Setting Up an AWS EC2 CentOS Instance: 2026 Complete Guide

Setting Up an AWS EC2 CentOS Instance: A Comprehensive Guide

Setting up a cloud server can feel overwhelming, especially when you need to host websites with a control panel like cPanel. If you are looking to deploy an AWS EC2 CentOS instance for web hosting, this guide walks you through the entire process — from launching the instance and assigning static IP addresses to installing and configuring cPanel. I have managed multiple AWS EC2 CentOS servers over the years for web hosting, and I will share the exact steps along with critical security best practices and updated recommendations for 2026.

Important update: CentOS 7 reached end-of-life on June 30, 2024, meaning it no longer receives security patches or updates. While this guide covers the traditional AWS EC2 CentOS setup process, I strongly recommend using AlmaLinux 9 or Rocky Linux 9 as your operating system instead. Both are fully compatible with CentOS workflows and are supported by cPanel. I will cover these alternatives in detail below.

CentOS 7 End-of-Life: Why You Should Use AlmaLinux or Rocky Linux

Before diving into the setup process, there is a critical change you need to be aware of. CentOS 7 reached its official end-of-life (EOL) on June 30, 2024. This means Red Hat no longer provides security patches, bug fixes, or updates for CentOS 7. Running an AWS EC2 CentOS 7 instance in production today exposes your server to unpatched vulnerabilities and potential security breaches.

Additionally, cPanel has blocked new installations on CentOS 7 starting from version 112. The last supported cPanel branch for CentOS 7 was LTS 110. If you are setting up a new server, you should use one of the following RHEL-compatible alternatives that work identically with cPanel and follow the same command structure you are familiar with from CentOS.

AlmaLinux 9 is my top recommendation. It was created by CloudLinux specifically to replace CentOS, and it has become the most widely adopted alternative in the web hosting industry. cPanel has officially recommended AlmaLinux 9 as the preferred operating system, and it provides full RHEL compatibility with long-term support through 2032. As of late 2025, cPanel also announced that it will discontinue support for Rocky Linux starting with version 134 (scheduled for March 2026), making AlmaLinux the clear choice for new installations.

Rocky Linux 9 is another solid option, especially if your server runs cPanel version 133 or earlier. Founded by Gregory Kurtzer, the original CentOS co-founder, Rocky Linux offers 1:1 binary compatibility with RHEL. However, keep in mind the upcoming cPanel deprecation mentioned above.

OS Comparison: CentOS vs AlmaLinux vs Rocky Linux vs Amazon Linux

Feature	CentOS 7	AlmaLinux 9	Rocky Linux 9	Amazon Linux 2023
Status	EOL (June 2024)	Active, supported	Active, supported	Active, supported
RHEL Compatibility	1:1 binary	ABI compatible	1:1 binary	RHEL-derived
cPanel Support	Blocked (v112+)	Full (v110+)	Until v133	Not supported
Long-Term Support	Ended	Until 2032	Until 2032	Until 2028
AWS Marketplace	Legacy only	Available	Available	Pre-installed
Best For	Migration only	Web hosting with cPanel	HPC and enterprise	AWS-native workloads

If you do not need cPanel and prefer an AWS-optimized experience, Amazon Linux 2023 is worth considering. It provides excellent integration with AWS services and receives long-term support. However, it does not support cPanel, so it is not suitable for this particular guide. For more insights on cloud infrastructure and digital transformation in the cloud, check out my detailed breakdown.

Prerequisites Before You Start

Before launching your AWS EC2 CentOS (or AlmaLinux) instance, make sure you have the following ready:

AWS account — Sign up at aws.amazon.com if you do not already have one.
A registered domain name — Your hostname for cPanel must be a fully qualified domain name (FQDN), such as cpanel.yourdomain.com.
SSH client — PuTTY for Windows, or the built-in Terminal on macOS and Linux. You can also use the AWS EC2 Instance Connect feature directly in your browser.
Basic Linux knowledge — Familiarity with terminal commands like cd, ls, and using a text editor (nano or vi).
A valid cPanel license — cPanel offers a 15-day free trial for new installations. After that, you will need a paid license.

