We are sunsetting On-Premises API. Refer to our On-Premises API Sunset document for details, and to learn how to migrate to our next-generation Cloud API.
This document shows you how to use Amazon Web Services (AWS) to deploy the WhatsApp Business API. The process can be divided into two main steps:
Once you have completed the set up, you can choose to upgrade the client. If you ever need to restart both the Webapp and CoreApp, follow these steps.
This document walks through the old AWS template. Please refer to the new AWS template that we have tested for higher and more stable messaging throughput.
You will need:
You need to set up a valid AWS account and be familiar with working on AWS. WhatsApp provides CloudFormation templates for deploying the WhatsApp Business API client easily. Refer to the AWS Getting Started Resource Center for more information.
You need to create a new key pair to access the EC2 instance created by the WhatsApp Business API template. You can also use a previously created key pair. Refer to the Amazon EC2 Key Pairs documentation for information about creating and using key pairs with an EC2 instance.
The key pair needs to be created using the region for which you are deploying the WhatsApp Business API.
The WhatsApp Business API client makes use of a CentOS 7 image (available in the AWS Marketplace). Terms and conditions should be reviewed and accepted before using the template. Failure to accept the terms will lead to the template creation failure.
To review and accept the CentOS 7 AMI image:
The WhatsApp Business API templates use the EFS resource type, which is not available in all AWS regions. Hence, only the following regions are currently supported:
Depending on initial testing, WhatsApp will determine whether we can provide an alternate option that is available in all regions.
No, we don't support KOPS. We do support the AWS solution based on ECS. We also have a general Kubernetes minikube setup.
The Virtual Private Cloud (VPC) network is generally created when you sign up for an AWS account. Further, there could be several customizations and access control restrictions required that are specific to an enterprise business.
If the VPC network infrastructure is already created, you can skip this step. Otherwise, the following template can be used to create the network infrastructure on AWS.
The network template is provided for reference purposes only. You can modify it to your specific needs.
To deploy the network template:
https://wa-biz-cfn.s3.amazonaws.com/wa_ent_net.yml
and click Next, or click
Name | Description |
---|---|
| Required. Name of the stack to be created |
Name | Description |
---|---|
| Required. The availability zones (AZs) for creating the VPC |
| Required. The number of availability zones selected |
Name | Description |
---|---|
| Required. The IP address range (CIDR) for this VPC |
| Required. The VPC tenancy |
Name | Description |
---|---|
| Required. The IP address range (CIDR) for public subnets |
| Required. The IP address range (CIDR) for public subnets |
| Optional. Required if the number of availability zones is greater than 2. |
| Optional. Required if the number of availability zones is greater than 3. |
Name | Description |
---|---|
| Required. Options: |
| Conditional. Required if the private subnet creation is set to |
| Conditional. Required if the private subnet creation is set to |
| Conditional. Required if the private subnet creation is set to |
| Conditional. Required if the private subnet creation is set to |
MySQL release 5.7xx is required.
The database password should not contain any of these characters: ?{}&~!()^/"@
Failing to comply with this will likely cause the setup to fail.
The WhatsApp Business API client uses the database (RDS - MySQL) to store information required for the functioning of the client.
Currently, the WhatsApp Business API client works only with a MySQL database backend.
It's highly recommended you create the database automatically with the WhatsApp Business API template below. However, if you already have a database set up, database creation can be skipped by providing the existing database's hostname.
WhatsApp Enterprise is the main template and creates all the resources (except the network) required for the WhatsApp Business API client. As noted earlier, this template also creates a database resource, if required.
To deploy the WhatsApp Business API client:
https://wa-biz-cfn.s3.amazonaws.com/wa_ent.yml
and click Next, or click
Name | Description |
---|---|
| Required. Name of the stack to be created. If the |
Name | Description |
---|---|
| Required. Used to determine the minimum number of EC2 instances allocated in ECS autoscaling |
| Optional. Enables the |
| Optional. The number of desired active Coreapp instances, used to allocate resources (e.g.: EC2 instances) when creating the stack |
Name | Description |
---|---|
| Required. The VPC for this deployment. |
| Required. The subnets for this deployment. |
| Required. The number of subnets chosen. |
| Required.
