Deploying ownCloud on AWS – A Step-by-Step Guide

Soham RoySoham Roy
7 min read

This guide provides a detailed walkthrough for deploying the ownCloud application on AWS using a 2-tier architecture. It includes both a conceptual overview and concrete implementation instructions based on best practices.


1. OwnCloud Architecture Overview

ownCloud is an open-source file-sharing and collaboration platform that supports secure file access across devices, providing:

  • Universal file access across multiple storage systems

  • Enterprise-grade security and control

  • Integration with existing infrastructure (LDAP/AD, SharePoint, etc.)

  • Alternative to public cloud services like Dropbox

Key components in ownCloud architecture:

  • Core Server: PHP web application with processing engine

  • Storage Abstraction: Supports filesystems (NFS, ZFS), object storage (S3, Swift), and external storage (SharePoint, FTP)

  • Database Layer: Stores metadata and user information

  • Web Interface: Management console and user portal

It offers a seamless user interface, advanced permission control, encryption, LDAP/AD integration, WebDAV, and more.


2. Project Architecture Overview (Hosted on AWS)

This implementation deploys ownCloud on AWS with:

  • High availability design

  • Security best practices (public/private subnets)

  • Scalable components

  • Managed services where possible


3. Architecture Diagram

Components shown in diagram:

  • VPC with public and private subnets

  • Internet Gateway and NAT Gateway

  • EC2 instances in appropriate subnets

  • Security groups restricting traffic

  • Route tables for network traffic control


4. EC2 Instances & Subnet Configuration

EC2 Instances

  • App EC2 (Public Subnet): Ubuntu 22.04 LTS, Apache2, PHP, ownCloud

  • DB EC2 (Private Subnet): Ubuntu 22.04 LTS, MySQL Server

Subnets

  • Public Subnet (10.0.1.0/24): App EC2 + NAT Gateway + Internet Gateway

  • Private Subnet (10.0.2.0/24): DB EC2 only


5. Security Groups & Route Tables

Security Groups

  • App SG: Allow HTTP (80), HTTPS (443), SSH (22 - restricted)

  • DB SG: Allow MySQL (3306) only from App SG

Route Tables

  • Public Route Table: 0.0.0.0/0 → Internet Gateway

  • Private Route Table: 0.0.0.0/0 → NAT Gateway


6. Network ACLs & VPC

VPC

  • CIDR: 10.0.0.0/16

  • DNS Hostnames Enabled

NACLs

  • Public Subnet NACL: Allow inbound HTTP, HTTPS, SSH; outbound all

  • Private Subnet NACL: Allow inbound MySQL (3306) from public subnet


7. Internet Gateway & NAT Gateway

  • Internet Gateway: Attached to VPC for public access

  • NAT Gateway: In public subnet for private subnet to reach internet


8. MySQL & Apache2 Service Status

On respective EC2 instances:

sudo systemctl status mysqld
sudo systemctl status httpd

Ensure both services are enabled and running.


9. Step-by-Step Deployment Guide

I'm assuming you are familiar with the AWS console.

A. VPC and Subnet Setup

  1. Create a VPC (10.0.0.0/16)

  2. Create two subnets:

    • Public Subnet: 10.0.1.0/24

    • Private Subnet: 10.0.2.0/24

  3. Enable auto-assign public IP for the public subnet

B. Internet and NAT Gateways

  1. Create and attach an Internet Gateway to the VPC

  2. Allocate an Elastic IP and create a NAT Gateway in the public subnet

C. Route Tables

  1. Create two route tables:

    • Public RT → IGW (0.0.0.0/0)

    • Private RT → NAT Gateway (0.0.0.0/0)

  2. Associate public RT with public subnet, private RT with private subnet

D. EC2 Instance Launch

  1. Launch App EC2 in public subnet (Amazon Linux 2)

    • Allow ports 22, 80, 443 via Security Group
  2. Launch DB EC2 in private subnet

    • Allow port 3306 only from App SG

E. Configure App EC2 (ownCloud)

Documentation for ownCloud server installation ~ You can refer to this document for better hand-holding!

  1. SSH into App EC2

  2. Install Apache, PHP, and required PHP modules:

# Update system and install dependencies
sudo apt update && sudo apt upgrade -y
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update
  1. Install LAMP stack and required modules
sudo apt install -y apache2 libapache2-mod-php7.4 mariadb-server openssl redis-server \
  wget php7.4 php7.4-imagick php7.4-common php7.4-curl php7.4-gd php7.4-imap \
  php7.4-intl php7.4-json php7.4-mbstring php7.4-gmp php7.4-bcmath php7.4-mysql \
  php7.4-ssh2 php7.4-xml php7.4-zip php7.4-apcu php7.4-redis php7.4-ldap php-phpseclib
  1. Configure Apache
sudo a2enmod dir env headers mime rewrite setenvif
sudo systemctl restart apache2
  1. Download and extract ownCloud:
cd /var/www/html
sudo rm *
sudo wget https://download.owncloud.com/server/stable/owncloud-complete-latest.tar.bz2
sudo tar -xjf owncloud-complete-latest.tar.bz2
sudo chown -R www-data:www-data owncloud
sudo systemctl restart apache2

