reference deployment
Atlassian Crowd Data Center on AWS
Single sign-on and centralized user management
Crowd Data Center is Atlassian’s centralized identity management platform. You can manage users from multiple directories (Microsoft Active Directory, Lightweight Directory Access Protocol [LDAP], OpenLDAP, or Microsoft Azure Active Directory) and control application authentication permissions from a single location. Crowd is a self-managed solution that gives you high availability, performance at scale, and disaster recovery for uninterrupted access to your resources.
This Partner Solution uses the Atlassian Standard Infrastructure (ASI) as a foundation. You can choose to build a new ASI for your deployment or deploy Crowd into your existing ASI. You can also deploy Jira, Confluence, and Bitbucket Data Center within the same ASI.

This Partner Solution was developed by Atlassian in collaboration with AWS. Atlassian is an AWS Partner.
AWS Service Catalog administrators can add this architecture to their own catalog.
-
What you'll build
-
How to deploy
-
Costs and licenses
-
What you'll build
-
This Partner Solution sets up the following:
- A highly available architecture that spans two Availability Zones.
- In the public subnets:
- A network address translation (NAT) gateway to allow outbound internet access for resources in the private subnets.
- A bastion host that enables secure access to Crowd without exposing it to the internet. You can choose not to provision a bastion host if you prefer to access Crowd nodes through the AWS Systems Manager.
- In the private subnets:
- Amazon Elastic File System (Amazon EFS) to store artifacts such as attachments, avatars, icons, import and export files, and plug-ins in a common location that can be accessed by all Crowd nodes.
- Amazon Relational Database Service (Amazon RDS) for PostgreSQL in a high-availability (Multi-AZ) configuration, which mitigates failover if the master node fails.
- Two Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling groups for scaling the bastion hosts in the public subnets and the Crowd nodes in the private subnets.
- An Application Load Balancer, which works both as a load balancer and a Secure Sockets Layer (SSL) termination reverse proxy.
- Amazon CloudWatch for basic monitoring of all application and database nodes in your deployment. By default, CloudWatch collects and stores logs from each monitored node. Amazon CloudWatch is an optional component.
-
How to deploy
-
To deploy Crowd, follow the instructions in the deployment guide. The deployment process takes 30–60 minutes and includes these steps:
- If you don't already have an AWS account, sign up at https://aws.amazon.com, and sign in to your account.
- Launch the Partner Solution, choosing from the following options:
- Test the deployment.
Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.
-
Costs and licenses
-
You are responsible for the cost of the AWS services used while running this Partner Solution. There is no additional cost for using the Partner Solution.
The AWS CloudFormation template for this Partner Solution includes configuration parameters that you can customize. Some of the settings, such as the instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.
Tip: After you deploy the Partner Solution, we recommend that you enable the AWS Cost and Usage Report. This report delivers billing metrics to an S3 bucket in your account. It provides cost estimates based on usage throughout each month and finalizes the data at the end of the month. For more information about the report, refer to the AWS documentation.
This Partner Solution deploys a cluster-ready infrastructure for Crowd. A Crowd license is required. For information, refer to the Atlassian pricing page.