Install Bookstack Wiki

💡 Get your corporate Wiki, based on Bookstack, rolled out in a matter of minutes, and start managing your corporate documentation without worrying about its security and safety. 

The solution can create new, or run inside your existing VPC. You only need to "BYOC" - Bring Your Own SSL Certificate using Amazon ACM, and [optional] your Google Authentication parameters (ClientId and ClientSecret, as explained in Bookstack documentation - https://www.bookstackapp.com/docs/admin/third-party-auth/#google), if you'd like your personnel to login to the Wiki with their Google accounts.

This solution protects your corporate data via regular backups of document storage (EFS) and database (MySQL RDS instance), to satisfy your RTO and RPO requirements.

We are providing regular Bookstack version updates based on the product's stable and tested releases.

#1 AWS Marketplace - Setup Guide

Bookstack supports two authentication methods: standard and Google.

#1 AWS Marketplace - Setup Guide

#1 AWS Marketplace - Setup Guide

Bookstack supports two authentication methods: standard and Google.

The following table compares the two methods. Choose the one that best fits your needs and click the “Go to AWS Marketplace” button.

Feature

Standard Authentication

Google Authentication (OIDC)

Login Method

Local username & password

Google Single Sign-On (SSO)

User Management

Managed within BookStack

Users managed via Google Workspace

Security Level

Standard password-based security

OAuth 2.0 authentication with Google

Ease of Use

Requires manual user management

Seamless login with Google account

Setup Complexity

No additional configuration required

🚨 Requires a one-time login as the default admin to grant admin privileges to your Cognito account. By default, Cognito-authenticated users are assigned the Viewer role, and this step ensures that your account receives Admin permissions.

Multi-Factor Authentication (MFA)

Not built-in, but can be configured

Supports Google MFA

Best For

Small teams, personal use

Enterprises using Google services

⚠ Important Notice! At this time, BookStack does not support simultaneous use of both Standard Authentication and Google Authentication (OIDC).

To switch authentication methods, you must manually update the .env file and restart the BookStack docker container (detailed instructions will be provided below)

📌 Deploying BookStack via AWS CloudFormation

Follow these steps to deploy BookStack in your AWS infrastructure:

1️⃣ Go to AWS Marketplace

1. Open the BookStack page directly on AWS Marketplace - or type the name of the product Bookstack Wiki Software.

2. Click View purchase options, in appeared page Subscribe to this software review the terms, pricing information and accept the agreement.

View purchase options.png

2. Accept the terms.png

3. The subscription is now Pending.

3. Pending.png

4. Wait until the subscription is active and click on Continue to Configuration.

4. Continue to configuration.png

5. Continue with selecting fulfillment option, version, and region.

5. Continue to launch.png

6. Launch. Here, you can read the manual or launch your own wiki.

6. Launch.png

⚠ Important Notice! We provide three Fulfillment options:

Fulfillment option Description Architecture
1. Bookstack infra without Cognito, default VPC, RDS AutoBackup Off, Single-AZ, EC2. ≈$45.40 Cost-efficient BookStack deployment utilizing an existing VPC and RDS Single-AZ. AWS Cognito is excluded, but the setup retains EFS Backup, Secrets Manager, Systems Manager, EC2, and CloudWatch Logs for security and monitoring. Open Diagram
2. Bookstack infra enabled Cognito, default VPC, RDS AutoBackup Off, Single-AZ, EC2. ≈$51.40 Balanced BookStack deployment utilizing an existing VPC with AWS Cognito for authentication. RDS Single-AZ with AutoBackup disabled ensures cost efficiency, while EFS Backup, Secrets Manager, Systems Manager, EC2, and CloudWatch Logs provide security and monitoring. Open Diagram
3. Bookstack infra enabled Cognito, new VPC, RDS AutoBackup Off, Single-AZ, EC2.  ≈$84.25

Optimized BookStack deployment with Cognito authentication, new VPC, and RDS Single-AZ.  Includes EC2 instance, EFS Backup, Secrets Manager, Systems Manager, and CloudWatch Logs for enhanced security, scalability, and monitoring

Open Diagram

2️⃣ Deployment via CloudFormation

📌 Choosing Parameters

1. You will be redirected to CloudFormation Stack Launch with selected AWS region where you want to deploy BookStack. Click Next.

