Sold by: Lynxroute
Deployed on AWS
Free Trial
This product has charges associated with it for hardening, security configuration, and support.
EspoCRM is a self-hosted Customer Relationship Management platform delivered as a PHP 8 + MySQL 8.0 + Nginx stack - leads, accounts, contacts, opportunities, calendar, email integration, and REST API. This AMI ships the AGPL-3.0 community edition and is fully functional out of the box on the EC2 instance - no external account, subscription, license key, or activation step is required. Unlike bare community AMIs that ship the install wizard reachable on the public internet, no per-instance admin password, and the web UI on plain HTTP, this Lynxroute build is ready immediately: per-instance admin password generated on first launch, install wizard disabled after setup, self-signed TLS on TCP 443 with HTTP-to-HTTPS redirect, MySQL bound to 127.0.0.1, UFW firewall pre-configured, on a CIS Level 1 hardened Ubuntu 24.04 LTS base.
AGPL-3.0 license - fully auditable, no vendor lock-in.
Overview
This is a repackaged software product wherein additional charges apply for hardening, security configuration, and support.
WHAT IS ESPOCRM
EspoCRM is a self-hosted Customer Relationship Management platform implemented in PHP 8, served by Nginx with PHP-FPM, and persisting every record in MySQL 8.0. It covers the full revenue pipeline - leads, accounts, contacts, opportunities, calendar, tasks, email campaigns, document templates, document storage, reports, and dashboards - with role-based access control, multi-currency support, custom entities and fields, formula scripting, workflow automation, IMAP-aware email-to-record assignment, and a built-in portal feature for granting read-only views to external clients. EspoCRM connects to any standard SMTP relay (Amazon SES, SendGrid, Postmark, Mailgun, or self-hosted Postfix), reads inbound mail over IMAP, supports single sign-on via Google, Microsoft, OpenID Connect and LDAP, and exposes a full REST API for integrations. This AMI ships the AGPL-3.0 community edition; the AMI itself is the complete product and runs entirely on the EC2 instance you launch - no external account, subscription, license key, or activation handshake is required. All data stays inside your own AWS account.
WHAT THIS AMI ADDS
Security hardening:
- Per-instance EspoCRM admin password generated on first launch and written to /root/espocrm-credentials.txt (mode 0600) - never baked into the AMI
- EspoCRM install wizard disabled after the initial setup completes (the install/ directory is locked to mode 0000) - no further setup exposure
- MySQL 8.0 listens on 127.0.0.1 only; the database user password is generated per instance
- PHP-FPM workers and MySQL InnoDB buffer pool auto-sized to the instance RAM at launch
- Composer vendor dependencies (phpoffice/phpspreadsheet, phpseclib/phpseclib) bumped to the CVE-fixed upstream releases at build time
- Self-signed TLS certificate generated during the AMI build - HTTPS on TCP 443 from launch, HTTP on TCP 80 redirects to HTTPS
- UFW firewall pre-configured - only TCP 22, 80, 443 are exposed
- fail2ban with default SSH jail; AppArmor with default Ubuntu profiles
- CVE scan - every image is scanned for vulnerabilities before release
OS hardening (CIS Level 1):
- CIS Ubuntu 24.04 LTS Level 1 benchmark applied via ansible-lockdown
- auditd, SSH hardening, kernel hardening, IMDSv2 enforced
Compliance artifacts:
- SBOM - CycloneDX 1.6 at /etc/lynxroute/sbom.json
- CIS Conformance Report at /etc/lynxroute/cis-report.html
- CIS Tailored Profile at /usr/share/doc/lynxroute/CIS_TAILORED_PROFILE.md
Highlights
- EspoCRM security baked in: per-instance admin password generated on first launch, install wizard disabled after setup, self-signed TLS on TCP 443 with HTTP-to-HTTPS redirect, MySQL bound to 127.0.0.1 only - unlike bare EspoCRM AMIs that ship the install wizard reachable on the public internet, no default admin password, and the web UI on plain HTTP.
- CIS Level 1 hardened Ubuntu 24.04 LTS: auditd, fail2ban, AppArmor, SSH key-only, IMDSv2 enforced. CVE-scanned before every release. SBOM (CycloneDX) and CIS Conformance Report included.