F. Configure DB EC2 (MySQL)

  1. SSH into DB (EC2 instance via bastion or from public instance)

  2. Install and start MySQL:

# Secure MySQL installation
sudo mysql_secure_installation
  1. Create DB and user for ownCloud:
sudo mysql -u root -p
CREATE DATABASE owncloud_db;
CREATE USER 'owncloud_user'@'%' IDENTIFIED BY 'secure_password';
GRANT ALL PRIVILEGES ON owncloud_db.* TO 'owncloud_user'@'%';
FLUSH PRIVILEGES;
EXIT;

G. Finalize Setup (ownCloud Configuration)

  1. Access the ownCloud web interface at http://<AppInstancePublicIP>/owncloud and complete setup:
  • Create an admin account

  • Enter database details:

    • Database user: owncloud_user

    • Database password: secure_password

    • Database name: owncloud_db

    • Host: private IP of database instance

  • Complete installation and login

H. Verification Steps

  1. MySQL Service Status:
    On database instance: sudo systemctl status mysql

  2. Apache2 Service Status:
    On application instance: sudo systemctl status apache2

  3. Application Access:
    Verify you can access ownCloud via browser at public IP

  4. Network Connectivity:
    Test connection from app instance to DB: telnet <db-private-ip> 3306


10. Future Enhancements

High Availability

  • Implement multi-AZ deployment

  • Add Elastic Load Balancer with auto-scaling

  • Use Amazon RDS for managed database service

Storage Options

  • Integrate with S3 for object storage

  • Implement EFS for shared file storage

Security Improvements

  • Set up AWS WAF for web application firewall

  • Implement AWS Shield for DDoS protection

  • Enable AWS CloudTrail for logging

Monitoring

  • Configure Amazon CloudWatch alarms

  • Set up SNS notifications for critical events

Backup & Recovery

  • Implement AWS Backup for automated snapshots

  • Create a disaster recovery plan with cross-region replication


11. Cleanup Instructions

To avoid ongoing charges, delete all resources in the following order:

1. Terminate EC2 Instances

Must be done first since they depend on other resources.

aws ec2 terminate-instances --instance-ids i-123456 i-789012

2. Delete NAT Gateway

Must be deleted before releasing its Elastic IP.

aws ec2 delete-nat-gateway --nat-gateway-id nat-123456

3. Release Elastic IP

Can only be released after NAT Gateway is deleted.

aws ec2 release-address --allocation-id eipalloc-123456

4. Detach & Delete Internet Gateway

Must be detached from the VPC before deletion.

aws ec2 detach-internet-gateway --internet-gateway-id igw-123456 --vpc-id vpc-123456
aws ec2 delete-internet-gateway --internet-gateway-id igw-123456

5. Delete Subnets

Must be empty before deletion; depends on terminated instances.

aws ec2 delete-subnet --subnet-id subnet-123456
aws ec2 delete-subnet --subnet-id subnet-789012

6. Delete Route Tables

The default route table can't be deleted, but custom ones must go before the VPC.

aws ec2 delete-route-table --route-table-id rtb-123456

7. Delete Security Groups

Can only be deleted after dependent resources are gone.

aws ec2 delete-security-group --group-id sg-123456

8. Delete VPC

Last step: fails if any dependencies remain.

aws ec2 delete-vpc --vpc-id vpc-123456

Key points to remember during deletion:

  • NAT Gateway must be deleted before releasing its Elastic IP (AWS won’t allow releasing IPs attached to a NAT Gateway).

  • Wait for NAT Gateway deletion to complete.

  • Internet Gateway must be detached before deletion.

  • Subnets should be deleted before route tables (some route tables may be tied to subnets).


12. Summary

This guide demonstrated how to deploy ownCloud securely using AWS IaaS resources by isolating services across public and private subnets, implementing security best practices, and planning for scalability.

By following this guide, users can reliably deploy ownCloud on AWS in a production-ready environment.


🙌 Final Thoughts

This project was a hands-on journey into building a secure and scalable cloud architecture using AWS — deploying ownCloud from scratch with complete infrastructure setup, security configuration, and service integration.

If you found this helpful or have any suggestions, feel free to connect with me!

I try to regularly post about:

  • ☁️ Cloud Projects (AWS, DevOps, Architecture)

  • 🛠️ Automation & Infrastructure as Code

  • 🚀 Learnings from real-world deployments

Let’s grow together in the cloud journey!


Author: Soham Roy

📎 My LinkedIn Profile: www.linkedin.com/in/sohamroy-cloudopsjournal

1
Subscribe to my newsletter

Read articles from Soham Roy directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Soham Roy
Soham Roy

Hi, I’m Soham Roy—a cloud and DevOps practitioner, passionate about making Cloud(AWS/Azure/GCP) infrastructure and automation accessible to everyone. I write detailed, visual guides on setting up cloud environments, automating operations, and building CI/CD pipelines. My goal: help you master cloud technologies, boost efficiency, and avoid common pitfalls!