Zentral up and running on AWS

This is a short Step-By-Step instruction how to start a Zentral-all-in-one deployment on Amazon AWS. To make it even easier for you to follow along, we’ve recorded a screencast (4:25) to complement this blogpost.

See a quick steps for Zentral AWS deployment. A walk-through in less than 5 minutes.

For a full reference and in-depth version of the AWS / EC2 instructions go and check out the Wiki here.

Deployment Prerequisites

There are a few requirements to deploy Zentral-all-in-one (ZAIO) on AWS. You need to have:

  • An active AWS account (note: running on a t2.micro instance in AWS free will unfortunately not meet the system requirements of ElasticSearch)
  • AWS permissions to create an EC2 instance and setup AWS security group settings (used to set Firewall settings for the inbound traffic).
  • Setup DNS A records for a domain

Prepare and Launch the Instance

Now start the to launch, setup and configure the Zentral instance:

  1. Find the latest AWS Link from the Zentral GitHub release page
  2. Click on the URL which is closest to your AWS region. This will open a pre-build Amazon Machine Image (AMI) with the latest Zentral code on AWS.
  3. Configure the EC2 instance. We recommend to use the following basic specifications for AWS:
    a.) Choose VM size t2.medium (ElasticSearch needs RAM)
    b.) Increase the root volume size (20–100GB for prod data)
    c.) Ensure you’ll enable all required ports for the inbound traffic.
    Ports: 80(HTTP,Let's Encrypt), 443(HTTPS), 22(SSH), 5044(Logstash) Note: Usually you’ll create a new AWS security group for this purpose.
    d.) Create a new AWS Key Pair to later access the VM via SSH
    e.) Start the EC2 instance and copy the IP address to setup DNS records
  4. You have to configure two DNS records with the same IP. Both records need to point to the public IP address of the EC2 instance. The first DNS A record is the main FQDN you’ll connect with, the second DNS record will be used for client-certificate based authentication and the build-in SCEP server in Zentral.
  5. Set correct file permissions, then connect via SSH to the EC2 instance by using the AWS Key Pair ssh -i <keyname>.pem ubuntu@<FQDN> the default password you need to provide is same as the username: ubuntu.
  6. Now prepare to edit the command you need to run the setup tool. You must provide correct settings that match your FQDN, username, email for the superuser and ensure the additional FQDN_FOR_CLI_CERT_AUTH is also set correctly. Run the command in Terminal session on the instance. This will start the initial setup process of your Zentral instance.
$ sudo /home/zentral/app/utils/setup.py FQDN USER EMAIL FQDN_FOR_CLI_CERT_AUTH

Note: When setup done, copy the password reset URL from the Terminal session.

Post launch steps

With the next steps you will get access the launched instance of Zentral.

  1. Once setup process has finished in Terminal, copy the reset password URL given. You have to open this URL in your browser, then set a password for the superuser.
  2. Log in to Zentral with the user / password credentials you’ve set.

Congrats, you now should have setup a full instance of Zentral-all-in-one on AWS. Next see other tutorials for additional setups, i.e. secure access with 2FA or see how to enable SSO with an Identity Provider on your Zentral instance.

Optional steps

  1. Check the Let’s Encrypt TLS certificate validity.
  2. Check the Zentral workers health status in Prometheus.

The AWS deployment shown here is most the simple way to run an instance of Zentral. Stay tuned our follow up post on getting up and running and also see the other resources.

Last but not least go check our latest release info. For the more in-depth changes of the Project, see latest code changes on GitHub here.




We’re the developers behind Zentral. We operate a consultancy business, provide expertise and services in the Mac management field. Contact: https://zentral.pro

Recommended from Medium

Building Awesome Layouts with CSS Grid

Let’s Learn vcluster with Saiyam Pathak

Image with pictures of Lukas and Saiyam and info about the stream.

Internet of Things: MQTT protocol

One thing to know about engineers and 7 things to do about it

Conditional workflows for Elastic Stack with Podim

Lab3: Sensing: Potentiometer

Setting up Airflow on Kubernetes with AWS EFS

Rooting a Samsung S7 Edge with Odin (VM) on MacOS to ensure privacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


We’re the developers behind Zentral. We operate a consultancy business, provide expertise and services all around Mac management. Contact: https://zentral.pro

More from Medium

Bionime containerized applications quickly go to the cloud and leverage AWS to solve deployment…

Practical sustainability in AWS cloud

Connect AWS Lambda with Snowflake using Private Link

2022 AWS Summit ANZ — Review