# 📌 0. How to Find Required Parameters

### To properly deploy BookStack, you need to provide the following network parameters and certificate ARN:

#### **1️⃣ VpcCidrBlock (CIDR block for the VPC)**

• If you are <span class="s1">**creating a new VPC**</span>, use `<span class="s2">10.0.0.0/16</span>` as the default value.

• If you are <span class="s1">**using an existing VPC**</span>, retrieve the CIDR block:

<span class="s3"> • Open </span>**AWS Console**<span class="s3"> → </span>**VPC**<span class="s3"> → </span>**Your VPCs**

[![0-vpc-your-vpc.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/0-vpc-your-vpc.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/0-vpc-your-vpc.png)

• Locate your VPC and copy the <span class="s1">**IPv4 CIDR**</span> value.

[![0-vpccidrblock.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/0-vpccidrblock.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/0-vpccidrblock.png)

#### **2️⃣ VpcId (VPC ID)**

• Locate your VPC and copy its <span class="s1">**VPC ID**</span> (e.g., <span class="s2">vpc-0a1ba422ba9a105e9</span>).

[![0-vpcid.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/0-vpcid.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/0-vpcid.png)

#### **3️⃣ Subnet1Id &amp; Subnet2Id (Subnet IDs)**

<span class="s3"> • Open </span>**AWS Console**<span class="s3"> → </span>**VPC**<span class="s3"> → </span>**Subnets**

• Select your VPC, and at the bottom panel, navigate to the <span class="s1">**Resource Map**</span> tab.

• Here, you will see a list of all subnets associated with your VPC.

• Choose two <span class="s1">**private subnets**</span> (preferably in different Availability Zones) and copy their <span class="s1">**Subnet IDs**</span> (e.g., <span class="s2">subnet-040155a08a9508bb6</span>, <span class="s2">subnet-02e4a590db71371f9</span>).

[![0-vpc-subnets.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/0-vpc-subnets.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/0-vpc-subnets.png)

<span style="color: rgb(224, 62, 45);">**⚠** </span><span class="s1">**<span style="color: rgb(224, 62, 45);">Important Notice!</span>**</span> Ensure that the region of your resources matches the deployment region in CloudFormation. If you select resource IDs from <span class="s1">**Region A**</span> but deploy in <span class="s1">**Region B**</span>, you will encounter an error stating that the specified resources do not exist. This happens because each AWS region has its own unique set of resource IDs.

#### 4️⃣ **Obtain an SSL Certificate (if you don’t have one):**

• Navigate to <span class="s1">**AWS Certificate Manager (ACM)**</span> in the AWS Management Console.

• <span style="background-color: rgb(230, 126, 35); color: rgb(0, 0, 0);">**Request**</span> a new certificate by selecting <span class="s1">**“Request a public certificate”** and click **Next**</span>.

[![1-req-pub-cert.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/1-req-pub-cert.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/1-req-pub-cert.png)

• Follow the steps to validate your domain using <span class="s1">**DNS validation (recommended)**</span> or <span class="s1">**Email validation**</span>.

[![2-req-pub-cert-configuration.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/2-req-pub-cert-configuration.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/2-req-pub-cert-configuration.png)

• Select<span class="s1"> `ECDSA P-256`</span> as the key algorithm. This is equivalent in cryptographic strength to <span class="s1">**RSA 3072**</span> but provides better performance. If `<span class="s1">ECDSA P-256</span>` is not supported by your use case, you can use `<span class="s1">RSA 2048</span>` instead (though it is less efficient). Create the tag with **Key=`Name`**, **Value=`bookstack`** (or any other meaningful name that helps you recognize it)

[![3-req-pub-cert-algoritm.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/3-req-pub-cert-algoritm.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/3-req-pub-cert-algoritm.png)

• Once the certificate is issued, copy its <span class="s1">**ARN**</span> and use it in the <span class="s1">**SSLCertificate**</span> parameter during deployment.

[![4-cert-arn.png](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/scaled-1680-/4-cert-arn.png)](https://wiki.devsecopsinc.io/uploads/images/gallery/2025-03/4-cert-arn.png)

<span style="color: rgb(224, 62, 45);">**⚠** </span><span class="s1">**<span style="color: rgb(224, 62, 45);">Important Notice! </span>**</span>Ensure that the certificate is created in the <span class="s2">**same AWS region**</span> where you are deploying the CloudFormation stack. If the certificate is in a different region, the ALB will not be able to use it, and the deployment will fail.