# #2 Installation - Setup Guide (Bookstack) Bookstack is managed and configured via CloudFormation. # 📌 0. How to Find Required Parameters ### To properly deploy BookStack, you need to provide the following network parameters and certificate ARN: #### **1️⃣ VpcCidrBlock (CIDR block for the VPC)** • If you are **creating a new VPC**, use `10.0.0.0/16` as the default value. • If you are **using an existing VPC**, retrieve the CIDR block: • Open **AWS Console****VPC****Your VPCs** [![0-vpc-your-vpc.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/0-vpc-your-vpc.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/0-vpc-your-vpc.png) • Locate your VPC and copy the **IPv4 CIDR** value. [![0-vpccidrblock.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/0-vpccidrblock.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/0-vpccidrblock.png) #### **2️⃣ VpcId (VPC ID)** • Locate your VPC and copy its **VPC ID** (e.g., vpc-0a1ba422ba9a105e9). [![0-vpcid.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/0-vpcid.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/0-vpcid.png) #### **3️⃣ Subnet1Id & Subnet2Id (Subnet IDs)** • Open **AWS Console****VPC****Subnets** • Select your VPC, and at the bottom panel, navigate to the **Resource Map** tab. • Here, you will see a list of all subnets associated with your VPC. • Choose two **private subnets** (preferably in different Availability Zones) and copy their **Subnet IDs** (e.g., subnet-040155a08a9508bb6, subnet-02e4a590db71371f9). [![0-vpc-subnets.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/0-vpc-subnets.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/0-vpc-subnets.png) **⚠** **Important Notice!** Ensure that the region of your resources matches the deployment region in CloudFormation. If you select resource IDs from **Region A** but deploy in **Region B**, you will encounter an error stating that the specified resources do not exist. This happens because each AWS region has its own unique set of resource IDs. #### 4️⃣ **Obtain an SSL Certificate (if you don’t have one):** • Navigate to **AWS Certificate Manager (ACM)** in the AWS Management Console. • **Request** a new certificate by selecting **“Request a public certificate”** and click **Next**. [![1-req-pub-cert.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/1-req-pub-cert.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/1-req-pub-cert.png) • Follow the steps to validate your domain using **DNS validation (recommended)** or **Email validation**. [![2-req-pub-cert-configuration.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/2-req-pub-cert-configuration.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/2-req-pub-cert-configuration.png) • Select `ECDSA P-256` as the key algorithm. This is equivalent in cryptographic strength to **RSA 3072** but provides better performance. If `ECDSA P-256` is not supported by your use case, you can use `RSA 2048` instead (though it is less efficient). Create the tag with **Key=`Name`**, **Value=`bookstack`** (or any other meaningful name that helps you recognize it) [![3-req-pub-cert-algoritm.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/3-req-pub-cert-algoritm.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/3-req-pub-cert-algoritm.png) • Once the certificate is issued, copy its **ARN** and use it in the **SSLCertificate** parameter during deployment. [![4-cert-arn.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/4-cert-arn.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/4-cert-arn.png) **⚠** **Important Notice! **Ensure that the certificate is created in the **same AWS region** where you are deploying the CloudFormation stack. If the certificate is in a different region, the ALB will not be able to use it, and the deployment will fail. # 📌 1. Check Region Availability for RDS MariaDB & EC2-instance ### Check RDS MariaDB availability for your region The availability of **Graviton** for **RDS** **MariaDB** may vary depending on your region. To speed up deployment and minimize the risk of an unavailable **RDS** **instance** **type** in your chosen region, we recommend referring to the **MariaDB** availability table based on the region from which you plan to deploy the BookStack infrastructure. 📅 **Last availability scan date:** `March 19, 2025`.
