PBX In A Flash (PIAF) on Amazon EC2


If you have a small business (in our case, eight to ten people) you can run your phones through a private branch exchange (PBX) on Amazon Web Service’s EC2 and make some serious cost savings. At the same time you get a huge increase in flexibility over proprietary analogue PBXs or a typical hosted IP PBX.


We’ve run a hosted PBX for costumes.com.au at mVoice for several years. They offer a good basic service, but as the business has grown we’ve been searching for a more flexible solution. FreePBX_Logo

The underlying technology of almost every hosted PBX is Asterisk – an open source implementation of a software PBX. The PBX in A Flash (PIAF) distribution combines Asterisk with the excellent FreePBX interface in a simple turnkey package. I’ve fired it up on a few out-of-date PCs and even a Raspberry Pi but I really like the idea of having the PBX outside the office firewall so staff can work from home if they need to. Moving offices is a snap too; just pick up the phones and plug them in at the new premises.

We already have about twelve servers running on EC2 so it was a logical step to see if the PBX could live there too. If it worked out there would be huge advantages in commissioning, running, scaling and backing up the server if it is running in EC2.


To get started you need:

  • An Amazon Web Services account
    This is free to set up and you only get billed for the hourly resources you use, so experimenting will only cost you a few dollars. Sign up here.
  • A static IP at your office/home (or wherever you want to use it from)
    In order to lock down the PBX we are only going to allow specific IP addresses to use it. Not all ADSL connections have a static IP: many business accounts do, most home accounts don’t. Check with your ISP if you can have one assigned (usually for a small monthly fee).
  • A trunk
    This is your connection to the rest of the phone network for incoming and outgoing calls.


Your PBX will be directly exposed to the brutal world of the Internet, so you will be hacked if you don’t take steps to lock down the server. If the script kiddies get into your server they will at the very least mess it up and possibly disrupt your company’s phone service. More savvy hackers will use your service to run up massive phone bills on your account.

  1. Set up a Security Group in the EC2 Console to allow All TCP and All UDP to the IP addresses of your office and any external users or offices who have access to your PBX (and no others!).
  2. Set up a dollar limit with your trunk provider account just above your monthly spend. That way, your exposure is limited if you get hacked.

Voice Quality

The last thing you want in a business is poor call quality, so testing this out is a make-or-break requirement.

Firing up an Instance in the Right Region

With the server hosted in the EC2 us-east region in North Virginia, any audio coming from the PBX (such as hold music) was very choppy. The ping to North Virginia from Melbourne Australia was around 250 milliseconds so this was hardly surprising; voice traffic is sensitive to delays and latency.

Time to fire up an instance in the Asia-Pacific region based in Sydney.

Gotcha #1 

The AMI we have started is specific to the North Virginia region and I couldn’t find one in Sydney. No problem: AWS had just introduced the ability to copy AMIs between regions. To keep any work you have done so far you can create an AMI that snapshots your running server. You can then start a new instance any time you like by launching from the new AMI. All you need to do is:

  • right-click on the server in the AWS console and choose Create Image… You get the option to give it a name and description. The server is rebooted unless you request otherwise. Let it reboot – it allows for a more reliable image.
  • Once you have the newly created AMI in your list you can right-click on it, choose Copy AMI, choose the destination region and it’s on its way. It will take a while to copy as the image is quite large.
  • As soon as it arrives in the destination region you can fire up an instance from the AMI and pick up where you left off. The server should be identical to when you created the AMI.

Don’t forget to terminate the old one in the original region or it will continue to chew up dollars!

Quality Of Service (QoS)

Even with a local server you need to be sure that VoIP traffic has priority over, say, web traffic. You don’t want a file download to trash a customer call.

Your ADSL modem will most likely have settings for “QoS” buried in some impenetrable menus and terminology, but the basic idea is to allow traffic outgoing on TCP port 5004 ~ 5082 to have priority.

Alternatively, add a second ADSL connection and dedicate it to VoIP. Although this will increase your cost, you get better redundancy and guaranteed bandwidth reserved for your phones.

Configuring PIAF

I won’t try to explain the details of launching and configuring on EC2. Ward describes it in exquisite detail here. Suffice to say that you can have the server running in ten minutes waiting for you to set up extensions.

Setting Up Some Extensions

An “extension” in Asterisk is pretty much what you expect: an endpoint such as a phone that can initiate and receive calls. You set these up in FreePBX – detailed instruction are here.

Gotcha #2 

When I first tried this the connection succeeded but there was no sound in one direction. The two endpoints need to know their own public IP address but both of them are stuck behind routers with Network Address Translation (NAT) like this:NATYou can make sure the public IP is found by:

  • Telling the handset the address of a Session Traversal Utilities for NAT (STUN) server to look up the public IP addresses. I used stun.3cx.com. Most STUN servers are publicly accessible as they are relatively lightweight. This one is provided by 3cx.com for their own handsets and software.
  • Setting NAT set to “Yes” for the extension in FreePBX.

Once you have more than one extension, you can make calls between them by connecting some IP handsets (we use Snom 300‘s) or some software IP handsets such as Zoiper or  CounterPath XLite  and just dialling the extension number. Try it! It’s a buzz.

