Run your own private cloud with dess in AWS

Run your own private cloud with dess in AWS

In this step-by-step guide I will walk you through all steps required to setup your own private dess using AWS.

dess is the self-hosted option for secondary servers of an atSign, and a great tool for developers to debug their applications! If you're not sure what an atSign is check it out here! You can run several secondary servers on a single instance of dess, as each secondary scales to use 6MB of ram or less.

dess is an acronym which stands for:

d. Distributed e. Edge s. Secondary s. Server


  • Registered atSign(s) to setup (get free/paid from here )

  • An AWS account (sign up/in here )

  • A Fully Qualified Domain Name (FQDN)

1. Registering your atSign

This topic is already well documented! Please follow the guidance of The atPlatform FAQs and register via the registrar site.

2. Sign-up for AWS account

If you are new to AWS, signing up for an account is free! The cost of running dess is about $10/month. You can create your account here and as of June 6th, 2021 there is a “free tier” available which was used during the original making of this guide which can be found on


Follow the instructions on screen.


Once you are done with registration, you will be able to login to your aws console.

Make sure that you select the correct region in the top right corner.


Select the region that is geographically closest to your location for best performance.

You are now setup on AWS and ready to prepare dess.

3. Register your own fully qualified domain name (FQDN)

This step can be performed at a variety of sites, all with different pricing models. You can use sites like Go Daddy, Namecheap, and many others. However, since we have AWS account, we can use it to register our domain through the Route 53 service.

In your AWS console navigate to services in top left corner and select Route 53.

a) Register domain name with AWS.

In your AWS console search for Route 53.


You can start looking for your domain directly from here:


Based on the domain name you search, AWS will give you similar options, and their pricing. As I am looking for the best deal, the .link domain seems like a good option at a cost of 5$ / year.

In my case is free and I will register it by clicking “Add to cart” and continue.


Fill out DNS registration form:


Continue review details and order. At this point if all is fine you should see your domain request pending:


This can take some time so why don’t we move on to next step!

4. Preparing AWS instance

Now since I am new to AWS, the easiest way to get started is by using the LightSail service from service catalog. This will enable you to deploy small system which is more then capable of handling dess at pre-set price.


Welcome to LightSail:


First step is to create new instance. Fortunately, we have big orange button that can do just that!

There are several options we are presented at this moment. Since I am living in Europe I select “Frankfurt, Zone A (eu-central-1a)” as my instance location. Instance region will dictate how well will your instance response based on your geographical location. People located in India should selects APAC region where as people in US should select North America region. You can leave availability zone set as default.


Next up will be selection of operating system we want to deploy. We know that dess works well with Ubuntu 20.04 LTS so let's select just that.


You are presented with a couple more options, but unless you know what you are doing leave these as is.


Now let’s select an instance plan. dess is relatively light weight so for testing purposes I will select the first instance plan for $3.5/Month. This will provide us with 512 MB of RAM, 1vCPU, 20GB of storage and 1TB of data transfer. This is more than enough to run our dess.


Lastly we have to name our instance. This is the name you will be presented with in your dashboard.


Last but not least is to press “Create instance”:


After a couple of seconds you should be re-routed to your dashboard and see your instance up and running:


5. Preparing your instance for network access

a) Assignment of Static IP

Next up, is to provide our instance with a static IP and linking our domain to it.

When you click on your instance name, it will take you to the management console, which should look like this:


This is where you control hardware, connectivity and if needed can delete your instance.

Lets configure a static IP address for your new instance. Navigate to Networking and click on Create static IP:


Our region and instance is selected, so the only thing left is to name our static IP. I selected the name atsign-static, but it can be any name you like.


Let's hit create:


And voila, we now have a static IP address on the internet and it will not change. Now we can link our domain name with it.


When you click on your instance name and navigate to Networking, the static IP is now assigned.


b) Assignment of Domain name to your static IP

We can now move on to linking our static IP address to our domain. This is done via the AWS console which can be accessed in the top right of Lightsail.


Verify your email used for registering domain:

By now you should receive a verification email that will confirm registration of your domain. Click this link before moving on.

Linking domain with your static address:

Let's navigate to “Route 53” from Services menu.


From your dashboard click on “Domain” which will take you to the “Registered Domains” tab.


Here you can click on your registered domain which will take you to overview page with domain status and contacts.


Click on “Manage DNS”:


And click on your domain name.

This will show you your DNS records for your domain. We now need to link A type record to your domain linking it to IP address of your instance.

This is done simply by typing your static IP address from previous step into field “Value” and clicking Create record:


If everything goes well you should see following in your domain dashboard:


To test if you are successful open command line and ping your domain. You should see your instance static IP address. It will not respond which is normal due to IPv4 firewall. It is actually good thing!


At this point we have created a DNS record we will use to link our dess. We created an instance name which will be running our dess and we have opened a port range which is exposed to the internet and we can communicate with the atSign root server and our apps.

c) Setting up Firewall

Next up, we need to make sure we have ports open for our dess to communicate with the root server and our apps. In Section networking go to section “IPv4 Firewall” and click “+ Add rule”. Our rule will be “Custom” on TCP protocol with Port range in a number higher than 1024. In my case, I have selected port range 8000-8010. This will enable me to run up to 10 atSigns in parallel.


Click create and verify that your new rule is in list:


6. Instance setup and dess deployment

Open your LightSail console

By now you should see your instance in “Running state”


Open it and on the tab Connect click on “Connect using SSH”


You should be presented by a new window with command line:


Before we do anything else, we should update the system:

sudo apt update && sudo apt upgrade

This might take some time, but it will make sure we have latest repository information and the system is up-to-date.

Next make sure curl is installed, we will use curl to pull the dess installation file:

sudo apt install curl

Finally, run the dess installer:

curl -fsSL | sudo bash

Once the installer is finished you should be prompted like so:

Dess installed, please move on to the sudo dess-create command.

7. Registration of atSign in your private dess

At this step, you should already have your atSign registered at If not go do it!

I have registered my own free atSign (@ 44likelycanary) which I will link to my dess.

In your instance console, navigate to dess folder.

We now need to create the service that will host our atSign by executing the dess-create command:

$ sudo dess-create @44likelycanary 8000 <email address> likelycanary

To make it more understandable:

I will be registering my atSign @44likelycanary.

I will be using my domain which I have registered through AWS.

I am using port 8000 which I have opened in my instance firewall.

My registration email address is <email address> (this email is used to sign the SSL certificates).

The last likelycanary is the name that docker will use to track the service.

If everything is successful you should see output like this:


At this moment your atSign is registered on your dess.

8. Activation of atSign

Next up we need to activate it

Login to your dashboard here

Open “my atSigns”


Open “managed” of atSign you are registering”


Navigate to Advance settings:


If you have already activated your atSign you will be prompted to erase all your data first


Once done you are able to link your atSign with your private dess. Use your domain and port number with which you have created service on your cloud instance and press Activate.


You should see that your atSign is being activated in your dashboard:


This can take several minutes so go get a cup of coffee, some tea maybe, stretch your body and pray you haven’t made any mistakes!

Once the activation process completes you are welcomed by green Activated.


You can now open atBuzz or atWavi and register your atSign via QR code and generate your keys!