1.1. Authentication system (here Auth0 is used and explained) - Create an account at https://auth0.com/ - Auth0 Dashboard: Go to Applications and create a new application. Give it a name, select the Machine to Machine type. After the application is created, note the values for Domain, Client ID, and Client Secret. You can find these values under the Application you just created (Settings, Basic Information). 1.2. Add parameters in AWS Systems Manager Parameter Store - AWS Dashboard: Search for Systems Manager and click on it. In the left menu click on Parameter Store and create a parameter with the exact name of "/MQS/API/AUTH0", select Type as String and Data type as text. In the text field you have to write the next lines (where , , are the information you noted down before from Auth0): domain=" " client_id="" client_secret="" connection="Username-Password-Authentication" 1.3. Create an IAM Role with an AmazonSSMReadOnlyAccess policy - Search for "IAM" and click on IAM. Click in the left menu on Roles. Click on the "Create Role" button - Select "AWS service" as the trusted entity type and select "EC2" under Use case. There is no need to select Use cases for other AWS services. Click Next and search (filter) the policies for "AmazonSSMReadOnlyAccess", check the box before that policy and click Next. - Choose a name for this Role, for example "MQS_API" and describe it for example with "This role is for the MQS API and provides Amazon SSM Read Only Access". Then scroll down and click on the button "Create role" 2. Setting up the instance with the AMI which you have obtained on the AWS Marketplace - Search for EC2 in the top search bar and click on EC2. Select AMIs in the left menu and select the AMI which is the MQS-API image and click on the button "Launch instance from image" - Choose an instance type. The default is: t2.micro and go to the next settings page (3. Configure Instance) - You can keep most settings as the default and some here some notes what to modify or to bear in mind: Try out the API with 1 instance in the beginning and scale later up if you need more. Leave request spot instances unchecked. - Create a new VPC if there is not already an existing VPC where you would like to deploy the AMI in. - When you have created a VPC with a defined IP range then you can also create subnets which divides the VPC up into sub networks. - For reaching the API a public IP has to be assigned. Therefore this option has to be enabled. Hostname type should be set to “Use subnet setting (IP name)”, if you need an other option please consult with your IT expert. - For the DNS Hostname the option “Enable resource-based IPv4 (A record) DNS requests” should be activated. - Leave “Add instance to placement group” unchecked. Keep capacity reservation open. - Under IAM role add the role you created before. If you have some other elborate user access rights then you can define this here who should be able to get access to the instance for example.7 - Enable hibernation as an additional stop behavior. Enable termination protection. - Enable CloudWatch detailed monitoring. - Add an Elastic Inference accelerator and keep all the related settings as default. - We recommend for this release to keep the "Unlimited Credit Specification" option unchecked. - No file system is needed. - You can keep all Advanced Details set to the default settings. - Now you can move on to the next "Add storage" settings page and keep it all the settings on that page also as the default. Move on to "Add Tags" and choose a Key (e.g. "MQS") and Value (e.g. "REST-API") to identify the instance cost in the billing info. Under "Configure security group" set Type to HTTP, Protocol to TCP and Port Range to 80. You can launch now the instance and check the following link: http://YOUR_IP_ADDRESS_FOR_THIS_INSTANCE/api/compound/180 The IP adress of the instance can be found when clicking on the instance and under: Public IPv4 DNS.