We just published version 2.0.0 of the Bluesky PDS on AWS by FOSSonCloud pattern to AWS Marketplace. The headline is a long-overdue PDS upgrade from 0.4.74 to 0.4.219 — 78 commits of upstream work — paired with a full refresh of the deployment tooling underneath the pattern.
This is also a rebrand: the product is now Bluesky PDS on AWS by FOSSonCloud.
What’s in this release
Bluesky PDS 0.4.219 (up from 0.4.74)
Bluesky doesn’t publish GitHub Releases for bluesky-social/pds, so there’s no neat changelog to point at. Reading the commits between v0.4.74 and v0.4.219, the most operator-relevant changes are:
- Rate limits enabled by default (PR #308) — the PDS now ships with sensible rate limiting on by default rather than requiring operators to opt in.
- Invite codes required by default (PR #316) — the upstream installer now defaults
PDS_INVITE_REQUIRED=true. Too many self-hosted PDSes intended for one person were being stood up with open registration and abused; this closes that footgun. - Default blob upload limit doubled, with the README and
sample.envupdated to match. goatCLI baked into the container (PRs #282, #313) — the AT Protocol Go client is now included, and the upstreampdsadmin accountcommands have been replaced withgoatequivalents.- Switched to a maintained Watchtower fork (PR #289) for the auto-update sidecar, after the original project went unmaintained.
- Node bumped to v20.20, Alpine base image refreshed for a newer Go toolchain, and the build switched from a pinned latest-pnpm to corepack.
- New configuration knobs surfaced in the README and env table:
PDS_INVITE_REQUIRED,PDS_TERMS_OF_SERVICE_URL,PDS_PRIVACY_POLICY_URL,PDS_CONTACT_EMAIL_ADDRESS. - Documentation overhaul around SMTP setup (percent-encoding gotchas, common issues), account migration, and VPS install guidance.
Pattern-level modernization (not from upstream)
We also refreshed the deployment tooling underneath the pattern:
aws-cdk-lib2.120.0→2.225.0oe-patterns-cdk-common4.1.9→4.5.0- devenv image
2.5.3→2.8.3(Ubuntu 24.04 / Python 3.12 / PEP 668) - Versioned AMI parameter — the CloudFormation parameter is now
AsgAmiIdv200instead of the bareAsgAmiId, so stack updates correctly surface AMI changes as real parameter diffs. - Marketplace submission now goes through the AWS Marketplace Catalog API via a new
marketplace_config.yaml. The deprecatedplf_config.yamlworkflow is gone, and we no longer maintain a per-region AMI map — the Catalog API handles multi-region replication automatically. - Integration smoke tests added under
test/integration/covering/xrpc/_health,com.atproto.server.describeServer, the.well-known/atproto-didPHP handler, the SSL handshake, and CloudFormation + EC2 sanity checks. docker-compose.ymlnow mounts~/.awsand forwardsAWS_PROFILE, matching our other patterns.
Fresh deployments
Just subscribe on AWS Marketplace and launch. You’ll need a Route 53 hosted zone and an ACM certificate in advance — everything else the template provisions, including the SES domain identity with Easy DKIM for outbound email. The default instance type is t4g.small (Graviton / arm64), and the stack is intentionally small: a singleton ASG with a persistent EBS data volume fronted by an ALB, no Aurora or Redis, since PDS uses on-disk SQLite.
By default, the stack will register your new PDS with the public Bluesky network via pdsadmin request-crawl bsky.network at the end of boot. Set RequestCrawlFromBluesky to false for private or test deployments.
What’s next
Now that the Bluesky PDS pattern is back on the current shared baseline (versioned AMI parameter, Catalog API submission, integration tests, modern CDK), future upstream bumps should land much faster — closer to the cadence we keep for Mastodon and Discourse.
If you hit anything in 2.0.0, ping us on GitHub.
— FOSSonCloud