My company created two PHP-extension for InterSystems.

openexchange.intersystems.com/package/PHP-module-for-IRIS
openexchange.intersystems.com/package/PHP-module-for-Caché

No problem with security. You need run in AWS proxy-server like NGINX with multiple security settings and resctrictions
and run apache on the same host where located InterSystems.

NGINX and Apache will be connected by security and protected channel.

Commercional support and development new functions available.

Article with detail of use PHP-module for InterSystems.

I'm expert in NGINX and PHP for InterSystems.

1. My steps:

docker exec -it my-iris iris session IRIS

Log in with these predefined credentials:

Node: 8a6940088a16, Instance: IRIS
Username: _SYSTEM
Password: SYS

For security, these credentials (and the other predefined accounts) are immediately expired the first time you use them, and you are required to change the password.

After changing password I see non-removable and non-breakable "USER>"

2. I found decision of this problem.

After  this "apt-get update" it's possible install other packages.