BlueXP Blog

Bitbucket on AWS: Ultimate Quick Start Guide

Written by Yifat Perry, Technical Content Manager | Oct 29, 2020 9:37:04 AM

What is Bitbucket on AWS?

Bitbucket Data Center is a Git repository management solution by Atlassian, which provides source code collaboration capabilities with high availability and performance.

Running Bitbucket on Amazon Web Services (AWS) provides you with control over code hosting configurations, while providing scalable computing power without investing in hardware.

If you already have Bitbucket set up on another location, you can move the data by implementing a wide range of AWS migration techniques.

In this article, you will learn:

Bitbucket Data Center Features You Can Leverage on AWS

Bitbucket Data Center features include: 

  • Clustering—Bitbucket instances can run on multiple nodes in the same data center. Nodes share cluster workloads and provide scalable capacity, performance, and high availability. Clustering improves performance by distributing workloads across multiple dedicated machines. By adding nodes to a cluster, you can quickly increase capacity without downtime. In the event of a system failure on one node, the remaining nodes can continue to process requests without losing availability.
  • Smart mirroring—synchronous storage copies (mirrors) can be installed in geographically dispersed locations, allowing users to read and receive content faster.
  • Disaster recovery—if a total system failure occurs, an external disaster recovery system can be implemented to ensure business continuity.

Deploying Bitbucket on AWS Using the Bitbucket Server AMI

You can run Atlassian Bitbucket Server AMI directly from your AWS console or by using the EC2 launch wizard.

The Atlassian Bitbucket Server AMI provides a common Bitbucket deployment, including preconfigured, out-of-the-box components like reverse proxies, external databases, backup devices, data volumes, and temporary storage.

The Atlassian Bitbucket Server AMI can be used for one-step deployment of a Bitbucket server instance on AWS, or as a starting point for configuring more complex Bitbucket server deployments.

To find the Atlassian Bitbucket Server AMI, in the Amazon Console, select Community AMIs and search for Atlassian Bitbucket. Remember: to set this up you need the correct AMI ID for your region.

The following command can help you locate the latest AMI, through the Amazon CLI:

aws ec2 describe-images --owners 098706035825 --filters "Name=name,Values=Atlassian BitBucket*" --query 'sort_by(Images, CreationDate)[-1].{ID:ImageId, "AMI Name":Name}' --output table

Bitbucket AMI server components
A Bitbucket AMI server instance includes the following components:

  • Bitbucket Server (your selected version or the latest version)
  • External PostgreSQL database
  • NGINX as a reverse proxy
  • Preconfigured DIY backup utilities that enable creation of AWS snapshots
  • Fast storage using an Instance Store with an EBS Volume

How to launch Atlassian Bitbucket Server AMI
There are two ways to start the AMI:

  1. Automatically create appropriate security groups and IAM roles with a CloudFormation template. See Bitbucket CloudFormation templates here.
  2. Use the AWS console to gain additional control over components and settings for AWS-related security, network, and device blocking. See more instructions here.

The first time the Bitbucket AMI is loaded, Atlassian reads the /etc/atl file (if available). This allows you to override the variable that triggers the installed component. For example, if you enable a self-signed SSL certificate, you can provide the user credentials for the boot instance, as shown below.

#!/bin/bash
echo "ATL_SSL_SELF_CERT_ENABLED=true" >>/etc/atl

Related content: read our guide to AWS migration checklist.


Sizing Guidelines for Bitbucket on AWS

It is important to estimate the hardware resources required for the Bitbucket to run efficiently on AWS. See the table below to estimate your sizing.

 

Repositories

Active users   

Pull Requests

Small

up to 6,200      

up to 3,000      

up to 118,000

Medium

6,200 to 21,000

3,000 to 10,000

118,000 to 350,000

Large

21,000 to 52,000

10,000 to 25,000

350,000 to 850,000

XLarge

above 52,000   

above 25,000   

above 850,000

A single site is suitable for most small to medium deployments, especially when high availability is not required.

If there are heavy loads, the infrastructure should be monitored regularly. If you have performance or stability issues in your environment, consider switching to a clustered infrastructure.

Securing Bitbucket in AWS

Bitbucket deployments can be sensitive in many organizations and require extra attention to security when deployed in the public cloud. Here are a few important considerations for securing Bitbucket instances on AWS.

Subnets and Amazon Virtual Private Cloud (VPC)

Amazon VPC allows AWS resources to run on a specific virtual network. This virtual network is similar to a traditional network in your internal data center, only it uses scalable AWS infrastructure.

The subnet is the range of IP addresses for the VPC. You can run AWS resources on the selected subnet. Use public subnets for Internet-connected resources and private subnets for offline resources.

You can increase VPC security by enabling any of these options:

  • To prevent unauthorized network activity, use Virtual firewall AMI, and/or Virtual intrusion prevention or intrusion detection appliances (IPS/IDS)
  • Site-to-site VPN can transfer information securely between Bitbucket and users
  • Amazon CloudTrail enables VPC APIs to record activity and audit changes to the network

Related content: read our guide to AWS migration strategy.

Security Groups

Security groups act as virtual firewalls that control traffic to instances. The security group applied to each Bitbucket instance depends on how it was started. In general, a best practice is to use security groups to reduce traffic to your Bitbucket instance to the minimum necessary.

  • Starting an instance using an API or AWS console, enables you to create a new security group during the launch process of EC2. Alternatively, you can assign existing security groups. It is best to allow access to the smallest possible range of IP addresses on ports 7999, 443, 80, and 22 only.
  • If you started an instance using AWS CloudFormation templates BitBucketServer.template or BitBucketDataCenter.template, CloudFormation creates security groups and grants access to ports 7999, 443, 80, and 22, as well as valid IP addresses for services used. Define a tight Permitted IP range within the template, and do not add unnecessary inbound access after startup.

Keeping your System Up-to-date

To maximize security and minimize bugs and security vulnerabilities, it is very important that you have the latest patches and updates installed on your Bitbucket server instance. When you run Bitbucket Server for the first time, the AMI downloads the latest version of Bitbucket Server at that time. Going forward, you will need to manage patches and updates on each active instance.

Bitbucket on AWS with NetApp Cloud Volumes ONTAP

NetApp Cloud Volumes ONTAP, the leading enterprise-grade storage management solution, delivers secure, proven storage management services on AWS, Azure and Google Cloud. Cloud Volumes ONTAP supports up to a capacity of 368TB, and supports various use cases such as file services, databases, DevOps or any other enterprise workload, with a strong set of features including high availability, data protection, storage efficiencies, Kubernetes integration, and more.

In particular, Cloud Volumes ONTAP helps in addressing database workloads challenges in the cloud, and filling the gap between your cloud-based database capabilities and the public cloud resources it runs on.

Cloud Volumes ONTAP also supports advanced features for managing SAN storage in the cloud, catering for NoSQL database systems, as well as NFS shares that can be accessed directly from cloud big data analytics clusters.