Deploy Cerbos on Amazon EC2
Run the Cerbos PDP on EC2 instances as a standalone binary or container alongside your application workloads.
Binary or container
Run Cerbos as a native binary managed by systemd or as a Docker container on your EC2 instances
Full control
Choose your instance type, networking, and scaling strategy to match your performance requirements
Stateless scaling
Place Cerbos behind an ALB or NLB and scale horizontally with Auto Scaling Groups
What is Cerbos?
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via Amazon EC2 gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
How to deploy Cerbos on Amazon EC2
- Launch an EC2 instance, Choose an instance type and configure security groups to allow traffic on the Cerbos HTTP (3592) and gRPC (3593) ports.
- Install Cerbos, Download the static binary or run the official Docker container image on the instance.
- Configure policy loading, Point Cerbos at a local policy directory, Git repository, or Cerbos Hub for policy storage.
- Connect your application, Use a Cerbos SDK to send authorization checks from your services to the PDP.
FAQ
How do I deploy Cerbos on EC2?
Download the Cerbos binary onto your EC2 instance and run it as a systemd service, or use Docker to run the official Cerbos container image. Configure your policy source and expose the gRPC and HTTP ports.
Does Cerbos require any external dependencies?
No. Cerbos is a single static binary with no external dependencies. It requires no database or message queue. Policies load from the filesystem, a Git repository, or Cerbos Hub.
How should I scale Cerbos on EC2?
Run Cerbos on multiple EC2 instances behind a load balancer. Cerbos is stateless, so each instance operates independently with no coordination required.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Amazon EC2
- Cerbos runs alongside your workloads in Amazon EC2
- No external databases or message queues required
- Built-in metrics, distributed tracing, and structured logging
- Stateless PDP instances scale horizontally
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.