adding parameters for with/without greenlight deployment of the scala…

…ble setup. added needed readme parts to understand

CHANGELOG.MD

@@ -3,7 +3,7 @@
 
 All notable changes to this project will be documented in this file.
 
-## [4.5.0] - 2022-10-05
+## [4.5.0] - 2022-10-06
 ### Upgrade Notes: 
 - Upgrading the Amazon Aurora Postgres Engine version and/or the switch to Aurora Serverless v2 via Amazon Cloudformation is not supported. Please refer to the official [upgrade documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.PostgreSQL.html) and [migrate to Aurora Serverless v2](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.upgrade.html) if you have a already running environment using an older engine version and/or Aurora Serverless v1 to proceed with the upgrade before using the Cloudformation deployment. 
 
@@ -19,6 +19,9 @@ All notable changes to this project will be documented in this file.
 - Application Server OS now on Ubuntu 20.04 
 - upgraded cfn-ses-provider to v0.8.3 
 
+### Added
+- Parameter to enable/disable the deployment of Greenlight for the scalable setup. This enables you to have a deployment prepared to be used with an external LMS or Frontend in general. this change disables the Greenlight Tasks, Services, ALB deployments, DNS entries, setup of SES and SMTP User and referred Roles. Parameter: "BBBFrontendType" valid values: Greenlight, External
+
 ## [4.0.0] - 2022-05-28
 
 ### Fixed

README.md

@@ -127,6 +127,7 @@ The deployment parameters are placed into the bbb-on-aws-param.json or to be set
 | BBBSesRegion| - | Region of the SES Service to be used | if the setup is planned to be deployed in a Region w/o Amazon SES, choose a proper region here. 
 | BBBSESValidated| false | controls if a pre validated SES domain is used | set to true if you setup the SES domain outside of this deployment 
 | BBBACMCertArn | - | existing SSL/TLS Certificate ARN for HTTPS | add your Certificate ARN here. e.g. if you imported your own Cert into ACM. 
+| BBBFrontendType | Greenlight | choose "Greenlight" for deploying a scalable Greenlight Frontend and "External" to only get the Scalelite API endpoint to be able to connect an externally managed LMS" 
 
 # Deployment
 
@@ -282,11 +283,12 @@ When it comes to Greenlight there is also a part at the [official documentation]
 
 Integrating the Big Blue Button Setup into a LMS is possible. As example to integrate with Moodle a few steps need to be taken
 
+- Use the parameter "BBBFrontendType" and set it to "External"
 - Follow the instructions to setup the [BBB Plugin](https://moodle.org/plugins/mod_bigbluebuttonbn) into Moodle
 - the Big Blue Button Server URL should reflect your Scalelite ALB endpoint like https://scalelite.example.com 
 - to get the needed Big Blue Button Shared Secret visit the AWS Secrets Manager and look for the secret called "BBBLoadbalancerSecret". Look into the "basekeyvalue" key. that's whaat you need to add to the addon setup. 
 
-When integrating with a LMS you might want to disable the deployment of Greenlight into your setup. To do so please fork the repository and start with altering the template within the nested stack deployed by bbb-on-aws-frontendapps.template.yaml and remove the greenlight task, service and task definitions as well as any reference resource like alarms and scaling rules.  
+Important, with the scalable setup used with Scalelite recordings of sessions are transferred to the central Shared Storage at Amazon EFS. Your LMS setup should either mount the volume or you need to change that strategy. Please read through the Amazon EFS documentation to get the needed access and prerequisites setup we're using AccessPoints and IAM support to grant least privileges and secure access. You might want to adjust the template to your needs (Roles added for access as an example). 
 
 # Code updates
 

bbb-on-aws-param.json

@@ -39,6 +39,7 @@
     "BBBGreenlightMemory": 1024,
     "BBBGreenlightCPU": 512,
     "BBBScaleliteMemory": 2048,
-    "BBBScaleliteCPU": 1024
+    "BBBScaleliteCPU": 1024,
+    "BBBFrontendType": "Greenlight"
   }
 }

