• Stars
    star
    134
  • Rank 270,967 (Top 6 %)
  • Language
  • Created almost 2 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Host your own Mastodon instance on AWS

Mastodon on AWS

Want to host your own Mastodon instance on AWS? Here you go.

The architecture consists of the following building blocks.

  • Application Load Balancer (ALB)
  • ECS and Fargate
  • RDS Aurora Serverless
  • ElastiCache (Redis)
  • S3
  • SES
  • CloudWatch
  • IAM
  • KMS
  • Route 53
  • CloudFront

Mastodon on AWS: Architeture

Check out our blog post Mastodon on AWS: Host your own instance for more details.

Prerequisites

First, you need an AWS account.

Second, a top-level or sub domain where you are able to configure a NS record to delegate to the Route 53 nameservers is required. For example, you could register a domain with Rout 53 or use an existing domain and add an NS record to the hosted zone.

Third, we recommend to install Docker Desktop on your local machine to generate the required secrets.

Installation

Deploy the infrastructure

Click here to deploy Mastodon on AWS to your AWS account.

To generate the required secrets and keys use the following commands.

# Start Docker container locally
$ docker run -it tootsuite/mastodon:latest sh

# Generate SECRET_KEY_BASE
$ bundle exec rake secret
758a3b431265776b9ab55910890162bb84aec0617724ca611475c3a774965f2d0aca183091d3c1a84ff3640cf7cc438c559034a2735253ee895b7a2308ac450c

# Generate OTP_SECRET
$ bundle exec rake secret
c528b5cbb0236e4b0c2fe38a6d7ed1edc5fa12608c67a45690e225f005bad8bfbabfa99f7b83cb9c0981ba8fcc5fd76c68918d9bc854bd158c2c23fd6df89abc

# Generate VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
$ bundle exec rake mastodon:webpush:generate_vapid_key
VAPID_PRIVATE_KEY=am3vlPBGQGv7Rl3xOKXSv7lRYyWfZITItb88FXX9IOs=
VAPID_PUBLIC_KEY=BMGkIr1PaK4v7Kut7q7eoHtWxu9gEBQ5BeV28xOIR9c9VIvDWvOViTn1SV5G2LIEFGWo0f1dQka-UynR58WMn2Y=

Configure the domain name

By creating the CloudFormation stack, you also created a Route 53 hosted zone for the DomainName you specified as a parameter.

  1. Open Route 53 via the AWS Management Console.
  2. Select Hosted zones from the sub navigation.
  3. Search and open the hosted zone with the domain name of your Mastodon instance (DomainName parameter).
  4. Search for the NS record and copy the name servers (e.g., ns-52.awsdns-06.com., ns-659.awsdns-18.net., ns-1698.awsdns-20.co.uk., and ns-1034.awsdns-01.org.).

In case, you are using a top-level domain like cloudonaut.io as the DomainName for your Mastodon instance, you need to modify the name servers for your domain. See Adding or changing name servers and glue records for a domain in case you are using Route 53 to register domains.

In case, you are using a sub-domain like social.cloudonaut.io as the DomainName for your Mastodon instance, you need add an NS record to the parent zone. In our example, we added the NS record social.cloudonaut pointing to ns-52.awsdns-06.com., ns-659.awsdns-18.net., ns-1698.awsdns-20.co.uk., and ns-1034.awsdns-01.org. to the hosted zone managing cloudonaut.io.

Enable the admin user / Accessing tootctl

Use the following instructions to access the Mastodon CLI:

  1. Open Elastic Container Service (ECS) via the AWS Management Console.
  2. Select the ECS cluster with the name prefixed with the name of your CloudFormation stack (e.g., mastodon-on-aws-*).
  3. Note down the full name of the cluster (e.g., mastodon-on-aws-Cluster-1NHBMI9NL62QP-Cluster-pkxgiUVXxLC7).
  4. Select the Tasks tab.
  5. Search for a task with status Running and a task definition containing *-WebService-* in its name.
  6. Note down the task ID (e.g., a752b99a4cf843ce8a957c374fc98abf).
  7. Install the AWS CLI.

Use the following command to connect with the container running the Ruby on Rails (Web) application. Replace <CLUSTER_NAME> with the name of your ECS cluster and <TASK_ID> with the ID of a running ECS task.

aws ecs execute-command --cluster <CLUSTER_NAME> --container app --command /bin/bash --interactive --task <TASK_ID>

After the session got established you are ready to use the tootctl.

After signing up, you will need to use the command line to give your newly created account admin privileges. Replace <USERNAME> with your user name (e.g., andreas).

RAILS_ENV=production bin/tootctl accounts modify <USERNAME> --role Owner

Activating SES

In case you haven't used SES in your AWS account before, you most likely need to request production access for SES. This is required so that your Mastodon instance is able to send emails (e.g., registration, forgot password, and many more). See Moving out of the Amazon SES sandbox to learn more.

Costs for running Mastodon on AWS

Estimating costs for AWS is not trivial. My estimation assumes a small Mastodon instance for 1-50 users. The architecture's monthly charges are about $65 per month. The following table lists the details (us-east-1).

Service Configuration Monthly Costs (USD)
ECS + Fargate 3 Spot Tasks $12.08
RDS for Postgres t4g.micro $12.10
ElastiCache for Redis t4g.micro $11.52
ALB Load Balancer Hours $16.20
S3 25 GB + requests $0.58
Route 53 Hosted Zone $0.50
Total $52.97

Please note that the cost estimation is not complete and costs differ per region. For example, the estimation does not include network traffic, CloudWatch, SES, and domain. Monitor your costs!

