# Install on AWS EC2
### Start a new instance
{% hint style="danger" %}
Do not install the RPort server on an existing instance where other applications are already running. You will very likely create conflicts.
{% endhint %}
Because RPort has almost no dependencies, it will run flawlessly on any halfway modern Linux. We recommend using Debian 11 Bullseye. Debian is lightweight and secure.
* Log in to your AWS console, go to ECS and select your preferred region.
* Click "Launch Instances" and type `Debian Bullseye` into the search bar.
* Click on "N results in AWS Marketplace"
* Look for the official Debian logo and select `Debian 11` provided by Debian.
The RPort server doesn't require a lot of CPU, disk, or memory resources. \
Selecting a `t2.micro` instance is perfect.\
✋**Do not launch the instance yet.** Click "Next: Configure Instance Details".
On "Step 3: Configure Instance Details" you don't have to change anything. Take over all the pre-selected defaults. Click "Next: Add Storage".
On "Step 4: Add Storage" you don't have to change anything. 8 GiB is fairly enough disk storage. Take over all the pre-selected defaults. Click "Next: Add Tags".
On "Step 5: Add Tags" you don't have to change anything. But feel free to add tags to keep your ECS instance well organized. Click "Next: Configure Security Group".
On "Step 6: Configure Security Group" setting up the security group is crucial. Enter the following settings.
| Type | Protocol | Port Range | Source | Description |
| -------------- | -------- | ------------- | ---------------- | ------------------ |
| SSH | TCP | `22` | `0.0.0.0/0` | SSH |
| All ICMP -IPv4 | ICMP | `0-65535` | `0.0.0./0, ::/0` | ICMP PING |
| HTTP | TCP | `80` | `0.0.0./0, ::/0` | HTTP |
| HTTPS | TCP | `443` | `0.0.0./0, ::/0` | HTTPS |
| Custom TCP | TCP | `20000-30000` | `0.0.0./0, ::/0` | RPort Tunnel Range |
{% hint style="warning" %}
**Do not skip the ICMP IPv4 rule.** Your server must respond to ICMP ping echo requests. Otherwise, the automated setup of DNS and SSL will fail.
{% endhint %}
After creating the security group click "Review and launch".
{% hint style="success" %}
Don't worry about the warning "Your security group, RPort Server, open to the world. That's intended.
{% endhint %}
Now click "Launch" to launch the instance. On the last step select which SSH keys to use. The decision is up to you. Finally, launch the instance.
### Install the RPort server on your new ECS2 instance
From the list of instances, grab the public ipv4 address of your newly created instance.
Connect over SSH to the instance using the `admin` user. Usually, you must specify the private key created for the instance or the region. For example, `ssh -i .ssh/ec2-ohio.pem admin@18.221.7.172`
After the login, change to the root account by typing in `sudo -i`.
👉 Now proceed to [Install RPort on any virgin cloud VM](/install-the-rport-server/install-rport-on-any-virgin-cloud-vm.md)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://kb.rport.io/install-the-rport-server/install-on-aws-ec2.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.