bbb-on-aws-root.template.yaml

@@ -465,7 +465,12 @@ Parameters:
     Description: Set this parameter if you want to reuse an existing ACM certificate for your deployment
     Type: String
     Default: "AWS::NoValue"
-
+  BBBFrontendType: 
+    Type: String
+    Default: Greenlight
+    AllowedValues:
+      - Greenlight
+      - External
 Conditions:
   BBBProdEnvironment: !Equals [!Ref BBBEnvironmentStage, prod]
   BBBStageEnvironment: !Not [!Equals [!Ref BBBEnvironmentStage, prod]]
@@ -567,6 +572,11 @@ Resources:
           - - "https://s3.amazonaws.com/"
             - Fn::ImportValue: !Sub "${BBBStackBucketStack}-BBBStackBucket"
             - "/bbb-on-aws-amifinder.template.yaml"
+      Parameters: 
+        BBBApplicationInstanceOSVersion: 
+          Ref: BBBApplicationInstanceOSVersion
+        BBBTurnInstanceOSVersion: 
+          Ref: BBBTurnInstanceOSVersion
       Tags:
         - Key: Name
           Value:
@@ -1247,6 +1257,8 @@ Resources:
             - Outputs.BBBECSTaskSecurityGroup
         BBBApplicationLogsGroup:
           Ref: BBBApplicationLogsGroup
+        BBBFrontendType: 
+          Ref: BBBFrontendType
       Tags:
         - Key: Name
           Value:

templates/bbb-on-aws-amifinder.template.yaml

@@ -18,11 +18,11 @@ Parameters:
       - focal-20.04
   BBBApplicationInstanceOSVersion: 
     Description: Ubuntu Version to be deployed for Application Instances 
-    Default: bionic-18.04
+    Default: focal-20.04
     Type: String
     AllowedValues:
-      - xenial-16.04
       - bionic-18.04
+      - focal-20.04
 
 Resources:
   BBBGetLatestAMILambdaRole:

templates/bbb-on-aws-bbbappscalable.template.yaml

@@ -401,9 +401,9 @@ Resources:
             done
 
             if [[ ${BBBApplicationVersion} == *"25"* ]] ;then
-              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.5.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret
+              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.5.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret -j
             else
-              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.6.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret
+              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.6.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret -j
             fi
 
             groupadd -g 2000 scalelite-spool

templates/bbb-on-aws-bbbappsingle.template.yaml

@@ -352,9 +352,9 @@ Resources:
             done
 
             if [[ ${BBBApplicationVersion} == *"25"* ]] ;then
-              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.5.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret
+              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.5.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret -j
             else
-              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.6.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret
+              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.6.sh | bash -s -- -v ${BBBApplicationVersion} -s $instance_fqdn -e ${BBBOperatorEMail} -c $turn_fqdn:$turnsecret -j
             fi
 
             # create script for turn-handler

templates/bbb-on-aws-bbbturn.template.yaml

@@ -325,9 +325,9 @@ Resources:
             done
 
             if [[ ${BBBApplicationVersion} == *"25"* ]] ;then
-              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.5.sh | bash -s -- -c $instance_fqdn:$turnsecret -e ${BBBOperatorEMail}
+              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.5.sh | bash -s -- -c $instance_fqdn:$turnsecret -e ${BBBOperatorEMail} -j
             else
-              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.6.sh | bash -s -- -c $instance_fqdn:$turnsecret -e ${BBBOperatorEMail}
+              wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.6.sh | bash -s -- -c $instance_fqdn:$turnsecret -e ${BBBOperatorEMail} -j
             fi
 
             /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource BBBTurnAutoScaling --region ${AWS::Region} || true

templates/bbb-on-aws-frontendapps.template.yaml

@@ -166,18 +166,26 @@ Parameters:
     Description: Set this parameter if you want to reuse an existing ACM certificate for your deployment
     Type: String
     Default: "AWS::NoValue"
+  BBBFrontendType: 
+    Type: String
+    Default: Greenlight
+    AllowedValues:
+      - Greenlight
+      - External
 
 Conditions:
   BBBSESRegionSet: !Not [ !Equals [ !Ref BBBSesRegion, "AWS::NoValue" ] ]
   BBBECSFargate: !Equals [ !Ref BBBECSInstanceType, fargate ]
   BBBECSEC2: !Not [ !Equals [ !Ref BBBECSInstanceType, fargate ] ]
   BBBSESNotValidated: !Equals [ false, !Ref BBBSESValidated ]
   BBBACMNewCert: !Equals [ !Ref BBBACMCertArn, "AWS::NoValue" ]
+  BBBGreenlight: !Equals [!Ref BBBFrontendType, Greenlight]
+  BBBSESNotValidatedGreenlight: !And [!Equals [!Ref BBBFrontendType, Greenlight], !Equals [ false, !Ref BBBSESValidated ]]
 
