Step 1: Create a Virtual Private Cloud (VPC)

To create a Virtual Private Cloud for PhotoMesh production, configure a VPC and then create a security group.

See: What is Amazon VPC in Amazon’s AWS documentation for more information.

Configuring a VPC

1.     Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

2.     On the dashboard choose Create VPC.

3.     On the configuration page, enter the following information:

a.     VPC settings: VPC and more

b.     Name tag auto-generation: PM VPC

c.     IPv4 CIDR block: Change X.X.X.X/16 to X.X.X.X/22 (E.g., The default 10.0.0.0/22).
This allows up to 1019 instances on your network

d.     Number of Availability Zones (AZs): 1

e.     Number of public subnets: 1

f.      Number of private subnets:0

g.     Customize subnets CIDR blocks: Public subnet CIDR block: Change X.X.X.X/26 to X.X.X.X/22 (E.g., The default 10.0.0.0/22). This allows up to 1019 instances on your network

h.     NAT gateways ($): none

i.      VPC endpoints: none

4.     Click Create VPC.

5.     In the navigation pane, choose Subnets.

6.     Select PM VPC subnet (E.g., PM VPC-subnet-public1-us-east-1a), choose Actions, and then Edit Subnet Settings.

7.     Select the Enable Auto-assign Public IPv4 address check box.

Note:        Enabling the Auto-assign Public IPv4 address option will result in additional charges. For more information, see the AWS documentation on public IPv4 address charges.

8.     Click Save.

Creating a Security Group

See: Create a Security Group in Amazon’s AWS documentation for more information.

1.     Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

2.     In the navigation pane, choose Security Groups.

3.     Choose Create Security Group.

4.     In the Security group name field, enter PM_SG as the name of the security group, and type a description.

5.     Select the ID of your PM VPC from the VPC menu, and then choose Create.

6.     Select the PM_SG security group that you just created (you can view its name in the Group Name column).

7.     Click Actions and then select Edit inbound rules.

8.     On the Inbound Rules tab, click Add rule and input the parameters as follows below. Click Save Rules when you're done:

a.     Select RDP (Remote Desktop Protocol) from the Type list, and enter your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0.

Note:        You can find your network’s public IP address here

b.     Choose Add Rule, and select SSH from the Type list. Then enter your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0.

c.     Choose Add Rule, select Custom TCP Rule from the Type list, and enter 5900-5901 (default VNC ports) in the Port Range field. Then enter your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0.

Note:        For the rules above, when you use 0.0.0.0/0 for the Source field, you enable all IP addresses to access your instance using RDP, SSH, or VNC. This is suitable for a short exercise, but it is unsafe for production environments. In production, you will want to authorize only a specific IP address or range of addresses to access your instance.

d.     Choose Add Rule, select Custom TCP Rule, from the Type list, and enter 445 in the Port Range field. In the Source field, start typing sg, and select the group ID of your security group.

Note:    You can also add another identical rule for your network’s IP address range, to allow file sharing directly from your computer. If you don't know this address range, you can use 0.0.0.0/0, but keep in mind that this will enable all IP addresses to access your instance using file sharing. This is suitable for a short exercise, but it is unsafe for production environments. In production, you will want to authorize only a specific IP address or range of addresses to access your instance.