Skip to main content
This guide shows how to deploy n8n on an AWS EC2 instance using Docker and Docker Compose v2. Follow the steps to:
  • Launch an EC2 instance (Ubuntu).
  • Install Docker and Docker Compose v2 (CLI plugin).
  • Clone the n8n self-hosted AI starter kit.
  • Configure environment variables and run the stack.
  • Access n8n via the instance public IP.
Recommended for quick demos and testing. For a production deployment, see the “Closing notes” section below. Start by launching an AWS sandbox playground (or use your own AWS account). For a quick demo, KodeKloud provides interactive cloud sandboxes.
The image shows a webpage from KodeKloud titled "Cloud Playgrounds," featuring interactive options for AWS, Azure, Google Cloud, and Azure Data services.
Sign into the AWS Console using the credentials provided by the playground. Copy and paste the username/password into the AWS sign-in page to access the console.
The image shows an AWS Console Home screen with no recently visited services, an "Access denied" alert for listing applications, and an option to diagnose with Amazon Q. The region is set to US East (N. Virginia).

1 — Launch an EC2 instance

  1. Console: EC2 → Instances → Launch Instance.
  2. Name the instance n8n-demo and select an Ubuntu AMI (e.g., Ubuntu 22.04 LTS).
  3. Choose an instance type (e.g., t2.medium). This demo uses a slightly larger instance to accommodate Ollama and extra repo data.
  4. Increase the root volume to 30 GB (or larger as needed).
  5. Create a new key pair n8n-demo-key in PEM format and download it.
  6. Configure the security group to allow:
    • SSH (port 22) — for administration.
    • n8n (port 5678) — to access the UI.
    • Additional ports used by included services (Ollama, Qdrant) if needed.
When configuring the instance, confirm SSH and any other required ports are allowed.
The image shows an AWS EC2 instance launch configuration screen, detailing network settings, key pair setup, security groups, and a summary of the selected instance details. Options for creating or selecting a security group and allowing SSH and HTTP traffic are visible.
Increase the storage size to ensure enough room for components like Ollama.
The image shows an AWS EC2 dashboard with options to configure and launch an instance, including security group and storage settings.
Launch the instance. After it starts, open the instance details to confirm and review the security group inbound rules.
The image shows an AWS EC2 Management Console with one instance running, labeled "n8n-demo," providing details such as instance ID, type, state, and IP addresses.
Edit the security group’s inbound rules to allow SSH and the n8n port (5678). In the demo we configured Custom TCP on port 5678 and allowed it from anywhere.
The image shows the AWS EC2 console's "Edit inbound rules" page, where a user is configuring security group rules for inbound traffic. Options for protocol types like TCP and UDP are being selected from a dropdown menu.
Save the rules after editing.
The image shows an AWS console screen where inbound rules for a security group are being edited, allowing SSH and custom TCP traffic from any IP address. There is a warning about allowing access from all IP addresses.
For production, do not leave SSH (22) or n8n (5678) open to the entire internet (0.0.0.0/0). Restrict access by IP range, use a VPN or bastion host, and implement least-privilege security. The open rules shown here are only acceptable for a short-lived demo sandbox.

2 — SSH into the instance

On your local machine, move to the folder where the PEM key was downloaded and secure the file: 
chmod 400 n8n-demo-key.pem
SSH into the instance using the ubuntu user and the instance public IP (replace <PUBLIC_IP>): 
ssh -i "n8n-demo-key.pem" ubuntu@<PUBLIC_IP>
On first connect you may see a host authenticity prompt; type yes to continue. Example: 
The authenticity of host '<PUBLIC_IP> (<PUBLIC_IP>)' can't be established.
ED25519 key fingerprint is SHA256:oc3mo7aChuiTyieEkiDuCvPTLBliSDNLMrXc9W0c.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

3 — Install Docker and Docker Compose v2

Update packages and install Docker using the official convenience script: 
sudo apt update && sudo apt upgrade -y
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
Enable Docker, add the current user to the docker group, and apply the group change: 
sudo systemctl enable docker
sudo usermod -aG docker $USER
newgrp docker
Install Docker Compose v2 as a CLI plugin (adjust the version URL if you prefer another release): 
mkdir -p ~/.docker/cli-plugins
curl -SL https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
chmod +x ~/.docker/cli-plugins/docker-compose
Verify the Compose plugin (note: use docker compose, not docker-compose): 
docker compose version
# Example output:
# Docker Compose version v2.23.3
Helpful links:

4 — Clone the repository and configure environment

Clone the n8n self-hosted AI starter kit and prepare the environment file: 
git clone https://github.com/n8n-io/self-hosted-ai-starter-kit
cd self-hosted-ai-starter-kit
cp .env.example .env
Edit .env and set relevant variables. Minimum example (only key variables shown): 
POSTGRES_USER=root
POSTGRES_PASSWORD=password
POSTGRES_DB=n8n

N8N_ENCRYPTION_KEY=super-secret-key
N8N_USER_MANAGEMENT_JWT_SECRET=even-more-secret
N8N_DEFAULT_BINARY_DATA_MODE=filesystem

# Disable secure cookie for demo on a non-HTTPS public IP.
N8N_SECURE_COOKIE=false

# For Mac users running OLLAMA locally
# OLLAMA_HOST=host.docker.internal:11434
Notes:
  • Ensure variable names are N8N_ prefixed and POSTGRES_DB is n8n.
  • N8N_SECURE_COOKIE=false is used here because the demo uses HTTP. For production with HTTPS, set N8N_SECURE_COOKIE=true.
  • Replace N8N_ENCRYPTION_KEY and N8N_USER_MANAGEMENT_JWT_SECRET with strong, unique secrets.

Quick reference — Ports and services

ServiceDefault PortNotes
n8n UI5678HTTP access in demo; use HTTPS in production
Ollama11434Local LLM server (if enabled in compose)
Qdrant6333 / 6334Vector DB used by starter kit
Postgres5432Database used by n8n

5 — Start the stack with Docker Compose

Start services using the Compose profile included in the repo: 
docker compose --profile cpu up -d
This command pulls images and creates volumes. It may take several minutes (n8n, postgres, ollama, qdrant, etc.). Verify containers: 
docker ps
Example output (IDs and images will differ): 
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS                 PORTS                                  NAMES
c5549fabe571   n8nio/n8n:latest              "docker-entrypoint.s…"   2 minutes ago   Up 2 minutes           0.0.0.0:5678->5678/tcp                 n8n
653b4f492de6   postgres:16-alpine            "docker-entrypoint.s…"   2 minutes ago   Up 2 minutes (healthy)  5432/tcp                               self-hosted-ai-starter-kit_postgres-1
3bc8a2aeb73b   ollama/qdrant                 "/start-service.sh"      2 minutes ago   Up 2 minutes           0.0.0.0:6333->6333/tcp, 6334/tcp       qdrant
1f6b0c27bd91   ollama/ollama:latest          "/bin/ollama serve"      2 minutes ago   Up 2 minutes           0.0.0.0:11434->11434/tcp               ollama
Troubleshooting:
  • Use docker compose logs -f or docker compose logs <service> to inspect startup issues.
  • Ensure sufficient disk and CPU on the instance; Ollama and Qdrant are resource-intensive.

6 — Access n8n in the browser

Open: 
http://<PUBLIC_IP>:5678
Replace <PUBLIC_IP> with your EC2 instance public IPv4 address. On first access you will be prompted to create an owner account (email, first name, last name, password).
The image shows a setup page for creating an owner account on n8n, requiring email, first name, last name, and password details. There's also an option to receive security and product updates.
Once signed in, you will see the n8n dashboard and a default demo workflow — the same n8n experience but now running on your EC2 instance. Ollama and the other services in the repo are available to workflows as configured. Monitor EC2 resource usage (CPU, network, disk) from the EC2 console to observe the impact of running these services.
The image shows an Amazon EC2 dashboard displaying the details and monitoring graphs for a running instance labeled "n8n-demo." It includes metrics such as network packets, bytes, and CPU credit usage.
Here is an example workflow that uses a Chat Trigger, a basic LLM chain, and an Ollama chat model — components you can test once Ollama is running.
The image shows a workflow editor interface with components connected in a sequence, including a "Chat Trigger," "Basic LLM Chain," and "Ollama Chat Model." The layout is part of a software tool for creating automated processes.

Closing notes

If you want, I can provide a step-by-step production-ready recipe (HTTPS, domain, automated backups, and secure security group rules).

Watch Video