**Checking region: `ap-south-1`** **Checking region: `eu-north-1`****Checking region: `eu-west-3`****Checking region: `eu-west-2`**
`db.m6g.large``db.m6g.large``db.m6g.large``db.m6g.large`
`db.m7g.large``db.m7g.large``db.m7g.large``db.m7g.large`
`db.r6g.large``db.r6g.large``db.r6g.large``db.r6g.large`
`db.r7g.large``db.r7g.large``db.t4g.medium``db.r7g.large`
`db.t4g.medium``db.t4g.medium``db.t4g.small``db.t4g.medium`
`db.t4g.small``db.t4g.small` `db.t4g.small`
**Checking region: `eu-west-1`****Checking region: `ap-northeast-3`****Checking region: `ap-northeast-2`****Checking region: `ap-northeast-1`**
`db.m6g.large``db.m6g.large``db.m6g.large``db.m6g.large`
`db.m7g.large``db.r6g.large``db.m7g.large``db.m7g.large`
`db.r6g.large``db.t4g.medium``db.r6g.large``db.r6g.large`
`db.r7g.large``db.t4g.small``db.r7g.large``db.r7g.large`
`db.t4g.medium` `db.t4g.medium``db.t4g.medium`
`db.t4g.small` `db.t4g.small``db.t4g.small`
**Checking region: `ca-central-1`****Checking region: `sa-east-1`****Checking region: `ap-southeast-1`****Checking region: `ap-southeast-2`**
`db.m6g.large``db.m6g.large``db.m6g.large``db.m6g.large`
`db.m7g.large``db.r6g.large``db.m7g.large``db.m7g.large`
`db.r6g.large``db.t4g.medium``db.r6g.large``db.r6g.large`
`db.r7g.large``db.t4g.small``db.r7g.large``db.r7g.large`
`db.t4g.medium` `db.t4g.medium``db.t4g.medium`
`db.t4g.small` `db.t4g.small``db.t4g.small`
**Checking region: `eu-central-1`****Checking region: `us-east-1`****Checking region: `us-east-2`****Checking region: `us-west-1`****Checking region: `us-west-2`**
`db.m6g.large``db.m6g.large``db.m6g.large``db.m6g.large` `db.m6g.large`
`db.m7g.large``db.m7g.large``db.m7g.large``db.m7g.large``db.m7g.large`
`db.r6g.large``db.r6g.large``db.r6g.large``db.r6g.large``db.r6g.large`
`db.r7g.large``db.r7g.large``db.r7g.large``db.r7g.large``db.r7g.large`
`db.t4g.medium``db.t4g.medium``db.t4g.medium``db.t4g.medium``db.t4g.medium`
`db.t4g.small``db.t4g.small``db.t4g.small``db.t4g.small``db.t4g.small`
### Check EC2-instance availability for your region The availability of **Graviton** for **EC2** **instance** may vary depending on your region. To speed up deployment and minimize the risk of an unavailable **EC2** **instance** **type** in your chosen region, we recommend referring to the **EC2** availability table based on the region from which you plan to deploy the BookStack infrastructure. 📅 **Last availability scan date:** `March 20, 2025`.
**Checking region: `ap-south-1`****Checking region: `eu-north-1`****Checking region: `eu-west-3`****Checking region:`eu-west-2`**
`r6g.large``t4g.small``c6g.large``m7g.large`
`t4g.medium` `r6g.large``m6g.large``r6g.large`
`c6g.large``c6g.large``t4g.small``r7g.large`
`m7g.large``m6g.large``r6g.large``m6g.large`
`t4g.small``m7g.large``m7g.large``t4g.medium`
`r7g.large``r7g.large``t4g.medium``t4g.small`
`m6g.large``t4g.medium` `c6g.large`
**Checking region: `eu-west-1`****Checking region: `ap-northeast-3`****Checking region: `ap-northeast-2`****Checking region: `ap-northeast-1`**
`c6g.large``c6g.large``t4g.medium``t4g.medium`
`t4g.medium``t4g.small``m6g.large``t4g.small`
`m7g.large``t4g.medium``r6g.large``c6g.large`
`t4g.small``r6g.large``c6g.large``r7g.large`
`r6g.large``m6g.large``m7g.large``r6g.large`
`m6g.large``m7g.large``t4g.small``m6g.large`
`r7g.large` `r7g.large``m7g.large`
**Checking region: `ca-central-1`****Checking region: `sa-east-1`****Checking region: `ap-southeast-1`****Checking region: `ap-southeast-2`**
`t4g.medium``r6g.large``m6g.large``t4g.medium`
`c6g.large``c6g.large``t4g.small``t4g.small`
`t4g.small``m6g.large``m7g.large``m6g.large`
`r6g.large``t4g.medium``r7g.large``r7g.large`
`m6g.large``t4g.small``r6g.large``r6g.large`
`m7g.large``r7g.large``t4g.medium``m7g.large`
`r7g.large``m7g.large``c6g.large``c6g.large`
**Checking region: `eu-central-1`****Checking region: `us-east-1`****Checking region: `us-east-2`****Checking region: `us-west-1`****Checking region: `us-west-2`**
`m7g.large``r7g.large``m7g.large``c6g.large``m6g.large`
`r6g.large``t4g.small``r6g.large``m7g.large``r7g.large`
`t4g.medium``m6g.large``c6g.large``r6g.large``m7g.large`
`t4g.small``c6g.large``t4g.medium``r7g.large``t4g.small`
`m6g.large``t4g.medium``m6g.large``m6g.large``r6g.large`
`r7g.large``m7g.large``t4g.small``t4g.medium``c6g.large`
