Deployment Integrations
On-premise Integrations
Platform Integrations

Self-hosted Broker

A self-hosted instance of the broker providing necessary functionality for online debugging could be installed on your own AWS account using our CloudFormation template or you can choose to make a manual installation using the Docker image we provide.

CloudFormation Template

The Amazon CloudFormation template provides all required resources for the online debug broker setup. You can easily install it on your own AWS account following the steps below. You will have a public and an internal endpoint for the broker as the output. You can choose to have DNS mappings automatically done for them as subdomains under a Route53 hosted zone you specify.

Installation Steps

  1. SSL Certificate Preparation You need an SSL certificate signed for the domains you are planning to use as debugger endpoints if you want to enable secure connection via HTTPS. If you don’t have an available SSL certificate on AWS Certificate Manager you can upload your existing certificate or request a new one by following the guide.

  2. Parameter Settings

    Create a CloudFormation stack using the template by providing the following parameters:


    Default value



    Thundra License Key



    Please contact us for the license key via

    Debug Broker Instance




    The debugger version you want to deploy. Click here to see available versions

    Amazon EC2 Instance Type



    Type of the Amazon EC2 instance the broker will be run

    SSH IP Address Range


    IP address range that could be used for SSH access to the broker EC2 instance

    SSH Key Name



    EC2 KeyPair to enable SSH access to the broker EC2 instance

    Network Configuration

    Please consider that the lambda functions you want to debug and your debugging environment should have access to the broker instance installed with these configurations.




    The VPC you want to deploy the debug broker




    Two subnets in different AZs under the selected VPC should be chosen . Otherwise, the installation cannot be completed. Also, subnets should be open to connections from the internet to be able to use the public endpoint.

    SSL Certificate ARN



    ARN of the SSL certificate you have on AWS Certificate Manager

    DNS Management

    Hosted Zone Name



    AWS Route53 hosted zone name for the automatic DNS configuration. Please write the hostname without a dot at the end. E.g. “”

    Subdomain for Public Broker Endpoint



    The subdomain where the public broker will be served

    Subdomain for Internal Broker Endpoint



    The subdomain where the private broker will be served

  3. DNS Configuration

This configuration is done automatically if you have provided a “Hosted Zone Name” parameter

This configuration is not mandatory if you don’t provide an SSL certificate. You can directly use the endpoints in the “Outputs” section in that case.

You will see two URLs under the “Outputs” section named BrokerInternalURL and BrokerPublicURL after stack creation is completed. You need to update your DNS records to direct your reserved domains for the Thundra debug broker to these endpoints. E.g -> -> BrokerPublicURL -> BrokerInternalURL

Debug Tool Configuration

Your debug environment has access to the internet most probably and in this case, the best option is to configure it to connect to the public broker endpoint. A secure connection is provided if you provide an SSL certificate for the installation.If this is not the case for you or you want to use the internal endpoint anyway you can access it from the debugging environment as long as it is connected to your VPC via a VPN tool etc.

You can use values under the “Output” section of the stack for the Thundra debug client configuration. You can use ‘BrokerPubliclUrl’ or ‘BrokerInternalUrl’ in order to debug with the public endpoint or the internal endpoint. You can use ‘BrokerPort’ output as the broker host parameter.

Please note that if you make manual DNS configuration, you should use respective DNS record values as the broker host parameter instead of values under the “Output” section.

Lambda Configuration

Using the public endpoint is the easiest option also for your lambda functions if they have internet access but this may not be possible all the time. If you need to configure your lambda functions to connect to the internal endpoint you need to be sure that you have an appropriate security configuration to access the debug broker from your lambda functions.

Manual Installation

The official Thundra debug broker Docker images could be found in this Docker Hub repository.

You need to pass the Thundra license key to the container on run. You can do it in two ways:

  1. Pass it as an environment variable named THUNDRA_LICENSE_KEY: $ docker run -p 4444:4444 -p 5555:5555 --env THUNDRA_LICENSE_KEY=$THUNDRA_LICENSE_KEY thundraio/thundra-debug-broker-onprem:$BROKER_VERSION

  2. Mount the folder containing .thundra_license_key file to bind the user home directory in the container: $ docker run -p 4444:4444 -p 5555:5555 -v $PATH_TO_LICENSE_KEY_FOLDER:/root thundraio/thundra-debug-broker-onprem:$BROKER_VERSION

Note that:

  • You should replace $THUNDRA_LICENSE_KEY with the license key you get from Thundra console for debugging. You can also put it in a file and use as described in the second option.

  • $BROKER_VERSION could be replaced with any available version in the Docker Hub repository. You can also use "LATEST" to get the latest stable version.