Learn How To Deploy The Mikrotik Cloud Hosted Router (CHR) Version 6.47 In The Cloud On Amazon AWS.

The Mikrotik RouterOS cloud hosted router CHR is a fully featured network router that can be deployed on physical, virtual and even CLOUD based platforms. The RouterOS CHR ships with many enterprise level built in features such as VPN Server / Client functionality, Routing and Switching, DNS, DHCP, PROXY and more. It is possible to deploy RouterOS CHR on VMWare Fusion / Workstation and ESXi 6.5, VirtualBox, Hyper-V, Hetzner Cloud, Linode, Google Cloud and more howevever this tutorial will focus on illustrating to you how easy and simple it is to deploy the Mikrotik Cloud Hosted Router (CHR) version 6.47 on Amazon AWS.


In Order To Complete This Tutorial Successfully The Following Items Are Required. Please Ensure To Have These Items Available Before Taking Implimentation Action On This Tutorial:
1) An Amazon AWS account – (free tier account works too)
2) A desktop or laptop running Windows 10, Mac OS , or Linux
3) Terminal emulation software such as PUTTY or TERATERM
4) The Mikrotik CHR Instance available in the AWS MArket Place
5) SSH private and public keys for accessing the Mikrotik CHR terminal


1) An overview of the Mikrotik cloud hosted router pricing as well as how to / where to buy licenses
2) Login to your AWS account, open the AWS EC2 service and open the AWS market place.
3) Create a Mikrotik cloud hosted router instance, connect to the instance using SSH and set a password.
4) Configure the Mikrotik CHR instance to accept connections on tcp port 8291 for Winbox and set an elastic public IP address.
5) Connect the Mikrotik CHR instance using winbox, configure brute force login prevention and check for package updates.

Mikrotik CHR Licensing

1) The Mikrotik Cloud Hosted Router has a different licensing model from the licensing model used on conventional mikrotik routers. There are 3 licensing tiers i.e Perpetual1 (P1), Perpetual 10 (P10) and Perpetual Unlimited (P-Unlimited). 

The perpetual licenses mean that you only have to buy once and use forever. A perpetual license can also be transfered to different/new CHR installation and a 60-day free trial license is available for all paid CHR license levels. 

Click HERE to learn more about how you can purchase a license.

Step 1: Access Your Amazon AWS Account And Create The Mikrotik CHR Instance.

2) Click HERE to go to the AWS console login page and login using your AWS IAM credentials. It is highly recommended not to use the AWS root user account when provisioning AWS services and resources for security reasons.

If you do not have an AWS account click HERE to sign up for a free tier account. Please note that a working VISA or MASTERCARD is needed when signing up.

3) After logging into the AWS console,click on the SERVICES drop down and just under the COMPUTE category click on EC2. This will open the EC2 MANAGEMENT CONSOLE.

4) Click on the orange LAUNCH instance button and on the SELECT MACHINE IMAGE step click on the AWS MARKET PLACE TAB. Use the search bar to search for MIKROTIK CLOUD HOSTED ROUTER and click on SELECT to proceed.

5) The next step is to select the instance type for the Mikrotik cloud hosted router. On the CHOOSE INSTANCE TYPE step select T3.MICRO FREE TIER ELIGIBLE and click on the REVIEW AND LAUNCH button.

On the REVIEW AND LAUNCH step you can make changes such as editing the instance type, security group, storage and more. If you wish to make any final changes to the Mikrotik CHR instance please do them on this step. However if there are no changes that you wish to make click on the LAUNCH button to proceed.

Step 2: Connect To The Mikrotik CHR Instance Via SSH And Set A Password For The Admin User Account.

6) To connect via SSH to an EC2 instance a public / private key is needed. This key allows you to connect and authenticate to your EC2 instance. When you click on the LAUNCH button a popup message will be displayed prompting you to select or create an SSH key pair.

Select the CREATE A NEW KEY PAIR button, type in a name for the key pair and click on DOWNLOAD KEY PAIR. Once its been downloaded to your computer click on the LAUNCH INSTANCES button.

7) AWS will automatically assign a public ip address and hostname for the newly created mikrotik instance. Open an SSH client such as PUTTY if you are using windows or the MacOS terminal if you are using a MAC. Change the working directory to the folder where the private key is located i.e Downloads folder by typing in the following command: cd Downloads Run the following command to ensure that the private key is not publicly viewable: chmod 400 YOUR-PRIVATE-KEY.pem Then connect to the instance by typing in the command: ssh -i “YOUR-PRIVATE-KEY.pem”

8) Set a password for the admin account on the cloud hosted router by running the following command:


when prompted to type in the old password, do not type anything and press enter since new mikrotik routers come with a blank password.

Step 3: Enable TCP Port 8291 For Access The Mikrotik CHR Instance Using Winbox.

9) The mikrotik winbox app uses tcp port 8291 for connecting to mikrotik routers and if this port is blocked by a network firewall / filter then winbox will not be able to connect to a mikrotik router.

To open port 8291 on the mikrotik instance click on the SECURITY GROUPS option on the NETWORK SECURITY section. Click on the INBOUND RULES tab and click on the EDIT INBOUND RULE button.

Click on ADD RULE,select CUSTOM TCP and on port range type 8291. Set the SOURCE to CUSTOM and type in the ip address

Click on the SAVE RULES button to apply the changes.

10) The auto-assigned public IP address associated with an EC2 instance may change when it stops and starts.

To ensure that the public IP address does not change and remains the same set an ELASTIC IP address. To do this click on the ELASTIC IP’s option on the NETWORK & SECURITY section and click on the ALLOCATE ELASTIC IP ADDRESS button.

On the Allocate Elastic IP address page click on the ALLOCATE button.

To configure the IP ADDRESS on the Mikrotik CHR instance, click on the ACTION butoon and select ASSOCIATE ELASTIC IP ADDRESS.

On the ASSOCIATE ELASTIC IP ADDRESS configuration page, set the resource type to INSTANCE, choose the MIKROTIK CHR INSTANCE and click on ASSOCIATE.


11) Open the WINBOX desktop app and on the CONNECT TO field type in the public ip address of the MIKROTIK CHR instance also type in  the USERNAME and PASSWORD and click on CONNECT.

Click HERE to view the configuration for protecting the cloud hosted router from brute form login attack.

12) Complete the Mikrotik CHR deployment on AWS by checking for and installing package updates. Click on SYSTEM > PACKAGES > CHECK FOR UPDATES. If there are any updates found click on the DOWNLOAD & INSTALL BUTTON.