`c6g.large``r6g.large``r7g.large``t4g.small``t4g.medium`
# 📌 2. Configuring Parameters for main stack ### **Step 1. Prerequisite - Prepare template** We did the first step previously, when subscribed for the product in [AWS Marketplace - Setup Guide](https://wiki.devsecopsinc.io/books/install-bookstack-wiki/page/1-aws-marketplace-setup-guide#bkmrk-2%EF%B8%8F%E2%83%A3-deployment-via-c "Deployment via CloudFormation"), so move forward to the next step. [![2.1. Deploy.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-04/scaled-1680-/2-1-deploy.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-04/2-1-deploy.png "step-1.png") ### **Step 2. Specify stack details** Here, you need to fill in the `Stack name`. You can choose **any name** for your stack, but we recommend using a structured format like: `bookstack` (e.g., `wiki`, `docs`, etc.). For this guide, we will use **wiki** as an example. [![4-Step 2 Name.jpeg](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/4-step-2-name.jpeg)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/4-step-2-name.jpeg "4-step-2-name.jpeg") There are **21 parameters,** some of which are predefined. You don’t need to fill in all of them — just focus on the **required** and **empty fields**. For additional guidance, refer to the help description provided under each parameter. [![4-step-2-parameters.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/4-step-2-parameters.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/4-step-2-parameters.png "4-step-2-parameters.png") **⚠ Important Notice!**: There are three additional parameters for **AWS Marketplace Store**. They are starting from prefixes as "**MPS"**, so you shouldn't modify them - otherwise, CloudFormation will fail with an error. [![4-step-2-MPS-parameters-new.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-04/scaled-1680-/4-step-2-mps-parameters-new.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-04/4-step-2-mps-parameters-new.png "4-step-2-mps-parameters-new.png") ##### **7 Required Parameters:** 1\. **Deployment** **Environment** – Specify the environment (e.g., `dev`, `prod`). 2\. For **optional** **parameters**, you can leave the string blank, as we did with `CostAllocationTag`, `GoogleClientId`, `GoogleClientSecret`. 3\. **AppURL** – Define the URL where BookStack will be accessible. 4\. **VPC** **ID** – Enter the ID of an existing VPC. 5\. **VPC** **CIDR** **block** – Provide the CIDR block of your existing VPC**.** 6\. **Subnet** **IDs** – Enter the IDs of your existing subnets (e.g., `Subnet 1 ID`, `Subnet 2 ID`). [![4-2 Step 2 Parameters.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/4-2-step-2-parameters.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/4-2-step-2-parameters.png "4-2-step-2-parameters.png") **⚠ Important Notice!**: If you want to create new VPC, you should fill ONLY the `VPC CIDR Block`. [![4-2 Step 2 Parameters-addition.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-04/scaled-1680-/4-2-step-2-parameters-addition.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-04/4-2-step-2-parameters-addition.png "4-2-step-2-parameters-addition.png") 7\. **EnableUserSignUp**, **MultipleAuthMethods** - by default set to false for best security practices. [![cognito-params.jpeg](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/cognito-params.jpeg)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/cognito-params.jpeg "cognito-params.jpeg") 8\. **SSL Certificate ARN** – Provide the ARN of your SSL Certificate for the ALB. (*If you don’t have one, you must create it*.) [![4-3 Step 2 Parameters.jpeg](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/4-3-step-2-parameters.jpeg)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/4-3-step-2-parameters.jpeg "4-3-step-2-parameters.jpeg") **⚠ Important Notice!**: There is one required parameter for **EC2AMI**. Its value is set to "**`/aws/service/marketplace/prod-ymfbr3id36e3k/version-v1.0-bookstack-v24.05.4`"**, so you shouldn't modify it - otherwise, CloudFormation will fail with an error. [![4-3 Step 2 EC2Parameters-new.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-04/scaled-1680-/4-3-step-2-ec2parameters-new.