Deploying QuestDB on AWS

Quick reference

ComponentRecommendedNotes
Instancem7i.xlarge or r7i.2xlarge4-8 vCPUs, 16-64 GiB RAM
Storagegp3, 200+ GiB16000 IOPS / 1000 MBps
File systemzfs with lz4Or ext4 if compression not needed
Ports9000, 8812, 9009, 9003Restrict to known IPs only

Infrastructure

Plan your infrastructure before launching. This section covers instance types, storage, and networking requirements.

Instance sizing

WorkloadInstancevCPUsRAMUse case
Developmentm7i.large28 GiBTesting, small datasets
Production (starter)m7i.xlarge416 GiBLight ingestion, moderate queries
Production (standard)r7i.2xlarge864 GiBHigh ingestion, complex queries
Production (heavy)r7i.4xlarge16128 GiBHeavy workloads, large datasets

Choosing an instance family:

  • m7i / m7a - Balanced compute and memory. Good starting point.
  • r7i / r7a - Memory-optimized. Better for large datasets or complex queries.
  • m8i / r8i - Latest generation. Best performance if available in your region.

Intel (i) and AMD (a) variants perform similarly. Choose based on availability and pricing.

ARM instances (Graviton):

Graviton instances (r7g, r8g) cost less and perform well for ingestion. However, queries using JIT compilation or SIMD vectorization run slower on ARM. Choose Graviton when your workload is primarily ingestion or cost is a priority.

Storage-optimized instances:

Instances with local NVMe (i7i, i8i) provide fastest disk I/O but lose data on termination. Only use with QuestDB Enterprise, which replicates to S3.

Storage

EBS configuration:

WorkloadVolumeSizeIOPSThroughput
Developmentgp350 GiB3000125 MBps
Productiongp3200+ GiB160001000 MBps
High I/Ogp3500+ GiB16000+1000+ MBps

Use gp3 volumes. They offer better price-performance than gp2 or io1. Separate your OS disk (30 GiB) from your data disk.

note

EBS throughput is limited by instance type. Smaller instances cannot sustain high IOPS or throughput regardless of volume provisioning. Check your instance's EBS bandwidth limits in the AWS documentation before provisioning storage.

File system:

Use zfs with lz4 compression to reduce storage costs. If you don't need compression, ext4 or xfs offer slightly better performance.

Unsupported storage:

  • EFS - Not supported. Network latency is too high for database workloads.
  • S3 - Not supported as primary storage. Use for replication (Enterprise only).

Networking

Security group rules:

PortProtocolSourcePurpose
22TCPYour IPSSH access
9000TCPYour IP / VPCWeb Console & REST API
8812TCPYour IP / VPCPostgreSQL wire protocol
9009TCPApplication serversInfluxDB line protocol
9003TCPMonitoring serversHealth check & Prometheus
warning

Never expose ports 9000, 8812, or 9009 to 0.0.0.0/0. Restrict access to known IP ranges or use a bastion host.

VPC recommendations:

  • Deploy QuestDB in a private subnet
  • Use a NAT gateway for outbound access (package updates, etc.)
  • Use VPC endpoints for S3 if using Enterprise replication
  • Consider placement groups for low-latency application access

Deployment

Choose your deployment method:

AWS Marketplace

The QuestDB AMI comes pre-configured and ready to run.

Steps:

  1. Go to the QuestDB Marketplace listing
  2. Click Continue to Subscribe and accept terms
  3. Click Continue to Configure, select your region
  4. Click Continue to Launch
  5. Select instance type, VPC, subnet, and security group
  6. Click Launch

After launch:

Connect to the Web Console at http://<instance-public-ip>:9000

Default credentials:

  • Web Console: admin / quest
  • PostgreSQL: admin / random (check /var/lib/questdb/conf/server.conf)
warning

Change default credentials immediately. See Security below.

Configuration file location:

/var/lib/questdb/conf/server.conf

Manual EC2

Deploy QuestDB on any EC2 instance you configure yourself.

Steps:

  1. Launch an EC2 instance with your preferred AMI (Ubuntu 22.04+ recommended)
  2. Attach a gp3 EBS volume for data
  3. Configure the security group per the Networking section
  4. SSH into the instance
  5. Install QuestDB via Docker or systemd

You can also download the binary directly:

curl -L https://questdb.com/download -o questdb.tar.gz
tar xzf questdb.tar.gz
./questdb.sh start

Security

Change default credentials

Update credentials immediately after deployment.

Web Console and REST API - edit server.conf:

http.user=your_username
http.password=your_secure_password

PostgreSQL - edit server.conf:

pg.user=your_username
pg.password=your_secure_password

InfluxDB line protocol - edit conf/auth.json. See ILP authentication.

Restart after changes:

sudo systemctl restart questdb

Disable unused interfaces

Reduce attack surface by disabling protocols you don't use:

server.conf
pg.enabled=false           # Disable PostgreSQL
line.tcp.enabled=false     # Disable ILP
http.enabled=false         # Disable Web Console & REST API
http.security.readonly=true  # Or make HTTP read-only

Operations

Upgrading

Marketplace AMI:

  1. Stop QuestDB:

    sudo systemctl stop questdb

  2. Back up data:

    sudo cp -r /var/lib/questdb /var/lib/questdb.backup

  3. Download new version:

wget https://github.com/questdb/questdb/releases/download/9.3.1/questdb-9.3.1-no-jre-bin.tar.gz
tar xzf questdb-9.3.1-no-jre-bin.tar.gz
sudo cp questdb-9.3.1-no-jre-bin/questdb.jar /usr/local/bin/questdb.jar
  1. Restart: 
    sudo systemctl start questdb

Manual deployments: Follow upgrade steps for Docker or systemd.

Monitoring

Health check:

curl http://localhost:9003/status

Prometheus metrics:

curl http://localhost:9003/metrics

CloudWatch integration:

Use the CloudWatch agent to collect:

  • System metrics (CPU, memory, disk I/O)
  • QuestDB logs from /var/lib/questdb/log/
  • Custom metrics scraped from the Prometheus endpoint

Enterprise on AWS

QuestDB Enterprise adds production features for AWS:

  • S3 replication - Continuous backup for durability
  • Cold storage - Move old partitions to S3, query on-demand
  • High availability - Automatic failover across instances

See Enterprise Quick Start.