AWS EC2 Guide

End-to-end guide for installing EderaON on an AWS EC2 instance.

Prerequisites

An EderaON account with an active license
AWS CLI configured with permissions to launch EC2 instances
An SSH key pair in your target region

Launch an EC2 instance

EderaON requires UEFI boot mode. The following OS and instance type combinations are supported:

OS	Instance Types	Notes
Ubuntu 24.04 LTS	m5.large or larger	Default AMI boots UEFI
Amazon Linux 2023	m5.large or larger	Default AMI boots UEFI
CentOS Stream 9	t3.large or larger	Use UEFI AMI from AWS Marketplace
RHEL 10	t3.large or larger	Use UEFI AMI from AWS Marketplace

Example: Ubuntu 24.04

aws ec2 run-instances \
  --image-id ami-0d76b909de1a0595d \
  --instance-type m5.large \
  --key-name <YOUR_KEY_NAME> \
  --security-group-ids <YOUR_SG_ID> \
  --subnet-id <YOUR_SUBNET_ID> \
  --associate-public-ip-address \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=ederaon-test}]'

The AMI ID above is for us-west-2. Find the latest Ubuntu 24.04 AMI for your region on Ubuntu Cloud Images.

Security group

Ensure your security group allows:

SSH (port 22) from your IP for management

Install Docker

SSH into your instance and install Docker:

sudo apt-get update && sudo apt-get install -y docker.io nftables
sudo systemctl start docker

sudo dnf install -y podman nftables

CentOS and RHEL use Podman instead of Docker. The install commands in the Getting Started guide work the same way — replace docker with podman and use /run/containers/0/auth.json as the auth file path:

sudo podman login -u license -p <YOUR_LICENSE_KEY> images.edera.dev

Install EderaON

Follow Step 3: Install from the Getting Started guide to run edera-check, authenticate, install, verify, and launch your first zone.

Clean up

When you’re done evaluating, terminate the instance:

aws ec2 terminate-instances --instance-ids <INSTANCE_ID>

Remember to deactivate your license at on.edera.dev before terminating so you can reuse it on another instance.

Troubleshooting

Instance unreachable after reboot

If you can’t SSH after the installer reboots:

Wait 2-3 minutes — Xen boot takes longer than a normal boot
Check the EC2 serial console for boot errors
Verify the instance is in UEFI boot mode (BIOS mode is not supported)

Daemon not starting

Check the daemon logs:

sudo journalctl -u protect-daemon -n 50

Common issues:

“no viable machine identifiers” — The instance may be in BIOS boot mode. Terminate and relaunch with a UEFI-compatible AMI.
Xen not present (/proc/xen missing) — GRUB booted into the stock kernel instead of Xen. Check sudo grub-editenv list and verify the saved entry matches a Xen menu entry.

Need help?

File an issue on GitHub
Run edera-check and attach the report to your issue

Last updated on 2026-03-20

Getting Started Limited Use License Agreement