Eric Crowder

How to Deploy bitwarden_rs via AWS Fargate


Recently, I ran across a project called Bitwarden, which is an open source password manager. There are a few third-party projects written in other languages that follow the project’s API. Further, there is one impressive project bitwarden_rs that re-implements the Bitwarden project in Rust. It features a significantly smaller memory and resource footprint than the original application, which makes it perfect to host on free tier VMs on any of the major cloud providers. Even better, it ships as a public container on Docker Hub, so setting up the application is a breeze.

Since I am most familiar with AWS, I chose to deploy it via Fargate. The Fargate service is not within the typical free tier plan that AWS provides, but as mentioned above, bitwarden_rs does not require a lot of resources. So, a small instance with no auto-scaling or other features should run less than $20 a month.


Let us get started!

Launch Fargate service

We are going to leverage Fargate to do most of the heavy lifting for us. Once you have logged into AWS, navigate to ECS. Then, set up a custom image. With the following parameters:

Once the image is constructed, Fargate will deploy the image and set up the related infrastructure. This will take a few minutes. Once everything is set up, you will be able to access the front-end of the Bitwarden application by utilizing the DNS provided by AWS. It will be in this format:

By accessing that URL, you should see the Bitwarden login page. However, do not set up an account and login just yet - the content is being served over HTTP and is not secure. We will now configure our infrastructure to utilize HTTPS.

HTTPS setup

DNS configuration

If your domain name was obtained from a Domain Name System (DNS) provider other than AWS, you will need to configure your current DNS provider to use the AWS nameservers. So, let’s do that first:

HTTPS certificate

Now that we have DNS managed by AWS, we can use the Certificate Manager to generate a SSL/TLS certificate that we can use with the Application Load Balancer (ALB) and Target Group (TG) that Fargate set up for us.

ALB / TG / configuration

Once the HTTPS certificate has been validated, we can now set up our infrastructure to utilize it.

SG configuration

Now, we need to edit our existing Security Groups (SG) to allow HTTPS traffic on port 443.

Test it out!

Now that we have set up our AWS infrastructure to handle traffic to the bitwarden_rs container via HTTPS, let us test it out.

In your browser, navigate to the custom URL (subdomain) that you set up in Route 53. The Bitwarden login screen should appear. Success!

You can now use the Bitwarden CLI, browser app and mobile apps to communicate with the Fargate container.