updating the infrastructure manually. This also applies to updating JFrog Artifactory. The JFrog Artifactory version for this Quick Start is 7.15.x, and the Xray version is 3.17.x. You can find current versions on the JFrog Artifactory Service Status page. For more information, see Monitoring Service Status.

If you plan to upgrade both JFrog Artifactory and JFrog Xray, update JFrog Xray first.

Upgrade JFrog Xray

On the AWS CloudFormation console, choose the JFrog Xray stack. Then choose Update. (See JFrog Xray stack.)

Figure 1. JFrog Xray stack

Choose Update nested stack, and then choose Update stack. (See Update nested stack.)

Figure 2. Update nested stack

Choose Use current template, and then choose Next. (See Update stack—Use current template.)

Figure 3. Update stack—Use current template

Enter the XrayVersion you want to run. Then choose Next twice, select the two acknowledgement check boxes, and choose Update Stack.

Stop the JFrog Xray nodes one by one. For more information, see Stop and start your instance. Shutting down the nodes one at a time initiates a health check failure on the load balancer. The load balancer then deletes the current running node and deploys a net new primary node with the updated JFrog Xray version.

Upgrade JFrog Artifactory

To prevent issues and downtime, update only one node at a time. Shut down the ArtifactoryPrimary node first. After the new version starts, shut down the secondary nodes one by one.

On the AWS CloudFormation console, choose the JFrog Artifactory root stack, and then choose Update. (See JFrog Artifactory root stack in the AWS CloudFormation console.)

Figure 4. JFrog Artifactory root stack in the AWS CloudFormation console

On the Prerequisite - Prepare template screen, choose Use current template, and then choose Next. (See Figure 5.)

Figure 5. Prerequisite - Prepare template

In the Artifactory version field, enter the JFrog Artifactory version you want to run. (See Figure 6.)

Figure 6. Artifactory version

Choose Next.
Choose Next again, unless you want to change any other tags or policies. Select the two acknowledgment check boxes, and then choose Update stack.
Stop the JFrog Artifactory nodes one by one, starting with the primary node ArtifactoryMaster. For more information, see Stop and start your instance. Shutting down the nodes one at a time initiates a health check failure on the load balancer. The load balancer then deletes the current running node and deploys a net new primary node with the updated JFrog Artifactory version.

In JFrog Artifactory, you can see the instances that are offline on the Service Status page. For more information, see Monitoring Service Status.

Security

By default, the load balancer does not match your certificate. You must configure the DNS according to your organization’s configuration, which is highly recommended for a production deployment.

When you create a new VPC, the private subnet CIDR is automatically provided to the database security group Artifactory-rds-sg. In the new VPC, the private subnet is accessible only from the public subnet.

When you deploy to an existing VPC, ensure that similar rules are followed so that your JFrog Artifactory nodes are not accessible directly from the internet. Also, ensure that the private CIDR is correct and locked down. Avoid using 0.0.0.0/0. If the subnet is a public subnet, it will allow your SQL database to be available from the internet.

Storage

A major difference between running on-premises and on AWS is storage. Because Amazon S3 is used, you are charged for what is currently in use rather than what may be allocated on premises. Ensure that you monitor your usage.

Feedback on this guide

To comment on this guide, open a GitHub issue as follows:

Notices

This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either expressed or implied. See the License for specific language governing permissions and limitations.