- Full self-hosted CRM: leads, accounts, contacts, opportunities, calendar, email integration over SMTP and IMAP, REST API, built-in client portal, workflow automation, role-based access control, custom entities. AGPL-3.0 community edition - the AMI is fully functional out of the box, no external account or license key required.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 5 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
t3.large Recommended | $0.03 |
t3.medium | $0.02 |
t3.small | $0.02 |
m6i.xlarge | $0.05 |
m6i.large | $0.03 |
Vendor refund policy
We do not offer refunds for this product. AWS infrastructure charges (EC2, EBS, data transfer) are billed separately by AWS and are not refundable by us.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Version 9.3.6 - Initial release (May 2026)
- EspoCRM 9.3.6 on Ubuntu 24.04 LTS
- CIS Level 1 hardening applied (ansible-lockdown/UBUNTU24-CIS)
- CVE-scanned before every release
- Per-instance EspoCRM admin password generated on first launch
- EspoCRM install wizard disabled after the initial setup completes
- MySQL 8.0 listening on 127.0.0.1 only, with per-instance database password
- PHP-FPM workers and MySQL InnoDB buffer pool auto-sized to instance RAM at launch
- Composer vendor dependencies (phpoffice/phpspreadsheet, phpseclib/phpseclib) bumped to the CVE-fixed upstream releases
- Self-signed TLS certificate generated during the AMI build; HTTP on TCP 80 redirects to HTTPS on TCP 443
- UFW firewall pre-configured (TCP 22, 80, 443 only)
- fail2ban, auditd, AppArmor pre-configured
- SBOM (CycloneDX 1.6) at /etc/lynxroute/sbom.json
- CIS Conformance Report (OpenSCAP) at /etc/lynxroute/cis-report.html
- IMDSv2 enforced
Additional details
Usage instructions
- Launch instance (t3.medium recommended)
- Open Security Group - allow TCP 443 from your IP first; open to 0.0.0.0/0 after you have logged in and changed the admin password (anyone reaching the URL before you can also log in with the generated password)
- SSH: ssh -i key.pem ubuntu@<PUBLIC_IP>
- Wait 60-90 seconds on first launch - the URL shows a "Starting up" splash while the database schema and admin user are being created
- Read credentials: sudo cat /root/espocrm-credentials.txt
- Open https://<PUBLIC_IP>/ in your browser - accept the self-signed certificate warning
- Log in as admin with the password from the credentials file
- Change the admin password immediately (Profile -> Change Password) and add your real users (Administration -> Users)
Credentials are saved to /root/espocrm-credentials.txt at first launch. The EspoCRM install wizard is disabled after first launch. Replace the self-signed TLS certificate with a CA-signed certificate for production use: sudo apt install certbot python3-certbot-nginx -y sudo certbot --nginx -d your.domain.com
Resources
Vendor resources
Support
Vendor support
Visit us online: https://lynxroute.com
For EspoCRM documentation: https://docs.espocrm.com For EspoCRM upstream issues:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
This product has charges associated with it for Websoft9 support. Pre-configured, customizable, secure, one-click to deploy EspoCRM on AWS. EspoCRM is an Open Source CRM application that allows you to see, enter and evaluate all your company relationships regardless of the type.
EspoCRM is a powerful Customer Relationship Management software that offers highly customizable workflows and automation features, helping businesses achieve more efficient sales and marketing activities. Additionally, it features an intuitive user interface and robust reporting tools to better understand customer needs and enhance the productivity of your sales team.
This product has charges associated with it for seller support. EspoCRM is an Customer Relationship Management (CRM) platform that helps businesses manage sales, customer service, marketing, and collaboration efficiently.
TurnKey EspoCRM helps save you time and money by providing a ready-to-run EspoCRM solution that is secure, supported and easy to maintain. The system auto-updates itself with security fixes and is built in a transparent 100% open source process free of hidden backdoors.
This product has charges associated with it for seller support and pre-configured Product. This product includes charges for seller support and for the pre-configured setup. EspoCRM is a web application that allows users to see enter and evaluate all your company relationships regardless of the type. People, companies, projects or opportunities all in an easy and intuitive interface.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.