Bitwarden Aws



In this post, Bitwarden will be installed on an AWS EC2 instance with additional EBS volume mounted to /bitwarden where Bitwarden will store its data and which will be backed up by AWS Data Lifecycle Manager. On the EC2 will have NGINX running as a frontend and SSL sessions with a certificate from Let’s Encrypt will be terminated here. Bitwarden Send is a trusted way to securely share one-time information directly with anyone. Read the Full Story Why choose Bitwarden for password management?

Bitwarden(opens new window) is an open-source password management solution for individuals, teams, and business organizations.

🔑 Credentials

You can find authentication information for this node here.

# Basic Operations

Collection
  • Delete a collection
  • Get a collection
  • Get all collections
  • Update a collection
Event
  • Get all events
Group
  • Create a group
  • Delete a group
  • Get a group
  • Get all groups
  • Get members of a group
  • Update a group
  • Update members of a group
Member
  • Create a member
  • Delete a member
  • Get a member
  • Get all members
  • Get groups of a member
  • Update a member
  • Update groups of a member

# Example Usage

This workflow allows you to create a group, add members to the group, and get the members of the group in Bitwarden. You can also find the workflow(opens new window) on n8n.io. This example usage workflow would use the following nodes.

The final workflow should look like the following image.

# 1. Start node

The start node exists by default when you create a new workflow.

# 2. Bitwarden node (create: group)

Bitwarden aws login

This node will create a new group called documentation in Bitwarden.

  1. First of all, you'll have to enter credentials for the Bitwarden node. You can find out how to do that here.
  2. Select 'Group' from the Resource dropdown list.
  3. Select 'Create' from the Operation dropdown list.
  4. Enter documentation in the Name field.
  5. Click on Execute Node to run the node.

In the screenshot below, you will notice that the node creates a new group in Bitwarden.

# 3. Bitwarden1 node (getAll: member)

This node will get all the members from Bitwarden.

  1. Select the credentials that you entered in the previous node.
  2. Select 'Member' from the Resource dropdown list.
  3. Select 'Get All' from the Operation dropdown list.
  4. Toggle Return All to true.
  5. Click on Execute Node to run the node.

In the screenshot below, you will notice that the node retrieves all the members from Bitwarden.

# 4. Bitwarden2 node (updateMembers: group)

This node will update all the members in the group that we created earlier.

  1. Select the credentials that you entered in the previous node.
  2. Select 'Group' from the Resource dropdown list.
  3. Select 'Update Members' from the Operation dropdown list.
  4. Click on the gears icon next to the Group ID field and click on Add Expression.
  5. Select the following in the Variable Selector section: Nodes > Bitwarden > Output Data > JSON > id. You can also add the following expression: {{$node['Bitwarden'].json['id']}}.
  6. Click on the gears icon next to the Member IDs field and click on Add Expression.
  7. Select the following in the Variable Selector section: Current Node > Input Data > JSON > id. You can also add the following expression: {{$json['id']}}.
  8. Click on Execute Node to run the node.

In the screenshot below, you will notice that the node updates the members of the group.

# 5. Bitwarden3 node (getMembers: group)

This node will get all the members in the group that we created earlier.

  1. Select the credentials that you entered in the previous node.
  2. Select 'Group' from the Resource dropdown list.
  3. Select 'Get Members' from the Operation dropdown list.
  4. Click on the gears icon next to the Group ID field and click on Add Expression.
  5. Select the following in the Variable Selector section: Nodes > Bitwarden > Output Data > JSON > id. You can also add the following expression: {{$node['Bitwarden'].json['id']}}.
  6. Click on Execute Node to run the node.

In the screenshot below, you will notice that the node retrieves the members in the group.

2019-09-20

Recently, I ran across a project called Bitwarden, which is an open source password manager. There are a few third-party projects written in other languages that follow the project’s API. Further, there is one impressive project bitwarden_rs that re-implements the Bitwarden project in Rust. It features a significantly smaller memory and resource footprint than the original application, which makes it perfect to host on free tier VMs on any of the major cloud providers. Even better, it ships as a public container on Docker Hub, so setting up the application is a breeze.

Since I am most familiar with AWS, I chose to deploy it via Fargate. The Fargate service is not within the typical free tier plan that AWS provides, but as mentioned above, bitwarden_rs does not require a lot of resources. So, a small instance with no auto-scaling or other features should run less than $20 a month.

