UniFi - Install a UniFi Cloud Controller on Amazon Web Services

thumbs_up_i_25x25.png  Was this useful? Help us identify your favorite articles by clicking on the thumbs up at the bottom of the page. And if you think this article is not useful, please let us know why by clicking on the feedback link below!


Readers will learn how to launch an Amazon Web Services (AWS) Virtual Machine using the Ubuntu Server x64 AMI, connect to the server using SSH, and install the latest UniFi Controller software.

Amazon Web Services currently offers a "Free Tier" VM for twelve months for new users consisting of a t2.micro instance with 1 vCPU, 1GiB of memory and 30GiB of Storage with a variety of operating systems. When the Free Tier period expires, your VM will continue to operate as normal and the services will be billed on a monthly basis.  For more details on pricing, see Amazon EC2 Pricing.

This article walks you through the process of launching an instance that meets the Free Tier eligibility criteria, but you are free to choose a larger instance type or a larger storage volume.

The Free Tier type typically provides enough resources to support small to medium UniFi deployments.  You can always upgrade your Instance Type and Storage Volume in the future after you have launched your VM.

Table of Contents

  1. Log In / Register and Launch an Instance
  2. Create the Amazon Web Services (AWS) Instance
  3. Assign an Elastic IP (Static Public IP)
  4. Connect Via SSH to the Instance
    1. Using Windows (PuTTY)
    2. Using Mac OS X or Linux
  5. Installing the UniFi Controller
  6. Related Articles

Log In / Register and Launch an Instance

Back to Top

Step 1: Log in or register a new AWS account at https://aws.amazon.com/

Step 2: Once logged in to the AWS Console, choose the datacenter Region closest to where your UniFi devices will be deployed by using the link at the top-right of the screen, between your name and the Support link. This will ensure the lowest latency between your UniFi Controller and the devices it manages.

Step 3: From the AWS Console, under Computer, choose EC2.

Step 4: Under Create Instance, click Launch Instance to start the Create Instance Wizard.

Create the Amazon Web Services (AWS) Instance

Back to Top

Step 1: Choose an Amazon Machine Image (AMI).  For this article, we will be using Ubuntu, but you can select Debian if you prefer.  Search for and select Ubuntu Server 16.04 LTS (HVM), SSD Volume Type. Notice it is labelled “Free tier eligible”. Click Next.

Step 2: Choose an Instance Type. Select the General purpose, t2.micro instance type. The t2.micro has 1 vCPU, 1GiB of memory, and is Free tier eligible. Click Next.

Step 3: Configure Instance Details. Leave all settings as default. You may wish to check Enable termination protection - Protect against accidental termination, which makes sure you can't delete the instance by accident (this can be disabled in the future). Click Next.

Step 4: Add Storage. AWS provides up to 30 GiB of EBS storage. Change the Size (GiB) of /dev/sda1 to 30GiB. Click Next.

Note: if storage isn't increased to 30GiB, there won't be enough storage for the database to operate properly.

Step 5: Tag Instance. Tags are optional, and not required in our scenario. Click Next.

Step 6: Configure Security Group. AWS uses Security Groups to define firewall rules.

  • Assign a security group: Create a new security group
  • Security group name: UniFi Controller
  • Description: (describe your controller)
  • Configure the rules as follows:
Type Protocol Port Range Source
SSH TCP 22 Anywhere
Custom TCP Rule TCP 8080 Anywhere
Custom TCP Rule TCP 8443 Anywhere
Custom TCP Rule TCP 8843 Anywhere
Custom TCP Rule TCP 8880 Anywhere
Custom TCP Rule*  TCP 6789  Anywhere
Custom UDP Rule UDP 3478 Anywhere
Custom UDP Rule**  UDP 5656-5699 Anywhere

*This port is required for the mobile app speed test. The speed test was originally designed to be run locally so you may not get the best representation of throughput. If you don't plan on using the mobile speed test to your AWS instance, then you do not need to open this port.