Connecting to The Rest of the World

When you get tired of talking to yourself it’s time to allow calls to and from the rest of the world. Here is what we’ll be adding:


Get a Trunk

You’ll need to rent a SIP or IAX “trunk” from a service provider who connects to the Public Switched Telephone Network (PSTN). I rang mVoice and they provisioned a trunk while I was talking to them. An email arrived a few minutes later with the details of how to hook it up. Each trunk comes with:

  • One or more Direct In Dials (DIDs). These are normal telephone numbers that will connect to your trunk if someone dials them. Mine included two DIDs but you can easily ask for more to be assigned. mVoice charge a few dollars a month for each number.
  • A number of “channels”. This is the number of simultaneous incoming and outgoing connections you can have active over the trunk. The basic package I bought allowed five channels so we could have five active calls – plenty for our three or four support staff.
  • A few configuration options: the address to connect to, some authentication details such as a password.

Set this up in FreePBX under Connectivity → Trunks.

 Set Up an Outgoing Route

You still can’t make any outside calls until you tell PIAF how to connect them. You do this by setting up an Outgoing Route in FreePBX under Connectivity → Outbound Routes.

I chose all the basic defaults, told FreeBPX to use the trunk I had set up and bingo! I could dial my mobile from the desktop.

Set up an Incoming Route

To complete the circle you can accept incoming calls by setting up (you guessed it) an Incoming Route under Connectivity → Inbound Routes. Enter the phone number of your DID and tell FreePBX to send calls to one of the extensions you set up.

Calling the DID number from your mobile (or another extension) should ring your extension!

More Goodies

We now have a basic functioning PBX so it’s time to trick it out with useful features. This is the big payoff for setting this up for yourself. You can create pretty much any configuration you can imagine.

  • Ring Groups
    Nominate some extensions as a Ring Group. Assign the Ring Group as a call destination (just like an extension) and all phones will ring and any can pick up.
  • Interactive Voice Response (IVR)
    Set up a menu by recording your voice for the options and assigning numbers – “Press 2 for Support”. Each option can be sent to any destination you like: an extension, a ring group or even an outside number.
  • Queues
    We didn’t realise how many calls we were missing until we set up a queue. Incoming calls are put on hold with an optional “You are third in the queue…” message and are picked up in turn by, say a ring group.
  • Time Groups and Conditions
    Designate a Time Group (say nine to five, Monday to Friday) and divert your calls to a recorded message (or anywhere, really) outside those hours.
  • Additional DIDs
    Our marketing guy wanted to publish a separate number for calls originated from our AdWords campaigns. Easy. Add another DID, set up an incoming route and send it to the ring group. A different message is displayed on the screen of the phone or you can just look in the call logs to see who called when.

These are just a few of the obvious ones. Check out the Applications and the Admin → Module Admin menus in FreePBX for heaps of installable features.


Why You Would


Back in the bad old days we were paying (AU) $300 to $600 per month for a Commander system with three of four lines. The bill is now usually under $100.


The old analogue system had zero configurability and took a week before a tech would come out and set it up at considerable expense. When we moved premises we had to go through it all again. Switching to a hosted IP PBX at mVoice eliminated most of this, and switching to PIAF on EC2 had the same benefits plus complete control of the setup.

Why You Wouldn’t

Local Expertise Required

If your first thought when told to “ssh to the machine” is to put a finger to your lips and ask it to be quiet, then you probably shouldn’t do this. FreePBX shields you from (most of) the messy details of Asterisk, but you need to be comfortable with Linux and EC2 or have a tame guru on hand to manage it for you.

Dependence on ADSL quality

If you can’t get a decent ADSL (or faster) Internet connection with plenty of bandwidth and low latency to your PBX, you should think twice about setting this up. I cringe if I ever hear the support staff saying “I’m sorry I can’t hear you” to a customer, but this is mercifully rare. Your customers and staff won’t give a damn about your nifty setup if it doesn’t work smoothly.

12 thoughts on “PBX In A Flash (PIAF) on Amazon EC2

  1. Pingback: PBX In A Flash (PIAF) on Amazon EC2 | Shiny Obj...

  2. Pingback: PBX In A Flash (PIAF) on Amazon EC2 | Nerd Vitt...

  3. Pingback: PBX In A Flash (PIAF) on Amazon EC2 | IP Commun...

  4. Mark Welton

    Great article. I am a big fan of AWS and use it for many other purposes.

    Question for you. After setting up my EC2, and mounting the AMI, do you think I could take a backup of my local PIAF and restore it on the EC2 to avoid setting everything up from scratch?


    1. ianjs Post author

      Just to be clear, an AMI is an image of an already configured machine that has everything installed when you launch an instance based on it.

      If you restore all of your local PIAF over the top of the AMI that I mentioned you’ll simply wipe out the version installed there and replace it with your own. If that’s what you want to do then you don’t need to use the AMI. It would be simpler (and less likely to cause issues) if you just find an AMI of the base version of Linux you are using (say Ubuntu or RedHat) and restore your PIAF on that. You then get the same setup as you have now, but with the additional advantages of AWS hosting.

      Or are you talking about restoring just the configuration files from your current PIAF? In that case you’d have to be really sure you are currently running the same version of PIAF as the AMI otherwise you’d risk all kinds of compatibility issues.


Leave a Reply