2.1. Deploy.png

2. Specify stack details. Here, you need to fill in the Stack name. You can choose any name for your stack, but we recommend using a structured format like: bookstack (e.g., wiki, docs, etc.). 

For this guide, we will use wiki as an example.

2.2. Specify stack details.png

To proceed, please follow this instruction: 2. Configuring Parameters for main stack 

#2 Installation - Setup Guide (Bookstack)

Bookstack is managed and configured via CloudFormation.

#2 Installation - Setup Guide (Bookstack)

📌 0. How to Find Required Parameters

To properly deploy BookStack, you need to provide the following network parameters and certificate ARN:

1️⃣ VpcCidrBlock (CIDR block for the VPC)

• If you are creating a new VPC, use 10.0.0.0/16 as the default value.

• If you are using an existing VPC, retrieve the CIDR block:

• Open AWS ConsoleVPCYour VPCs

0-vpc-your-vpc.png

• Locate your VPC and copy the IPv4 CIDR value.

0-vpccidrblock.png

2️⃣ VpcId (VPC ID)

• Locate your VPC and copy its VPC ID (e.g., vpc-0a1ba422ba9a105e9).

0-vpcid.png

3️⃣ Subnet1Id & Subnet2Id (Subnet IDs)

• Open AWS ConsoleVPCSubnets

• Select your VPC, and at the bottom panel, navigate to the Resource Map tab.

• Here, you will see a list of all subnets associated with your VPC.

• Choose two private subnets (preferably in different Availability Zones) and copy their Subnet IDs (e.g., subnet-040155a08a9508bb6, subnet-02e4a590db71371f9).

0-vpc-subnets.png

Important Notice! Ensure that the region of your resources matches the deployment region in CloudFormation. If you select resource IDs from Region A but deploy in Region B, you will encounter an error stating that the specified resources do not exist. This happens because each AWS region has its own unique set of resource IDs.

4️⃣ Obtain an SSL Certificate (if you don’t have one):

• Navigate to AWS Certificate Manager (ACM) in the AWS Management Console.

Request a new certificate by selecting “Request a public certificate” and click Next.

1-req-pub-cert.png

• Follow the steps to validate your domain using DNS validation (recommended) or Email validation.

2-req-pub-cert-configuration.png

Select ECDSA P-256 as the key algorithm. This is equivalent in cryptographic strength to RSA 3072 but provides better performance. If ECDSA P-256 is not supported by your use case, you can use RSA 2048 instead (though it is less efficient). Create the tag with Key=Name, Value=bookstack (or any other meaningful name that helps you recognize it)

3-req-pub-cert-algoritm.png

• Once the certificate is issued, copy its ARN and use it in the SSLCertificate parameter during deployment.

4-cert-arn.png

Important Notice! Ensure that the certificate is created in the same AWS region where you are deploying the CloudFormation stack. If the certificate is in a different region, the ALB will not be able to use it, and the deployment will fail.

#2 Installation - Setup Guide (Bookstack)

📌 1. Check Region Availability for RDS MariaDB & EC2-instance

Check RDS MariaDB availability for your region 

The availability of Graviton for RDS MariaDB may vary depending on your region. To speed up deployment and minimize the risk of an unavailable RDS instance type in your chosen region, we recommend referring to the MariaDB availability table based on the region from which you plan to deploy the BookStack infrastructure. 

📅 Last availability scan date: March 19, 2025.

