NetPilot
Back to Blog
Guide7 min

Running Cisco CML in the Cloud — and Why It's Harder Than It Should Be

Cisco CML on AWS means bring-your-own instance, bring-your-own license, an ISO in a bucket, and local Terraform. Here's the real setup — and the cloud-native alternative.

D
David Kim
DevOps Engineer

"Cisco CML on AWS" and "Cisco CML online" are common searches for a reason: nobody wants a 32 GB nested-virtualization VM pinned to their laptop. The catch is that running CML in the cloud isn't a hosted service you log into — it's a do-it-yourself stack you stand up, license, and pay to keep running. Here's what it actually takes, and where a genuinely cloud-native lab differs.

Bottom line: CML in the cloud is bring-your-own EC2 instance, bring-your-own license, a reference-platform ISO staged in a bucket, and Terraform you run locally — there's no pay-as-you-go CML. As of 2026, NetPilot is the cloud-native, browser-based alternative: describe a multi-vendor lab in plain English and it deploys in about two minutes, no instance or license to manage.

How "CML in the cloud" actually works

Cisco publishes a path to run CML on AWS (and Azure), and the community maintains Terraform around it. The pipeline looks like this:

  1. Bring your own instance. CML needs nested virtualization, which on AWS means a bare-metal (.metal) EC2 instance — not a cheap general-purpose VM. You size it for your node count and you pay for it the whole time it's running.
  2. Bring your own license. There's no consumption / pay-as-you-go model. You still buy a CML license (Personal, Personal Plus, or Enterprise) and register the cloud instance against it.
  3. Stage the reference-platform ISO. The CML refplat ISO (the device images) has to be uploaded to an S3 bucket so the instance can pull it at boot.
  4. Run Terraform locally. The automation that builds the instance, networking, and bootstrap runs from your machine — you're managing cloud infrastructure, not just a lab.

None of this is unreasonable for a team that wants official Cisco images on infrastructure they control. But it's hours of plumbing before you configure a single router, and the meter is running the entire time.

The friction people actually hit

  • It's not hosted. You own the instance lifecycle. Forget to tear it down and a bare-metal instance bills around the clock — the reason one widely shared write-up described cloud CML as "another mortgage payment."
  • It's resource-heavy. CML can peg most of a CPU on a small lab; bigger topologies need bigger (pricier) metal instances.
  • It's still Cisco-only. All that cloud effort gets you Cisco IOS/IOS-XE/IOS-XR/NX-OS — no Juniper, Arista, Nokia, or Palo Alto in the same topology.
  • Setup is repeated tax. Spin up, license, load the ISO, Terraform, and tear down — every time, unless you leave it (and the bill) running.

Cloud-native, the other way

The reason CML is hard to put in the cloud is that it was built as a local VM. A platform built cloud-first doesn't have any of those steps. NetPilot runs labs on managed cloud infrastructure with an AI agent in front:

  • No instance, no license, no Terraform, no ISO. Open a browser tab and describe the lab.
  • Two-minute deploy. The agent designs the topology, writes the per-vendor configs, and brings it up — then you SSH into real CLIs.
  • Multi-vendor by default. Nokia SR Linux, FRR, and Linux are built in; Cisco IOL, Juniper cRPD, Arista cEOS, Palo Alto, Fortinet, and SONiC run via bring-your-own-image (BYOI) — upload once and NetPilot auto-builds it.
  • Nothing left running. Labs are ephemeral — spin one up, use it, tear it down, no metal instance billing in the background.

"Spin up a 3-site BGP lab with a Cisco core and a Juniper edge, run a failover test, then tear it down."

That prompt is the whole workflow — no EC2 to size, no license to register, no bucket to stage.

When you do need official Cisco images on your own cloud account (compliance, data residency, a Cisco-only mandate), running CML on AWS is the right tool. For everything else, a cloud-native emulator skips the entire stack. NetPilot's enterprise plan also offers a self-hosted / on-prem deployment if local hosting is a hard requirement — multi-vendor, AI-driven, without the per-instance plumbing.

FAQ

Can I run Cisco CML in the cloud?

Yes, on AWS or Azure — but it's self-managed: a bare-metal instance (for nested virtualization), your own CML license, the refplat ISO in a storage bucket, and Terraform you run locally. It's not a hosted, log-in-and-go service.

Is there a pay-as-you-go or hosted Cisco CML?

Not from Cisco — there's no consumption-based CML license, and the cloud instance is yours to run and pay for. For a hosted, browser-based experience with no license or instance to manage, NetPilot is the cloud-native option; for self-managed ContainerLab in the cloud see ContainerLab in the Cloud.

What are the requirements to run CML on AWS?

A nested-virtualization-capable (bare-metal) EC2 instance sized to your node count, a valid CML license registered to it, the CML reference-platform ISO in an S3 bucket, and the Terraform/automation to provision it. Expect server-grade resources and steady instance cost while it runs.

Copy-paste ready: Browse the example-prompts library — multi-vendor labs that deploy in ~2 minutes, no instance or license required.

Want cloud labs without the cloud plumbing? See the Cisco CML alternative, run an online network lab, or read Why Cloud Network Labs Are Replacing EVE-NG Servers. Try NetPilot — describe a lab and get real CLIs in minutes.

Try NetPilot Free

Build enterprise-grade network labs in seconds with AI assistance

Get Started Free