 Resources:
   BBBSESDomainIdentity:
     Type: Custom::DomainIdentity
-    Condition: BBBSESNotValidated
+    Condition: BBBSESNotValidatedGreenlight
     Properties:
       Domain: !Ref BBBDomainName
       Region: !If [ BBBSESRegionSet, !Ref BBBSesRegion, !Ref "AWS::Region" ]
@@ -189,7 +197,7 @@ Resources:
 
   BBBSESVerifiedIdentity:
     Type: Custom::VerifiedIdentity
-    Condition: BBBSESNotValidated
+    Condition: BBBSESNotValidatedGreenlight
     DependsOn:
       - BBBSESDkimRecords
       - BBBSESVerificationRecords
@@ -201,31 +209,31 @@ Resources:
 
   BBBSESVerificationRecords:
     Type: AWS::Route53::RecordSetGroup
-    Condition: BBBSESNotValidated
+    Condition: BBBSESNotValidatedGreenlight
     Properties:
       Comment: !Sub 'SES identity for ${BBBDomainName}'
       HostedZoneId: !Ref BBBHostedZone
       RecordSets: !GetAtt 'BBBSESDomainIdentity.RecordSets'
 
   BBBSESDkimTokens:
     Type: Custom::DkimTokens
-    Condition: BBBSESNotValidated
+    Condition: BBBSESNotValidatedGreenlight
     Properties:
       Domain: !GetAtt 'BBBSESDomainIdentity.Domain'
       Region: !GetAtt 'BBBSESDomainIdentity.Region'
       ServiceToken: !Ref BBBSESProviderArn
 
   BBBSESDkimRecords:
     Type: AWS::Route53::RecordSetGroup
-    Condition: BBBSESNotValidated
+    Condition: BBBSESNotValidatedGreenlight
     Properties:
       Comment: !Sub 'DKIM records for ${BBBDomainName}'
       HostedZoneId: !Ref BBBHostedZone
       RecordSets: !GetAtt 'BBBSESDkimTokens.RecordSets'
 
   BBBSESIdentityNotifications:
     Type: Custom::IdentityNotifications
-    Condition: BBBSESNotValidated
+    Condition: BBBSESNotValidatedGreenlight
     Properties:
       Identity: !GetAtt BBBSESVerifiedIdentity.Identity
       Region: !GetAtt BBBSESVerifiedIdentity.Region
@@ -238,6 +246,7 @@ Resources:
 
   BBBSMTPUser:
     Type: AWS::IAM::User
+    Condition: BBBGreenlight
     Properties:
       Policies:
         - PolicyName: BBBSMTPUserPolicy
@@ -250,13 +259,15 @@ Resources:
 
   BBBUserAccessKey:
     Type: AWS::IAM::AccessKey
+    Condition: BBBGreenlight
     Properties:
       Serial: 8
       Status: Active
       UserName: !Ref BBBSMTPUser
 
   BBBSMTPAccessKey:
     Type: Custom::SMTPPW
+    Condition: BBBGreenlight
     Properties:
       Description: The SMTP User Password for Email Sendout
       SecretKey: !GetAtt BBBUserAccessKey.SecretAccessKey
@@ -266,6 +277,7 @@ Resources:
 
   BBBSMTPAccessSecret:
     Type: AWS::SecretsManager::Secret
+    Condition: BBBGreenlight
     Properties:
       Description: 'This is the BBB SMTP Login'
       SecretString: !Sub "{\"smtpusername\":\"${BBBUserAccessKey}\",\"smtppassword\":\"${BBBSMTPAccessKey}\"}"
@@ -294,6 +306,7 @@ Resources:
 
   BBBAdministratorlogin:
     Type: AWS::SecretsManager::Secret
+    Condition: BBBGreenlight
     Properties:
       Description: 'This is the BBB Admin Login'
       GenerateSecretString:
@@ -338,6 +351,7 @@ Resources:
 
   BBBGreenlightTaskExecutionRole:
     Type: AWS::IAM::Role
+    Condition: BBBGreenlight
     Properties:
       AssumeRolePolicyDocument:
         Statement:
@@ -365,6 +379,7 @@ Resources:
 
   BBBGreenlightTaskRole:
     Type: AWS::IAM::Role
+    Condition: BBBGreenlight
     Properties:
       AssumeRolePolicyDocument:
         Statement:
@@ -415,6 +430,7 @@ Resources:
 