Understanding AWS Free Tier and Instance Costs

AWS offers a Free Tier for new accounts that can help you get started without upfront costs. For accounts created before July 15, 2025, the Free Tier includes 750 hours per month of t2.micro or t3.micro instances for the first 12 months. For accounts created on or after July 15, 2025, AWS offers a broader selection including t3.micro, t3.small, t4g.micro, and t4g.small instances for 6 months.

For a cPanel web hosting server, a t2.micro (1 vCPU, 1 GB RAM) is the absolute minimum and will be sluggish. I recommend at least a t3.small (2 vCPU, 2 GB RAM) or t3.medium (2 vCPU, 4 GB RAM) for a production hosting environment. The t4g instances powered by AWS Graviton2 processors offer up to 40% better price-performance over t3 instances if your software stack supports ARM architecture — though note that cPanel does not currently support ARM, so stick with x86-based instances (t3 series) for cPanel installations.

Create an AWS EC2 CentOS Instance (or AlmaLinux Alternative)

Follow these steps to launch your AWS EC2 CentOS compatible instance. While the original CentOS 7 AMI may still appear in the AWS Marketplace, I am demonstrating with AlmaLinux 9 since it is the recommended replacement for CentOS-based deployments.

Step 1: Choose Your AMI

Log in to the AWS Management Console and navigate to EC2.
Click Launch Instance.
Give your instance a descriptive name (for example, “WebHosting-Production”).
Under Application and OS Images (Amazon Machine Image), click Browse more AMIs.
Click AWS Marketplace AMIs on the left sidebar.
Search for AlmaLinux 9 (recommended) or CentOS if you need it for legacy purposes.
Select AlmaLinux OS 9 (x86_64) — make sure it is the official image from the AlmaLinux OS Foundation.

Step 2: Configure Instance Settings

Choose your Instance Type: t3.small (minimum for cPanel) or t3.medium (recommended).
Under Key pair, select an existing key pair or create a new one. Download and store the .pem file securely — you will need it to SSH into the server.
Under Network settings, ensure Auto-assign public IP is enabled (you will replace this with an Elastic IP later).
Under Configure storage, set at least 30 GB of gp3 SSD storage. The default 8 GB is insufficient for cPanel and website hosting.

Step 3: Configure Security Groups (Inbound Traffic Rules)

Security groups act as a virtual firewall for your EC2 instance. This is one of the most critical steps — improper security group configuration is one of the most common mistakes that leaves servers vulnerable to attacks. Here are the inbound rules you need for a cPanel web hosting server:

Type	Protocol	Port Range	Source	Purpose
SSH	TCP	22	Your IP only	Secure shell access
HTTP	TCP	80	0.0.0.0/0 (Anywhere)	Web traffic
HTTPS	TCP	443	0.0.0.0/0 (Anywhere)	Secure web traffic
Custom TCP	TCP	2087	Your IP only	WHM admin panel
Custom TCP	TCP	2083	Your IP only	cPanel user panel

Security Group Best Practices

⚠️ Critical security note: Never set SSH (port 22), WHM (port 2087), or cPanel (port 2083) to “Anywhere” (0.0.0.0/0). This exposes your server to brute-force attacks from the entire internet. According to Wiz’s AWS security best practices guide, sensitive ports like SSH should always be restricted to specific trusted IP addresses.

Only HTTP (80) and HTTPS (443) should be open to the public, since those serve your websites. For SSH and cPanel/WHM access, restrict the source to your specific IP address or a small CIDR range representing your office or VPN. If you have a dynamic IP, consider using a private VPN on AWS as a secure jump point.

If you need to allow additional ports later (for example, port 25 for email SMTP, port 587 for secure SMTP submission, or port 993 for IMAPS), you can modify the security group at any time from the EC2 console without restarting the instance.

Step 4: Launch and Select Key Pair

Review your configuration summary.
Click Launch Instance.
When prompted for a key pair, select the one you created earlier or create a new one.
Download the .pem key file if you created a new pair. Store it securely — if you lose this file, you will not be able to SSH into your instance.
The instance will take 1–3 minutes to initialize. You can monitor the status in the EC2 Instances dashboard.

Once the Instance State shows “Running” and Status Checks show “2/2 checks passed,” your server is ready for the next step.

