This project is still under development. If you rely upon this project, you do so at your own risk.
OpenDSA-AWS is a Cloud Formation template that automates OpenDSA infrastructure provisioning and application deployment on AWS.
To be able to deploy your instance of OpenDSA system you need to do the following:
- AWS Educate Starter account OR
- Create and Activate a new AWS account
- Secure your AWS account root user
- Register a domain using AWS Route53 service
- Create a key pair using EC2. IMPORTANT, the key pair should be created in the same region you provision the template.
After OpenDSA-AWS template execution completes it will create the following resources:
- Virtual Private Cloud (VPC)
- Public Subnet
- Internet Gateway
- Elastic IP Address (EIP)
- Elastic Cloud Compute (EC2) Instance
- Lambda function
- Route53 alias record for OpenDSA domain name.
- OpenDSA Domain certificate generated by Let's Encrypt certificate authority.
- Log in to your AWS account and click
Launch Stackbutton below in the AWS region close to you.
| AWS Region | Short name | |
|---|---|---|
| US East (Ohio) | us-east-2 |  |
| US East (N. Virginia) | us-east-1 | |
| US West (Oregon) | us-west-2 | |
| US West (N. California) | us-west-1 | |
| Canada (Central) | ca-central-1 | |
| EU (Paris) | eu-west-3 | |
| EU (London) | eu-west-2 | |
| EU (Ireland) | eu-west-1 | |
| EU (Frankfurt) | eu-central-1 | |
| Asia Pacific (Seoul) | ap-northeast-2 | |
| Asia Pacific (Tokyo) | ap-northeast-1 | |
| Asia Pacific (Sydney) | ap-southeast-2 | |
| Asia Pacific (Singapore) | ap-southeast-1 | |
| Asia Pacific (Mumbai) | ap-south-1 | |
| South America (São Paulo) | sa-east-1 | |
- Fill in the template parameters
- Email: Provide your institution email address to get important notifications regarding the infrastructure resources staus and certificate expiry date.
- DomainName: The Domain you registered with AWS Route53 service
- AdditionalDomainName: The same as the DomainName, you may need to change this parameter in case you hit let's encrypt certificates identical limit. Please see About Let's encrypt for more details.
- HostedZoneId: The Route53 hosted zone Id used to route the traffic for the new domain
- KeyName: The key pair name created earlier
- DBName: OpenDSA database name (default opendsa)
- DBUser: OpenDSA database user (default opendsa)
- DBPassword: OpenDSA database password (default opendsa. Change to a strong password)
- DBRootPassword: MySQL root password (default root. Change to even stronger password)
- PasswordRestEmailUsername: Email address used by OpenDSA to sent password reset notifications to users.
- PasswordRestEmailUserPassword: The password for previous
PasswordRestEmailUsernameemail . - InstanceType: The EC2 instance type (default t2.small)
- SSHLocation: The IP address range that can be used to SSH to the EC2 instances, we recommend to narrow that range to include only your computer public IP address.
- VpcCIDR: VPC IP range (you don't need to change this value)
The provisioning process might take about 10 mins. Wait until the cloud formation stack status change to CREATE_COMLETE.
OpenDSA-AWS is using CloudFormration helper script to run a series of shell scripts against the EC2 instance to deploy OpenDSA application. You can view the scripts' output written to /var/log/cfn-init-cmd.log inside the EC2 instance. To connect to the EC2 machine use the terminal with the key pair created earlier. Also, you can connect to The EC2 instance though AWS EC2 console because the machine is loaded with ec2-instance-connect package which allows AWS account admin to log into the machine using the console. For the latter method, go to the EC2 service then select the running instance then hit the connect button. The Connect to your instance dialog box will appear, choose EC2 Instance Connect (browser-based SSH connection) option, and hit connect.
After the stack creation, you can navigate to https://DomainName to check that OpenDSA application is loading correctly. To start using your instance of OpenDSA to create Books and generate courses in Canvas LMS do the following:
- Sign up to OpenDSA application using the same email you are using with your Canvas LMS instance.
- Log in to OpenDSA using the admin user
[email protected], passwordadminadmin - Navigate to the admin area and open the
userspage, edit your user to make it admin. - Log in back to OpenDSA using your user and delete the temp admin user
[email protected]. - In the admin area make sure you have the correct setup for Terms, Organizations, Courses, and LMS accesses.
- Go to instructor guides for detailed instructions on setting up an OpenDSA eTextbook instance for use within a Canvas course.
WARNING deleting the CloudFormatin stack will delete all the resources listed above including the EC2 instance which has all the generated books and the MySQL database that includes students' performance data. Deleting the stack will make all the links in the Canvas course invalid. However, you will still have the students scores already posted to Canvas grade book.
We recommend deleting the stack right after you are done with the semester to avoid paying for unused resources.
The creation of these AWS resources does not incur costs. However, you will incur the costs once you have the stack in CREATE_COMPLETE status and the EC2 instance is up and running.
- More about instance sizes, pricing, Savings Plans, and flexible pricing model.
- More about AWS support for higher education program
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). OpenDSA template automates the certificate issuance using Let's Encrypt service. The service is designed to automatically renew your certificate every 90 days. It is important to provide your email in the template parameter to get important notification from Let's encrypt about certificate renewal and if you need to take manual action in case auto-renewal failed.
let's encrypt provides rate limits. The main limit is Certificates per Registered Domain (50 per week). The service also restricts certificate issuance to max 5 identical certs per week. Every time you spin up OpenDSA stack a certificate is created inside the EC2 instance and when you delete the stack the certificate got deleted with the instance. If you hit the hard limit of 5 identical certs, the template offers the AdditionalDomainName parameter to overcome this limit. So if your domain is opendsa.net and you hit the 5 certs identical limit, all you need to do is to change the AdditionalDomainName by adding a subdomain e.g. odsa.opendsa.net and a new certificate will be generated.
You can get a list of certificates issued for your registered domain by searching on crt.sh, which uses the public Certificate Transparency logs.
- Autoscale EC2 instance volume when the size hits a threshold.
- Building a fault-tolerant architecture by regularly taking backups and automate the restore in case of failure.
- Implement a high available solution by deploying multiple EC2 instances behind a load balancer and move the database out of the instance to the RDS service.
- Push clickstreams to a centralized store like S3 and feed the data to Caliper analytics.
- Enhance system notifications and alarms in some cases like unusual resources high usage.
- Change folder .config owner to ubuntu
$ sudo chown -R $(whoami) .config
If you find a bug in the template or you want to contribute to the project, please fork the repo, create a new branch, fix the bug or implement the improvement and submit a pull request.