Get AI summaries of any video or article — Sign up free
installing my “FREE” cloud phone system (AWS and 3CX) thumbnail

installing my “FREE” cloud phone system (AWS and 3CX)

NetworkChuck·
5 min read

Based on NetworkChuck's video on YouTube. If you like this content, support the original creators by watching, liking and subscribing to their content.

TL;DR

Create an AWS IAM user with programmatic access and EC2 permissions so 3CX can deploy and manage an EC2 instance.

Briefing

A cloud-based business phone system can be assembled with three building blocks—AWS for hosting, 3CX for the PBX software, and Amazon Chime for a real phone number—so calls can route to extensions from anywhere. The setup is “mostly free” for a limited window: AWS’s free tier and 3CX’s one-year free plan cover the server and PBX, while a paid phone number (and its calling service) is the main ongoing cost.

The process starts by creating an AWS account and configuring access for 3CX. An IAM user is created with programmatic access and granted full access to EC2, since 3CX needs permissions to deploy a virtual machine. A key pair (PEM format) is generated for secure authentication to that EC2 instance. To keep costs down, the guide uses AWS Marketplace to subscribe to a Debian 9 image and then relies on a free-tier EC2 size (notably t2.nano) in a selected AWS region (the example uses us-east-1 / “North Virginia” initially).

Next comes 3CX setup in the cloud. A free 3CX account is created for one year, and the system is configured to self-host on AWS. The AWS credentials from the IAM user (access key ID from the downloaded CSV) are entered so 3CX can spin up the server automatically. Region alignment matters: 3CX must deploy into the same AWS region where the key pair exists. Once the server is created, the PBX becomes reachable via a 3CX domain, and extensions can be added using the 3CX app (soft phones) and additional devices like tablets or hard phones.

To make the system usable for business calls, a public phone number is required—extensions alone can’t serve as a business line. Amazon Chime is used for SIP trunking: a toll-free number is provisioned, then a Voice Connector is created to connect Chime to the 3CX PBX. The connector is configured for outbound calling by allowing the 3CX server’s public IPv4 address (from the EC2 instance) and setting authentication credentials. Inbound routing is also defined so calls to the Chime number land on a specific 3CX destination (initially an extension).

Finally, 3CX is configured with the SIP trunk details from Chime, including the voice connector’s outbound host name and the SIP authentication username/password. Inbound tests confirm that dialing the toll-free number reaches the chosen extension. Outbound calling requires an outbound rule in 3CX that normalizes dialed numbers: calls prefixed with “9” are routed through the Chime voice connector, the leading digit is stripped, and the number is converted into E.164-style format by prepending “+1” so Amazon accepts it. A test call demonstrates outbound routing with the purchased toll-free number as caller ID.

The build is completed with an IVR (digital receptionist) in 3CX. A main line extension is created, prompts are recorded, menu options route callers to destinations like an employee extension, and inbound rules are updated so the toll-free number sends callers into the IVR. The result is a fully functional business phone system hosted in AWS, reachable from anywhere, with real inbound/outbound calling through Amazon Chime and automated call handling via IVR—free for the infrastructure for a year, with the phone number as the paid component.

Cornell Notes

The setup creates a working business phone system in the cloud by combining AWS (hosting), 3CX (PBX/phone features), and Amazon Chime (a real phone number via SIP trunking). AWS’s free tier and 3CX’s one-year free plan cover the server and PBX, while Amazon Chime requires payment for the phone number and trunk service. After configuring IAM permissions, an EC2 key pair, and a Debian 9 image, 3CX self-hosts on an EC2 instance in a chosen AWS region. Amazon Chime then provisions a toll-free number and connects to the 3CX server through a Voice Connector, enabling both inbound routing to 3CX extensions and outbound calling with number normalization to E.164 format. An IVR ties it together by routing callers from the main line into menu options and employee extensions.

Why are IAM permissions and an EC2 key pair necessary before 3CX can deploy a cloud PBX?

3CX needs AWS credentials that let it create and manage an EC2 instance. The IAM user is created with programmatic access and granted full access to EC2 (via the Amazon EC2 full access policy). A key pair (PEM format) is also generated so the EC2 instance can be authenticated securely; the key pair file is downloaded and must be saved because it can’t be retrieved later. During 3CX setup, those credentials and the key pair are used to launch the server.

