OpenAM in Amazon EC2




This guide will show those who are not familiar with AWS how to initiate a server image with OpenAM pre-installed.

If you don’t have an account at AWS, you have to create one to this pre-configured image. Log in at

The OpenAM image is based upon the “small” instance type (1.7 GB RAM) which is an instance type which will be charged by default Amazon rates.

The default EC2 instances will get a new IP and therefor also a new FQDN (Public DNS) name every time it get’s restarted. To avoid this allocate a “Elastic IP” to the instance which can be associate with the new OpenAM instance.

Fast track

  1. Click the “Launch Instance” button from your instance menu
  2. Select “Community AMIs”
  3. Search for ForgeRock among “All Images” (take some time to load)
  4. From the list of ForgeRock AMI’s click the “Select” button on the OpenAM entry
  5. Select “Small (m1.small, 1.7 GB)” from the Instance type. OpenAM needs more RAM then the Micro instance can provide with 640MB.
  6. Create a “Key Pair” if you don’t have any.
  7. Create a “Security Group” if you don’t have any with the port 22 (SSH) and 8080(Tomcat/OpenAM) open for access
  8. Click “Launch”
  9. Associate the instance with a static IP from the Elastic IP pool
  10. Point your browser to the IP/Public DNS on port 8080 and /openam
  11. Done.

Manual creation a instance from scratch

  1. Select the “Basic 32-bit Amazon Linux AMI 2011.09 (AMI Id: ami-24506250)”,
  2. Choose 1 instance select “Small (m1.small, 1.7 GB)” for the “Instance Type”, OpenAM needs memory
  3. Add some description to the instance
  4. Add some key/value pair to the instance
  5. Create a key pair (if you don’t already have one you could use for SSH for this instance)
  6. Choose the “OpenAM” security group previously created.
  7. Click on “Lanuch” to create the instance, and make it active.

Install the software

Connect to the EC2 instance using your encrypted key previously created and downloaded locally. Connect using ssh similar to this command with your own unique hostname.

ssh -i .ec2/openam.pem

When logged in then you can start installing the necessary software.

  1. sudo yum install tomcat6
  2. sudo /sbin/chkconfig –level 2345 tomcat6 on
    1. just to make Tomcat start on boot
  3. cd /usr/share/tomcat6/webapps
  4. sudo wget
    1. Download the version of OpemAM you would like to install
  5. sudo mv openam_953.war openam.war
    1. The name of the war file will also be the name of the web context be default
  6. sudo chown -R tomcat /usr/share/tomcat6/
    1. Change the file ownership to tomcat for all related files. The Tomcat process will run default as “tomcat” as the owner.
  7. sudo vi /etc/tomcat6/tomcat6.conf
    1. Open the tomcat config file in a text editor
  8. Add the following  to the JAVA_OPTS environment variable: -Xmx1024m -XX:MaxPermSize=256m
    1. This is the recommended setup for OpenAM
  9. sudo /sbin/service tomcat6 start
    1. Starts the Tomcat deamon, and deploys OpenAM

Then you can point your browser to the instance hostname like:

Leave a Reply

Your email address will not be published. Required fields are marked *