High availability deployment in AWS for Jitterbit App Builder

Introduction

You can use the following AWS products to build a high-availability (HA) App Builder environment:

An S3 bucket, configured with App Builder read/write access, for the purpose of creating and sharing security keys.
An RDS on EC2 instance for the App Builder database.
ElastiCache, used as a message bus for information sharing between App Builder instances.
(Optional) Elastic Beanstalk can be used to manage App Builder instances and provide a load balancer to distribute client requests.

The following diagram shows one way in which these services can be used as an App Builder environment:

flowchart LR A[fa:fa-plug API client] B[fa:fa-balance-scale Elastic
load balancer] W[fa:fa-globe Web browser] AB1[fa:fa-window-restore App Builder] AB2[fa:fa-window-restore App Builder] AB3[fa:fa-window-restore App Builder] KS@{shape: das, label: "fa:fa-key S3
key storage"} MB["fa:fa-random Message bus
(Redis)"] ABDB[(fa:fa-database App Builder
database)] ODS@{ shape: lin-cyl, label: "fa:fa-table Other
data sources" } A --> B W --> B subgraph Process_Group [Elastic Beanstalk] B --> AB1 B --> AB2 B --> AB3 end AB1 --> MB AB2 --> MB AB3 --> MB subgraph EC[ElastiCache] MB end MB --> ABDB MB --> ODS KS -.- AB1 KS -.- AB2 KS -.- AB3

Storing data encryption keys on an S3

As noted in Data encryption configuration, EC2 instance local storage cannot be used for long term storage. Consequently, Data Encryption Keys (DEKs) must be stored in S3 buckets, as per the following details:

Bucket: vinyl-data-encryption-keys (Default S3 bucket used by Elastic Beanstalk environments.)
Address: https://s3.amazonaws.com/vinyl-data-encryption-keys
Access: aws-elasticbeanstalk-ec2-role

Within the bucket, DEKs are prefixed with the Elastic Beanstalk environment name.

Configure Elastic Beanstalk environment Data Encryption Key (DEK) storage

App Builder ships with a .ebextensions script which registers the environment properties for DEK storage. These properties include the following:

Property	Default	Example
`DataEncryptionKeyStorage`	S3	S3
`DataEncryptionKeyS3BucketEndpoint`	`https://{bucket}.s3{-aws-region}.amazonaws.com`	`https://s3.amazonaws.com/vinyl-data-encryption-keys`
`DataEncryptionKeyS3KeyPrefix`	`{elastic-beanstalk-environment-name}`	`abacceptance`

App Builder will not start with the default Elastic Beanstalk environment properties. You must change the DataEncryptionKeyS3BucketEndpoint and DataEncryptionKeyS3KeyPrefix values.

Grant Elastic Beanstalk environments access to S3 buckets

EC2 instances within an Elastic Beanstalk environment are assigned to a role. The following example policy grants access to an S3 bucket:

Example S3 access policy

{
  "Version": "2025-10-17",
  "Statement": [
    {
       "Effect": "Allow",
       "Action": "s3:*",
       "Resource": "arn:aws:s3:::{bucket-name}/*"
     },
     {
       "Effect": "Allow",
       "Action": [
         "s3:ListAllMyBuckets",
         "s3:GetBucketLocation",
         "s3:ListBucket"
       ],
       "Resource": "*"
     }
   ]
}

ElastiCache setup

You can use ElastiCache to communicate between App Builder servers. A small node, without replicas or shards, is sufficient.

Use the following information when setting up the application servers in Beanstalk configurations:

attachment

Database setup

Database setup is outside the scope of this document. Jitterbit can provide RDS setup instructions if desired.

Elastic Beanstalk setup

To set up an AWS Elastic Beanstalk service, follow these steps:

Create the environment:
Select Create web server:
Select IIS:

To change the default values, select Change platform version, then select 8.5 on 64bit Windows Server 2012 R2:
Select the appropriate application version:
Enter the environment name. This becomes part of a URL that can be used to reach this environment:

Tip

This namespace is used across all elastic Beanstalk instances for all AWS customers.
Check Create this environment inside a VPC:
Set the following values:
- Instance type: t2.small (Jitterbit recommends T2.small and T2.medium instances for development and QA purposes, and larger instances for production environments.)
- EC2 key pair: vinyl
- (Optional) Enter your email address to be notified of environment issues.
Configure VPC settings as appropriate. (ELB visibility should be External.)
Review the summary:
Set permissions:
Save the configuration:

After the environment is up

After the environment appears green on the dashboard, you must configure some additional parameters. Under Configuration > Software Configuration, set values for the following connection information fields:

ConnectionInfo:DatabaseType
ConnectionInfo:HostName
ConnectionInfo:DatabaseName
ConnectionInfo:UserName
ConnectionInfo:Password

After completing these fields, App Builder opens. (Further steps for a database installation or upgrade may be required.)

Configuring HTTPS

Elastic Beanstalk environments terminate the HTTPS connection at the Elastic Load Balancer. App Builder's support for reverse proxies allows it to detect and handle this scenario. App Builder recognizes three environment properties defined when the Elastic Beanstalk instance is deployed. These environment variables are scripted; you will not need to configure them yourself.

HTTPS is strongly recommended for all new Elastic Beanstalk environments. However, by default, new Elastic Beanstalk environments are not configured for HTTPS. To configure Elastic Beanstalk to accept HTTPS requests, follow these steps:

Log into the Amazon Web Services Console.
Under Services, choose Elastic Beanstalk.
Select the environment you are updating.
Select Configuration on the left menu.
Select the gear icon next to Load Balancing.
Set the Secure Listener Port to 443.
Select the SSL Certificate ID that is applicable.
Click the Save button: