SQL Server 2022 Enterprise on AWS User Guide
Overview
This image runs Microsoft SQL Server 2022 Enterprise Edition, the full-featured platform for mission-critical workloads, analytics and high availability at scale. SQL Server is the only workload on the image, so the platform stays lean, predictable and easy to reason about.
Enterprise Edition includes the complete SQL Server feature set with no edition-imposed limits beyond your OS and hardware.
This guide covers the Enterprise delivery option. SQL Server 2022 is also offered in other editions on the same listing -- see the SQL Server 2022 on AWS hub to compare and choose.
SQL Server is installed from the official Microsoft APT repository. The mssql-tools18 package and the sqlcmd command-line utility are preinstalled. SQL Server data and log files live on a dedicated gp3 EBS volume mounted at /var/opt/mssql, separate from the OS disk and independently resizable.
On the first boot of your instance a one-shot service generates a fresh SA password, creates a dedicated cloudimg SQL login, removes the build-time memory cap and writes all credentials to /root/mssql-credentials.txt, a file only root can read. No shared or default credentials ship in the image. SQL Server listens on port 1433 and starts on boot via systemd.
Enterprise edition at a glance: No edition limits beyond OS/hardware: Always On Availability Groups with multiple secondary replicas, in-memory OLTP, columnstore indexes, transparent data encryption and unlimited virtualisation.
This is a headless image. SQL Server has no web interface; you administer it over SSH with sqlcmd and any compatible SQL Server client on port 1433.
Prerequisites
Before you deploy this image you need:
- An Amazon Web Services account where you can launch EC2 instances
- IAM permissions to launch instances, create security groups, and subscribe to AWS Marketplace products
- An EC2 key pair in the target Region for SSH access to the instance
- A VPC and subnet in the target Region, with a security group allowing inbound port 22 from your management network
- The AWS CLI (version 2) installed locally if you plan to deploy from the command line
Recommended instance type: m5.xlarge (4 vCPU, 16 GB RAM) or larger.
Step 1: Launch the Instance from the AWS Marketplace
Sign in to the AWS Management Console, open the EC2 service, and select Launch instance. Under Application and OS Images choose AWS Marketplace AMIs and search for SQL Server 2022. Select the cloudimg listing, choose Select, then on the subscription summary pick the SQL Server 2022 Enterprise on Ubuntu 22.04 delivery option and choose Continue.
Pick an instance type appropriate for your workload (see Prerequisites). Choose your EC2 key pair under Key pair (login). Under Network settings select your VPC and subnet, and a security group allowing inbound port 22 from your management network. Add port 1433 if you want external clients to connect to SQL Server directly. The AMI brings its own data volume; leave the block device mappings at their defaults.
Select Launch instance. First-boot initialisation, which generates the SA password and starts SQL Server, takes a minute or two after the instance state becomes Running and the status checks pass.
Step 2: Launch the Instance from the AWS CLI
Replace <ami-id> with the AMI ID shown on the Marketplace listing for the Enterprise delivery option, and the network/key placeholders with your values:
aws ec2 run-instances \
--image-id <ami-id> \
--instance-type m5.xlarge \
--key-name <key-name> \
--subnet-id <subnet-id> \
--security-group-ids <security-group-id> \
--metadata-options HttpTokens=required \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=mssql-01}]'
The data volume is defined in the AMI, so you do not need to specify it. Retrieve the public address once the instance is running:
aws ec2 describe-instances --instance-ids <instance-id> \
--query "Reservations[].Instances[].PublicIpAddress" --output text
Step 3: Connect over SSH
This delivery option is built on Ubuntu 22.04, so the SSH login user is ubuntu:
ssh ubuntu@<your-instance-ip>
Wait until the instance has passed both EC2 status checks before connecting.
Step 4: Retrieve the Generated SA Password
The first-boot service writes the per-instance credentials to /root/mssql-credentials.txt (root-only):
sudo cat /root/mssql-credentials.txt
The file looks like this, with unique passwords on your instance:
# SQL Server 2022 Enterprise Edition -- Per-Instance Credentials
# Generated: Wed Jun 04 09:00:00 UTC 2026
#
SA_USER=sa
SA_PASSWORD=Sq6b3036366161212d18!fec2e071
CLOUDIMG_USER=cloudimg
CLOUDIMG_PASSWORD=Cle3946a05c9368d3c62!3510bba3
CLOUDIMG_DATABASE=cloudimg
The cloudimg login has db_owner on the cloudimg database and is suitable for application connections.