Update

Here is how you update your infrastructure.

  1. Open CloudFormation via the AWS Management Console.
  2. Select the CloudFormation stack which is named mastodon-on-aws in case you created the stack with our defaults.
  3. Press the Edit button.
  4. Choose the option Replace current template with https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/latest/quickstart.yml.
  5. Go through the rest of the wizard and keep the defaults.

Development

IaC based on cfn-modules.

$ npm install
$ aws cloudformation package --template-file mastodon.yaml --s3-bucket <S3_BUCKET> --output-template-file packaged.yml
$ aws cloudformation deploy --template-file packaged.yml --stack-name mastodon-on-aws --capabilities CAPABILITY_IAM --parameter-overrides "DomainName=<DOMAIN_NAME>" "SecretKeyBase=<SECRET_KEY_BASE>" "OtpSecret=<OTP_SECRET>" "VapidPrivateKey=<VAPID_PRIVATE_KEY>" "VapidPublicKey=<VAPID_PUBLIC_KEY>"

More Repositories

1

aws-cf-templates

Free Templates for AWS CloudFormation
Java
2,749
star
2

aws-ec2-ssh

Manage AWS EC2 SSH access with IAM
Java
830
star
3

aws-s3-virusscan

Antivirus for Amazon S3
Java
525
star
4

complete-aws-iam-reference

Complete AWS IAM Reference
HTML
319
star
5

learn-cloudformation

Learn how to use Infrastructure as Code on AWS with the help of CloudFormation.
227
star
6

aws-lambda-youtube-dl

Download YouTube (and a few other sites) videos to S3 using Lambda.
JavaScript
84
star
7

sqs-lambda-example

Example: SQS with Lambda
JavaScript
80
star
8

aws-mfacli

Multi-Factor Authentication (MFA) with Role Delegation for AWS CLI
Shell
63
star
9

aws-velocity

AWS Velocity
JavaScript
58
star
10

cfn-create-or-update

Create or update CloudFormation stack also if no updates are to be performed.
JavaScript
56
star
11

ec2-network-benchmark

Shell
55
star
12

aws-cf-templates-cli

widdix, a CLI tool to manage Free Templates for AWS CloudFormation
JavaScript
47
star
13

aws-cf-checker

Checks AWS CloudFormation templates for security, reliability and conformity
JavaScript
42
star
14

aws-amicleaner

To clean up your AWS AMIs: First, include AMIs by name or tag. Second, exclude AMIs in use, younger than N days, or the newest N images. Third, manually confirm the list of AMIs for deletion.
JavaScript
33
star
15

cloudwatch-alarm-to-slack

Send CloudWatch Alarms to Slack with AWS Lambda
JavaScript
31
star
16

aws-tag-watch

This lambda function checks if your EC2 instances all have a specific tag in near real-time.
JavaScript
30
star
17

aws-step-functions-example

AWS Step Functions Example
27
star
18

learn-iam-policy

Labs helping you to learn how write IAM policies following the least privilege principle.
20
star
19

s3-getobject-accelerator

Get large objects from S3 by using parallel byte-rangefetches/parts to improve performance.
JavaScript
17
star
20

aws-cf-jail

AWS CloudFormation jail
JavaScript
15
star
21

learn-terraform

Shell
14
star
22

learn-security-fundamentals

AWS Security Fundamentals
HTML
11
star
23

parameter-store-cloudformation-codepipeline

Configure your CloudFormation managed infrastructure with Parameter Store and CodePipeline
11
star
24

node-route53-updater

Updating a Route53 resource set with meta-data of EC2 instance
JavaScript
10
star
25

cloudwatch-alarm-to-microsoft-teams

Send CloudWatch alarms to a Microsoft Teams channel
JavaScript
9
star
26

lambda-dynamodb-elasticache

JavaScript
9
star
27

s3-at-rest-encryption

S3 At Rest Encryption (using Client Side Encryption)
JavaScript
9
star
28

learn-network-security

Network Security on AWS
8
star
29

aws-snapshot-cleanup

AWS Snapshot Cleanup
JavaScript
7
star
30

learn-codepipeline

Labs helping you to get started with CodePipeline and CodeBuild.
JavaScript
7
star
31

learn-fargate

Labs helping you to learn AWS Fargate within a few hours.
Shell
7
star
32

aws-cutting-edge-appsync

JavaScript
4
star
33

aws-cutting-edge-fargate

PHP
4
star
34

learn-codebuild

Labs helping you to learn AWS CodeBuild within an hour.
CSS
3
star
35

learn-appsync

Labs helping you to get started with AWS AppSync
JavaScript
3
star
36

aws-community-days-2018-ffm

JavaScript
2
star
37

learn-api-gateway

JavaScript
2
star
38

static-website-img-optimize

Static Website: Image optimization for https://templates.cloudonaut.io/en/stable/static-website/
JavaScript
2
star
39

node-ssm-updater

JavaScript
2
star
40

serverless-hello-world

JavaScript
1
star
41

learn-docker

HTML
1
star
42

cfn-modules

Easy-going CloudFormation: Modular, production ready, open source.
1
star
43

bucketav-developer-examples

bucketAV developer examples
JavaScript
1
star
44

container-hello-world

Dockerfile
1
star
45

attachmentav-wordpress

Protect your blog from viruses, trojans, and other kinds of malware. The plugin sends all uploads to the attachmentAV API to scan for malware with Sophos and blocks infected files.
PHP
1
star