-
Notifications
You must be signed in to change notification settings - Fork 29
/
bbb.config.yaml
100 lines (85 loc) · 3.31 KB
/
bbb.config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# if you wish to figure out Ubuntu 16.04 ami within given region, ruby snippet below will help
#
# ami_name = 'ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20200129'
# cannonical_id = '099720109477'
# regional_client = Aws::EC2::Client.new(region: region_name)
# regional_ami = regional_client.describe_images({ filters: [
# { name: 'name', values: [ami_name] },
# { name: 'owner-id', values: [cannonical_id] }
# ] }).images[0].image_id
# Ubuntu 16.04 AMI, from cannonical within ap-southeast-2
image_id: ami-02d7e25c1cfdd5695
# VPC for BBB server is rendered by default. If you want to supply your
# own subnets through cfn parameter, set this to false.
render_vpc: true
# enable if you need ElasticIP provided to cloudformation, rather then passed in as a parameter
external_eip: false
# location for Greenlight web interface admin password
default_ssm_path: /bigbluebutton/config
# tags will be used to tag and backup instances
tags:
Name: BigBlueButton-Server
createdBy: 'https://github.com/toshke/'
renderedBy: cfhighlander
# name for the backup plan
backup_plan_name: BigBlueButton
# default value for instance type parameter, applicable to both
# EC2 and ASG deployments
instance_type_default: t3.xlarge
# IAM policies for the instances
# IAM policies for the instance within AutoScalingGroup
# instance needs to manage Elastic IPs
policies:
- PolicyName: EIPManage
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ec2:DescribeAddresses
- ec2:AssociateAddress
- ec2:DisassociateAddress
Resource: '*'
- PolicyName: SSMStoreAdmin
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ssm:PutParameter
Resource:
- Fn::Sub: 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter${ConfigSSMPath}/admin_password'
- Fn::Sub: 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter${ConfigSSMPath}/admin_user'
- Fn::Sub: 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter${ConfigSSMPath}/server_url'
# connect to instance using session manager
allow_ssh: false
# allow ports according to bbb doco
# if you want to ssh into instance instead of using SSM session manager add your home/work IP address and port 22 below,
# in addition to setting allow_ssh: true, which will add cloudformation parameter for ec2 key pair name
allow_incoming:
- port: 443
range: 0.0.0.0/0
protocol: tcp
- port: 80
range: 0.0.0.0/0
protocol: tcp
- port: 16384-32768
range: 0.0.0.0/0
protocol: udp
# we need to be publicly accessible for bbb to work
# setting this to false you will need to make sure that route53 domain is resolvable on local network, and
# most likely you will be using private hosted zone
public_ip: true
# device mappings - encrypt by default, take size as parameter
# add any additional drives you may want to use as data drives. Any data drives should
# have DeleteOnTermination: false (aside from the fact they are backed up by AWS Backup)
device_mappings:
- DeviceName: '/dev/sda1'
Ebs:
DeleteOnTermination: true
Encrypted: true
KmsKeyId: 'alias/aws/ebs'
VolumeSize:
Ref: RootVolumeSpace
# grace period of ASG health check
health_check_grace: 1800