Deploying Ottehr on Amazon Web Services (AWS)

🚧
This documentation explains how to deploy Ottehr using Amazon Web Services (AWS). We also have a guide for deploying using Google Cloud Platform (GCP). If you want to deploy Ottehr on another provider, please open an issue on GitHub.

Deploying Ottehr takes about 30 minutes, and involves three steps:

  1. Configure your local Ottehr AWS profile
  2. Set up your Oystehr Project
  3. Run the deploy script

If you want to experiment with Ottehr but don't want to deploy it, follow the steps in the Ottehr readme (opens in a new tab) to set it up on your computer.

ℹ️
Please read the guide Developing and Building Apps before storing patient health information on Oystehr

Deploying

Configure your local Ottehr AWS profile

  1. If you do not have an AWS account, create one (opens in a new tab)
  2. Install the AWS CLI (opens in a new tab)
  3. Navigate to AWS IAM (opens in a new tab)
  4. Click Users in the left-hand menu
  5. Click Create User
  6. Enter a name for the user and click Next
  7. Click Attach policies directly
  8. Search for AdministratorAccess, select it, click Next
    Screenshot of AWS IAM including the policy AdministratorAccess
  9. Click Create user
  10. Click the user name to choose the user
  11. Click Create access key
    Screenshot of AWS IAM including the option to create an access key
  12. Click Command Line Interface (CLI), Check the "I understand" box, click Next
    Screenshot of AWS IAM including the option to create an access key
  13. Click Create access key
  14. Save the Access key ID and Secret access key in a secure location
  15. Run the following command in your terminal to configure your ottehr AWS profile:
aws configure --profile ottehr

Enter the Access key ID and Secret access key when prompted. For default region name and default output format, press Enter key.

Set up your Oystehr Project

  1. If you haven't already, follow the steps in the Ottehr repository (opens in a new tab) for creating an Oystehr Account (opens in a new tab) and forking Ottehr (opens in a new tab).
  2. Create a new project in the Oystehr Developer Console (opens in a new tab). We recommend you name this project after the environment you are deploying to (e.g. development, testing, production)
  3. In your local Ottehr code, navigate to the scripts/deploy directory, and create a file called deploy-config.json.
  4. Paste the following JSON into deploy-config.json: 
    {
    "project_id": "your_project_id",
    "access_token": "your_access_token",
    "provider_email": "your_provider_email",
    "environment": "your_environment_name"
}
  5. Fill out the four values.
    • project_id - The ID of your Oystehr project, found in the Oystehr Developer Console
    • access_token - The access token for your Oystehr project, found in the Oystehr Developer Console
    • provider_email - The email address of a provider you want to use for the project. You will need access to this email
    • environment - The name of the environment you are deploying to (e.g. development, testing, production)
  6. Save the file

Run the deploy.sh script

Run the following command in your terminal:

sh scripts/deploy/aws/deploy.sh

The script will take about 15 minutes to run and will deploy Ottehr to your AWS account.

You may get a message: Do you wish to deploy these changes (y/n)?Type y if you are ok with the changes and hit Enter.

Screenshot of a terminal prompting the user "Do you wish to deploy these changes (y/n)?"
Example output

You can find the URLs for your deployment in the output of the deploy.sh script, for example:

{
  id: 'fbcb635f-1bf1-4795-ad92-074cdb041c29',
  clientId: 'KTOhfebxdG9ro5Gjjiw1IHOgd0RnO4r4',
  name: 'Ottehr Intake',
  description: 'Intake application with sms authentication',
  loginRedirectUri: 'https://d3oj41081wj6zr.cloudfront.net',
  allowedCallbackUrls: [
    'https://d3oj41081wj6zr.cloudfront.net',
    'https://d3oj41081wj6zr.cloudfront.net/redirect'
  ],
  allowedLogoutUrls: [ 'https://d3oj41081wj6zr.cloudfront.net' ],
  allowedWebOriginsUrls: [ 'https://d3oj41081wj6zr.cloudfront.net' ],
  allowedCORSOriginsUrls: [ 'https://d3oj41081wj6zr.cloudfront.net' ],
  mfaEnabled: false,
  passwordlessSMS: true,
  logoUri: 'https://assets-global.website-files.com/653fce065d76f84cf31488ae/65438838a5f9308ca9498887_otter%20logo%20dark.svg',
  shouldSendInviteEmail: false,
  loginWithEmailEnabled: true,
  refreshTokenEnabled: false
}
{
  id: 'c080c104-1777-4968-8015-bfe54ea7b2fd',
  clientId: 'Yph0ptGrXI1ImLnmuBl6r2qhYUC9z8JA',
  name: 'Starter EHR Application',
  description: 'Example',
  loginRedirectUri: 'https://d49bon68zzhww.cloudfront.net',
  allowedCallbackUrls: [ 'https://d49bon68zzhww.cloudfront.net' ],
  allowedLogoutUrls: [ 'https://d49bon68zzhww.cloudfront.net' ],
  allowedWebOriginsUrls: [ 'https://d49bon68zzhww.cloudfront.net' ],
  allowedCORSOriginsUrls: [ 'https://d49bon68zzhww.cloudfront.net' ],
  mfaEnabled: false,
  passwordlessSMS: false,
  shouldSendInviteEmail: false,
  loginWithEmailEnabled: true,
  refreshTokenEnabled: false
}

You can use the loginRedirectUri for each application to access the application you have deployed.

Environments

We recommend having a separate Oystehr Project for each of your environments.

For example, you may want to have different intake websites on development.ottehr-intake.example.com and testing.ottehr-intake.example.com and each will have its own Oystehr Project so the resources from one project are not connected to another.

PaperworkGCP