Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Private PaaS (PPaaS) is an enterprise grade Platform as a Service (PaaS) that delivers standard, on-premise, application, integration, data, identity, governance, and analytics PaaS solutions for IT projects. WSO2 PPaaS can be deployed on Docker using Kubernetes or on a Virtual Machine using any one of the following IaaS that supports Apache jclouds (i.e., EC2namely EC2, GCE , and OpenStack etc.). At the core of WSO2 PPaaS lies Apache Stratos providing cloud-native capabilities, such as multi-tenancy, elastic scaling, self-service provisioning, cloud bursting, network partitioning, metering, billing and resource pooling among several other functionalities. More significantly, it also adds functionality to host pre-integrated, fully multi-tenant WSO2 Carbon middleware products as cartridges that deliver a range of cloud PaaS services where in PPaaS, a cartridge is a virtual machine (VM) on an IaaS or a container on Kubernetes, which has software components to interact with PPaaS.


  1. Navigate to and sign in to the AWS Management Console. 
  2. Click EC2 on the home console.
  3. In the region drop-down list, select Asia Pacific (Singapore), which is the region where the demo instance is located.
  4. Identify your AWS access key ID and secret key as follows:

    1. On the EC2 account details menu, click My Account.
    2. Click Security Credentials on the left-bar menu.
    3. Switch to the Access Keys tab.
    4. Create an access key for this setup. Then note the Access Key ID and Secret Access Key, which you'll need later.
  5. Anchor

    Create a security group with rules that define the allowed port ranges, thereby identifying which incoming network traffic is delivered to your instance (all other traffic is ignored):

    1. On the Network and Security menu, click Security Groups.
    2. Click Create Security Group.
    3. Enter the name and description of the security group.

    4. Repeat the following steps to add two security group rules to open all the UDP and TCP ports:  

      1. Click Add Rule under the Inbound section.

      2. Select the following rule types individually:

        • All TCP
        • All UDP

        The port range gets automatically set as follows:

        Rule typePort range
        All TCP0 - 65535
        All UDP0 - 65535
      3. Set the source as Anywhere


        Note that setting the source to is a demo-only setting, which must be changed for security purposes in a production environment. For more information, see Amazon EC2 Security Groups


        The security group rules that you added above are only for demo purposes. In a production environment, you should add individual rules with the following ports for security purposes.

        • 9443 - HTTPS
        • 9763 - HTTP
        • 9444 - HTTPS (DAS)
        • 7611 - Thrift
        • 7612 - Secure Thrift
        • 8081 - HTTP (Spark manager)
        • 11500 - HTTP (Spark worker)
        • 5672 - TCP (AMQP)
        • 8672 - Secure TCP (AMQP)
        • 1883 - TCP (MQTT)
        • 8883 - Secure TCP (MQTT)
    5. Click Create.
  6. Create a key pair and download it as follows:

    1. On the Network and Security menu, click Key Pairs.
    2. Click Create New Key Pair.
    3. Enter a name for your key pair.
    4. Click Create. The key pair gets automatically downloaded as a .pem file.
    5. Save your private key in a safe place on your computer, and make note of the location so you can easily find it later.
  7. Navigate to the EC2 Dashboard.
  8. Click Launch Instance and then click Community AMIs.
  9. Search for ami-323dfa51 and click Select.

    Based on the region search for the relevant ami mentioned below and click Select.

          Asia Pacific(Singapore): ami-e412df87

          US West(Oregon): ami-be2f34df

    Note that this demo AMI is only available in the Asia Pacific (Singapore) region and US West (Oregon) region. 
    Image RemovedImage Added

  10. Select an instance type for the deployment. We recommend the m3.large instance type for the WSO2 PPaaS deployment.

  11. Click Next: Configure Instance Details

  12. Click Advanced Details to expand the tab, and then enter payload parameters for the demo AMI in the User data field. You need to specify the following list of parameters as comma-separated key-value pairs.

    • EC2_IDENTITY - Access key ID for EC2 API.

    • EC2_SECRET  - Secret access key for EC2 API.

    • EC2_OWNER_ID - EC2 user's owner ID.

    • EC2_SECURITY_GROUP - Security group name that you created.

    • EC2_KEY_PAIR - EC2 key for accessing the instances via SSH.

    • EC2_BASE_AMI - Base image for cartridge instances. The recommended value is as follows:

      Code Block
    • EC2_INSTANCE_TYPE - EC2 instance type for the cartridge instances. The recommended value is as follows:

      Code Block
    • EC2_REGION - The EC2 region for spawning cartridge instances. Use the following value:

      Code Block
    • EC2_AVAILABILITY_ZONE_ID_1 - The EC2 availability zone for spawning the cartridge instances. Use the following value:

      Code Block
    • EC2_AVAILABILITY_ZONE_ID_2 - The EC2 availability zone for spawning the cartridge instances. Use the following value:

      Code Block
    • EC2_TAG_USER - This EC2 tag is added to the cartridge instances under the key "User".

      The following is a sample payload:

      Code Block

      Add your actual values in the above payload template and paste the above text in the user data field.

  13. Click Next: Add Storage. You do not need to add or select any storage configurations.

  14. Click Next: Tag Instance. You do not need to add any tags for the EC2 instance.

  15. Click Next: Configure Security Group, click the Select an existing security group option and then click the security group that you created.

  16. Click Review and Launch. After reviewing the instance, click Review and Launch

  17. Enter the key pair when prompted. 

  18. Select the acknowledgement and click Launch Instances.


    After you successfully configure the EC2 instance, it redirects you to the page that includes all the instances. It takes a short time for an instance to launch. Until then, the status of the instance will appear as pending. After the instance is launched, the status will change to running.

  19. Log in to the PPaaS Console (https://<PUBLIC_IP>:9443/console) using the default credentials (username=admin and password=admin).


    To log into the PPaaS Console, get the public IP of the WSO2 Private PaaS demo instance that appears in the EC2 dashboard. For example, if your public IP is, access the PPaaS Console using the following URL:

    Note the PPaaS dashboard that appears. The Monitoring tile appears here because PPaaS has been configured with WSO2 DAS in the demo AMI for monitoring and metering purposes.