AWS Marketplace - Setup Guide

Bookstack supports two authentication methods: standard and Google.

The following table compares the two methods. Choose the one that best fits your needs and click the “Go to AWS Marketplace” button.

Feature	Standard Authentication	Google Authentication (OIDC)
Login Method	Local username & password	Google Single Sign-On (SSO)
User Management	Managed within BookStack	Users managed via Google Workspace
Security Level	Standard password-based security	OAuth 2.0 authentication with Google
Ease of Use	Requires manual user management	Seamless login with Google account
Setup Complexity	No additional configuration required	🚨 Requires a one-time modification of .env on the EC2 instance to switch from standard to oidc
Multi-Factor Authentication (MFA)	Not built-in, but can be configured	Supports Google MFA
Best For	Small teams, personal use	Enterprises using Google services

⚠ Important Notice! At this time, BookStack does not support simultaneous use of both Standard Authentication and Google Authentication (OIDC).

To switch authentication methods, you must manually update the .env file and restart the BookStack docker container.

📌 Deploying BookStack via AWS CloudFormation

Follow these steps to deploy BookStack in your AWS infrastructure:

1️⃣ Go to AWS Marketplace

1. Open the BookStack page on AWS Marketplace - we need to change the link to our product.

2. Click View purchase options, in appeared page Subscribe to this software review the terms, pricing information and accept the agreement.

3. The subscription is now Pending.

4. Wait until the subscription is active and click on Continue to Configuration.

5. Continue with selecting fulfillment option, version, and region.

We provide three Fulfillment options:

Fulfillment option	Description	Architecture
1. Bookstack infra without Cognito, default VPC, RDS AutoBackup Off, Single-AZ, EC2. ≈$45.40	Cost-efficient BookStack deployment utilizing an existing VPC and RDS Single-AZ. AWS Cognito is excluded, but the setup retains EFS Backup, Secrets Manager, Systems Manager, EC2, and CloudWatch Logs for security and monitoring.	Open Diagram
2. Bookstack infra enabled Cognito, default VPC, RDS AutoBackup Off, Single-AZ, EC2. ≈$51.40	Balanced BookStack deployment utilizing an existing VPC with AWS Cognito for authentication. RDS Single-AZ with AutoBackup disabled ensures cost efficiency, while EFS Backup, Secrets Manager, Systems Manager, EC2, and CloudWatch Logs provide security and monitoring.	Open Diagram
3. Bookstack infra enabled Cognito, new VPC, RDS AutoBackup Off, Single-AZ, EC2.  ≈$84.25	Optimized BookStack deployment with Cognito authentication, new VPC, and RDS Single-AZ.  Includes EC2 instance, EFS Backup, Secrets Manager, Systems Manager, and CloudWatch Logs for enhanced security, scalability, and monitoring	Open Diagram

2️⃣ Deployment via CloudFormation

📌 Choosing Parameters

1. Go to CloudFormation Stack Launch and select the AWS region where you want to deploy BookStack.

2. Click Continue to Launch → select Launch CloudFormation.

3. Click Launch to proceed to AWS CloudFormation.

4. You are getting redirected to CloudFormation.

📌 Configuring Parameters for main stack

1. Enter the Deployment Environment (e.g., dev, prod).

2. Specify the AppURL – the URL where BookStack will be accessible.

3. If using Cognito for authentication, provide your Google OAuth Client ID / Secret.

4. Choose:

• EC2 instance type (t4g.small is recommended for small environments).

• RDS instance type (db.t4g.small is the default).

• RDS storage size (20 GB by default).

• Multi-AZ deployment (set to false for cost efficiency).

• Enable/Disable RDS backups.

3️⃣ Launching the CloudFormation Stack

1. Click Next and review your configuration.

2. On the next page, check the box for I acknowledge that AWS CloudFormation might create IAM resources with custom names.

3. Click Create stack.

4️⃣ Retrieving the Access URL

1. After successful deployment, navigate to the Outputs tab in CloudFormation.

2. Locate AppURL → this is your final BookStack access URL.

3. If using a custom domain, create a CNAME record in your DNS registrar, pointing AppURL to LoadBalancerDNSName.

5️⃣ Accessing BookStack

1. Open AppURL in your browser.

2. Log in using the default credentials:

• Username: admin@admin.com

• Password: password

3. Change your password immediately! You can do this under Profile → Settings.

Additional Information

✅ Application logs are available in CloudWatch Logs.

✅ Data is stored in RDS, while Bookstack files are stored on Amazon EFS.

✅ Deletion: If needed, delete the main CloudFormation Stack to remove all associated resources automatically. ⚠ Important Notice! Before proceeding, navigate to AWS Backup → Vaults → your-backup-vault-name → Recovery Points. Select all recovery points, click the Action button, and choose Delete. This will remove EFS backups.
Otherwise, deleting the CloudFormation stack will result in an error.