Listing Thumbnail

    Authelia SSO and MFA Server - AMI | Support by cloudimg

     Info
    Sold by: cloudimg 
    Deployed on AWS
    Free Trial
    AWS Free Tier
    This product has charges associated with it for seller support. Deploy a production-ready single sign-on and multi-factor authentication gateway in minutes. Authelia pre-configured with nginx forward-auth, secure first boot, and 24/7 cloudimg support.

    Overview

    Open image

    This is a repackaged open source software product wherein additional charges apply for cloudimg support services.

    Why This AMI Over Manual Deployment

    Deploying Authelia from scratch requires installing the binary, configuring a reverse proxy integration, generating cryptographic secrets, setting up storage backends, and wiring forward-authentication headers - a process that can take hours and leaves room for insecure defaults. This AMI eliminates that effort: a complete forward-authentication gateway is running within minutes of launch, with unique credentials and secrets generated automatically. Unlike default installs that ship shared secrets or require manual key generation, every instance boots with fresh argon2id-hashed credentials and unique session, storage encryption, and identity validation tokens. Compared to container orchestration approaches, this AMI runs as native systemd services with no Docker dependency, simplifying operations on a single EC2 instance.

    Application Stack

    The Authelia server binary installed under /usr/local/bin and run by a dedicated unprivileged service account, bound to loopback so it is never exposed without the proxy. A local SQLite storage database and the file-based user database reside on a dedicated data disk so identity state is independently resizable. An nginx reverse proxy publishes the Authelia login portal over HTTPS and runs the standard forward-authentication integration. A demo protected location is guarded by Authelia, so you can see the full redirect-to-portal, log-in, return-to-application flow end to end out of the box.

    Forward Authentication Flow

    The nginx proxy asks Authelia to authorize every request to a protected resource. Unauthenticated requests are redirected to the Authelia portal, the user signs in once, and is returned to the application. The same single sign-on session then satisfies every other application behind the same proxy. Access is governed by a clear per-resource policy: bypass, one factor, or two factor.

    Ecosystem Compatibility

    Authelia integrates with multiple identity backends including OpenLDAP, Microsoft Active Directory, and FreeIPA, as well as its built-in file-based user database. For email notifications and password resets, configure SMTP with Amazon SES, Gmail SMTP, SendGrid, or any standards-compliant mail relay. While this AMI ships with nginx, Authelia also supports forward-authentication with Traefik, HAProxy, and Caddy. For DNS and TLS, pair with AWS Route 53 for domain management and AWS Certificate Manager for automated certificate provisioning.

    Secure First Boot

    On the first boot of your instance, a one-shot service generates a fresh administrator password unique to that instance, along with fresh cryptographic secrets for the session, the storage encryption key, and the identity validation tokens. The password is argon2id-hashed into the user database and written to a root-only file. No shared or default credentials and no shared secrets ship in the image.

    Use Case: Internal DevOps Tooling

    A small DevOps team protecting internal dashboards such as Grafana, Jenkins, and Kibana behind a single login portal. Rather than configuring authentication individually on each tool, place them behind the nginx-Authelia gateway and define one-factor or two-factor policies per resource. New services are added with a single nginx location block and one access control rule - no application-level auth code required.

    Additional Use Cases

    • A single sign-on and two-factor gateway in front of internal web applications
    • Protecting admin panels and home lab services that have no authentication of their own
    • A self-hosted alternative to commercial identity-aware proxies like Cloudflare Access
    • A reference forward-authentication deployment to build your own access-controlled stack on

    Getting Started

    Launch the AMI, retrieve the generated admin password from the root-only file, and visit the HTTPS endpoint to see the Authelia login portal. Sign in with the administrator credentials to reach the demo protected page. To bring your own applications under single sign-on, point them at the proxy and add an access control rule - a simple one-line change swaps the bundled demo domain for your own.

    cloudimg Support

    24/7 technical support by email and live chat. Our engineers help with deployment, reverse proxy and forward-authentication configuration, access control rules, two-factor enrolment, LDAP or file user backends, SMTP notifications, TLS setup, and bringing your own applications under single sign-on.

