Amazon Machine Images (AMI)

DeepSource provides Amazon Machine Images (AMIs) that can be used to deploy DeepSource Enterprise Server on an EC2 machine using the AMI provided through AWS Marketplace.


Note on High Availability

DeepSource Enterprise Server AMIs provided are created for single node setup with no High Availability (HA), for information on installing DeepSource Enterprise with HA visit


  1. Create an IAM policy with the following actions:
    • aws-marketplace:* - For managing AMI Subscription from AWS Marketplace.
    • ec2:* - For managing the DeepSource Enterprise instance.
    • license-manager:* - For managing the AMI License.
    • cloudwatch:* - For managing metrics and logs of DeepSource Enterprise instance.

      The JSON for the policy will be something like the following:

        "Version": "2012-10-17",
        "Statement": [
                "Sid": "MarketplaceFullAccess",
                "Effect": "Allow",
                "Action": "aws-marketplace:*",
                "Resource": "*"
                "Sid": "EC2FullAccess",
                "Effect": "Allow",
                "Action": "ec2:*",
                "Resource": "*"
                "Sid": "LicenseManagerFullAccess",
                "Effect": "Allow",
                "Action": "license-manager:*",
                "Resource": "*"
                "Sid": "CloudWatchFullAccess",
                "Effect": "Allow",
                "Action": "cloudwatch:*",
                "Resource": "*"


    Note on permissions

    The policy documented above is permissive. This policy allows for an easy installation of DeepSource Enterprise Server. After setting up DeepSource Enterprise Server, we recommend you to reduce the scope of the policy according to your requirements.

  2. Attach policy to existing IAM User or Create a new IAM user with the policy added to it.
  3. Log in as the user to which the policy is attached.
  4. Make sure you have a valid license file from DeepSource; for more info, contact [email protected] (or) schedule a product demo.

For more info on AWS IAM policies and users, visit


  1. Visit AWS Marketplace listing for DeepSource Enterprise and subscribe to the product by clicking Continue to Subscribe (You won't be charged for subscription at this time).

  1. Accept the Terms and Conditions and proceed further by clicking on Accept Terms.

  1. Wait for the Subscription process to finish and then click on Continue to Configuration.
  2. Set the software version to the latest available version and select the appropriate region from the drop-down menu and proceed by selecting Continue to Launch.

  3. Make sure Launch from Website is selected in Choose Action.
  4. By default, AWS will fill the following selection menus with an appropriate config that can be changed per your requirements.

  5. Do note in the Security Group section, select Create New Based On Seller Sections

    .. and Save the Security Group while making sure it is the one that is selected.


Note on AWS Security group

The security group created by default is permissive by design for easy installation. If you are using a VPN or other internal networks, please make the necessary changes. Do note that the instance should be reachable from your Version Control System (GitHub, GitLab, Bitbucket, Azure DevOps, etc). This security group is specific to a single-node setup. If you are using this AMI for multi-node setup, edit the security group by adding the ports listed in

  1. Select or create a key pair for accessing the DeepSource Enterprise Instance using SSH.

  1. Select Launch and continue.

  1. The following infobox should appear, click on EC2 Console, and the EC2 instance page should open in a new tab.

  1. Select the DeepSource Enterprise instance created and copy the Public IPv4 Address.
  2. Wait ~10 minutes for the instance, then visit the admin console on Public IPv4 Address on port 8800 and Click Continue to Setup.


Check Installation progress

If you want to checkout the live installation logs, you can SSH into the ec2 instance using the command ssh -i <private_key_path> ec2-user@<instance_public_ip>. Run the command sudo tail -f /var/log/cloud-init-output.log after SSHing for viewing the logs in realtime. Do note that the permissions for private key from the key pair should be 400

  1. Add your hostname that points to the Public IPv4 Address and optionally upload your own SSL certificate if required, but self-signed will work without any issues, and proceed further to admin console login.

  1. The console password is in the form kotsadm-<Instance Private IP>, login and upload the license file on the following page and continue.