Overview
Envoy Proxy (Hardened) on Amazon Linux 2023 is a production-ready, security-hardened image of the Envoy edge and service proxy, maintained and supported by Derek Coleman & Associates Incorporated.
This is repackaged open-source software. Envoy is a Cloud Native Computing Foundation (CNCF) graduated project and is distributed under the Apache License 2.0. Envoy is a trademark of The Linux Foundation; this listing is not endorsed by or affiliated with the CNCF or The Linux Foundation. This product bundles the unmodified upstream Envoy release binary on a hardened Amazon Linux 2023 base; the charges associated with this listing are for image hardening, continuous patching, vulnerability scanning, and business-day support - not for the underlying open-source software, which remains free.
Hardening baseline: minimal package footprint, SSH key-only access (password authentication disabled), IMDSv2 enforced, Envoy running as a dedicated non-root user with only the bind capability, the admin interface bound to 127.0.0.1 only, host firewall exposing only web ports, and no default credentials anywhere. Images are rebuilt, scanned for HIGH and CRITICAL vulnerabilities, and republished on a regular cadence so that new launches start current. The shipped config serves a placeholder response on port 80; supply your listeners, clusters, and routes in /etc/envoy/envoy.yaml and manage the service with systemd.
Highlights
- Security-hardened at build time: minimal packages, key-only SSH, IMDSv2-only, non-root service user, admin interface on localhost only.
- Continuously patched: rebuilt, vulnerability-scanned, and republished on a regular cadence.
- Production-ready: systemd-managed Envoy 1.38; config validated at build with envoy --mode validate.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Cost/hour |
|---|---|
c7i.xlarge Recommended | $0.46 |
c7i.4xlarge | $1.84 |
c7i.2xlarge | $0.92 |
Vendor refund policy
Usage-based hourly billing; charges stop when instances are terminated. Contact support@dcassociatesgroup.com for billing questions.
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
[Important] Initial release. Envoy 1.38 on Amazon Linux 2023, hardened baseline; all OS packages current at build.
Additional details
Usage instructions
Launch from AWS Marketplace (1-Click or EC2 console). Connect via SSH: ssh -i <key> ec2-user@<public-ip>. Envoy serves a placeholder on port 80; edit /etc/envoy/envoy.yaml to define your listeners, clusters, and routes, validate with: envoy --mode validate -c /etc/envoy/envoy.yaml, then: sudo systemctl restart envoy. The admin interface is bound to 127.0.0.1:9901. Root login is disabled; use sudo. There are no passwords anywhere in this product.
Support
Vendor support
Support by Derek Coleman & Associates Incorporated. Email: support@dcassociatesgroup.com . Business-day response. Covers image operation, hardening baseline, and launch issues.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.