   BBBFrontendALB:
     Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+    Condition: BBBGreenlight
     Properties:
       Scheme: internet-facing
       LoadBalancerAttributes:
@@ -426,6 +442,7 @@ Resources:
 
   BBBFrontendALBListener:
     Type: AWS::ElasticLoadBalancingV2::Listener
+    Condition: BBBGreenlight
     Properties:
       DefaultActions:
         - Type: redirect
@@ -440,6 +457,7 @@ Resources:
 
   BBBFrontendALBListenerRule:
     Type: AWS::ElasticLoadBalancingV2::ListenerRule
+    Condition: BBBGreenlight
     Properties:
       Actions:
         - Type: forward
@@ -452,6 +470,7 @@ Resources:
 
   BBBFrontendTG:
     Type: AWS::ElasticLoadBalancingV2::TargetGroup
+    Condition: BBBGreenlight
     DependsOn: BBBFrontendALB
     Properties:
       HealthCheckIntervalSeconds: 90
@@ -467,6 +486,7 @@ Resources:
 
   BBBFrontendALBListenerHTTP2HTTPS:
     Type: AWS::ElasticLoadBalancingV2::Listener
+    Condition: BBBGreenlight
     Properties:
       DefaultActions:
       - Type: redirect
@@ -483,6 +503,7 @@ Resources:
 
   BBBFrontendALBDNS:
     Type: AWS::Route53::RecordSetGroup
+    Condition: BBBGreenlight
     Properties:
       HostedZoneId: !Ref BBBHostedZone
       Comment: ALB for Big Blue Button Frontend
@@ -557,6 +578,7 @@ Resources:
 
   BBBgreenlightTaskdefinition:
     Type: AWS::ECS::TaskDefinition
+    Condition: BBBGreenlight
     DependsOn:
       - BBBSMTPAccessKey
     Properties:
@@ -667,6 +689,7 @@ Resources:
 
   BBBgreenlightService:
     Type: AWS::ECS::Service
+    Condition: BBBGreenlight
     DependsOn:
       - BBBFrontendALBListener
       - BBBFrontendALBListenerRule
@@ -693,6 +716,7 @@ Resources:
 
   BBBgreenlightServiceScalingTarget:
     Type: AWS::ApplicationAutoScaling::ScalableTarget
+    Condition: BBBGreenlight
     DependsOn: BBBAutoscalingRole
     Properties:
       MaxCapacity: !Ref BBBGreenlightMaxReplicas
@@ -708,6 +732,7 @@ Resources:
 
   BBBgreenlightServiceScalingPolicy:
     Type: AWS::ApplicationAutoScaling::ScalingPolicy
+    Condition: BBBGreenlight
     DependsOn: BBBAutoscalingRole
     Properties:
       PolicyName: BBBgreenlightTargetTrackingPolicy
@@ -1073,6 +1098,7 @@ Outputs:
     Description: Scalelite Task Execution Role ARN
     Value: !GetAtt BBBScaleliteExecutionRole.Arn
   BBBGreenlightTaskExecutionRole:
+    Condition: BBBGreenlight
     Description: Scalelite Task Execution Role ARN
     Value: !GetAtt BBBGreenlightTaskExecutionRole.Arn
   BBBApplicationBaseSecret:
@@ -1089,18 +1115,23 @@ Outputs:
     Condition: BBBACMNewCert
     Value: !Ref BBBPublicCertificate
   BBBFrontendALB:
+    Condition: BBBGreenlight
     Description: Frontend Application Load Balancer
     Value: !Ref BBBFrontendALB
   BBBFrontendALBListener:
+    Condition: BBBGreenlight
     Description: Frontend Application Load Balancer Listener
     Value: !Ref BBBFrontendALBListener
   BBBFrontendALBListenerHTTP2HTTPS:
+    Condition: BBBGreenlight
     Description: Frontend Application Load Balancer Listener HTTP Redirect
     Value: !Ref BBBFrontendALBListenerHTTP2HTTPS
   BBBFrontendTG:
+    Condition: BBBGreenlight
     Description: Frontend Application Load Balancer Target Group
     Value: !Ref BBBFrontendTG
   BBBFrontendALBDNS:
+    Condition: BBBGreenlight
     Description: Frontend Application Load Balancer DNS Record
     Value: !Ref BBBFrontendALBDNS
   BBBScaleliteALBDNSName: