diff --git a/aws_crowd_dc_node.yml b/aws_crowd_dc_node.yml
new file mode 100644
index 0000000..f2755e0
--- /dev/null
+++ b/aws_crowd_dc_node.yml
@@ -0,0 +1,21 @@
+---
+- hosts: aws_node_local
+  become: true
+
+  vars:
+    # See group_vars/aws_node_local.yml, which pull vars from the environment.
+    atl_product_family: "crowd"
+    atl_product_user: "crowd"
+    atl_product_edition: "crowd"
+    atl_use_system_jdk: true
+    atl_download_format: "tarball"
+
+  roles:
+    - role: linux_common
+    - role: aws_common
+    - role: aws_efs_config
+    - role: product_common
+    - role: product_install
+    - role: database_init
+    - role: crowd_config
+    - role: product_startup
diff --git a/bin/install-ansible b/bin/install-ansible
index b7d1736..a6da6bf 100755
--- a/bin/install-ansible
+++ b/bin/install-ansible
@@ -11,6 +11,7 @@ set -e
 # pip. This may need some logic if other distros are added. Note:
 # Parsing /etc/os-release is probably a good starting point for that.
 ./bin/pacapt install --noconfirm python-pip
+export PATH=$PATH:/usr/local/bin
 
 # See Pipfile and Pipfile.lock.
 pip install pipenv
diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml
index b4ed155..ab854c1 100644
--- a/group_vars/aws_node_local.yml
+++ b/group_vars/aws_node_local.yml
@@ -24,6 +24,7 @@ atl_product_shared_home_map:
   confluence: "confluence/shared-home"
   jira: "jira/shared"
   stash: "bitbucket/shared"
+  crowd: "crowd/shared"
 atl_product_home_shared: "{{ atl_shared_mountpoint }}/{{ atl_product_shared_home_map[atl_product_family] }}"
 atl_product_shared_plugins: "{{ atl_product_home_shared }}/plugins/installed-plugins"
 
diff --git a/roles/crowd_config/defaults/main.yml b/roles/crowd_config/defaults/main.yml
new file mode 100644
index 0000000..fefbb04
--- /dev/null
+++ b/roles/crowd_config/defaults/main.yml
@@ -0,0 +1,45 @@
+---
+
+atl_jvm_heap: "512m"
+
+atl_catalina_opts: ""
+atl_catalina_opts_extra: >-
+  -XX:+UseG1GC
+  -XX:+PrintAdaptiveSizePolicy
+  -Xloggc:{{ atl_product_installation_versioned }}/apache-tomcat/logs/`date +%F_%H-%M-%S`-gc.log
+  -XX:+PrintGCDetails
+  -XX:+PrintGCDateStamps
+  -XX:+PrintGCCause
+  -XX:+UseGCLogFileRotation
+  -XX:NumberOfGCLogFiles=10
+  -XX:GCLogFileSize=5M
+  -XX:+PrintTenuringDistribution
+  -Dfile.encoding=UTF-8
+
+atl_tomcat_acceptcount: "10"
+atl_tomcat_connectiontimeout: "20000"
+atl_tomcat_contextpath: ""
+atl_tomcat_enablelookups: "false"
+atl_tomcat_port: "8080"
+atl_tomcat_maxthreads: "200"
+atl_tomcat_minsparethreads: "10"
+atl_tomcat_mgmt_port: "8020"
+atl_tomcat_protocol: "HTTP/1.1"
+atl_tomcat_redirectport: "8443"
+atl_tomcat_scheme: "http"
+atl_tomcat_secure: "true"
+
+atl_proxy_port: "443"
+
+atl_db_minidle: '10'
+atl_db_maxidle: '20'
+atl_db_poolminsize: '20'
+atl_db_poolmaxsize: '100'
+
+atl_db_maxwaitmillis: '30000'
+atl_db_minevictableidletimemillis: '5000'
+atl_db_removeabandoned: 'true'
+atl_db_removeabandonedtimeout: '300'
+atl_db_testwhileidle: 'true'
+atl_db_testonborrow: 'false'
+atl_db_timebetweenevictionrunsmillis: '30000'
diff --git a/roles/crowd_config/tasks/main.yml b/roles/crowd_config/tasks/main.yml
new file mode 100644
index 0000000..976718d
--- /dev/null
+++ b/roles/crowd_config/tasks/main.yml
@@ -0,0 +1,84 @@
+---
+
+- name: Create server config
+  template:
+    src: server.xml.j2
+    dest: "{{ atl_product_installation_versioned }}/apache-tomcat/conf/server.xml"
+
+- name: Override JVM memory settings.
+  # Ugly but necessary as the product installs this file so we need to make the change here.
+  lineinfile:
+    path: "{{ atl_product_installation_versioned }}/apache-tomcat/bin/setenv.sh"
+    backrefs: true
+    regexp: "^{{ item }}="
+    line: "{{ item }}=\"{{ atl_jvm_heap }}\""
+  with_items:
+    - 'JVM_MINIMUM_MEMORY'
+    - 'JVM_MAXIMUM_MEMORY'
+
+- name: Set Crowd home directory in crowd-init.properties file
+  lineinfile:
+    path: "{{ atl_product_installation_versioned }}/crowd-webapp/WEB-INF/classes/crowd-init.properties"
+    line: 'crowd.home="{{ atl_product_home }}"'
+
+- name: Set the Tomcat environment
+  lineinfile:
+    path: "{{ atl_product_installation_versioned }}/apache-tomcat/bin/setenv.sh"
+    insertafter: "EOF"
+    line: 'export CATALINA_OPTS="${CATALINA_OPTS} {{ atl_catalina_opts }} {{ atl_catalina_opts_extra }}"'
+
+- name: Set JAVA_HOME
+  lineinfile:
+    path: "{{ atl_product_installation_versioned }}/apache-tomcat/bin/setenv.sh"
+    insertafter: "EOF"
+    line: 'export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.201.b09-0.amzn2.x86_64'
+
+- name: Create application directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+  with_items:
+    - "{{ atl_product_home }}"
+    - "{{ atl_product_home_shared }}"
+    - "{{ atl_product_shared_plugins }}"
+  changed_when: false  # For Molecule idempotence check
+
+
+- name: Limit permissions on the installation directory
+  file:
+    path: "{{ atl_product_installation_versioned }}"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+    mode: "u=rwX,g=rX,o=rX"
+    recurse: true
+  with_items:
+    - "{{ atl_installer_temp }}"
+    - "{{ atl_product_installation_versioned }}"
+    - "{{ atl_product_version_cache_dir }}"
+  changed_when: false  # For Molecule idempotence check
+
+- name: Grant access to the product working directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "u=rwX,g=rX,o-rwx"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+    recurse: true
+  with_items:
+    - "{{ atl_product_installation_versioned }}/apache-tomcat/logs"
+    - "{{ atl_product_installation_versioned }}/apache-tomcat/temp"
+    - "{{ atl_product_installation_versioned }}/apache-tomcat/work"
+  changed_when: false  # For Molecule idempotence check
+
+- name: Symlink Crowd shared home directory
+  file:
+    src: "{{ atl_product_home_shared }}"
+    dest: "{{ atl_product_home }}/shared"
+    state: link
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+  changed_when: false  # For Molecule idempotence check
diff --git a/roles/crowd_config/templates/server.xml.j2 b/roles/crowd_config/templates/server.xml.j2
new file mode 100644
index 0000000..6f9751b
--- /dev/null
+++ b/roles/crowd_config/templates/server.xml.j2
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<Server port="{{ atl_tomcat_mgmt_port }}" 
+        shutdown="SHUTDOWN">
+
+    <Service name="Catalina">
+
+        <Connector acceptCount="{{ atl_tomcat_acceptcount }}" 
+                   connectionTimeout="{{ atl_tomcat_connectiontimeout }}" 
+                   disableUploadTimeout="true" 
+                   enableLookups="{{ atl_tomcat_enablelookups }}" 
+                   maxHttpHeaderSize="8192" 
+                   maxThreads="{{ atl_tomcat_maxthreads }}" 
+                   minSpareThreads="{{ atl_tomcat_minsparethreads }}" 
+                   port="{{ atl_tomcat_port }}" 
+                   redirectPort="{{ atl_tomcat_redirectport }}" 
+                   useBodyEncodingForURI="true" 
+                   URIEncoding="UTF-8" 
+                   compression="on" 
+                   sendReasonPhrase="true" 
+                   compressableMimeType="text/html,text/xml,application/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript" 
+                   secure="{{ atl_tomcat_secure }}" 
+                   scheme="{{ atl_tomcat_scheme }}" 
+                   proxyName="{{ atl_proxy_name }}" 
+                   proxyPort="{{ atl_proxy_port }}" 
+                   protocol="{{ atl_tomcat_protocol }}">
+        </Connector>
+
+        <Engine defaultHost="localhost" 
+                name="Catalina">
+            <Host appBase="webapps" 
+                  autoDeploy="true" 
+                  name="localhost" 
+                  unpackWARs="true">
+              <Context path="{{ atl_tomcat_contextpath }}" 
+                       docBase="../../crowd-webapp" 
+                       debug="0">
+                       <Manager pathname="">
+                       </Manager>
+              </Context>
+            </Host>
+        </Engine>
+
+        <!-- To connect to an external web server (typically Apache) -->
+        <!-- Define an AJP 1.3 Connector on port 8009 -->
+        <!--
+            <Connector port="8009" 
+                       enableLookups="{{ atl_tomcat_enablelookups }}" 
+                       redirectPort="{{ atl_tomcat_redirectport }}" 
+                       protocol=""AJP/1.3"" />
+        -->
+        <Connector port="{{ atl_tomcat_redirectport }}" 
+                   protocol="{{ atl_tomcat_protocol }}" 
+                   relaxedPathChars="[]|" 
+                   relaxedQueryChars='[]|{}^\`"&lt;&gt;' 
+                   maxHttpHeaderSize="65536" 
+                   URIEncoding="UTF-8" 
+                   connectionTimeout="{{ atl_tomcat_connectiontimeout }}" 
+                   useBodyEncodingForURI="true" 
+                   compression="on" 
+                   compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript">
+        </Connector>
+    </Service>
+
+    <!-- Security listener. Documentation at /docs/config/listeners.html
+    <Listener className="org.apache.catalina.security.SecurityListener" />
+    -->
+    <!--APR library loader. Documentation at /docs/apr.html -->
+    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"></Listener>
+    <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"></Listener>
+    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"></Listener>
+    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"></Listener>
+
+</Server>
diff --git a/roles/product_install/tasks/crowd_extra_tasks.yml b/roles/product_install/tasks/crowd_extra_tasks.yml
new file mode 120000
index 0000000..55832eb
--- /dev/null
+++ b/roles/product_install/tasks/crowd_extra_tasks.yml
@@ -0,0 +1 @@
+no_op.yml
\ No newline at end of file
diff --git a/roles/product_install/tasks/crowd_version_latest.yml b/roles/product_install/tasks/crowd_version_latest.yml
new file mode 120000
index 0000000..d80ce2f
--- /dev/null
+++ b/roles/product_install/tasks/crowd_version_latest.yml
@@ -0,0 +1 @@
+product_version_latest.yml
\ No newline at end of file
diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml
index 5dcc2fc..77371fa 100644
--- a/roles/product_install/tasks/main.yml
+++ b/roles/product_install/tasks/main.yml
@@ -1,5 +1,6 @@
 ---
 
+
 - name: Check for existing version cache file
   stat:
     path: "{{ atl_product_version_cache }}"
@@ -99,7 +100,6 @@
 
 ######################################################################
 
-
 - name: Perform any additional per-edition version setup
   include_tasks: "{{ atl_product_edition }}_extra_tasks.yml"
 
@@ -118,7 +118,6 @@
     - "{{ atl_product_version_cache_dir }}"
   changed_when: false  # For Molecule idempotence check
 
-
 # At this point atl_product_version should be set, cache if necessary.
 - name: Write override cached version when specified
   template:
@@ -126,6 +125,7 @@
     dest: "{{ atl_product_version_cache }}"
     force: true
 
+
 # Note: We don't the cache binary in the shared drive to the complexity
 # around download race-conditions if multiple nodes are starting at
 # the same time. When downloading from product-downloads.atlassian.com
diff --git a/roles/product_startup/defaults/main.yml b/roles/product_startup/defaults/main.yml
index dee6aae..1261a60 100644
--- a/roles/product_startup/defaults/main.yml
+++ b/roles/product_startup/defaults/main.yml
@@ -5,11 +5,12 @@ atl_startup_enable: true
 atl_startup_restart: true
 
 atl_startup_script_map:
-  jira: "start-jira.sh"
-  confluence: "start-confluence.sh"
-  stash: "start-bitbucket.sh"
+  jira: "/bin/start-jira.sh"
+  confluence: "bin/start-confluence.sh"
+  stash: "bin/start-bitbucket.sh"
+  crowd: "start_crowd.sh"
 
-atl_startup_exec_path: "{{ atl_product_installation_current }}/bin/{{ atl_startup_script_map[atl_product_family] }}"
+atl_startup_exec_path: "{{ atl_product_installation_current }}/{{ atl_startup_script_map[atl_product_family] }}"
 atl_startup_exec_options: ["-fg"]
 atl_startup_systemd_params: []