This process will install a fully-functional, secured, preconfigured OpenEMR 5.0.1 instance on an AWS Ubuntu server (and several other Amazon services), providing an embedded MySQL server and rotated, automatic backups of all OpenEMR configuration and health information.
We offer an AWS CloudFormation template, which slightly increases the billable AWS resources past a single server (expected additional outlay: $2-$5/mo) but offers HIPAA eligibility, backups uploaded daily to S3, CloudTrail auditing, and AWS KMS encryption of all Protected Health Information at all steps of its lifecycle.
- Be sure you have a valid EC2 keypair for the region you're planning to launch your instance in.
- Click the link corresponding to this region.
- Enter your primary key, your Express instance size, and the amount of storage to reserve for your practice.
- Proceed and launch.
- Once CloudFormation finishes the stack, you may log in to the IP given in the
Outputtab.- User:
admin - Password:
pass - Change this password before proceeding.
- User:
- The instance should be answering on port 80 inside of ten minutes. If it's not...
tail -f /tmp/launch.logto see if it's still running, or where it got stuck.- Transient build failures are possible if container dependencies are temporarily unavailable, just retry.
- You will need network access, don't try to build from a private IP without NAT egress.
- Check the process list, make sure
auto_configure.phpisn't running before you attempt to log in.
- Express Plus is based on our (master installation script)[../lightsail] which contains complete notes on common administration tasks, including container interaction and installation of SSL certificates.
a. For AWS customers that are HIPAA covered entities, before deployment of OpenEMR Express Plus, you must navigate to the Services->Artifact->Agreements section of the AWS console, find the AWS Nondisclosure Agreement (AWS Artifact NDA). Download, read and accept it. Then find the AWS Business Associate Addendum (AWS BAA). Download, read and accept it.
b. For AWS customers that are HIPAA covered entities, OpenEMR Express Plus must be deployed in the U.S. East (N. Virginia) Region (preferred) or U.S. West (Oregon) Region.
Duplicity is installed to the host machine to manage and rotate backups, sending encrypted backups to a KMS-managed Amazon S3 bucket allocated by CloudFormation. /etc/cron.daily/duplicity-backups holds the daily backup process that snapshots both the MySQL database, the OpenEMR configuration, and any patient documents that have been created.
Full backups are made every seven days, with incrementals for the other days. The Duplicity backups encompass the MySQL database backups.
It is recommended, in the strongest possible terms, that you familiarize yourself with the recovery process as soon as possible.
- As root, launch
/root/restore.sh, and carefully read the warning it supplies you. - Take the actions it suggests — make an image snapshot if possible — and then, once ready, run the script as instructed.
- Duplicity will unpack the MySQL backups it's holding, the OpenEMR configuration directory, and any patient documents that have been saved.
- XtraBackup will launch, applying the most recent full backup and all the daily incrementals.
- The MySQL container will be restarted to pick up the newly constructed data directory, and at this point your backups should be completely restored.
See the mysql-xtrabackup container for more information about the xbackup.sh and xrecovery.sh scripts called by the Duplicity wrappers.
The CloudFormation stack is created from a Python-based stack builder, providing a significantly clearer reading experience.
$ cd packages/express_plus
$ pip install -r requirements.txt
$ python stack.py > OpenEMR-Express-Plus.json
The OpenEMR forums and chat are available if you have any questions. We'll be happy to help!