Step 1: Create a Virtual Private Cloud (VPC)

To create a Virtual Private Cloud for PhotoMesh production, configure a VPC and then create a security group.

See: What is Amazon VPC in Amazon’s AWS documentation for more information.

Configuring a VPC

1.      Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

2.      On the dashboard choose Launch VPC Wizard.

3.      Choose the first option, VPC with a Single Public Subnet, and then choose Select.

Note:       If you want to use multiple subnets, they should be configured in this step.

4.      On the configuration page, enter the following information:

a.      VPC name: PM VPC.

b.      Public subnet’s IPv4 CIDR: Change X.X.X.X/24 to X.X.X.X/22 (E.g., The default 10.0.0.0/22).
This allows up to 1019 instances on your network.

c.      Subnet name: PM Subnet.

5.      Click Create VPC.

6.      In the navigation pane, choose Subnets.

7.      Select PM subnet, choose Actions, and then Modify Auto-Assign IP Settings.

8.      Select the Enable Auto-assign Public IPv4 address check box.

9.      Click Save.

Creating a Security Group

See: Create a Security Group in Amazon’s AWS documentation for more information.

1.      Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

2.      In the navigation pane, choose Security Groups.

3.      Choose Create Security Group.

4.      In the Security group name field, enter PM_SG as the name of the security group, and type a description.

5.      Select the ID of your PM VPC from the VPC menu, and then choose Create.

6.      Select the PM_SG security group that you just created (you can view its name in the Group Name column).

7.      Click Actions and then select Edit inbound rules.

8.      On the Inbound Rules tab, click Add rule and input the parameters as follows below. Click Save Rules when you're done:

a.      Select RDP (Remote Desktop Protocol) from the Type list, and enter your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0.

b.      Choose Add Rule, and select SSH from the Type list. Then enter your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0.

c.      Choose Add Rule, select Custom TCP Rule from the Type list, and enter 5900-5901 (default VNC ports) in the Port Range field. Then enter your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0.

Note:       For the rules above, when you use 0.0.0.0/0 for the Source field, you enable all IP addresses to access your instance using RDP, SSH, or VNC. This is suitable for a short exercise, but it is unsafe for production environments. In production, you will want to authorize only a specific IP address or range of addresses to access your instance.

d.      Choose Add Rule, select Custom TCP Rule, from the Type list, and enter 445 in the Port Range field. In the Source field, start typing sg, and select the group ID of your security group.

Note:   You can also add another identical rule for your network’s IP address range, to allow file sharing directly from your computer. If you don't know this address range, you can use 0.0.0.0/0, but keep in mind that this will enable all IP addresses to access your instance using file sharing. This is suitable for a short exercise, but it is unsafe for production environments. In production, you will want to authorize only a specific IP address or range of addresses to access your instance.