Sold by: Lynxroute
Deployed on AWS
Free Trial
This product has charges associated with it for hardening, security configuration, and support.
Trino is a fast distributed SQL query engine (single JVM, Java 25) that runs ANSI SQL over data where it already lives - S3, PostgreSQL, MySQL, Iceberg, Delta Lake, Kafka, Hive and 40+ other sources. Unlike bare Trino AMIs that expose port 8080 with no authentication, no TLS, and a default heap that OOMs on the recommended instance, this Lynxroute build is ready out of the box: an admin password generated at first boot, file-based password authentication for CLI/JDBC/BI clients, TLS terminated at nginx, the JVM heap and query memory auto-sized to the instance, UFW firewall pre-configured, and a CIS Level 1 hardened Ubuntu 24.04 LTS base.
Apache-2.0 license - fully auditable, no vendor lock-in.
Overview
This is a repackaged software product wherein additional charges apply for hardening, security configuration, and support.
WHAT IS TRINO
Trino is a fast, distributed SQL query engine for federated analytics, maintained by the Trino Software Foundation (the upstream of the project formerly known as PrestoSQL). It runs as a single Java 25 JVM that acts as both coordinator and worker, so one node is a complete cluster. Trino speaks ANSI SQL with a cost-based optimizer and executes queries in parallel across pluggable connectors, letting you join data that lives in object storage, relational databases, data lakes and streams - all in a single query, without copying or ETL. The full distribution ships 40+ connectors (S3, PostgreSQL, MySQL, Iceberg, Delta Lake, Hive, Kafka, ClickHouse, and more). Trino is stateless: it stores no data of its own and queries external sources directly. This image bundles the tpch (benchmark) and memory connectors so you can validate it immediately. Apache-2.0 license, no vendor lock-in.
WHAT THIS AMI ADDS
Security hardening:
- Admin password generated uniquely at first boot, written to /root/trino-credentials.txt (mode 600)
- File-based password authentication so CLI, JDBC and BI clients log in over TLS
- TLS terminated at nginx on port 443; Trino's HTTP port (8080) is bound behind the firewall, never exposed
- A unique internal cluster shared secret generated per instance at first boot
- JVM heap and query memory limits auto-sized to the instance RAM (no OOM on first launch)
- UFW firewall pre-configured (only ports 22 and 443 open)
- CVE scan - every image is scanned for vulnerabilities before release
OS hardening (CIS Level 1):
- CIS Ubuntu 24.04 LTS Level 1 benchmark applied via ansible-lockdown
- auditd, fail2ban, AppArmor, SSH key-only, kernel hardening, IMDSv2 enforced
Compliance artifacts:
- SBOM - CycloneDX 1.6 at /etc/lynxroute/sbom.json
- CIS Conformance Report at /etc/lynxroute/cis-report.html
- CIS Tailored Profile at /usr/share/doc/lynxroute/CIS_TAILORED_PROFILE.md
Highlights
- Trino security baked in: admin password generated at first boot, file-based password auth for CLI/JDBC/BI clients, TLS terminated at nginx, the query port bound behind the firewall - unlike bare Trino AMIs that expose port 8080 with no authentication, no TLS, and a default heap that OOMs on the recommended instance.
- CIS Level 1 hardened Ubuntu 24.04 LTS: auditd, fail2ban, AppArmor, SSH key-only, IMDSv2 enforced. CVE-scanned before every release. SBOM (CycloneDX) and CIS Conformance Report included.
- Federated SQL over 40+ sources: query S3, PostgreSQL, MySQL, Iceberg, Delta Lake and Kafka in one ANSI SQL statement, with the JVM heap auto-sized to your instance. Apache-2.0 license - fully auditable, no vendor lock-in.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 24.04
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 5 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
m6i.xlarge Recommended | $0.05 |
t3.large | $0.03 |
m6i.large | $0.03 |
m6i.2xlarge | $0.07 |
Vendor refund policy
We do not offer refunds for this product. AWS infrastructure charges (EC2, EBS, data transfer) are billed separately by AWS and are not refundable by us.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Trino 481 - Initial release (June 2026)
- Trino 481 on Ubuntu 24.04 LTS (single-node coordinator + worker, Java 25)
- CIS Level 1 hardening applied (ansible-lockdown/UBUNTU24-CIS)
- CVE-scanned before every release
- Admin password generated at first boot; file-based password authentication for CLI/JDBC/BI clients
- TLS terminated at nginx (port 443); Trino query port bound behind the firewall
- JVM heap and query memory auto-sized to the instance; unique internal shared secret per instance
- Bundled tpch and memory connectors; 40+ connectors available
- UFW firewall pre-configured (ports 22, 443 only)
- fail2ban, auditd, AppArmor pre-configured
- SBOM (CycloneDX 1.6) at /etc/lynxroute/sbom.json
- CIS Conformance Report (OpenSCAP) at /etc/lynxroute/cis-report.html
- IMDSv2 enforced
Additional details
Usage instructions
- Launch instance (m6i.xlarge recommended; t3.large minimum)
- Open Security Group - allow TCP 443 from your IP
- SSH: ssh -i key.pem ubuntu@<PUBLIC_IP>
- Read credentials: sudo cat /root/trino-credentials.txt
- Open https://<PUBLIC_IP>/ui/ in your browser - accept the self-signed certificate warning, then log in as admin with the password from the credentials file
- Connect a SQL client over TLS: trino --server https://<PUBLIC_IP> --user admin --password JDBC: jdbc:trino://<PUBLIC_IP>:443?SSL=true (user admin, password from the file)
- Run a query: SELECT count(*) FROM tpch.tiny.orders;
Trino runs as a single-node coordinator and worker. The admin password is generated at first boot and saved to /root/trino-credentials.txt. The JVM heap and query memory are sized automatically from the instance RAM.
Bundled catalogs: tpch (synthetic benchmark data) and memory (volatile in-memory tables). Add your own catalogs under /etc/trino/catalog/ to query S3, PostgreSQL, MySQL, Iceberg, Delta Lake, Kafka and more.
Replace the self-signed TLS certificate with a CA-signed certificate for production use (sudo certbot --nginx).
Resources
Vendor resources
Support
Vendor support
Visit us online: https://lynxroute.com
For Trino documentation: https://trino.io/docs/current/ For Trino upstream issues:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Self-hosted distributed SQL engine for big data analytics. Query data across S3, PostgreSQL, MySQL, Kafka, and 30+ connectors with ANSI SQL.
Starburst Professional Services are designed to rapidly improve your time to data-driven decisions, broaden your data access, and better your price for performance so you realize the most value from your investment. Our team of expert consultants will assist you in successfully planning, designing, deploying, and optimizing your Trino environment.
Starburst Galaxy offers a full-featured data lake analytics platform that allows you to discover, manage, and consume the data in and around your data lake.
MDACA Big Data Virtualization (BDV) is an enterprise grade MPP (massively parallel processing) Federated SQL query engine. BDV is designed for speed, supporting enterprise and government organizations in their data query needs. BDV provides organizations with a logical data layer that integrates enterprise data across disparate systems and manages the unified data for centralized access. Based on the industry leading Trino.io distributed SQL query engine, MDACA BDV has been upgraded to support enterprises with advanced DoD-grade security features, additional connectors, functions, and performance optimizations. MDACA BDV also provides Keycloak (supporting enterprise single-sign-on and providing user federation, strong authentication, user management, fine-grained authorization, and more) and MDACA Policy Manager, based on Apache Ranger, (fine grained authorization to the column level, data masking and row filtering) as part of the baseline AMI.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.