Setting up an Amazon EC2 environment requires you to create a VPC as a target location in an Amazon Region for application deployments. You must configure this VPC for vCloud Application Director applications to be deployed.

For deployments to Amazon EC2, NICs on the external networks receive Elastic IP addresses. In addition, a new security group is created for each deployment to allow communication between the instances in the deployment. This security group allows external access to 80, 8080, 8081, 8443, and 22 ports. For any other ports that you need to open, use the Amazon EC2 management console to locate the new security group and add the appropriate rules.

Set up an Amazon AWS user account.

Amazon defines the default limits for the number of Amazon EC2 instances, the number of Elastic IP addresses for an account, and the number of API calls. Contact Amazon support to request an increase in the instance, Elastic IP address, or API call limit. For more information on Amazon EC2, see Amazon AWS Documentation.


Log in to the AWS Management Console using your AWS user account.


On the AWS Identity and Access Management (IAM) Dashboard, set up a new user with either an Administrator Access or Power User Access user privilege and generate an access key for this user.

You can also set up an access key with the master AWS user account without setting up a new IAM user.


Download and save this access key for later use with vCloud Application Director.


To log in the deployed virtual machines in Amazon EC2, generate an SSH key-pair called titan_keypair and save the corresponding private key.


Create a VPC: On the VPC Dashboard of the AWS Management Console, create a VPC with a public subnet and a private subnet.


Use the wizard option to create a VPC with public and private subnets.

Two subnets are created whose instances have access to the Internet. The subnets are useful for downloading content during the application deployment.


Specify an Availability Zone for the subnets.

You can use the same Availability Zone for both subnets.


Use the titan_keypair SSH key-pair.

You can also use your own key-pair.


In the VPC, create a security group called EndpointAccess and set inbound and outbound port access rules.

Port Access

Source or Destination

Inbound 22

Inbound ALL


Outbound ALL

(Optional) Inbound 2222

Create a Linux virtual machine in your VPC. See Create an Endpoint VM.