Step 5: Connect to SQL Server with sqlcmd
SA_PASS=$(sudo grep '^SA_PASSWORD=' /root/mssql-credentials.txt | cut -d= -f2-)
/opt/mssql-tools18/bin/sqlcmd -S 127.0.0.1 -U sa -P "${SA_PASS}" -C
The -C flag trusts the self-signed server certificate. Type GO to run a batch, exit to quit.
Step 6: Verify the Version and Edition
SA_PASS=$(sudo grep '^SA_PASSWORD=' /root/mssql-credentials.txt | cut -d= -f2-)
/opt/mssql-tools18/bin/sqlcmd -S 127.0.0.1 -U sa -P "${SA_PASS}" -C -Q "SELECT @@VERSION"
Output resembles (the edition line reflects this image's Enterprise edition):
Microsoft SQL Server 2022 (RTM-CU25) (KB5054531) - 16.0.4255.1 (X64)
May 20 2026 12:06:45
Copyright (C) 2022 Microsoft Corporation
Enterprise Edition (64-bit) on Linux (Ubuntu 22.04.5 LTS) <X64>
Licensing
This image installs SQL Server Enterprise Edition with evaluation licensing. To license it for production, stop the service, apply your 25-character product key, and restart:
sudo systemctl stop mssql-server
sudo MSSQL_PID='<your-25-char-product-key>' /opt/mssql/bin/mssql-conf -n setup
sudo systemctl start mssql-server
Confirm the edition afterwards with the SERVERPROPERTY('Edition') query in Step 6.
Step 7: Check the SQL Server Service
sudo systemctl status mssql-server --no-pager
Manage the service with sudo systemctl {stop,start,restart} mssql-server.
Step 8: The Data Volume
SQL Server data and log files are stored on a dedicated gp3 EBS volume mounted at /var/opt/mssql, separate from the OS disk:
df -h /var/opt/mssql
lsblk
To grow it, resize the EBS volume in the AWS console, then extend the filesystem on the instance:
sudo resize2fs $(findmnt -no SOURCE /var/opt/mssql)
Step 9: Create a Database and Table
SA_PASS=$(sudo grep '^SA_PASSWORD=' /root/mssql-credentials.txt | cut -d= -f2-)
/opt/mssql-tools18/bin/sqlcmd -S 127.0.0.1 -U sa -P "${SA_PASS}" -C -Q "IF DB_ID('myapp') IS NULL CREATE DATABASE [myapp];"
/opt/mssql-tools18/bin/sqlcmd -S 127.0.0.1 -U sa -P "${SA_PASS}" -C -d myapp -Q "IF OBJECT_ID('customers') IS NULL CREATE TABLE customers (id INT IDENTITY PRIMARY KEY, name NVARCHAR(100), email NVARCHAR(200)); INSERT INTO customers (name,email) VALUES ('Alice Smith','alice@example.com'); SELECT id,name,email FROM customers;"
Step 10: Connect from a Remote Client
SQL Server listens on port 1433. Add port 1433 to the security group, then connect with SSMS, Azure Data Studio, DBeaver or sqlcmd:
/opt/mssql-tools18/bin/sqlcmd -S <your-instance-ip>,1433 -U sa -P "<SA_PASSWORD>" -C
Step 11: Backup and Restore
sudo mkdir -p /var/opt/mssql/backup && sudo chown mssql:mssql /var/opt/mssql/backup
SA_PASS=$(sudo grep '^SA_PASSWORD=' /root/mssql-credentials.txt | cut -d= -f2-)
/opt/mssql-tools18/bin/sqlcmd -S 127.0.0.1 -U sa -P "${SA_PASS}" -C -Q \
"BACKUP DATABASE [cloudimg] TO DISK = N'/var/opt/mssql/backup/cloudimg.bak' WITH INIT, COMPRESSION;"
Troubleshooting
- Will not start:
sudo cat /var/opt/mssql/log/errorlog | tail -50andsudo journalctl -u mssql-server -n 50 --no-pager. - Port 1433 unreachable: check the security group inbound rules.
- Credentials permission denied: the file is root-only; use
sudo. - First-boot did not run:
sudo journalctl -u mssql-firstboot -n 50 --no-pagerandsudo cat /var/log/mssql-firstboot.log.
cloudimg Support
This image is supported by cloudimg. For assistance with SQL Server deployment, configuration, performance tuning, high availability or administration, contact support@cloudimg.co.uk. Support is available 24 hours a day, 7 days a week.