Oracle Database 19c Enterprise User Guide
Overview
This guide covers the deployment and configuration of Oracle Database 19c Enterprise Edition on Linux using cloudimg AMIs from the AWS Marketplace. Oracle Database 19c is the long term support release of the Oracle Database, providing the highest levels of stability and the longest error correction support window. It delivers advanced capabilities including partitioning, OLAP, Advanced Analytics, and Real Application Testing.
What's included in this AMI:
- Oracle Database 19c Enterprise Edition 19.3.0.0.0 (64 bit) installed at /u01
- Preconfigured ORCL sample database ready to start
- Oracle Listener preconfigured on port 1521
- Dedicated oracle OS user with environment scripts
- Helper scripts for starting and stopping the database and listener
- Randomly generated SYSTEM user credentials
- OS package update script for keeping the system current
- AWS CLI v2 for AWS service integration
- Systems Manager Agent (SSM) for remote management
- CloudWatch Agent for monitoring
- Latest security patches applied at build time
- 24/7 cloudimg support with guaranteed 24 hour response SLA
Prerequisites
Before launching this AMI, ensure you have:
- An active AWS account
- An active subscription to the Oracle Database 19c Enterprise listing on AWS Marketplace
- An EC2 key pair for SSH access
- Familiarity with EC2 instance management and SSH
Recommended Instance Type: m5.large (2 vCPU, 8 GB RAM) or larger. The minimum requirements are 1 vCPU, 1 GB RAM, and 20 GB disk space, but Oracle Database benefits significantly from additional memory for production workloads.
Step 1: Launch the AMI
- Navigate to the AWS Marketplace and search for "Oracle Database 19c Enterprise cloudimg"
- Click Continue to Subscribe, accept the terms, then Continue to Configuration
- Select your preferred Region and Software Version
- Click Continue to Launch
- Choose Launch through EC2 for full control over instance configuration
- Select your instance type (
m5.largerecommended) - Configure storage: 20 GB gp3 minimum for root volume, plus the dedicated /u01 Oracle volume
- Configure your Security Group with the following inbound rules:
| Port | Protocol | Source | Purpose |
|---|---|---|---|
| 22 | TCP | Your IP | SSH access |
| 1521 | TCP | Your IP | Oracle Database Listener port |
Important: Restrict port 1521 to trusted application servers or your IP only. Do not open the Oracle Listener port to the public internet.
- Select your EC2 key pair and launch the instance
Step 2: Connect via SSH
Once your instance is running and has passed both status checks (2/2), connect using SSH:
ssh -i your-key.pem ec2-user@<public-ip-address>
To switch to the root user:
sudo su -
Important: Wait for the EC2 instance to reach 2/2 successful status checks before connecting. Early connection attempts may produce permission denied errors while the instance is still initialising.
Step 3: Switch to the Oracle User
The Oracle software is owned by the dedicated oracle OS user. Switch to this user to manage the database. Please type this command rather than copying and pasting:
sudo su - oracle
Three scripts are available in the oracle user's home directory:
- setEnv.sh sets the Oracle environment variables, enabling utilities such as sqlplus
- start_all.sh starts the ORCL sample database and its associated Oracle Listener
- stop_all.sh stops the ORCL sample database and its associated Oracle Listener
Step 4: Start the Oracle Database and Listener
Run the following commands as the oracle user to start the sample database and listener:
cd $HOME
. ./start_all.sh
Expected output:
LSNRCTL for Linux: Version 19.0.0.0.0 - Production
Starting /u01/app/oracle/product/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 19.0.0.0.0 - Production
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ip-x-x-x-x.ec2.internal)(PORT=1521)))
The command completed successfully
SQL*Plus: Release 19.0.0.0.0 Production
Connected to an idle instance.
SQL> ORACLE instance started.
Database mounted.
Database opened.
Step 5: Connect with SQL*Plus
Set the Oracle environment variables and launch SQL*Plus:
cd $HOME
. ./setEnv.sh
sqlplus / as sysdba
Expected output:
SQL*Plus: Release 19.0.0.0.0 Production
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Release 19.3.0.0.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL>
Type EXIT to leave the SQL*Plus session.
Step 6: Connect Remotely with SQL Developer
To connect to the database from an external tool such as SQL Developer, use the following connection settings:
| Setting | Value |
|---|---|
| Database Type | Oracle |
| Authentication Type | Default |
| Username | SYSTEM |
| Password | See credentials file below |
| Connection Type | Basic |
| Hostname | Your instance public IP |
| Port | 1521 |
| Service Name | orcl.us.oracle.com |
Note: To retrieve the SYSTEM user password, refer to the randomly generated credentials file at /stage/scripts/oracle-database-credentials.log.
Server Components
| Component | Version | Install Path |
|---|---|---|
| Oracle Database 19c Enterprise | 19.3.0.0.0 | /u01 |
Note: Component versions may be updated on first boot by the automatic OS package update script.
Filesystem Layout
| Mount Point | Size | Description |
|---|---|---|
| / | 38 GB | Root filesystem |
| /boot | 2.0 GB | Operating system kernel files |
| /u01 | 20 GB | Oracle software installation directory |
Key Oracle directories:
| Directory | Purpose |
|---|---|
| /u01/app/oracle | Oracle base directory |
| /u01/app/oracle/product | Oracle software home |
| /u01/app/oracle/product/network/admin | Listener and TNS configuration files |
| /u01/app/oracle/diag | Oracle diagnostic and alert log files |
Managing the Oracle Database
The Oracle Database is managed using shell scripts provided in the oracle user's home directory. The database does not use systemd services.
Start the database and listener:
sudo su - oracle
cd $HOME
. ./start_all.sh
Stop the database and listener:
sudo su - oracle
cd $HOME
. ./stop_all.sh
Check listener status:
sudo su - oracle
cd $HOME
. ./setEnv.sh
lsnrctl status
Scripts and Log Files
| Script/Log | Path | Description |
|---|---|---|
| initial_boot_update.sh | /stage/scripts | Updates the OS with the latest packages on first boot |
| initial_boot_update.log | /stage/scripts | Output log for the boot update script |
| oracle-database-credentials.log | /stage/scripts | Oracle Database SYSTEM user credentials |
| setEnv.sh | /home/oracle | Sets Oracle environment variables for sqlplus and other tools |
| start_all.sh | /home/oracle | Starts the ORCL database and Oracle Listener |
| stop_all.sh | /home/oracle | Stops the ORCL database and Oracle Listener |
On Startup
An OS package update script runs on first boot to ensure the image is fully up to date. You can disable this by removing the script and its crontab entry:
rm -f /stage/scripts/initial_boot_update.sh
crontab -e
# Delete the following line, save and exit:
@reboot /stage/scripts/initial_boot_update.sh
Troubleshooting
Cannot connect via SSH
- Verify the instance has reached 2/2 status checks in the EC2 console
- Confirm your security group allows inbound TCP port 22 from your IP
- Ensure you are using the correct key pair and connecting as
ec2-user
Oracle Listener fails to start
- Switch to the oracle user:
sudo su - oracle - Source the environment:
. ./setEnv.sh - Check listener status:
lsnrctl status - Review the listener log at
/u01/app/oracle/diag/tnslsnr/<hostname>/listener/alert/log.xml - Verify port 1521 is not in use by another process:
netstat -tlnp | grep 1521
Database fails to start
- Switch to the oracle user and source the environment
- Connect to sqlplus:
sqlplus / as sysdba - Check the instance status:
SELECT STATUS FROM V\$INSTANCE; - Try starting manually:
STARTUP; - Review the alert log at
/u01/app/oracle/diag/rdbms/orcl/ORCL/trace/alert_ORCL.log
Cannot connect remotely on port 1521
- Verify the Oracle Listener is running:
lsnrctl status - Confirm your security group allows inbound TCP port 1521 from your IP
- Test connectivity:
telnet <instance-ip> 1521 - Check that the listener.ora file references the correct hostname
Security Recommendations
- Restrict port access: Only allow port 1521 from trusted application servers or specific IP addresses
- Change default passwords: Update the SYSTEM and SYS user passwords immediately after first login
- Use strong passwords: Ensure all database user passwords meet complexity requirements
- Enable auditing: Configure Oracle Database auditing to track access and changes
- Encrypt connections: Configure Oracle Net Services to use SSL/TLS encryption for client connections
- Limit OS access: Restrict SSH access to authorised administrators only
- Review user privileges: Remove unnecessary grants and follow the principle of least privilege
- Keep the system updated: Apply Oracle Critical Patch Updates and OS security patches regularly
Support
If you encounter any issues with this product, contact cloudimg support:
- Email: support@cloudimg.co.uk
- Website: www.cloudimg.co.uk
- Support hours: 24/7 with guaranteed 24 hour response SLA