    All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

    Highlights

    • Production-ready in minutes: Authelia SSO and MFA server pre-configured as a systemd service behind nginx with a working demo app. No manual installation, no reverse proxy wiring, no secret generation required. Launch the AMI and the full forward-authentication gateway is operational, saving hours compared to manual deployment or container orchestration setups.
    • Zero default credentials: every instance generates its own unique admin password and fresh cryptographic secrets (session, storage encryption, identity validation) on first boot. Credentials are argon2id-hashed and stored in root-only files. No shared secrets ship in the image, eliminating the credential-sharing risk common in default installations.
    • Flexible ecosystem integration with 24/7 cloudimg support: Authelia works with OpenLDAP, Microsoft Active Directory, and FreeIPA for identity backends, plus Amazon SES, Gmail SMTP, or SendGrid for notifications. Per-resource access policies (bypass, one-factor, two-factor) protect any number of applications. Identity state lives on a dedicated resizable data disk. Expert support covers deployment, configuration, and troubleshooting.

    Details

    Sold by

    Delivery method

    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)

    Latest version

    Operating system
    Ubuntu 24.04

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product free for 7 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.

    Authelia SSO and MFA Server - AMI | Support by cloudimg

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.
    If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier  for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier  for more details.

    Usage costs (800)

     Info
    • ...
    Dimension
    Description
    Cost/hour
    t3.small
    Recommended
    t3.small
    $0.04
    t3.micro
    t3.micro instance type
    $0.04
    t2.micro
    t2.micro instance type
    $0.04
    m8i.8xlarge
    m8i.8xlarge instance type
    $0.24
    m5dn.metal
    m5dn.metal instance type
    $0.24
    i4i.large
    i4i.large instance type
    $0.08
    i4i.8xlarge
    i4i.8xlarge instance type
    $0.24
    r5ad.xlarge
    r5ad.xlarge instance type
    $0.12
    m5ad.16xlarge
    m5ad.16xlarge instance type
    $0.24
    r5n.16xlarge
    r5n.16xlarge instance type
    $0.24

    Vendor refund policy

    Refunds available on request.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    Initial release of Authelia 4.39.20 single sign-on and multi-factor authentication server with an nginx forward-authentication reverse proxy and a demo protected application.

    Additional details

    Usage instructions

    Connect via SSH on port 22 as the default login user for your operating system variant (the user guide lists it per variant). Retrieve the generated credentials with: sudo cat /root/authelia-credentials.txt. The Authelia login portal and a demo protected page are served over HTTPS (port 443) through nginx; port 80 redirects to HTTPS. Because Authelia requires a real domain for its session cookies (an IP address cannot be used) and a secure https scheme for its session URLs, the image ships a self-contained demo domain authelia.local served with a self-signed certificate. To try the demo flow from your workstation, add a line mapping authelia.local and secure.authelia.local to the instance public IP in your workstation hosts file, then browse to https://secure.authelia.local/secure  and accept the self-signed certificate warning: you are redirected to the Authelia portal, sign in with user admin and the generated password, and are returned to the protected page. For production, edit /etc/authelia/configuration.yml to set your own domain (https) under session.cookies and access_control, replace the self-signed certificate in /etc/nginx/tls/ with a real certificate for your domain, point your applications at the nginx proxy and add an access control rule per application; the user guide walks through it plus two factor authentication. Authelia data (the SQLite database, secrets and notifications) lives on a dedicated data disk mounted at /var/lib/authelia.

    Resources

    Vendor resources

    Support

    Vendor support

    cloudimg Support

    cloudimg provides 24/7 technical support for this product by email and live chat. Critical issues receive a one-hour average response time.

    What We Help With:

    • Deployment and initial configuration
    • Reverse proxy and forward-authentication setup
    • Access control rule configuration (bypass, one-factor, two-factor policies)
    • Two-factor authentication enrolment
    • LDAP and file-based user backend configuration (OpenLDAP, Active Directory, FreeIPA)
    • SMTP notification setup (Amazon SES, Gmail, SendGrid)
    • TLS certificate configuration
    • Bringing your own applications under single sign-on
    • Domain swap from demo to production
    • Performance tuning and troubleshooting
    • Updates and security patching guidance

    Getting Started After Launch:

    1. Ensure your security group allows inbound traffic on ports 443 (HTTPS) and 22 (SSH)
    2. SSH into the instance and retrieve the generated admin password from the root-only credential file
    3. Visit the instance HTTPS endpoint to access the Authelia login portal
    4. Sign in with the admin credentials to verify the demo protected application works
    5. Swap the demo domain for your own with a single configuration line change

    Contact: support@cloudimg.co.uk 

    For refund requests, troubleshooting, or any product issues, contact us via email or live chat and our engineers will respond promptly.

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 reviews
    No customer reviews yet
    Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.