Recommended AWS instance type for CA PAM
search cancel

Recommended AWS instance type for CA PAM


Article ID: 258283


Updated On:


CA Privileged Access Manager (PAM)


According to

AWS specifications vary by region and over time. We suggest an AWS instance type of C4.4xlarge for production. For evaluation or testing, an instance type of M3 Medium is sufficient.

But in case the instances are not meant for production, what other options are there?


CA PAM 3.4.X / 4.0.X and 4.1.X


The minimum memory for PAM to run is 16 Gbyte and 8 cores. The core part is not so critical, even though having too few cores may lead to high CPU usage, slowness, etc, 8 is the minimum specification recommended

The memory bit is really much more critical.

PAM can  run with 16 Gbyte, but it is not advisable for any appliance which has to do some work (even if not production). 32 Gbyte would be recommended to avoid issues with memory exhaustion when doing many concurrent session recordings or large password rotation jobs.

Storage is in all cases recommended to be at least 80 Gbyte SSD

There are several instances of AWS which support these specifications. For instance instances of type m5.2xlarge or r5.2xlarge. However, as of February 2023,  ENA ( Elastic Network Adapter for Enhanced Networking ) is not supported in the AMIs produced by Broadcom, so the two examples (r5 and c5 types) would not be valid for deployment. 

Also for any instance chosen it must be taken into account that the network bandwidth in these cases may be much lower than for the recommended type. This must be considered before departing from the recommended specification