**This is for remote EDU streaming only. If you are managing UAP-AC-EDU via a controller on AWS, then you also need to add 'stream.playback.url.type=inform' to system.properties. If you are not using UAP-AC-EDU, then you do not need to add open UDP range 5656-5699.

Security Tip:  If you have a static WAN IP address for your local Internet connection, consider specifying a Source IP for the SSH Port 22 entry to ensure the server will only accept SSH connections from your IP address.  This can be changed in the future from the console by modifying the Security Group.

Step 7: Review Instance Launch. Use this page to review your configuration, and when ready, click Launch.

You will be prompted to Select an existing key pair or create a new key pair. An AWS Key Pair allows you to securely connect to your AWS instance via SSH.

Provide a Key Pair name, and click Download Key Pair. Once you have saved the .pem file to a safe place on your computer, click Launch Instances.

You will now see a confirmation window saying your instances are now launching. Click View Instances to be taken to the list of instances.

Assign an Elastic IP (Static Public IP)

Back to Top

While you wait for your new VM to launch, you can create a Static Public IP address to assign to the instance.  Known as an Elastic IP in AWS, it is permanently allocated to your AWS account and can be moved between different instances.  Unlike the regular Public IP, an Elastic IP address will persist even if the server is stopped.

Step 1: Click on Elastic IPs on the left menu, under Network & Security.

Step 2: Click Allocate New Address. In the confirmation dialog, select EIP used in: VPC, then click Yes, Allocate.

Step 3: In the confirmation popup, take note of your new Elastic IP address, and click Close.  For the rest of this article, replace any mention of <elastic-ip> in commands with this IP address. 

Step 4: Select your Elastic IP from the list, and click the Actions menu button. Click Associate Address.

Step 5: In the Associate Address window, click the Instance text box, and choose your UniFi Instance. Click Associate.

Note: If you ever terminate your instance, remember to Release the Elastic IP as Elastic IP addresses that are not assigned to an instance are billed monthly by AWS.

Connecting Via SSH to the Instance:

Back to Top

Using Windows (PuTTY):

If you are using a Windows computer, you can use PuTTY to connect to the server via SSH. You will need to convert the Key Pair (UniFiController.pem) file you created earlier from a .pem file to a .ppk file that is supported by PuTTY.

For detailed instructions on how to convert your .pem to a .ppk file and connect to the server using PuTTY on Windows, please read Amazon's PuTTY Setup Guide.

Using Mac OS X or Linux:

If you are using a Linux or Mac OS X computer, you can use the built-in SSH client.

Open a Terminal and enter the following commands:

Step 1: Edit permissions for the .pem file as required for SSH:

chmod 400 /location/to/UniFiController.pem

Step 2: Connect to server using SSH and the .pem file, where <elastic-ip> is the Elastic IP Address configured previously:

ssh -i “/location/to/UniFiController.pem" ubuntu@<elastic-ip>

Installing the UniFi Controller

Back to Top

Once you connect to the Server and are greeted with the Ubuntu Command Line Interface (CLI), execute the following commands:

Step 1: Add the Ubiquiti repository to /etc/apt/sources.list:

echo "deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti" | sudo tee -a /etc/apt/sources.list

Step 2: Add the Ubiquiti GPG Key:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50

Step 3: Update the server's repository information:

sudo apt-get update

Step 4: Install UniFi:

sudo apt-get install unifi

Step 5: Disconnect from the server:


You may now close the Terminal or PuTTY window.

Step 6: Open your browser and navigate to https://<elastic-ip>:8443/

Step 7: Complete the UniFi Setup Wizard.  You will need to skip Step 2: Discover as no devices will be available for adoption since the controller is not on the same subnet.

Step 8: Your controller setup is now complete!  You may now proceed to adopt your UniFi devices using Layer 3 Adoption.

Related Articles

Back to Top