Hosted Chroma
Chroma Cloud, our fully managed hosted service, is in early access. Fill out the survey to jump the waitlist and get the best retrieval experience. Full access coming Q1 2025.
If you are using Chroma in production, please fill out this form, and we will add you to a dedicated Slack workspace for supporting production users. This is the best place to
- Get support with building with Chroma in prod.
- Stay up-to-date with exciting new features.
- Get swag!
We would love to help you think through the design of your system, or if you would be a good fit for our upcoming distributed cloud service.
A Simple AWS Deployment#
You can deploy Chroma on a long-running server, and connect to it remotely.
There are many possible configurations, but for convenience we have provided a very simple AWS CloudFormation template to experiment with deploying Chroma to EC2 on AWS.
Chroma and its underlying database need at least 2GB of RAM, which means it won't fit on the 1gb instances provided as part of the AWS Free Tier. This template uses a t3.small EC2 instance, which costs about two cents an hour, or $15 for a full month, and gives you 2GiB of memory. If you follow these instructions, AWS will bill you accordingly.
In this guide we show you how to secure your endpoint using Chroma's native authentication support. Alternatively, you can put it behind AWS API Gateway or add your own authenticating proxy. This basic stack doesn't support any kind of authentication; anyone who knows your server IP will be able to add and query for embeddings.
By default, this template saves all data on a single volume. When you delete or replace it, the data will disappear. For serious production use (with high availability, backups, etc.) please read and understand the CloudFormation template and use it as a basis for what you need, or reach out to the Chroma team for assistance.
Step 1: Get an AWS Account#
You will need an AWS Account. You can use one you already have, or create a new one.
Step 2: Get credentials#
For this example, we will be using the AWS command line interface. There are several ways to configure the AWS CLI, but for the purposes of these examples we will presume that you have obtained an AWS access key and will be using environment variables to configure AWS.
Export the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables in your shell:
You can also configure AWS to use a region of your choice using the AWS_REGION environment variable:
Step 3: Run CloudFormation#
Chroma publishes a CloudFormation template to S3 for each release.
To launch the template using AWS CloudFormation, run the following command line invocation.
Replace --stack-name my-chroma-stack with a different stack name, if you wish.
Wait a few minutes for the server to boot up, and Chroma will be available! You can get the public IP address of your new Chroma server using the AWS console, or using the following command:
Note that even after the IP address of your instance is available, it may still take a few minutes for Chroma to be up and running.
Customize the Stack (optional)#
The CloudFormation template allows you to pass particular key/value pairs to override aspects of the stack. Available keys are:
InstanceType- the AWS instance type to run (default:t3.small)KeyName- the AWS EC2 KeyPair to use, allowing to access the instance via SSH (default: none)
To set a CloudFormation stack's parameters using the AWS CLI, use the --parameters command line option. Parameters must be specified using the format ParameterName={parameter},ParameterValue={value}.
For example, the following command launches a new stack similar to the above, but on a m5.4xlarge EC2 instance, and adding a KeyPair named mykey so anyone with the associated private key can SSH into the machine:
Step 4: Chroma Client Set-Up#
Once your EC2 instance is up and running with Chroma, all you need to do is configure your HttpClient to use the server's IP address and port 8000. Since you are running a Chroma server on AWS, our thin-client package may be enough for your application.
Step 5: Clean Up (optional).#
To destroy the stack and remove all AWS resources, use the AWS CLI delete-stack command.
Note
This will destroy all the data in your Chroma database, unless you've taken a snapshot or otherwise backed it up.
Authentication with AWS#
By default, the EC2 instance created by our CloudFormation template will run with no authentication. There are many ways to secure your Chroma instance on AWS. In this guide we will use a simple set-up using Chroma's native authentication support.
You can learn more about authentication with Chroma in the Auth Guide.
Static API Token Authentication#
Customize Chroma's CloudFormation Stack#
Security Note
Current implementation of static API token auth supports only ENV based tokens. Tokens must be alphanumeric ASCII strings. Tokens are case-sensitive.
If, for example, you want the static API token to be "test-token", pass the following parameters when creating your Chroma stack. This will set Authorization: Bearer test-token as your authentication header.
To use X-Chroma-Token: test-token type of authentication header you can set the ChromaAuthTokenTransportHeader parameter:
Client Set-Up#
Add the CHROMA_CLIENT_AUTH_CREDENTIALS environment variable to your local environment, and set it to the token you provided the server (test-token in this example):
We will use Chroma's Settings object to define the authentication method on the client.
If you are using a custom CHROMA_AUTH_TOKEN_TRANSPORT_HEADER (like X-Chroma-Token), add it to your Settings:
Observability with AWS#
Chroma is instrumented with OpenTelemetry hooks for observability. We currently only exports OpenTelemetry traces. These should allow you to understand how requests flow through the system and quickly identify bottlenecks.
Tracing is configured with four environment variables:
CHROMA_OTEL_COLLECTION_ENDPOINT: where to send observability data. Example:api.honeycomb.com.CHROMA_OTEL_SERVICE_NAME: Service name for OTel traces. Default:chromadb.CHROMA_OTEL_COLLECTION_HEADERS: Headers to use when sending observability data. Often used to send API and app keys. For example{"x-honeycomb-team": "abc"}.CHROMA_OTEL_GRANULARITY: A value from the OpenTelemetryGranularity enum. Specifies how detailed tracing should be.
To enable tracing on your Chroma server, simply pass your desired values as parameters when creating your Cloudformation stack:
Troubleshooting#
Error: No default VPC for this user#
If you get an error saying No default VPC for this user when creating ChromaInstanceSecurityGroup, head to AWS VPC section and create a default VPC for your user.