# Bookstack Wiki Architecture

# 1. Bookstack infra with default auth

#### 1. Bookstack infra with default auth, on default VPC, RDS AutoBackup Off, Single-AZ, EC2. ≈$45.40

This **BookStack** infrastructure is <span style="text-decoration: underline;">**optimized for cost efficiency**</span> by utilizing an **existing VPC** instead of provisioning a new one. **AWS Cognito** authentication **is** **disabled**, relying on **standard** **authentication** mechanisms. The database is hosted on **RDS** with a **Single-AZ deployment**, and **AutoBackup** is **disabled** to minimize costs. Additionally, the infrastructure includes an **EC2** **instance**, **EFS Backup** for persistent storage, **Secrets Manager** and **Systems Manager** for secure configuration management, and **CloudWatch** **Logs** for monitoring and troubleshooting.

[![Bookstack infra-1.jpeg](https://devsecopsinc-bookstack.s3.us-east-1.amazonaws.com/Diagram/Bookstack+infra-1.jpeg)](https://devsecopsinc-bookstack.s3.us-east-1.amazonaws.com/Diagram/Bookstack+infra-1.jpeg "Bookstack infra-1.jpeg")

#### You can always update the current stack using a <span class="s1">**Change Set**</span> to enable:

• <span class="s1">**RDS Multi-AZ**</span> (`<span class="s2">MultiAZ=true</span>`) for high availability,

• <span class="s1">**RDS AutoBackup**</span> (`<span class="s2">AutoBackup=true</span>`) for automatic backups,

• <span class="s1">**RDS Deletion Protection**</span> (`<span class="s2">DeletionProtection=true</span>`) to prevent accidental deletion.

<span class="s3">However, </span>**you cannot switch from the default VPC to a custom one**<span class="s3"> because the </span>**CIDR block differs**<span class="s3">, preventing the stack from being updated.</span>

For instructions on updating the stack using a <span class="s1">**Change Set**</span>, please refer to the [<span class="s1">**dedicated guide**</span>](https://wiki.devsecopsinc.io/books/updating-the-stack-using-a-change-set/page/how-to-update-stack-parameters-using-a-change-set "wiki.devsecopsinc.io").

# 2. Bookstack infra with Google auth, on default VPC

#### 2. Bookstack infra with Google auth, on default VPC, RDS AutoBackup Off, Single-AZ, EC2. ≈$51.40

<span style="text-decoration: underline;">**Balanced BookStack deployment**</span> utilizing an **existing** **VPC** with **AWS** **Cognito** for **authentication**. **RDS** **Single-AZ** with **AutoBackup** **disabled** ensures **cost efficiency**, while **EFS** **Backup**, **Secrets Manager**, **Systems Manager**, **EC2**, and **CloudWatch** **Logs** provide security and monitoring.

[![Bookstack infra-2.png](https://devsecopsinc-bookstack.s3.us-east-1.amazonaws.com/Diagram/Bookstack+infra-2.png)](https://devsecopsinc-bookstack.s3.us-east-1.amazonaws.com/Diagram/Bookstack+infra-2.png "Bookstack infra-2.png")

#### You can always update the current stack using a <span class="s1">**Change Set**</span> to enable:

• <span class="s1">**RDS Multi-AZ**</span> (`<span class="s2">MultiAZ=true</span>`) for high availability,

• <span class="s1">**RDS AutoBackup**</span> (`<span class="s2">AutoBackup=true</span>`) for automatic backups,

• <span class="s1">**RDS Deletion Protection**</span> (`<span class="s2">DeletionProtection=true</span>`) to prevent accidental deletion.

<span class="s3">However, </span>**you cannot switch from the default VPC to a custom one**<span class="s3"> because the </span>**CIDR block differs**<span class="s3">, preventing the stack from being updated.</span>

For instructions on updating the stack using a <span class="s1">**Change Set**</span>, please refer to the [<span class="s1">**dedicated guide**</span>](https://wiki.devsecopsinc.io/books/updating-the-stack-using-a-change-set/page/how-to-update-stack-parameters-using-a-change-set "wiki.devsecopsinc.io").

# 3. Bookstack infra with Google auth, custom VPC

#### 3. Bookstack infra with Google auth, custom VPC, RDS AutoBackup Off, Single-AZ, EC2. ≈$84.25

The <span style="text-decoration: underline;">**BookStack** **infrastructure** is</span> designed <span style="text-decoration: underline;">**for a scalable and secure deployment**</span>. It utilizes a **new** **VPC** for network isolation, **AWS** **Cognito** for **authentication**, and **RDS** for database management in a **Single**-**AZ** configuration with **AutoBackup** **disabled** <span style="text-decoration: underline;">**to optimize costs**</span>. An **EC2** **instance** powers the application, while **EFS** **Backup** ensures data persistence. **Secrets** **Manager** and **Systems** **Manager** enhance configuration security, and **CloudWatch** **Logs** provide real-time monitoring and troubleshooting capabilities.

[![Bookstack infra-3.png](https://devsecopsinc-bookstack.s3.us-east-1.amazonaws.com/Diagram/Bookstack+infra-3.png)](https://devsecopsinc-bookstack.s3.us-east-1.amazonaws.com/Diagram/Bookstack+infra-3.png "Bookstack infra-3.png")

#### You can always update the current stack using a <span class="s1">**Change Set**</span> to enable:

• <span class="s1">**RDS Multi-AZ**</span> (`<span class="s2">MultiAZ=true</span>`) for high availability,

• <span class="s1">**RDS AutoBackup**</span> (`<span class="s2">AutoBackup=true</span>`) for automatic backups,

• <span class="s1">**RDS Deletion Protection**</span> (`<span class="s2">DeletionProtection=true</span>`) to prevent accidental deletion.

<span class="s3">However, </span>**you cannot switch from the default VPC to a custom one**<span class="s3"> because the </span>**CIDR block differs**<span class="s3">, preventing the stack from being updated.</span>

For instructions on updating the stack using a <span class="s1">**Change Set**</span>, please refer to the <span class="s1">**[dedicated guide](https://wiki.devsecopsinc.io/books/updating-the-stack-using-a-change-set/page/how-to-update-stack-parameters-using-a-change-set "wiki.devsecopsinc.io").**</span>