> ## Documentation Index
> Fetch the complete documentation index at: https://openops-ecb4f397-mintlify-helm-chart-documentation-30057.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS EC2 Deployment

> How to deploy OpenOps on an AWS EC2 instance

export const target_0 = "EC2 instance"

<Warning>
  This guide is for testing and evaluation purposes only and is not intended for production deployments. Please reach out to us at [support@openops.com](mailto:support@openops.com) if you'd like to learn how to set up OpenOps in a production environment.
</Warning>

This guide explains how to install the OpenOps Docker Compose release on a newly created EC2 instance.

It assumes you have appropriate permissions on an existing AWS account.

## Initial deployment

### Create a new EC2 instance

1. On the EC2 home page, click **Launch Instance**:
   <img src="https://mintcdn.com/openops-ecb4f397-mintlify-helm-chart-documentation-30057/j9GTSEw0xEv_mJ1h/images/deploy-aws-launch-instance.png?fit=max&auto=format&n=j9GTSEw0xEv_mJ1h&q=85&s=b6302e0ba135bc71784356a9f5df0038" alt="Launch instance" width="278" height="223" data-path="images/deploy-aws-launch-instance.png" />
2. Choose a name for your instance and configure the following settings:
   * **Application and OS Images (Amazon Machine Image)**
     * Choose **Ubuntu** as the instance image, as it simplifies Docker installation. Ubuntu Server 24.04 LTS was the latest available version when this guide was written.
     * Keep **64-bit (x86)** as the instance architecture.
   * **Instance Type**. The *t3.large* instance type provides decent performance. You can choose a different type according to your needs, but it's not recommended to select a size smaller than *t3.medium*.
   * **Key Pair**. Creating a new SSH key pair is recommended but not mandatory.
   * **Network Settings**. Allow SSH traffic from your own IP address:
     <img src="https://mintcdn.com/openops-ecb4f397-mintlify-helm-chart-documentation-30057/hfZdRnuoiSN-v4sh/images/deploy-aws-network-settings.png?fit=max&auto=format&n=hfZdRnuoiSN-v4sh&q=85&s=0745bb253e8776a3ddf653f800a8a09f" alt="Network settings" width="726" height="341" data-path="images/deploy-aws-network-settings.png" />
   * **Configure Storage**. Choose **50GB** to ensure you have enough space for Docker images and databases.
3. Launch the instance and navigate to it once it's created by clicking on the instance ID.
   <img src="https://mintcdn.com/openops-ecb4f397-mintlify-helm-chart-documentation-30057/j9GTSEw0xEv_mJ1h/images/deploy-aws-instance-launched.png?fit=max&auto=format&n=j9GTSEw0xEv_mJ1h&q=85&s=db9f2d2b64daed71942827ed64fba301" alt="Instance launched" width="517" height="100" data-path="images/deploy-aws-instance-launched.png" />
4. Configure the network settings and open the necessary ports. Under **Security**, click on the security group.
   <img src="https://mintcdn.com/openops-ecb4f397-mintlify-helm-chart-documentation-30057/hfZdRnuoiSN-v4sh/images/deploy-aws-security.png?fit=max&auto=format&n=hfZdRnuoiSN-v4sh&q=85&s=99d6cf76d30c27424836bd21541b2a7f" alt="Security tab" width="534" height="251" data-path="images/deploy-aws-security.png" />
   Click **Edit inbound rules**, then **Add rule**, and add two rules:
   1. In the first rule, for **Type**, choose **HTTP**, and under **Source**, select **My IP**.
   2. In the second rule, for **Type**, choose **SSH**. Click the text box next to **Source**, and select the prefix list that contains the words “ec2-instance-connect". The full name should be similar to `com.amazonaws.us-east-1.ec2-instance-connect`, depending on your region. This allows you to connect to the instance via AWS CloudShell.
      <img src="https://mintcdn.com/openops-ecb4f397-mintlify-helm-chart-documentation-30057/hfZdRnuoiSN-v4sh/images/deploy-aws-prefix-lists.png?fit=max&auto=format&n=hfZdRnuoiSN-v4sh&q=85&s=ae7cafa2ed97aad4a3ae995b05424c0d" alt="Prefix lists" width="555" height="634" data-path="images/deploy-aws-prefix-lists.png" />
      The final rules should look like this:
      <img src="https://mintcdn.com/openops-ecb4f397-mintlify-helm-chart-documentation-30057/j9GTSEw0xEv_mJ1h/images/deploy-aws-inbound-rules.png?fit=max&auto=format&n=j9GTSEw0xEv_mJ1h&q=85&s=9afd3d91589f6d9f6c02f00def342beb" alt="New inbound rules" width="882" height="259" data-path="images/deploy-aws-inbound-rules.png" />
5. Click **Save rules** to finish the configuration.

