Databases AWS

Weaviate on AWS User Guide

| Product: Weaviate on AWS

Overview

This image runs Weaviate 1.38, the open source vector database for AI - store objects with their vector embeddings and run fast semantic, keyword and hybrid search over GraphQL and REST APIs - on Ubuntu 24.04 LTS. Weaviate is installed under /opt/weaviate from the official release binary and run by an unprivileged weaviate system account under a systemd service that starts the database on boot and restarts it on failure.

The server listens on the loopback address 127.0.0.1:8080 (REST + GraphQL) and is never exposed directly. nginx fronts it on port 80. The unauthenticated readiness probe under /v1/.well-known/ is open; the data APIs require the API key.

Anonymous access is disabled and API-key authentication is enabled. On the first boot of every deployed instance a one-shot service generates a fresh API key, unique to that instance, and writes it to /root/weaviate-credentials.txt (mode 0600, root only). Persistent data lives under /var/lib/weaviate on a dedicated, independently resizable EBS data volume.

The image ships no embedding model and is CPU only - bring your own vectors or configure an external vectorizer. The default security group opens port 22 (SSH) and port 80 (HTTP) only.

Prerequisites

  • An AWS account subscribed to this product in AWS Marketplace.
  • An EC2 key pair in your target region for SSH access.
  • A security group allowing inbound TCP 22 (SSH) from your IP and TCP 80 (HTTP) from your users.
  • Recommended instance type: m5.large or larger.

Connecting to your instance

OS variant Login user Example
Ubuntu 24.04 ubuntu ssh -i your-key.pem ubuntu@<instance-public-ip>

Step 1 - Launch from the AWS Marketplace console

  1. Open the product page in AWS Marketplace and choose Continue to Subscribe, then Continue to Configuration.
  2. Select the Weaviate 1.38 on Ubuntu 24.04 delivery option and your region, then Continue to Launch.
  3. Choose your instance type, VPC/subnet, key pair and the security group described above, and launch.

Step 2 - Launch from the AWS CLI

aws ec2 run-instances \
  --image-id ami-xxxxxxxxxxxxxxxxx \
  --instance-type m5.large \
  --key-name your-key \
  --security-group-ids sg-xxxxxxxx \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=weaviate}]'

Step 3 - Connect to your instance

ssh -i your-key.pem ubuntu@<instance-public-ip>

Step 4 - Confirm the services are running

systemctl is-active weaviate.service nginx.service
ss -tln | grep -E ':80 |:8080 '
curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/v1/.well-known/ready

Expected output:

active
active
LISTEN 0      4096       127.0.0.1:8080       0.0.0.0:*
LISTEN 0      511          0.0.0.0:80         0.0.0.0:*
LISTEN 0      511             [::]:80            [::]:*
200

Weaviate running on the cloudimg AMI - services active, readiness 200, API-key auth enforced

Step 5 - Retrieve your API key

sudo cat /root/weaviate-credentials.txt

# Weaviate - generated on first boot by weaviate-firstboot.service
WEAVIATE_URL=http://<instance-public-ip>/
WEAVIATE_API_KEY=cloudimg-<your-unique-key>

Step 6 - Call the API

The readiness probe is open; data APIs require the key as a Bearer token. Confirm the server version:

KEY=$(sudo grep '^WEAVIATE_API_KEY=' /root/weaviate-credentials.txt | cut -d= -f2-)
curl -s -H "Authorization: Bearer $KEY" http://127.0.0.1/v1/meta | python3 -c "import sys,json; print('version:', json.load(sys.stdin)['version'])"

version: 1.38.0

A request without the key is rejected:

curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/v1/schema

401

Step 7 - Create a collection and add objects

Point the Weaviate client at the instance, or use REST. Create a collection (class), then add objects with your own vectors:

curl http://<instance-public-ip>/v1/schema -H "Authorization: Bearer $KEY" \
  -H 'Content-Type: application/json' \
  -d '{"class":"Article","vectorizer":"none"}'

curl http://<instance-public-ip>/v1/objects -H "Authorization: Bearer $KEY" \
  -H 'Content-Type: application/json' \
  -d '{"class":"Article","properties":{"title":"Hello"},"vector":[0.1,0.2,0.3]}'

Query with GraphQL at /v1/graphql, including nearVector semantic search and hybrid search. The image bundles Weaviate's vectorizer and generative modules (OpenAI, Cohere, AWS Bedrock, Google, Hugging Face and more) - enable one by setting DEFAULT_VECTORIZER_MODULE and the provider API key in /etc/weaviate/weaviate.env, then restart.

Production notes

  • Configure a vectorizer/generative module and its provider key in /etc/weaviate/weaviate.env, then sudo systemctl restart weaviate.service.
  • The gRPC API is available on port 50051 for high-throughput clients; open it in the security group if needed.

Enabling HTTPS

sudo apt-get update && sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d your-domain.example.com

certbot edits the nginx site at /etc/nginx/sites-available/cloudimg-weaviate to add the TLS listener and arranges automatic renewal.

Backup and maintenance

  • All Weaviate data lives under /var/lib/weaviate on its own EBS volume. Snapshot that volume, or configure Weaviate's backup module to S3, to back up collections and vectors.
  • The API key is in /etc/weaviate/weaviate.env (AUTHENTICATION_APIKEY_ALLOWED_KEYS).
  • Restart with sudo systemctl restart weaviate.service; logs: sudo journalctl -u weaviate.service.

Support

cloudimg provides 24/7 technical support for this image by email and chat, covering Weaviate deployment, schema and collection design, vectorizer and module configuration, backups, TLS termination and scaling. Contact details are on the AWS Marketplace listing.