Machine Learning AWS

Langflow on AWS User Guide

| Product: Langflow on AWS

Overview

This image runs Langflow 1.9, the open source low-code visual builder for AI agents, chatbots and retrieval augmented generation (RAG) applications, on Ubuntu 24.04 LTS. Langflow is installed into a dedicated Python virtual environment under /opt/langflow on the Python 3.12 runtime and is run by an unprivileged langflow system account under a systemd service that starts it on boot and restarts it on failure.

Langflow listens on the loopback address 127.0.0.1:7860 by design and is never exposed directly. nginx is installed as a reverse proxy on port 80 that forwards every request to Langflow, with the WebSocket and streaming upgrade headers Langflow needs to stream flow output and a raised upload limit for file ingestion. Visitors reach the application on the standard HTTP port.

Langflow ships with authentication disabled out of the box. This image instead requires login: it sets LANGFLOW_AUTO_LOGIN=false and creates a single administrator account named admin. On the first boot of every deployed instance a one-shot service rotates the administrator password, and the key used to encrypt the credentials you store in your flows, to fresh per-instance secrets and writes the password to /root/langflow-credentials.txt (mode 0600, readable only by root). Two instances launched from the same AMI never share a password.

The persistent data (the SQLite database, your saved flows, file uploads and the encryption key) lives under /var/lib/langflow on a dedicated, independently resizable EBS data volume. Langflow calls out to an external language model endpoint that you configure (OpenAI, Anthropic, Amazon Bedrock, or a self hosted model), so the image is CPU only and ships no model weights.

The default security group for this listing opens port 22 (SSH) and port 80 (HTTP) only.

Prerequisites

  • An AWS account subscribed to this product in AWS Marketplace.
  • An EC2 key pair in your target region for SSH access.
  • A security group allowing inbound TCP 22 (SSH) from your IP and TCP 80 (HTTP) from your users.
  • Recommended instance type: m5.large or larger (Langflow benefits from at least 8 GB RAM for production workloads).
  • An API key or endpoint for the language model provider you intend to use.

Connecting to your instance

SSH in as the default login user for your operating system variant, using the key pair you launched with.

OS variant Login user Example
Ubuntu 24.04 ubuntu ssh -i your-key.pem ubuntu@<instance-public-ip>

Step 1 - Launch from the AWS Marketplace console

  1. Open the product page in AWS Marketplace and choose Continue to Subscribe, then Continue to Configuration.
  2. Select the Langflow 1.9 on Ubuntu 24.04 delivery option and your region, then Continue to Launch.
  3. Choose your instance type, VPC/subnet, key pair and the security group described above, and launch.

Step 2 - Launch from the AWS CLI

Replace the AMI ID with the one shown on the product's launch page for your region, and use your own key pair and security group.

aws ec2 run-instances \
  --image-id ami-xxxxxxxxxxxxxxxxx \
  --instance-type m5.large \
  --key-name your-key \
  --security-group-ids sg-xxxxxxxx \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=langflow}]'

Step 3 - Connect to your instance

ssh -i your-key.pem ubuntu@<instance-public-ip>

Step 4 - Confirm the services are running

Both langflow.service and nginx.service should be active. Langflow listens on loopback 127.0.0.1:7860; nginx listens on 0.0.0.0:80 and proxies to it.

systemctl is-active langflow.service nginx.service
ss -tln | grep -E ':80 |:7860 '
curl -s http://127.0.0.1/health

Expected output:

active
active
LISTEN 0      511          0.0.0.0:80        0.0.0.0:*
LISTEN 0      2048       127.0.0.1:7860      0.0.0.0:*
LISTEN 0      511             [::]:80           [::]:*
{"status":"ok"}

Step 5 - Retrieve your per-instance credentials

The administrator password is generated on first boot and stored in a root-only file:

sudo cat /root/langflow-credentials.txt

# Langflow - generated on first boot by langflow-firstboot.service
# These credentials are unique to this VM. Store them somewhere safe.

LANGFLOW_URL=http://<instance-public-ip>/
LANGFLOW_SUPERUSER=admin
LANGFLOW_SUPERUSER_PASSWORD=<your-unique-password>

The username is admin. Configuration lives in /etc/langflow/langflow.env and the data under /var/lib/langflow.

Step 6 - Open Langflow and sign in

Browse to http://<instance-public-ip>/ and sign in as admin with the password from Step 5.

Langflow login page served over nginx on port 80

Step 7 - Build your first flow

After signing in you land on the Flows dashboard. Choose New Flow and start from a template (for example Basic Prompting or Simple Agent) or a blank canvas.

Langflow flows dashboard after signing in

Drag components onto the canvas and connect them - a chat input, a model component, a prompt, and a chat output - to assemble a working flow. Use the Playground to chat with your flow and iterate.

Building a flow on the Langflow visual canvas

Step 8 - Connect a model provider and serve your flow

Langflow ships no model weights and calls out to the model endpoint you configure. In your model component, paste your provider API key (OpenAI, Anthropic, Amazon Bedrock, or the base URL of a self hosted model). Keys you enter are encrypted at rest with the per-instance key generated on first boot.

Every flow is also an API. Retrieve an access token and call the API from your application:

PASS=$(sudo grep '^LANGFLOW_SUPERUSER_PASSWORD=' /root/langflow-credentials.txt | cut -d= -f2-)
curl -s -X POST http://127.0.0.1/api/v1/login \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'username=admin' --data-urlencode "password=$PASS" \
  | python3 -c "import sys,json; print('token_type:', json.load(sys.stdin)['token_type'])"

token_type: bearer

The Langflow UI shows the ready-made curl and Python snippets for running each flow under the flow's API menu.

Step 9 - Confirm the runtime

/opt/langflow/venv/bin/langflow --version

langflow 1.9.6

Enabling HTTPS

TLS is not enabled by default. Terminate TLS at an upstream Application Load Balancer or Amazon CloudFront, or obtain a certificate directly on the instance with certbot:

sudo apt-get update && sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.example.com

certbot edits the nginx site at /etc/nginx/sites-available/cloudimg-langflow to add the TLS listener and arranges automatic renewal.

Backup and maintenance

  • All Langflow state lives under /var/lib/langflow on its own EBS volume. Snapshot that volume, or copy the SQLite database and flows directory, to back up your flows and stored credentials.
  • The volume is independently resizable: grow it in the EC2 console, then sudo resize2fs /dev/nvme1n1 (or the device shown by lsblk).
  • Restart the application with sudo systemctl restart langflow.service; logs are in the journal: sudo journalctl -u langflow.service.
  • Configuration is in /etc/langflow/langflow.env. After editing it, restart langflow.service.

Support

cloudimg provides 24/7 technical support for this image by email and chat, covering Langflow deployment, connecting language model and vector store providers, building agent and RAG flows, serving flows through the API, TLS termination and scaling. Contact details are on the AWS Marketplace listing.