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-04/4-3-step-2-ec2parameters-new.png "4-3-step-2-ec2parameters-new.png") ##### **Override Optional Parameters** Some parameters have predefined default values. You can **modify** them as needed or **leave them unchanged**: • **EC2 instance type** (`t4g.small` is the default and is recommended for small environments). • **RDS DB instance type** (`db.t4g.small` is the default). • **RDS storage size** (`20 GB` by default). • **Multi-AZ deployment** (set to `false` for cost efficiency). **Enable/Disable RDS backups**. • **Enable/Disable RDS deletion protection**. **⚠ Important Notice!**: **If** this **parameter** is **enabled**, **you** **will** **not** **be able to delete the stack**. To proceed with deletion, go to `AWS Console` → `Amazon RDS` → `Databases`, select your database, click **Modify**, and uncheck "**Enable deletion protection**" for `bookstack-dev-rds`. After this, you can delete the main stack in CloudFormation. • **Schedule backup rules**. • **Schedule backup deletion**. ### **Step 3. Configure stack options** Scroll to the bottom, check both checkboxes in the Capabilities field, and click the Next button. [![5-Step 3 Capabilities 2.jpeg](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/5-step-3-capabilities-2.jpeg)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/5-step-3-capabilities-2.jpeg "5-step-3-capabilities-2.jpeg") ### **Step 4. Review and create** Scroll to the bottom and click the **Submit** button. [![6-Step 4 Submit.jpeg](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/6-step-4-submit.jpeg)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/6-step-4-submit.jpeg "6-step-4-submit.jpeg") Now you can see how your environment is being deployed. [![7-Step 4 Deploying.jpeg](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/7-step-4-deploying.jpeg)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/7-step-4-deploying.jpeg "7-step-4-deploying.jpeg") ### **Follow these simple steps to access your product:** #### **1️⃣ Retrieving the Access URL** 1\. After successful deployment, your product will be available at a generated URL, which can be found in the `bookstack-$Environment-main` stack under the **Outputs** section, **key** `LoadBalancerDNSName`, **key** `AppURL`. 2\. In your domain registrar, create a **CNAME** **record** for `AppURL`, pointing to the generated `LoadBalancerDNSName`. 3\. Open **AppURL** in your browser and enjoy! [![7-Outputs.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/7-outputs.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/7-outputs.png "7-outputs.png") #### **2️⃣ Accessing BookStack** 1\. Open **AppURL** in your browser. 2\. Log in using the **default credentials**: **Username:** `admin@admin.com` **Password:** `password` 3. **Change your password immediately!** You can do this under **Profile → Settings**. [![8-Login.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/8-login.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/8-login.png "8-login.png") ##### **Additional Information** **Application logs** are available in **CloudWatch Logs**.**Data is stored in RDS**, while Bookstack files are stored on Amazon **EFS**. ✅ **Deletion**: If needed, delete the main CloudFormation Stack to remove all associated resources automatically. **⚠ Important Notice!** Before proceeding, navigate to **AWS Backup → Vaults → your-backup-vault-name → Recovery Points**. Select all recovery points, click the **Actions** button, and choose **Delete**. This will remove all **EFS backups**. **Otherwise, deleting the CloudFormation stack will result in an error**.[![Bookstack-aws-backup.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/bookstack-aws-backup.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/bookstack-aws-backup.png "bookstack-aws-backup.png") [![vault recovery points.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/vault-recovery-points.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/vault-recovery-points.png "vault-recovery-points.png") ### ### ℹ️ **Additional Information:** > Some minor issues may occur during the initial launch, which are known and documented. Please visit the [BookStack Bugs and Known Issues](https://wiki.devsecopsinc.io/books/bookstack-known-issues) section for more information.