Skip to content
Brent Baccala edited this page May 29, 2024 · 2 revisions

Amazon Web Services (AWS)

Hibernation

See installation section for instructions on how I use dynamic DNS via Google Domains to dynamically track a changing IP address.

This lets us hibernate the instance on AWS when nobody is using the system.

To do you, you need to enable hibernation when you create the instance, make sure the storage volume is encrypted, also at instance creation time, make sure the storage volume has enough free space to store the entire RAM memory of the instance.

Next, you need to give the instance permission to hiberate itself, like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ec2:StopInstances",
            "Resource": "*"
        }
    ]
}

This policy actually lets the instance stop any instance, and I'd be happy if somebody could improve it so that it can only stop itself.

Create this policy in IAM and call it StopSelf.

Then create an IAM role called StopSelf, and assign it the policy StopSelf.

Roles and policies are global to your AWS account, and are not tied to a specific region.

Then attach your instance to the role StopSelf. This can be done while the instance is running.

We'll need to use ssh authentication. Create a file /etc/bigbluebutton/authorized_keys that is just like .ssh authorized_keys, and put at least one key in it that will be used to sign login links that can bring the system out of hibernation.

apt install bbb-aws-hibernate

This will cause the instance to hibernate when nobody is using it (ssh or web).

Now we have to arrange for it to be started once it has been stopped.

To do that, clone the collaborate github respository. In the bbb-aws-hibernate directory, you will find Makefile, lambda-function.py, install-lambda.py, and configuration.py. 'make' will install a AWS lambda server that will bring the system out of hibernation by using a special web link to access the system.

This 'make' is not meant to be run on the server, but rather in a more secure environment.

Edit configuration.py to set the nickname of the system, the FQDN of the system, the list of AWS instance IDs to be started, and a list of ssh keys that can be used to sign the login links.

You'll also need a local AWS profile, which is set in your AWS.config file and contains an AWS access key and an AWS region. Make sure to set the region to the same region as your instance. Set the AWS_PROFILE environment variable to the profile name.

I wouldn't recommend running this command on the instance itself, because AWS credentials should generally be held locally, for security purposes.

Running install-lambda.py will whirl around for a while, build the whole lambda function, install it on AWS along with a policy that gives it permission to start any instance, map it to an AWS-generated API gateway with a long URL, and record the resulting URL in a sqlite3 database ../bbb-auth.sqlite

bbb-mklogin (next directory over in the source tree) will recognize the presence of the ../bbb-auth.sqlite file and create appropriate web links. Just be sure to use the '-n' option to specify the server's nickname, and the '-m' option since only moderators can bring an instance out of hibernation.

If you logged out after install bbb-aws-hibernate, the instance has surely hibernated by now, so go ahead and use your new AWS lambda link.

Clone this wiki locally