Installing Rocket.Chat on AWS from AWS Marketplace

Here we will guide you through installing in AWS in an EKS cluster using our AWS Marketplace container.

Recent webinar demoing this process



First we need to bring up a kubernetes cluster. So we will bring it up in AWS kubernetes offering called eks. To do this we will use a tool called eksctl which is recommended by eksworkshop

eksctl create cluster --name=your-eks-cluster --region=us-west-2

This takes from 15-20 minutes. So go grab a cup of coffee or something.

Once that’s finished we need to get things setup for helm. Starting somewhere around Kubernetes 1.9 RBAC is enabled by default with most kubernetes providers. Its enabled by default in EKS.

So we need to install service account to allow helm to operate correctly. More info about that here

Create a file called tiller-rbac.yaml with contents of:

apiVersion: v1
kind: ServiceAccount
  name: tiller
  namespace: kube-system
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
  name: tiller
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

Next we we need to insert this into kubernetes with:

kubectl apply -f tiller-rbac.yaml

Now that the service role is in place we need to initialize tiller with this service account.

helm init --service-account tiller

Now that helm has finished successfully we can install traefik. Traefik is a reverse proxy / load balancer with support for kubernetes ingress. It will automatically discover ingress rules defined inside your cluster and handle routing of traffic in your cluster to those services. Pretty neat!

helm install stable/traefik --name traefik --namespace kube-system --set rbac.enabled=true

Like mentioned above RBAC is enabled so in this command we set a flag that caused the helm chart to create rbac rules for traefik automatically.

Some optional flags you can add to the above command:

  • –set acme.enabled=true - this will enable letsencrypt
  • –set acme.email=youremail - this sets the email to use with it

Give it a few seconds and then run:

kubectl -n kube-system get svc

You might have to run it a few times, but after a while you will you will get output that looks something like:


Take that and create a CNAME for with your desired domain pointing to that address.

Now finally lets go subscribe to our image from AWS Marketplace.

After you pick which one you need to click “Continue to Subscribe”

It will take a little bit to process. Might have to refresh the page a few times. Alternatively you can wait on an email they send when its finished.

Once that is finished you can click “Continue to Configuration”

You can choose the version of Rocket.Chat you wish to use.

Then click “Continue to Launch”

Towards the bottom of this page you will see: “View Container Image Details” Click that.


Copy the image path given at the bottom.

Now we are ready to plug in a few things and run our helm install:

  • mongodb.mongodbPassword - make sure to set to your own password
  • repo - use the repo part of the container image path you copied earlier.

Example of image path


The repo part of it is everything before :

  • tag - use the part of the image path after the : In our case 0.71.1-latest
  • host - set to the hostname you plan to use
helm install --name=rc \
--set mongodb.mongodbUsername=rocketchat \
--set mongodb.mongodbPassword=superSecure \
--set mongodb.mongodbDatabase=rocketchat \
--set repo=217273820646.dkr.ecr.us-east-1.amazonaws.com/046e16ad-a193-4c5b-9f1f-d2619d9c5cd6/cg-1684305143/rocket.chat.enterprise \
--set tag=0.71.1-latest \
--set ingress.enabled=true \
--set host=your-hostname.your-domain.com \
--set ingress.annotations."kubernetes\.io/ingress\.class"=traefik \

Now after this runs you can run:

kubectl get pods -w

And watch until both rc-mongodb and rc-rocketchat are both running.

Rocket.Chat should now be externally available!


Rocket.Chat isn’t responding

Try running:

kubectl logs -f deployment/rc-rocketchat

You should be able to see the logs and see if something happened to keep it from starting.