Checking region: ap-south-1

Checking region: eu-north-1 Checking region: eu-west-3 Checking region: eu-west-2
db.m6g.large db.m6g.large db.m6g.large db.m6g.large
db.m7g.large db.m7g.large db.m7g.large db.m7g.large
db.r6g.large db.r6g.large db.r6g.large db.r6g.large
db.r7g.large db.r7g.large db.t4g.medium

db.r7g.large

db.t4g.medium db.t4g.medium db.t4g.small db.t4g.medium
db.t4g.small db.t4g.small
db.t4g.small

Checking region: eu-west-1 Checking region: ap-northeast-3 Checking region: ap-northeast-2 Checking region: ap-northeast-1
db.m6g.large db.m6g.large db.m6g.large db.m6g.large
db.m7g.large db.r6g.large db.m7g.large db.m7g.large
db.r6g.large db.t4g.medium db.r6g.large db.r6g.large
db.r7g.large db.t4g.small db.r7g.large db.r7g.large
db.t4g.medium
db.t4g.medium db.t4g.medium
db.t4g.small
db.t4g.small db.t4g.small

Checking region: ca-central-1 Checking region: sa-east-1 Checking region: ap-southeast-1 Checking region: ap-southeast-2
db.m6g.large db.m6g.large db.m6g.large db.m6g.large
db.m7g.large db.r6g.large db.m7g.large db.m7g.large
db.r6g.large db.t4g.medium db.r6g.large db.r6g.large
db.r7g.large db.t4g.small db.r7g.large db.r7g.large
db.t4g.medium
db.t4g.medium db.t4g.medium
db.t4g.small
db.t4g.small db.t4g.small

Checking region: eu-central-1 Checking region: us-east-1 Checking region: us-east-2 Checking region: us-west-1 Checking region: us-west-2
db.m6g.large db.m6g.large db.m6g.large db.m6g.large

db.m6g.large
db.m7g.large db.m7g.large db.m7g.large db.m7g.large db.m7g.large
db.r6g.large db.r6g.large db.r6g.large db.r6g.large db.r6g.large
db.r7g.large db.r7g.large db.r7g.large db.r7g.large db.r7g.large
db.t4g.medium db.t4g.medium db.t4g.medium db.t4g.medium db.t4g.medium
db.t4g.small db.t4g.small db.t4g.small db.t4g.small db.t4g.small

Check EC2-instance availability for your region

The availability of Graviton for EC2 instance may vary depending on your region. To speed up deployment and minimize the risk of an unavailable EC2 instance type in your chosen region, we recommend referring to the EC2 availability table based on the region from which you plan to deploy the BookStack infrastructure. 

📅 Last availability scan date: March 20, 2025.

Checking region: ap-south-1 Checking region: eu-north-1 Checking region: eu-west-3 Checking region:eu-west-2
r6g.large t4g.small c6g.large m7g.large

t4g.medium

r6g.large m6g.large r6g.large
c6g.large c6g.large t4g.small r7g.large
m7g.large m6g.large r6g.large m6g.large
t4g.small m7g.large m7g.large t4g.medium
r7g.large r7g.large t4g.medium t4g.small
m6g.large t4g.medium
c6g.large

Checking region: eu-west-1 Checking region: ap-northeast-3 Checking region: ap-northeast-2 Checking region: ap-northeast-1
c6g.large c6g.large t4g.medium t4g.medium
t4g.medium t4g.small m6g.large t4g.small
m7g.large t4g.medium r6g.large c6g.large
t4g.small r6g.large c6g.large r7g.large
r6g.large m6g.large m7g.large r6g.large
m6g.large m7g.large t4g.small m6g.large
r7g.large
r7g.large m7g.large
Checking region: ca-central-1 Checking region: sa-east-1 Checking region: ap-southeast-1 Checking region: ap-southeast-2
t4g.medium r6g.large m6g.large t4g.medium
c6g.large c6g.large t4g.small t4g.small
t4g.small m6g.large m7g.large m6g.large
r6g.large t4g.medium r7g.large r7g.large
m6g.large t4g.small r6g.large r6g.large
m7g.large r7g.large t4g.medium m7g.large
r7g.large m7g.large c6g.large c6g.large
Checking region: eu-central-1 Checking region: us-east-1 Checking region: us-east-2 Checking region: us-west-1 Checking region: us-west-2
m7g.large r7g.large m7g.large c6g.large m6g.large
r6g.large t4g.small r6g.large m7g.large r7g.large
t4g.medium m6g.large c6g.large r6g.large m7g.large
t4g.small c6g.large t4g.medium r7g.large t4g.small
m6g.large t4g.medium m6g.large m6g.large r6g.large
r7g.large m7g.large t4g.small t4g.medium c6g.large
c6g.large r6g.large r7g.large t4g.small t4g.medium
#2 Installation - Setup Guide (Bookstack)

