Step 1: Manual Deployment - Create a Virtual Private Cloud (VPC)

To create a Virtual Private Cloud for PhotoMesh production, configure a VPC and then create a security group.

See: What is Amazon VPC in Amazon’s AWS documentation for more information.

Configuring a VPC

1.      Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

2.      On the dashboard choose Create VPC.

3.      On the configuration page, enter the following information:

a.      VPC settings: VPC and more

b.      Name tag auto-generation: PM VPC

c.      IPv4 CIDR block: X.X.X.X/16
This leaves 65,536 6 available addresses.

d.      Tenancy: default

e.      Number of Availability Zones (AZs): 1

f.       Number of public subnets: 1

g.      Number of private subnets:0

h.      Customize subnets CIDR blocks: Public subnet CIDR block: Change X.X.X.X/26 to X.X.X.X/22 (E.g., The default 10.0.0.0/22). This allows up to 1,024  instances on your network.

i.        NAT gateways ($): none

j.        VPC endpoints: none

k.      DNS Options: Enable DNS hostnames and DNS resolution.

4.      Click Create VPC.

5.      In the navigation pane, choose Subnets.

6.      Select PM VPC subnet (E.g., PM VPC-subnet-public1-us-east-1a), choose Actions, and then Edit Subnet Settings.

7.      Select the Enable Auto-assign Public IPv4 address check box.

Note:       Enabling the Auto-assign Public IPv4 address option will result in additional charges. For more information, see the AWS documentation on public IPv4 address charges.

8.      Click Save.

Creating a Security Group

See: Create a Security Group in Amazon’s AWS documentation for more information.

1.      Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

2.      In the navigation pane, choose Security Groups.

3.      Choose Create Security Group.

4.      In the Security group name field, enter PM_SG as the name of the security group, and type a description.

5.      Select the ID of your PMVPC from the VPC menu, and then choose Create.

6.      Select the PM_SG security group that you just created (you can view its name in the Group Name column).

7.      Choose Inbound rules and click Add rule and input the parameters as follows below. Click Save Rules when you're done:

a.      Select RDP (Remote Desktop Protocol) from the Type list, and select your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0.

b.      Choose Add Rule, and select SSH from the Type list. Then enter your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0.

c.      Choose Add Rule, select Custom TCP Rule from the Type list, and enter 5900-5901 (default VNC ports) in the Port Range field. Then enter your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0.

Note:       For the rules above, when you use 0.0.0.0/0 for the Source field, you enable all IP addresses to access your instance using RDP, SSH, or VNC. This is suitable for a short exercise, but it is unsafe for production environments. In production, you will want to authorize only a specific IP address or range of addresses to access your instance.

d.      Choose Add Rule, select Custom TCP Rule, from the Type list, and enter 445 in the Port Range field. In the Source field, start typing sg, and select the group ID of your security group.

Note:   You can also add another identical rule for your network’s IP address range, to allow file sharing directly from your computer. If you don't know this address range, you can use 0.0.0.0/0, but keep in mind that this will enable all IP addresses to access your instance using file sharing. This is suitable for a short exercise, but it is unsafe for production environments. In production, you will want to authorize only a specific IP address or range of addresses to access your instance.