Associate an Elastic IP to Your EC2 Instance

By default, your new EC2 instance receives a dynamic public IP address. This IP changes every time you stop and restart the instance, which would break your DNS records and make your websites unreachable. To avoid this, assign a static Elastic IP address.

In the EC2 Dashboard, click Elastic IPs in the left sidebar under Network & Security.
Click Allocate Elastic IP address.
Leave the default settings (Amazon’s pool of IPv4 addresses) and click Allocate.
Select the newly allocated IP address, then click Actions > Associate Elastic IP address.
Under Instance, select your EC2 instance from the dropdown.
Click Associate.

Your instance now has a permanent static IP address. Update your domain’s DNS A record to point to this Elastic IP.

Elastic IP Pricing in 2026

Since February 1, 2024, AWS charges $0.005 per IP per hour for all public IPv4 addresses — whether they are attached to a running instance or not. This translates to approximately $3.60 per month or $43.20 per year per Elastic IP. This charge applies even when the Elastic IP is associated with a running instance, which is a change from the previous pricing where in-use IPs were free.

The AWS Free Tier includes 750 hours of public IPv4 address usage per month for the first 12 months. After that, budget accordingly. If you have multiple Elastic IPs allocated but not in use, release them to avoid unnecessary charges. You can learn more about optimizing your AWS EC2 setup for cost efficiency on my blog.

Associate Multiple IP Addresses to EC2

If you plan to host multiple websites with dedicated IP addresses (for example, for separate SSL certificates or IP-based virtual hosts), you can assign secondary private IPs and map additional Elastic IPs to them.

Go to EC2 and select your instance.
Click Actions > Networking > Manage IP addresses.
Under the primary network interface, click Assign new IP address and leave it set to auto-assign.
Click Save.
Navigate to Elastic IPs and allocate a new Elastic IP address.
Select the new Elastic IP, click Actions > Associate Elastic IP address.
Choose your instance, then select the private IP address you just created from the dropdown.
Click Associate.

Finally, SSH into your server and run the following command to add the secondary private IP to the network interface:

sudo ip addr add [SECONDARY_PRIVATE_IP]/20 dev eth0

Replace [SECONDARY_PRIVATE_IP] with the actual private IP assigned in the previous step. Note that this command is temporary and will not survive a reboot. To make it persistent, add a configuration file under /etc/sysconfig/network-scripts/ (on RHEL-based systems) or use a startup script.

To make the secondary IP persistent on AlmaLinux 9 (which uses NetworkManager), create a connection profile:

sudo nmcli connection modify "System eth0" +ipv4.addresses "[SECONDARY_PRIVATE_IP]/20"
sudo nmcli connection up "System eth0"

Install and Configure cPanel on Your AWS EC2 CentOS Server

Now that your AWS EC2 CentOS-compatible instance is running with a static IP, it is time to install cPanel and WHM. The installation process is nearly identical whether you are using CentOS 7 (legacy), AlmaLinux 9, or Rocky Linux 9.

Step 1: Connect via SSH

You have several options to connect to your server:

Option A: Using PuTTY (Windows)

Open PuTTY and enter your server’s Elastic IP address.
Under Connection > SSH > Auth > Credentials, browse to your .ppk key file (convert .pem to .ppk using PuTTYgen if needed).
Click Open and log in with the username ec2-user (for AlmaLinux) or centos (for CentOS 7).

Option B: Using Terminal (macOS/Linux)

chmod 400 your-key.pem
ssh -i your-key.pem ec2-user@YOUR_ELASTIC_IP

Option C: Using EC2 Instance Connect (Browser-based)

In the EC2 console, select your instance and click Connect. Choose the EC2 Instance Connect tab and click Connect. This opens a browser-based terminal with no SSH client required.

Step 2: Prepare the Server

Once connected, switch to the root user and prepare the system:

# Set a password for root (required for cPanel WHM login)
sudo passwd root

# Switch to root
sudo su -

# Update system packages
dnf update -y

# Install required dependencies
dnf install -y wget perl curl nano

Note: On CentOS 7 (legacy), replace dnf with yum. AlmaLinux 9 and Rocky Linux 9 use dnf as the default package manager.

Next, set your hostname to a fully qualified domain name. This is required by cPanel and must not match any domain you plan to host on the server:

hostnamectl set-hostname cpanel.yourdomain.com

Replace cpanel.yourdomain.com with your actual hostname. Make sure this hostname resolves to your server’s Elastic IP via a DNS A record before proceeding.