📌 2. Configuring Parameters for main stack

Step 1. Prerequisite - Prepare template

We did the first step previously, when subscribed for the product in AWS Marketplace - Setup Guide, so move forward to the next step.

2.1. Deploy.png

Step 2. Specify stack details

Here, you need to fill in the Stack name. You can choose any name for your stack, but we recommend using a structured format like: bookstack (e.g., wiki, docs, etc.). 

For this guide, we will use wiki as an example.

4-Step 2 Name.jpeg

There are 21 parameters, some of which are predefined. You don’t need to fill in all of them — just focus on the required and empty fields. For additional guidance, refer to the help description provided under each parameter.

4-step-2-parameters.png

⚠ Important Notice!: There are three additional parameters for AWS Marketplace Store. They are starting from prefixes as "MPS", so you shouldn't modify them - otherwise, CloudFormation will fail with an error.

4-step-2-MPS-parameters-new.png

7 Required Parameters:

1. Deployment Environment – Specify the environment (e.g., dev, prod).

2. For optional parameters, you can leave the string blank, as we did with CostAllocationTag, GoogleClientId, GoogleClientSecret.

3. AppURL – Define the URL where BookStack will be accessible.

4. VPC ID – Enter the ID of an existing VPC.

5. VPC CIDR block – Provide the CIDR block of your existing VPC.

6. Subnet IDs – Enter the IDs of your existing subnets (e.g., Subnet 1 ID, Subnet 2 ID).

4-2 Step 2 Parameters.png

⚠ Important Notice!: If you want to create new VPC, you should fill ONLY the VPC CIDR Block

4-2 Step 2 Parameters-addition.png

7. EnableUserSignUp, MultipleAuthMethods - by default set to false for best security practices.

cognito-params.jpeg

8. SSL Certificate ARN – Provide the ARN of your SSL Certificate for the ALB. (If you don’t have one, you must create it.)

4-3 Step 2 Parameters.jpeg 

⚠ Important Notice!: There is one required parameter for EC2AMI. Its value is set to "/aws/service/marketplace/prod-ymfbr3id36e3k/version-v1.0-bookstack-v24.05.4", so you shouldn't modify it - otherwise, CloudFormation will fail with an error. 

4-3 Step 2 EC2Parameters-new.png

Override Optional Parameters

Some parameters have predefined default values. You can modify them as needed or leave them unchanged:

EC2 instance type (t4g.small is the default and is recommended for small environments).

RDS DB instance type (db.t4g.small is the default).

RDS storage size (20 GB by default).

Multi-AZ deployment (set to false for cost efficiency).

Enable/Disable RDS backups.

Enable/Disable RDS deletion protection. ⚠ Important Notice!: If this parameter is enabled, you will not be able to delete the stack. To proceed with deletion, go to AWS ConsoleAmazon RDSDatabases, select your database, click Modify, and uncheck "Enable deletion protection" for bookstack-dev-rds. After this, you can delete the main stack in CloudFormation.

• Schedule backup rules.

Schedule backup deletion.

Step 3. Configure stack options 

Scroll to the bottom, check both checkboxes in the Capabilities field, and click the Next button.

5-Step 3 Capabilities 2.jpeg

Step 4. Review and create

Scroll to the bottom and click the Submit button. 

6-Step 4 Submit.jpeg

Now you can see how your environment is being deployed.

