Drupal - Hardened Self-Hosted CMS

This product has charges associated with it for hardening, security configuration, and support. Drupal is a leading open-source content management system (CMS), running here as a PHP 8.3 + MariaDB + nginx (PHP-FPM) stack installed with Composer. Unlike bare Drupal AMIs that leave you to run the installer by hand, set a database password, configure TLS, and stop the version beacon yourself, this Lynxroute build is ready out of the box: the site pre-installed with a unique admin password generated at first boot, a unique MariaDB password, TLS enabled on port 443, the database bound to localhost only, the Update Status beacon disabled, UFW firewall pre-configured, and a CIS Level 1 hardened Ubuntu 24.04 LTS base. GPL-2.0-or-later license - fully auditable, no vendor lock-in.

View purchase options

Try for free

Overview

Try agent mode

Create proposal

Ask question

This is a repackaged software product wherein additional charges apply for hardening, security configuration, and support.

WHAT IS DRUPAL

Drupal is a leading open-source content management system (CMS) and web application framework used by governments, universities, and enterprises worldwide. It is a PHP application backed by a MySQL/MariaDB or PostgreSQL database and served by nginx with PHP-FPM; this image installs it with Composer (the drupal/recommended-project layout). Drupal gives you structured content types and fields, taxonomy, the Views query builder, flexible URL aliases, a roles-and-permissions access model, revisions and workflows, multilingual content, a theming layer, a REST/JSON:API for headless and decoupled front-ends, and one of the largest module ecosystems of any CMS. Because you self-host it, all content and visitor data stays inside your own AWS account, which makes GDPR and data-residency compliance straightforward. Drupal is GPL-2.0-or-later licensed with no vendor lock-in.

WHAT THIS AMI ADDS

Security hardening:

Site pre-installed at first boot with a unique admin password (no install wizard, no shipped default credential)
Unique MariaDB password generated at first boot; the database and PHP-FPM bound to 127.0.0.1 only - never exposed to the network
TLS enabled on port 443 with a self-signed certificate (replace with your own CA/Let's Encrypt certificate for production)
The Update Status beacon is disabled - the image does not phone home to drupal.org for version checks (you can re-enable it under Extend)
settings.php locked down and the public files directory isolated; trusted host patterns tracked automatically
UFW firewall pre-configured (ports 22, 80, 443 only)
fail2ban, auditd, and AppArmor pre-configured
CVE scan - every image is scanned for vulnerabilities before release

OS hardening (CIS Level 1):

CIS Ubuntu 24.04 LTS Level 1 benchmark applied via ansible-lockdown
auditd, SSH key-only access, kernel hardening, IMDSv2 enforced

Compliance artifacts:

SBOM - CycloneDX 1.6 at /etc/lynxroute/sbom.json
CIS Conformance Report at /etc/lynxroute/cis-report.html
CIS Tailored Profile at /usr/share/doc/lynxroute/CIS_TAILORED_PROFILE.md

Drupal is a registered trademark of Dries Buytaert. This product is built on the open-source Drupal software and is not affiliated with, endorsed by, or sponsored by the Drupal project or the Drupal Association.

Highlights

Drupal security baked in: site pre-installed with a unique admin password at first boot, unique database password, TLS on 443, database bound to localhost, Update Status beacon disabled.
CIS Level 1 hardened Ubuntu 24.04 LTS: auditd, fail2ban, AppArmor, SSH key-only, IMDSv2 enforced. CVE-scanned before every release. SBOM (CycloneDX) and CIS Conformance Report included.
Self-host a world-class CMS: structured content types, taxonomy, the Views builder, roles and permissions, multilingual content, JSON:API for headless front-ends, and a vast module ecosystem - all your data stays in your AWS account. GPL-2.0-or-later license - fully auditable, no vendor lock-in.

Details

Sold by

Lynxroute

Introducing multi-product solutions

You can now purchase comprehensive solutions tailored to use cases and industries.

Learn more

Explore multi-product solutions

Features and programs

Financing for AWS Marketplace purchases

AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.

View financing details

Pricing

Free trial

Try for free

Try this product free for 5 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.

Drupal - Hardened Self-Hosted CMS

Info

View purchase options

Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.

Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.

Usage costs (4)

Info

Dimension	Cost/hour
t3.medium Recommended	$0.02
t3.large	$0.03
t3.small	$0.02
m6i.large	$0.03

Vendor refund policy

We do not offer refunds for this product. AWS infrastructure charges (EC2, EBS, data transfer) are billed separately by AWS and are not refundable by us.

How can we make this page better?

Tell us how we can improve this page, or report an issue with this product.

