Milvus on AWS User Guide
Overview
This image runs Milvus on AWS, the high performance open source cloud native vector database built for similarity search and AI applications. Milvus stores, indexes and searches embedding vectors with low latency, powering retrieval augmented generation, semantic search, recommendation, image and video search and anomaly detection. The image is delivered as the official Milvus standalone stack: three containers, the etcd metadata store, the MinIO object backend and the Milvus standalone server, orchestrated by Docker Compose and run by a systemd service that starts on boot.
This is a headless vector database. There is no web login interface. The Milvus server listens for SDK clients on the gRPC port 19530 and serves the built-in WebUI, metrics and health endpoints on port 9091. Authentication is enabled out of the box, and on the first boot of your instance a one shot service rotates the database root password to a value unique to that instance, then writes it to a root only file. Open port 19530 (and optionally 9091) in your own security group to reach the database from your application.
The etcd metadata store, the MinIO object data and the Milvus segment data all live on a dedicated, independently resizable data volume mounted at /var/lib/milvus, so the stateful tier sits on durable storage rather than the operating system disk and can be grown or snapshotted independently.
What is included:
- Milvus standalone from the official pinned
milvusdb/milvusimage, plus the etcd and MinIO backends - Docker Engine and the Docker Compose plugin from the official
download.docker.comrepository milvus.servicesystemd unit auto-starting the Compose stack on bootmilvus-firstboot.servicesystemd oneshot that rotates the root password and MinIO secret per instance- A
pymilvusclient in a virtual environment at/opt/milvus/venv - Listeners: gRPC
19530(SDK), HTTP9091(metrics, health and WebUI); internal etcd on loopback only - Dedicated data volume mounted at
/var/lib/milvusholding the etcd, MinIO and Milvus data - 24/7 cloudimg support
Prerequisites
Before you deploy this image you need:
- An Amazon Web Services account where you can launch EC2 instances
- IAM permissions to launch instances, create security groups, and subscribe to AWS Marketplace products
- An EC2 key pair in the target Region for SSH access to the instance
- A VPC and subnet in the target Region, with a security group allowing inbound port 22 from your management network
- The AWS CLI (version 2) installed locally if you plan to deploy from the command line
Step 1: Launch the Instance from the AWS Marketplace
Sign in to the AWS Management Console, open the EC2 service, and select Launch instance. Under Application and OS Images choose AWS Marketplace AMIs and search for Milvus by cloudimg. Select the cloudimg listing and choose Select, then Continue on the subscription summary. Pick m5.xlarge (4 vCPU / 16 GiB RAM) or larger, since the vector index build is memory intensive. Choose your EC2 key pair, and under Network settings select a security group that allows inbound port 22 from your management network. Select Launch instance.
First boot initialisation brings the stack up once to rotate the root password and the object store secret, then starts the database for normal use; this takes a few minutes after the instance is created.
Step 2: Launch the Instance from the AWS CLI
Replace the angle-bracket placeholders with your own values.
aws ec2 run-instances \
--image-id <ami-id> \
--instance-type m5.xlarge \
--key-name <key-name> \
--subnet-id <subnet-id> \
--security-group-ids <security-group-id> \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=milvus-01}]'
When the instance is running, note its public IP address with aws ec2 describe-instances --instance-ids <instance-id> --query "Reservations[].Instances[].PublicIpAddress" --output text.
Step 3: Connect to your Instance
Connect over SSH with your key. The SSH login user depends on the operating system of the AMI variant you launched:
| AMI variant | SSH login user |
|---|---|
| Milvus on Ubuntu 24.04 | ubuntu |
ssh -i <path-to-key>.pem ubuntu@<instance-ip>
A welcome banner prints the most useful commands. The per instance credentials live in a root only file, described in Step 5.
Step 4: Verify the Stack
Milvus runs as a system service that brings the Docker Compose stack up on boot. Confirm the service and the Docker engine are active:
systemctl is-active milvus docker
Both print active. List the three running containers and confirm each is healthy:
sudo docker ps --format 'table {{.Names}}\t{{.Status}}'
You should see milvus-standalone, milvus-minio and milvus-etcd, each reporting (healthy). The Milvus server exposes a built-in HTTP health endpoint on loopback port 9091; it returns OK when the database is ready to serve:
curl -s http://127.0.0.1:9091/healthz

Step 5: Retrieve the Rotated Root Credentials
Authentication is enabled, and the database root password was rotated to a value unique to this instance on first boot. Read the credentials file, which only the root user can read:
sudo cat /root/milvus-credentials.txt
The file lists the root user, the rotated milvus.root.pass, the SDK endpoint on port 19530 and the WebUI URL on port 9091. Keep this password safe: it is the administrator credential for your vector database. No shared or default credentials ship in the image.

