You must create and enable a cloud tunnel instance so that deployments in the Amazon EC2 VPC can communicate with the vCloud Application Director server.


To deploy an application to Amazon EC2, you must install the vCloud Application Director for Release Automation edition.

Your network from vCloud Application Director to the Endpoint VM should have a minimum upload bandwidth of 1Mbps for every Amazon EC2 instance that is deployed. For faster downloads, store your applications on the Amazon Simple Storage Service instead of downloading them from the vCloud Application Director appliance over the cloud tunnel.

Verify that your user account has the ROLE_CLOUD_ADMIN cloud administrator role assigned to it.

Verify that the Endpoint VM is properly set up and configured. See Configure Amazon EC2 Environment for vCloud Application Director.

Verify that the elastic IP address and the private IP address of the Endpoint VM are readily available.

Verify that the private key for the Endpoint VM is available to establish a cloud tunnel from the corporate network to the Endpoint VM.

Determine whether a proxy server is required to access Amazon EC2 from the network where vCloud Application Director is running.

The proxy server or the network must permit access to the standard SSH port 22 outside the network.

Start the vCloud Application Director CLI. See Start the CLI Remotely.


Use the SSH client to copy the downloaded private key file for the Endpoint VM to the vCloud Application Director appliance and copy the file to the /tmp directory.


In the roo shell, create a secure cloud tunnel instance.

create-cloud-tunnel --name TunnelName --description "TunnelDescription" --enabled false --externalAddress EndpointVMElasticIP 
--sshPort 22 --internalAddress EndpointVMPrivateIP --proxyUrl ProxyURl --username ec2-user --privateKeyPath PrivateKeyFilePath

You can use the --sshPort parameter to designate a port other than 22. The --proxyUrl is an optional parameter that you can specify the proxy server to use to connect to the Endpoint VM.


Enable the secure cloud tunnel connection.

enable-cloud-tunnel --name TunnelName

Confirm that the secure cloud tunnel connection is established.

test-cloud-tunnel --name TunnelName

Verifying the secure cloud tunnel connection might take a few minutes.

vCloud Application Director establishes a connection to the Endpoint VM on Amazon EC2.

Meet the virtual machine requirements and create Amazon EC2 AMIs. See Virtual Machine Requirements for Creating Amazon EC2 Custom Templates and Create Amazon EC2 Virtual Machine Templates or AMIs.

You can also manage the existing cloud tunnel connection in CLI. See Managing Cloud Tunnels.