Legal

Vendor terms and conditions

Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

Content disclaimer

Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

Usage information

Info

Delivery details

64-bit (x86) Amazon Machine Image (AMI)

Amazon Machine Image (AMI)

An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

Version release notes

Drupal 11.3.12 - Initial release (June 2026)

Drupal 11.3.12 on Ubuntu 24.04 LTS (PHP 8.3 + MariaDB + nginx, Composer install)
CIS Level 1 hardening applied (ansible-lockdown/UBUNTU24-CIS)
CVE-scanned before every release
Site pre-installed at first boot with a unique admin password; unique MariaDB password
TLS on port 443; database and PHP-FPM bound to localhost only
Update Status beacon disabled (no version phone-home to drupal.org)
UFW firewall pre-configured (ports 22, 80, 443 only)
fail2ban, auditd, AppArmor pre-configured
SBOM (CycloneDX 1.6) at /etc/lynxroute/sbom.json
CIS Conformance Report (OpenSCAP) at /etc/lynxroute/cis-report.html
IMDSv2 enforced

Additional details

Usage instructions

Launch instance (t3.medium recommended)
Open Security Group - allow TCP 443 (and 80 for the HTTP-to-HTTPS redirect) from your IP only
SSH: ssh -i key.pem ubuntu@<PUBLIC_IP>
Read credentials: sudo cat /root/drupal-credentials.txt
Open https://<PUBLIC_IP>/ in your browser - accept the self-signed certificate warning
Log in at https://<PUBLIC_IP>/user/login with username "admin" and the admin password from the credentials file

The site is already installed - there is no install wizard to complete. The admin password and the database password are generated uniquely at first boot and saved to /root/drupal-credentials.txt. After your first login, change the admin password and set a real admin email under People.

Keep port 443 restricted to your IP until you have changed the admin password, since anyone who reaches the site before you can use the shipped credentials.

The Update Status module is uninstalled, so this image does not phone home to drupal.org for version checks; re-enable it under Extend if you want update notifications.

For your own domain with a CA-signed certificate (recommended for production): sudo certbot --nginx -d your.domain.com Then add your domain to $settings['trusted_host_patterns'] in /var/www/drupal/web/sites/default/settings.php.

Resources

Vendor resources

Documentation

Support

Vendor support

Drupal is a registered trademark of Dries Buytaert; this product is not affiliated with or endorsed by the Drupal Association.

Visit us online: https://lynxroute.com

For Drupal documentation: https://www.drupal.org/docs For Drupal upstream issues:

Get support

AWS infrastructure support

AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Get support

Similar products

Joomla - Hardened Content Management System (CMS)

By Lynxroute

This product has charges associated with it for hardening, security configuration, and support. Joomla is a popular open-source content management system (CMS) - a PHP 8.3 web application served by Nginx and PHP-FPM with a MariaDB database. Unlike bare Joomla AMIs that ship the web installer wide open, run plain HTTP with no certificate, and leave the database and admin account unconfigured, this Lynxroute build is ready out of the box: a Super User and database credentials generated at first launch, the installer removed automatically, HTTPS on by default with a self-signed certificate, Certbot pre-installed for trusted TLS, MariaDB bound to localhost only, UFW firewall pre-configured, and a CIS Level 1 hardened Ubuntu 24.04 LTS base. GPL-2.0-or-later license - fully auditable, no vendor lock-in.

View product

Drupal With OpenLiteSpeed

By LiteSpeed Technologies Inc.

Ready to run, Drupal with performance web server

View product

Drupal Pro

By Solodev

Drupal Pro for AWS is an enterprise distribution of the latest version of Drupal, the open source content management framework for building websites and apps. Built on Solodev Core, Drupal Pro is optimized for a single EC2 with RDS, automated backups, and more.

View product

Drupal

By ATH Infosystems

This product has charges associated with it for seller support. Drupal is a content management software and it is used for making many of the websites and applications that are used in day to day life. This product has charges associated with it for seller support and pre-installed MySQL database ready to install out of the box.

View product

Drupal for Ubuntu 20.04 with support by Kurian

By Kurian

This product may have charges associated with it for seller support. Drupal Content Management System (CMS) with secured database.

View product

Intuz Drupal

By Intuz

Intuz Drupal is a pre-configured, ready to run image for running Drupal on Amazon EC2. Drupal is a free and open source content-management framework written in PHP and distributed under the GNU General Public License, provides a back-end framework for at least 2.2% of all Web sites worldwide.

View product

Customer reviews

Leave a review

Ratings and reviews

Info

0 ratings

5 star

4 star

3 star

2 star

1 star

0 reviews

No customer reviews yet

Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.