Skip to content

Getting Started on AWS

These instructions will get you the Certified RO Labs version of Matomo up and running on AWS. You can start launching an instance of the AMI by accessing it from the AWS Marketplace.

Choose Instance Type

Select the instance type of your choice. If you are looking to test out Matomo and work with sample data, a t2.large instance will be sufficient. However, if you are working with larger datasets, it's recommended you use a t2.xlarge as a starting point and scale up accordingly.

aws instance type

Add Storage

Amazon Web Services defaults to a disk size of 8GB. This should be upgraded to reflect your website traffic. It's recommended to start with 40GB, and upgrade to a larger amount if needed.

aws add storage

Configure Security Group

Select a preexisting security group or create a new one. The only required port that needs to be open HTTP (80). If you need access to server, make sure to keep SSH (22) open. It is recommended that you run Matomo over HTTPS (443). Our one-click image comes pre-installed with certbot to quickly apply SSL/TLS certificates for your server.

aws configure security group

Review and Launch

Look over your instance details and make sure everything looks correct. If you need to make any changes, go back and adjust the settings. Once you're happy with everything click the Launch button. Lastly, you'll be presented with an option to choose an existing key pair, or create a new one for this instance. Once you're ready, click the Launch Instance button.

aws confirmation

Once the EC2 instance has been deployed, you're ready to start working with Matomo. Open up your EC2 instances in your AWS console, and select the Matomo instance to view its details.

Logging In

aws instance details

At launch, a password for the Matomo admin user (admin) is generated that is unique to your instance. To log into to Matomo for the first time, go to the Public IPv4 DNS in your browser. Matomo willnot run over the IP address directly.

NOTE: HTTPS is not enabled by default. LetsEncrypt blacklists AWS EC2 DNS names, unfortuantely. Because of this, you must access your instance over HTTP. For example,

When redirected to the log screen, provide a username of admin and the password will be your Instance ID. This can be obtained from your instance details and is in the form of i-XXXXXXXXXXXXXXXXX. Refer to the image above for more details.