Note: If an internal scheme is chosen for the load balancer, configure private subnets for the load balancer. However, if an internet-facing scheme is chosen, configure public subnets for the load balancer. Failure to configure this properly results in the load balancer being inaccessible. |
| Required. For an internet-facing load balancer, select the public subnets from the VPC. |
Name | Description |
---|---|
| Required. It's recommended choosing non-T2 instance types for production work loads. |
| Required. The appropriate key pair to access the EC2 instance, if required. |
| Optional. This is for future-proofing and to support experimental WhatsApp Business API clients. The default value should be good for a majority of cases. |
| Required. It's always recommended to use the latest stable version (see the changelog for the latest version). The WhatsApp Business API client version always begins with a "v", unless explicitly stated otherwise. Using an incorrect version will cause stack creation failure. |
| Required. It's recommended choosing 16GB or more for production work loads. |
Name | Description |
---|---|
| Optional. Enables storing configuration information in the database. |
| Optional. The existing database hostname |
| Conditional. Required if a database instance must be created by this template. |
| Conditional. Required if a database instance must be created by this template. |
| Required. The administrator name for accessing the database. |
| Required. The administrator password for accessing the database. The database password should not contain any of these characters: ?{}&~!()^/"@ |
| Required. Port number to access the database backend. |
| Optional. The length of time in milliseconds after which the RDS closes idle connections |
| Conditional. Required if a database instance must be created by this template. For production loads, it's recommended to choose the General Purpose SSD (gp2) or Provisioned IOPS (io1) storage type. |
| Conditional. Required if a database instance must be created by this template. |
| Conditional. Required if a database instance must be created by this template. |
| Conditional. Required if a database instance must be created by this template. |
Name | Description |
---|---|
| Optional. Logging driver for the container logs. |
| Optional. The maximum size of a container log file in MB before it's rotated. |
| Optional. The maximum number of log files to retain per container. |
| Optional. Number of days to retain logs in CloudWatch. |
Name | Description |
---|---|
| Not used. Leave this parameter empty. |
Name | Description |
---|---|
| Optional. By default, the AWS service key (the Default-Key option) is used to encrypt DB & EFS data at rest. Other options are:
|
| Optional. You can provide a KMS key ID that is used to encrypt the data. Leave this blank, if the User-Provided-Key option is not selected. |
| Optional. By default, the data in transit to the database is encrypted. This is currently only applicable for the Coreapp. Webapp encryption is not yet supported. In addition, with a new database engine, even if this option is disabled, the Coreapp performs encryption, but without server certificate (identity) verification. |
| Optional. The default value contains the RDS certificate bundle. If a non-RDS database is used, then the appropriate CA certificate bundle can be provided or you can leave it blank. The default value is adequate for enabling a secure connection with the database. |
| Optional. The client certificate for the database connection |
| Optional. The client key for the database connection |
Upon successful creation of template, the following parameters are displayed:
For security reasons, the database administrator password is not displayed.
Once the WhatsApp Business API client is successfully deployed, it needs to be configured to bring it into operation.
After the stack is created, you need to use the shards
API call to increase the number of active Coreapp instances to match the value selected for Desired number of active 'coreapp' instances
during stack creation.
The WhatsApp Business API client generates a self-signed certificate by default when it is created. The Certification Authority (CA) certificate used to generate the self-signed certificate might be required to verify the WhatsApp Business API client endpoint and to avoid a certificate trust warning.
You can download the CA certificate and store it locally to avoid the certificate trust warning, or upload your own. Refer to the certificate
node documentation for more information.
In AWS deployments, the SSL certificate is created using the load balancer hostname. If an IP address is used instead of the hostname for access, the warning will still be noticed.
WhatsApp will support configuring customer provided SSL certificates in a future release.
Refer to the Phone Number guide for more in-depth information about phone number registration.
Download the base64-encoded certificate from your WhatsApp account in the Facebook Business Manager under the Phone Numbers tab of the WhatsApp Manager.
Once you have the correct phone number selected and have the base64-encoded certificate, you need to register the WhatsApp Business API client via the account
node. Refer to the Registration documentation for more information.
If the phone number is capable of receiving text messages, use the SMS method for registration code retrieval.
If you have already received the registration code from WhatsApp, you can skip this step.
The configuration of WhatsApp Business API web callbacks and other parameters is described in the Application Settings documentation.
Refer to the Webhooks documentation for more information.
Once the configuration and registration steps are successful, a message can be sent and received to validate the basic functionality of WhatsApp Business API client. This is fully described in the Messages documentation.
Upon successful receipt of a message, the WhatsApp Business API client will POST
the message status/details to the Webhook configured in Step 4.
If your message was successfully received, congratulations, you are all set! Please refer to the Reference documentation for more information on the available API endpoints.
To restart the WhatsApp Business API client, in the the ECS console (for example, https://us-west-2.console.aws.amazon.com/ecs/home?region=us-west-2#/clusters):
This stops both the Webapp and CoreApp. Shortly after, the AWS infrastructure restarts both the Webapp and CoreApp.
You can expect about a minute or two of downtime.
It is highly recommended you backup your current application settings before uninstallation. Please follow the Backup and Restore documentation.
This section walks through how to upgrade both the WhatsApp Business API Client and the CloudFormation (CFN) Template. Performing an upgrade will result in a downtime, so do not send messages during this time. Resume sending messages only after the upgrade is complete.
You can upgrade the CFN Template and the WhatsApp Business API client version at the same time by doing the following:
https://s3.amazonaws.com/wa-biz-cfn/wa_ent.yml
). Quick upgrade verification: Send a text message and verify that the API response contains the correct version number (i.e., the new version). Verify also that the message is received by the recipient.
https://wa-biz-cfn.s3.amazonaws.com/wa_ent.yml
). Click Next.If you enabled database connection encryption on the stack creation page, the connection between your Coreapp and the RDS instance is encrypted through a certificate that defaults to the certificate published by AWS RDS.
The previous 2015 AWS RDS certificate will expire on March 5, 2020. Follow the steps here to rotate the RDS Certificate for your WhatsApp Business API client.
Before you start, it is highly recommended to backup your current application settings and take a snapshot for your RDS instance. See the Backup and Restore documentation for more information.
/opt/certs/db-ca.pem
.sudo wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
rds-combined-ca-bundle.pem
as the database connection CA certificate (This can be confirmed by checking the DBConnCA
parameter in your stack through the AWS console). You’ll need to stop your current EC2 instance manually, then a new EC2 instance is deployed automatically in about 20 minutes. In this case, you can skip step 3.
This software uses code of FFmpeg licensed under the LGPLv2.1 and its source can be downloaded here.