If you are using AlmaLinux 9, disable SELinux since cPanel does not support it:

# Check current SELinux status
sestatus

# Disable SELinux permanently
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

# Disable SELinux for the current session
setenforce 0

Step 3: Install cPanel and WHM

Download and run the cPanel installer:

cd /home
curl -o latest -L https://securedownloads.cpanel.net/latest
sh latest

The installation typically takes 20–50 minutes depending on your instance type and network speed. Do not close your SSH session during installation. If your connection drops, the installation will continue in the background — you can reconnect and check progress by running:

tail -f /var/log/cpanel-install.log

Step 4: Configure WHM

After installation completes, access WHM through your browser:

https://YOUR_ELASTIC_IP:2087

Your browser will show a security warning because the SSL certificate is self-signed. This is normal for a fresh installation — proceed past the warning.

Log in with username root and the password you set earlier.
Accept the license agreement.
Enter your email address for server notifications.
Configure your nameservers (NS1 and NS2). These should point to your domain registrar’s custom nameserver settings.
Navigate to Server Configuration > Basic WebHost Manager Setup.
Scroll to the Nameservers section and click Configure Address Records.
Add the IPv4 A record for each nameserver, pointing to your server’s Elastic IP address.

Post-Installation Security Hardening

Once your server with cPanel is running, take these additional security steps to protect it:

Enable cPHulk Brute Force Protection — In WHM, navigate to Security Center > cPHulk Brute Force Protection and enable it. This blocks IP addresses that attempt too many failed login attempts.
Install a firewall — Consider installing CSF (ConfigServer Security & Firewall), a popular and free firewall for cPanel servers. Install it via SSH with: cd /usr/src && wget https://download.configserver.com/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh
Disable root SSH login — After creating an alternative sudo user, disable direct root SSH access by editing /etc/ssh/sshd_config and setting PermitRootLogin no.
Enable automatic updates — Set up dnf-automatic to keep system packages patched: dnf install -y dnf-automatic && systemctl enable --now dnf-automatic.timer
Use SSH key authentication only — Disable password-based SSH login in /etc/ssh/sshd_config by setting PasswordAuthentication no (ensure your key pair works first).
Install an SSL certificate — Use WHM’s AutoSSL feature or install a free Let’s Encrypt certificate through the cPanel plugin to secure your websites and control panel with HTTPS.

For a deeper dive into securing your web server, read my guide on essential website security tips.

Common Issues and Troubleshooting

Issue	Cause	Solution
Cannot SSH into instance	Security group blocks port 22 or wrong key pair	Verify security group allows SSH from your IP; confirm correct .pem file
cPanel installer fails	Insufficient RAM or unsupported OS	Use at least t3.small; verify supported OS (AlmaLinux 9)
Cannot access WHM on port 2087	Security group blocks port 2087	Add inbound rule for port 2087 with your IP as source
Websites unreachable after reboot	Dynamic IP changed; Elastic IP not assigned	Associate an Elastic IP to the instance
Secondary IP lost after reboot	IP was added with temporary command	Use nmcli or network config files for persistent setup
SELinux blocking cPanel	SELinux set to enforcing mode	Disable SELinux and reboot the server
“License not valid” error in WHM	cPanel license not activated or IP mismatch	Verify license at verify.cpanel.net; ensure IP matches

FAQ: AWS EC2 CentOS Setup

Can I still use CentOS 7 on AWS EC2?

Technically, CentOS 7 AMIs are still available in the AWS Marketplace from third-party providers. However, since CentOS 7 reached end-of-life in June 2024, it no longer receives security updates. Running it in production is a significant security risk. You should migrate to AlmaLinux 9 or Rocky Linux 9 instead, as they offer the same RHEL compatibility and are actively maintained.

What is the best CentOS replacement for cPanel on AWS?

AlmaLinux 9 is the best replacement for cPanel hosting on AWS EC2 as of 2026. It is fully supported by cPanel (version 114 and later), backed by CloudLinux with $1 million in annual funding, and offers RHEL compatibility with long-term support through 2032. cPanel has also announced it will drop Rocky Linux support starting with version 134 in March 2026, making AlmaLinux the safest long-term choice.