Prerequisites:

  • AWS account
  • available domain name

Let us get started!

We are going to leverage Fargate to do most of the heavy lifting for us. Once you have logged into AWS, navigate to ECS. Then, set up a custom image. With the following parameters:

  • 1: container name: whatever you would like
  • 2: image: bitwardenrs/server(ECS will obtain this from Docker Hub)
  • 3: container port: 80
  • 4: container protocol: tcp
  • 5: task memory: 0.5 GB (512)
  • 6: task CPU: 0.25 vCPU (256)
Bitwarden Aws

See Full List On Github.com

Once the image is constructed, Fargate will deploy the image and set up the related infrastructure. This will take a few minutes. Once everything is set up, you will be able to access the front-end of the Bitwarden application by utilizing the DNS provided by AWS. It will be in this format:

By accessing that URL, you should see the Bitwarden login page. However, do not set up an account and login just yet - the content is being served over HTTP and is not secure. We will now configure our infrastructure to utilize HTTPS.

DNS configuration

Bitwarden_rs aws

If your domain name was obtained from a Domain Name System (DNS) provider other than AWS, you will need to configure your current DNS provider to use the AWS nameservers. So, let’s do that first:

  • In the AWS console, navigate to Route 53. Create a new hosted zone with your domain name.
  • Once this has been created, AWS will create two records for you - a NS record and a SOA record. The NS record should have 4 values in it - these are the namesevers you will need to point your current DNS provider to.
  • Update your current DNS provider to use the AWS nameservers.
  • Create a record set to use a subdomain of your intended domain. Point this subdomain to an alias target of the ALB previously set up by Fargate.

HTTPS certificate

Now that we have DNS managed by AWS, we can use the Certificate Manager to generate a SSL/TLS certificate that we can use with the Application Load Balancer (ALB) and Target Group (TG) that Fargate set up for us.

  • In the AWS console, navigate to Certificate Manager.
  • Select “Request a public certificate”
  • Input the domain name. In most cases, you’ll want to use the format *.domain.name to allow subdomains to be scoped into the certificate. This will give you more flexibility if you intend to utilize your domain name for sites other than the bitwarden_rs server we are setting up.
  • When your request has been submitted, you will need to add the CNAME record to the Route 53 hosted zone that we created previously. You should see a button that says Create record in Route 53. Click this and check Route 53 that the record was populated.
  • It might take at least 30 minutes, but the certificate should eventually be validated and issued.

ALB / TG / configuration

Bitwarden Aws

Once the HTTPS certificate has been validated, we can now set up our infrastructure to utilize it.

Bitwarden Authenticator (TOTP) | Bitwarden Help & Support

  • In the AWS console, navigate to EC2.
  • On the left navigation column, select “Load Balancers”.
  • Select the load balancer created by Fargate. Then click on the “Listeners” tab. By default, Fargate sets up the listener for HTTP: 80.
  • Click “View/edit rules” on the HTTP: 80 rule and change the rules to redirect to HTTPS: 443 with a status code of 301.
  • Next, we will add a HTTPS listener. In the Click “Add listener” and set up the rule to forward to the target group set up by Fargate. Note - to view your target groups, click on the “Target Groups” link below “Load Balancers” on the left navigation pane within the EC2 module.

SG configuration

Now, we need to edit our existing Security Groups (SG) to allow HTTPS traffic on port 443.

R/Bitwarden - Has Anyone Self-hosted Bit Warden In AWS Using ...

  • In the EC2 module, click on “Security Groups” on the left navigation pane.
  • You should see two SGs set up by Fargate - one for ALB and the other for ECS. For both of these, add “Inbound” rules for the following:
    • type: HTTPS
    • protocol: TCP
    • port range: 443
    • source: 0.0.0.0/0

Test it out!

Now that we have set up our AWS infrastructure to handle traffic to the bitwarden_rs container via HTTPS, let us test it out.

Bitwarden Aws Account Id

In your browser, navigate to the custom URL (subdomain) that you set up in Route 53. The Bitwarden login screen should appear. Success!

Download | Bitwarden

You can now use the Bitwarden CLI, browser app and mobile apps to communicate with the Fargate container.





Comments are closed.