7-Step 4 Deploying.jpeg

Follow these simple steps to access your product:

1️⃣ Retrieving the Access URL

1. After successful deployment, your product will be available at a generated URL, which can be found in the bookstack-$Environment-main stack under the Outputs section, key LoadBalancerDNSName, key AppURL.

2. In your domain registrar, create a CNAME record for AppURL, pointing to the generated LoadBalancerDNSName.

3. Open AppURL in your browser and enjoy!

7-Outputs.png

2️⃣ Accessing BookStack

1. Open AppURL in your browser.

2. Log in using the default credentials:

Username: admin@admin.com

Password: password

3. Change your password immediately! You can do this under Profile → Settings.

8-Login.png

Additional Information

Application logs are available in CloudWatch Logs.

Data is stored in RDS, while Bookstack files are stored on Amazon EFS.

Deletion: If needed, delete the main CloudFormation Stack to remove all associated resources automatically. 

⚠ Important Notice! Before proceeding, navigate to AWS Backup → Vaults → your-backup-vault-name → Recovery Points. Select all recovery points, click the Actions button, and choose Delete. This will remove all EFS backups.
Otherwise, deleting the CloudFormation stack will result in an error.Bookstack-aws-backup.png

vault recovery points.png

 

ℹ️ Additional Information:

Some minor issues may occur during the initial launch, which are known and documented. Please visit the BookStack Bugs and Known Issues section for more information.

#3 Switching Authentication Method in BookStack

If you choose to use Google authentication, you need to manually switch the authentication method to standard to log in as a local admin and enable user registration. Then turn in back to OIDC. 

#3 Switching Authentication Method in BookStack

📌 One-Time Setup for Google Authentication

Follow these steps:

Step 1: Connect to Your EC2 Instance

1. Go to the AWS ConsoleEC2.

2. Locate your BookStack instance (named something like bookstack-dev-asg-instance).

3. Use Systems Manager to connect to the instance. In new window appear, enter in prompt: sudo su - ec2-user and hit enter

sh-5.2$ sudo su - ec2-user

Last login: Wed Feb 26 07:36:32 UTC 2025 on pts/1

Welcome to your EC2 instance!

-----------------------------

Operating System: GNU/Linux

Hostname: ip-172-31-42-121.ec2.internal

Current Date and Time: Wed Feb 26 08:33:35 UTC 2025
Step 2: Modify the Authentication Method

In the .env file, change the authentication method from OIDC to Standard by modifying or adding the following lines:

nano bookstack/.env
#AUTH_METHOD="oidc" # comment in or edit exist line
AUTH_METHOD="standard" # or add the new one with value =standard 

Save and exit the file.

Step 3: Restart BookStack

Run the following command to restart the BookStack service:

docker-compose --env-file bookstack/.env -f bookstack/docker-compose.yml up -d

# After a few seconds, you should see:
[+] Running 1/1
✔ Container bookstack  Started   
Step 4: Log in as Admin

Now, access BookStack through your AppURL and log in using the default credentials:

Email: admin@admin.com

Password: password

Step 5: Enable User Registration

1. Click on Settings in the top navigation bar.

bookstack settings.png

2. Under Categories, select Registration.

3. Check Enable Registration.

4. In Default user role after registration, select Viewer.

bookstack registration.jpeg

5. Click Save Settings.

6. Click on Users tab. Choose user which you want to make an admin role.

Bookstack users.png

7. Select Admin role and click Save.

Bookstack edit profile.png


Step 6: Switch Back to OIDC Authentication

Now that user registration is enabled, repeat Step 2, but this time set the authentication method back to OIDC:

nano bookstack/.env
AUTH_METHOD="oidc" # uncomment or edit exist line

Save the file and restart BookStack again:

docker-compose --env-file bookstack/.env -f bookstack/docker-compose.yml up -d

[+] Running 1/1

✔ Container bookstack  Started

⚠ Important Notice! Don’t worry! If something goes wrong, the Auto Scaling Group will detect the issue and recreate the instance with default settings.