### Connect to the instance with CloudShell

1. Navigate to your EC2 instance and click **Connect** to open an in-browser CloudShell session.
   <img src="https://mintcdn.com/openops-ecb4f397-mintlify-helm-chart-documentation-30057/j9GTSEw0xEv_mJ1h/images/deploy-aws-connect.png?fit=max&auto=format&n=j9GTSEw0xEv_mJ1h&q=85&s=94f8943360ca9cf1aff4cefb8443a44f" alt="Connect" width="811" height="120" data-path="images/deploy-aws-connect.png" />
   <img src="https://mintcdn.com/openops-ecb4f397-mintlify-helm-chart-documentation-30057/j9GTSEw0xEv_mJ1h/images/deploy-aws-connect-to-instance.png?fit=max&auto=format&n=j9GTSEw0xEv_mJ1h&q=85&s=0060192c4638321bd768b683afa98a3f" alt="Connect to instance" width="813" height="556" data-path="images/deploy-aws-connect-to-instance.png" />
2. Click **Connect** and wait for CloudShell to initialize.

### Install OpenOps

Run the following command in your terminal to install, update, configure and run OpenOps:

```shell
curl -fsS https://openops.sh/install | sh
```

Alternatively, you can follow the manual installation steps:

<Expandable title="Installing OpenOps manually">
  1. Install the `unzip` utility:
     ```shell
     sudo apt install unzip
     ```
  2. In CloudShell, create a new directory and download the release files:
     ```shell
     mkdir -p openops && cd openops && \
     wget https://github.com/openops-cloud/openops/releases/download/0.5.2/openops-dc-0.5.2.zip && \
     unzip -o openops-dc-0.5.2.zip && cp --update=none .env.defaults .env
     ```
  3. Update the application URL to use the instance's public IP address:
     ```shell
     sed -i 's/http:\/\/localhost/http:\/\/'$(wget -4qO - https://ifconfig.io/ip)'/g' .env
     ```
  4. Open the `.env` file in the OpenOps installation folder. Change the values of the following variables that represent credentials. Do it now, as you won't be able to change these values after the initial deployment:
     * `OPS_OPENOPS_ADMIN_EMAIL`: the email of your OpenOps installation's root admin account.
     * `OPS_OPENOPS_ADMIN_PASSWORD`: the password of your OpenOps installation's root admin account.
     * `OPS_POSTGRES_USERNAME`: the username of the Postgres database that OpenOps uses.
     * `OPS_POSTGRES_PASSWORD`: the password of the Postgres database that OpenOps uses.
     * `OPS_ANALYTICS_ADMIN_PASSWORD`: the password of the [OpenOps Analytics](/reporting-analytics/data-visualization/) admin account (the username is hardcoded to `admin`).
  5. Install Docker using Snap:
     ```shell
     sudo snap install docker
     ```
  6. Pull the images and start the Docker containers:
     ```shell
     sudo COMPOSE_PARALLEL_LIMIT=4 docker compose pull -q && sudo docker compose up -d
     ```
     If you encounter a rate limit, rerun the pull command. Note that pulling images may take several minutes.

  If you did not update credentials in the `.env` file, the default username is `admin@openops.com` and the password is `please-change-this-password-1`.
</Expandable>

You can now access the OpenOps application by navigating to the public IP address of your EC2 instance (e.g., `http://20.20.20.20`).

## External databases

To use external PostgreSQL or Redis databases, modify the relevant variables in the `.env` file. You can disable the corresponding containers by adding a profile in the `docker-compose.yml` file:

<img src="https://mintcdn.com/openops-ecb4f397-mintlify-helm-chart-documentation-30057/j9GTSEw0xEv_mJ1h/images/deploy-aws-external-db.png?fit=max&auto=format&n=j9GTSEw0xEv_mJ1h&q=85&s=110229ca771980dcb3e166f55c9a7e0f" alt="Disabling a profile" width="256" height="79" data-path="images/deploy-aws-external-db.png" />

After making changes, restart the Docker Compose containers:

```shell
sudo docker compose down && sudo docker compose up -d
```

## Enabling TLS

For production usage, it’s recommended to enable TLS (HTTPS). In addition to the security aspect, this also ensures that [workflow templates](/workflow-management/workflow-templates/) load properly in all browsers.

The easiest way to enable TLS is to use an OpenOps script that requests and sets up a TLS certificate from Let's Encrypt. Before running the script, make sure you have a domain name that points to your {target_0}'s external IP address. If you're configuring DNS right before running the script, you may need to wait for the DNS change to propagate.

1. Run the following command in your terminal:
   ```shell
   curl -fsS https://openops.sh/tls | sh
   ```
2. When prompted, enter a domain name that points to the external IP address of your {target_0}.
3. When prompted, enter an email address to receive certificate-related notifications from Let's Encrypt.

The script will use the Certbot library to request a certificate for your domain from Let's Encrypt. It receives and saves the certificate, updates the OpenOps configuration file accordingly, and restarts OpenOps.

By default, the certificate expires in 3 months. See [https://certbot.org/renewal-setup](https://certbot.org/renewal-setup) if you want to configure auto-renewal.

## Updating OpenOps to a newer version

See [Updating OpenOps](/getting-started/updating-openops).

## Support

Feel free to join our [Slack community](https://slack.openops.com) if you have any questions or need help with the installation.