Step 6: Connect with pymilvus
The image ships a Python virtual environment with the pymilvus client at /opt/milvus/venv, which you can use directly on the instance, and you can install pymilvus into your own application environment the same way. The following self test reads the rotated root password from the credentials file and lists the collections over the authenticated gRPC API, printing OK on success:
PASS=$(sudo grep '^milvus.root.pass=' /root/milvus-credentials.txt | cut -d= -f2-)
sudo /opt/milvus/venv/bin/python -c "from pymilvus import MilvusClient; print(MilvusClient(uri='http://127.0.0.1:19530', token='root:'+'$PASS').list_collections()); print('OK')"

From your own application, connect to the gRPC endpoint with the root user and the rotated password. Open port 19530 in the instance's security group first (see Step 9), then point your client at the instance public IP. A typical pymilvus session that creates a collection, inserts embedding vectors, builds an index and runs an approximate nearest neighbour search looks like this:
from pymilvus import MilvusClient, DataType
client = MilvusClient(
uri="http://<instance-ip>:19530",
token="root:<password>", # from /root/milvus-credentials.txt
)
schema = client.create_schema(auto_id=False, enable_dynamic_field=True)
schema.add_field("id", DataType.INT64, is_primary=True)
schema.add_field("vector", DataType.FLOAT_VECTOR, dim=8)
index_params = client.prepare_index_params()
index_params.add_index(field_name="vector", index_type="IVF_FLAT",
metric_type="L2", params={"nlist": 128})
client.create_collection("documents", schema=schema, index_params=index_params)
client.insert("documents", [
{"id": 1, "vector": [0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8], "title": "hello"},
])
client.load_collection("documents")
hits = client.search("documents", data=[[0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8]],
anns_field="vector", limit=5, output_fields=["title"])
print(hits)
Milvus supports dense and sparse vectors, hybrid search, scalar metadata filtering and a rich set of index and metric types (IVF, HNSW, DiskANN and more), so you can tune for recall, latency and cost.

Step 7: The WebUI
Milvus serves a built-in WebUI on the HTTP port 9091 at /webui/ for inspecting collections, segments, queries and database health. To reach it from your browser, open port 9091 in the instance's security group and browse to http://<instance-ip>:9091/webui/. The WebUI is read oriented and complements the SDK; all data operations go through the gRPC API on port 19530.
Step 8: The Data Volume
The etcd metadata store, the MinIO object data and the Milvus segment data all live on a dedicated data volume mounted at /var/lib/milvus. This keeps the stateful tier off the operating system disk and lets you resize or snapshot the volume independently. Confirm the mount and its layout:
df -h /var/lib/milvus
ls /var/lib/milvus
You will see the etcd, minio and milvus subdirectories that hold the metadata, object and segment data. To grow the volume, expand the EBS volume in the AWS console (or with aws ec2 modify-volume), then grow the filesystem on the instance with sudo resize2fs on the underlying device. The whole stack is managed by the milvus.service systemd unit; restart it with sudo systemctl restart milvus after any maintenance.
Step 9: Open the SDK Port to your Application
To reach Milvus from your application, open the gRPC SDK port 19530 (and optionally 9091 for the WebUI and metrics) to your trusted application subnet. Never expose the internal etcd port 2379 - it is bound to loopback inside the instance and must stay private.
aws ec2 authorize-security-group-ingress \
--group-id <security-group-id> \
--protocol tcp --port 19530 \
--cidr <your-application-subnet-cidr>
Restrict the source of the rule to your application subnet rather than the public internet, and prefer a private subnet with TLS termination for any production exposure.
Step 10: Maintenance
Restart the stack or tail the server logs:
sudo systemctl restart milvus.service
sudo docker logs milvus-standalone --tail 50
Automatic security updates remain enabled in the image, so OS security patches continue to be applied automatically on your instance.
Support
This image is published and supported by cloudimg with 24/7 support. Support covers deployment, collection and index design, embedding ingestion, search tuning, metadata filtering, scaling, backups, client integration and upgrade planning. Contact cloudimg through the support channel listed on the AWS Marketplace listing.
Milvus is a trademark of LF Projects, LLC. All other product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.