How much does it cost to run an EC2 CentOS server per month?

The cost depends on the instance type and region. A t3.small instance in US East (N. Virginia) costs approximately $0.0208 per hour, or about $15 per month for continuous usage. Add approximately $3.60 per month for an Elastic IP, $2–5 per month for 30 GB of gp3 EBS storage, and your cPanel license fee (starting at around $15/month for a Solo license). Total estimated cost for a small hosting server is roughly $35–50 per month before data transfer charges.

Should I open SSH port 22 to Anywhere?

No. Opening SSH to 0.0.0.0/0 (Anywhere) is a serious security risk that exposes your server to brute-force attacks from the entire internet. Always restrict SSH access to your specific IP address or a small trusted CIDR range. If you need flexible access, use a VPN or AWS Systems Manager Session Manager, which provides secure shell access without opening any inbound ports.

Why do I need ports 2087 and 2083 open?

Port 2087 is used by WHM (WebHost Manager), the server administrator control panel. Port 2083 is used by cPanel, the end-user control panel for managing websites, email, and databases. Both should only be accessible from your trusted IP addresses, not from the public internet.

Can I host multiple websites on one EC2 instance?

Yes. With cPanel/WHM, you can create multiple hosting accounts, each with its own domain, email, databases, and files. For most small to medium websites, a single t3.medium or t3.large instance with cPanel handles dozens of websites comfortably. You only need multiple Elastic IPs if you require dedicated IP addresses for specific sites — otherwise, name-based virtual hosting handles everything on a single IP.

How do I migrate from CentOS 7 to AlmaLinux on AWS?

AlmaLinux provides the ELevate tool that allows in-place upgrades from CentOS 7 to AlmaLinux 8/9 without reinstalling the system. However, for AWS EC2, the cleanest approach is to launch a new AlmaLinux 9 instance, install cPanel, and use cPanel’s built-in transfer tool to migrate accounts from the old CentOS 7 server. This avoids potential compatibility issues and gives you a clean, fully updated environment.

What EC2 instance type is best for web hosting with cPanel?

For a small hosting environment (1–10 websites), a t3.small (2 vCPU, 2 GB RAM) is the minimum. For medium environments (10–30 websites), go with a t3.medium (2 vCPU, 4 GB RAM). For larger setups with high-traffic sites, consider a t3.large (2 vCPU, 8 GB RAM) or move to the m-series for compute-intensive workloads. Always monitor CPU credit usage on t-series instances — if credits deplete frequently, upgrade to a non-burstable instance type.

Final Thoughts and Next Steps

Setting up an AWS EC2 CentOS instance for web hosting is a powerful and cost-effective approach to running your own servers in the cloud. While CentOS 7 served the hosting community well for many years, the shift to AlmaLinux 9 is essential for maintaining security and cPanel compatibility going forward. The setup process remains virtually identical — the same commands, the same cPanel installation, and the same WHM configuration — just on a modern, actively supported operating system.

The key steps to remember: choose AlmaLinux 9 as your AMI, properly configure security groups with restricted access on sensitive ports, assign an Elastic IP for a static address, and always harden your server after cPanel installation. If you want to take your cloud infrastructure further, explore how to create and reset SSH key pairs or learn about extending EBS volumes on EC2 without downtime.

Husain Alhaboubi( Director Digital Channels )

Husain Alhaboubi is Director of Digital Channels at Mobily, where he leads platform optimization, AI-powered customer engagement, and UI/UX strategy. With 20+ years of experience spanning eCommerce, IT infrastructure, and digital marketing, he previously drove a 225% revenue increase and 69% organic traffic growth as eCommerce Senior Manager at flyadeal, and managed enterprise IT operations — including data centers, ERP systems, and network security — as Group IT Manager at IPD Group.
Husain holds a BS in Information Systems from the University of Texas at Arlington and is certified in Google Ads, Google Analytics, and Semrush SEO. He writes from hands-on experience across both sides of digital business: the strategic (eCommerce, SEO, AI, digital transformation) and the technical (server administration, cloud computing, web development, networking, and security) — with a particular focus on the Saudi market and Vision 2030. Read his full resume →

October 17, 2020 Husain Alhaboubi

Husain Alhaboubi