DefectDojo AWS Launch Guide

Prerequisite: Ensure DNS Hostnames are enabled for your VPC

DefectDojo uses the AWS hostname assigned by your VPC for encryption. You can ensure this setting is enabled by:

1. Navigating https://console.aws.amazon.com/vpc.


2. Click “VPCs" => “Actions" => “Edit DNS hostnames"

Verify that the checkbox is enabled for “DNS host names".


Launching the AMI

Navigate to: https://aws.amazon.com/marketplace/pp/prodview-m2a25gr67xbzk


Click the yellow “Continue to Subscribe"


Review the terms and click “Accept Terms"

Refresh the page until the “Continue to Configuration" button becomes enabled.

Click “Continue to Configuration"


Select your preferred region and click “Continue to Launch"




Scroll down to Security Group Settings and click on “Create New Based on Seller Settings"


Scroll down to Security Group Settings and click on “Create New Based on Seller Settings"

Fill in Name and Description.

Change the source for all firewall rules to “My IP" or the IP range your corporation.

Click “Save".



Select the appropriate key pair and click “Launch"


Click on the blue “EC2 Console" text.


Click on “EC2 Console"

Wait from the VM to finish initializing.

Click “Open Address" under Public IPv4 DNS.


This will open the web installer that initially has a self-signed cert.

Click “Advanced".


Click “Proceed to ec2-host-info".


Click “Start Installation".


Fill in the information for the admin user and click "Next".



You may choose to proceed with configuring a Let's Encrypt Certificate or continuing with the self-signed TLS certificate.

Once you are happy with your TLS setup click “Begin Installation"



You may choose to proceed with configuring a Let's Encrypt Certificate or continuing with the self-signed TLS certificate.

Once you are happy with your TLS setup click “Begin Installation"



For username enter “admin" along with the password you specified on the install page



Congratulations! You're up and running with DefectDojo!

Support Tiers

Annual Subscriptions
Plan hours may be used on remote support or feature development

Community Support

Support from the Community via OWASP Slack.

What’s included:
Community Based Discussion.
Commercial Support

Support directly from the creators of DefectDojo.

What’s included:
Response time SLA.
Bug Fixes.
Feature Enhancements.
Best Practice Advise.