What cost-control choices keep the AWS portion “mostly free”?

The approach relies on AWS’s free tier for 12 months and stays within free-tier limits. It uses a free Debian 9 image from AWS Marketplace and selects a free-tier EC2 instance size (the example defaults to t2.nano). Region selection matters because the key pair exists in a specific region; 3CX must deploy into the same region (the example corrects to us-east-1).

How does Amazon Chime turn an extension-only PBX into a business phone number system?

Amazon Chime provisions a public phone number and connects it to the 3CX PBX using SIP trunking. A Voice Connector is created (business calling to voice connector), then inbound and outbound settings are configured. Inbound routing sends calls from the Chime number to a chosen 3CX destination (like an extension or IVR). Outbound calling routes calls from 3CX through the Chime voice connector to the public telephone network (PSTN).

What is the role of “allowed host list” and the EC2 public IPv4 address in the trunk setup?

The Voice Connector’s termination settings restrict which PBX servers can use the trunk. The configuration adds the 3CX server’s public IPv4 address to the allowed host list, typically using the address with a /32 mask. This ensures only calls from the specified EC2 instance are accepted for trunk termination.

Why does outbound calling require digit stripping and E.164 normalization?

3CX outbound rules route calls based on dial patterns (the example uses a rule for numbers starting with “9”). Before sending to Amazon, the dialed number must be converted into E.164 format. The example strips the leading “9” and then prepends “+1” so a dialed number like 9 + (10-digit number) becomes +1XXXXXXXXXX, matching what Amazon expects.

How does the IVR integrate with inbound calling to provide menu-based routing?

An IVR (digital receptionist) is configured in 3CX with a main line extension (e.g., 8000). Prompts are recorded and menu options are set to route callers to destinations such as an employee extension. Then the Amazon Chime inbound rule is updated so calls to the toll-free number land on the IVR extension, allowing callers to select options like “press four” to reach a specific person.

Review Questions

  1. What AWS components (IAM permissions, key pairs, EC2 images) must be prepared before 3CX can self-host successfully?
  2. Describe the inbound call flow from a toll-free number provisioned in Amazon Chime to a specific 3CX extension or IVR.
  3. In the outbound rule example, how do the dial prefix “9,” digit stripping, and E.164 formatting work together to make outbound calls succeed?

Key Points

  1. 1

    Create an AWS IAM user with programmatic access and EC2 permissions so 3CX can deploy and manage an EC2 instance.

  2. 2

    Generate and securely store an EC2 key pair (PEM); 3CX uses it for server authentication and it can’t be re-downloaded later.

  3. 3

    Use AWS Marketplace to subscribe to a Debian 9 image and keep EC2 within free-tier limits (such as t2.nano) to control costs.

  4. 4

    Provision a public phone number in Amazon Chime and connect it to the 3CX PBX via a Voice Connector to enable real inbound/outbound calling.

  5. 5

    Configure trunk security by adding the 3CX EC2 instance public IPv4 address to the Voice Connector allowed host list.

  6. 6

    Set up 3CX inbound routing so the Chime number forwards to an extension or IVR, and set up outbound rules with number normalization to E.164 format.

  7. 7

    Add a 3CX IVR (digital receptionist) and point the Chime inbound rule at the IVR extension to provide menu-based call handling.

Highlights

The “mostly free” model works by pairing AWS free-tier hosting and a one-year free 3CX plan, then paying only for the phone number/trunk service.
Region alignment is critical: 3CX must deploy into the same AWS region where the EC2 key pair and resources exist.
Outbound calling succeeds only after converting dialed numbers into E.164-style format (strip the “9,” then prepend “+1” in the example).
Amazon Chime’s Voice Connector acts as the bridge between the public phone network and the cloud PBX, enabling both inbound routing and outbound caller-ID behavior.
An IVR can be wired directly into the inbound rule so the toll-free number immediately offers menu options and routes to employee extensions.

Topics

  • AWS Free Tier Setup
  • 3CX Cloud PBX
  • Amazon Chime SIP Trunk
  • EC2 Key Pair
  • IVR Digital Receptionist

Mentioned

Get summaries like this for any content

Videos, articles, research papers — all summarized by AI and searchable in one place.

Start building your library