Deployment from internal corporate network to AWS EC2 instances

I think Octopus could be a good solution for what I want to achieve, but I just wanted to double-check I’m understanding the configuration right.

We produce builds internal to our corporate network, but want to deploy them to AWS EC2 instances. The corporate firewall won’t permit traffic back from AWS to servers inside our corporate network.

In this scenario, do I need to set up the Octopus server in AWS, or would I install the Octopus server inside my corporate network and have listening Tentacles still be controlled by the Octopus server?

I thought the second scenario was correct initially, but I notice that the registration of a new Tentacle seems to indicate it needs to register with an Octopus server running at a public URL, which introduced an element of uncertainty for me!

I think I’d need to setup a NuGet server in AWS as a repository anyway; packaged builds would get pushed to that from the internal build process and then would be available to the AWS Tentacles?

Be grateful for clarification, thanks!

Hi Conor,

Thanks for getting in touch! You are correct in this: or would I install the Octopus server inside my corporate network and have listening Tentacles still be controlled by the Octopus server?
If you setup the Octopus Server, Tentacles by default listen, so it is all outbound communication from the Server to the Tentacle. You can skip the register with part of the registration and discover the machine after Tentacle is installed.

Here is some documentation about the security if you need to convince anyone.

If you have any specific questions regarding it let me know.

Thanks Vanessa,

I’ve gone ahead with this setup, but am having issues with connecting server and tentacle (“actively refused”).

I can browse to Octopus port in browser in both directions, and have opened Octopus port in AWS security group, but unfortunately can’t get Octopus ends to connect.

Wonder if we have a corporate proxy at my end getting in the way?

Unsure how to troubleshoot further.

Would dearly love to get this working as it looks like a great tool.

Am off on leave for a week, but grateful for any advice you can give.



Hi Conor,

Proxies do get in the way. Octopus cannot connect to Tentacle with a proxy in the way.
Have you seen this docs page? it kind of gives a step by step to figure out where the problem could be:

If it comes down to the proxy, then setting up Octopus in AWS would be your best option. If you can get your packages to your AWS NuGet feed, then everything will be golden.
Is there any reason you would prefer it internally? Many customers set up Octopus Servers on VMs or Cloud hosting, it’s a valid solution.


Yes, I’d already worked through the Tentacles trouble-shooting article, but after being able to browse to the Octopus port in either direction, there doesn’t seem to be much more for me to try.

My thinking with internally hosting the Octopus server was that I could then use the same Octopus server for deploying to both internal and cloud environments.

I don’t have a problem with setting servers up both internally and in AWS, but I haven’t looked closely enough at your licensing model yet to understand whether that will have an impact.

Hi Conor,

Each license allows for 3 instances of Octopus Server. But Octopus isn’t designed for sharing data between servers. Multiple servers would be more useful for different teams or departments.
It depends how you need the pipeline and environment set up.