Create a Linux virtual machine in Amazon EC2 called Endpoint VM in your VPC to deploy applications using Application Services.

About this task

An Application Services appliance can work with multiple Endpoint VMs. However, an Endpoint VM can only be designated as an endpoint of an Amazon Region, VPC, and Availability Zone for a single Application Services appliance.



  1. Install one Endpoint VM in each VPC to manage using Application Services.
  2. Create an Amazon-based CentOS virtual machine on the external subnet.
    1. Use either the amazon/ami-vpc-nat-1.0.0-beta.i386-ebs AMI or the amazon/ami-vpc-nat-1.0.0-beta.x86_64-ebs AMI.

      The AMI is preconfigured to act as an IP masquerade device.

    2. Use the EndpointAccess security group for this virtual machine.
  3. Set an Elastic IP address for use in the VPC and assign the IP address to the Endpoint VM.
  4. Use an OpenSSH client to log in to the Endpoint VM with the Elastic IP address and the private key.
     ssh -i PathToPrivateKeyFile ec2-user@ApplicationDirectorEndpointVM
  5. In the CLI, open the /etc/ssh/sshd_config configuration file, add the GatewayPorts yes, ClientAliveInterval 30, and ClientAliveCountMax 3 lines.
  6. (Optional) If the outbound SSH is blocked by your corporate firewall, ask your firewall administrator to set an alternative port to 2222 for SSH traffic.

    Add the line Port 2222 to the /etc/ssh/sshd_config configuration file.

  7. Restart the SSH daemon.
    sudo service sshd restart
  8. Create an iptable rule to reroute the internal port 80 access to 8080.
    sudo iptables -t nat -I PREROUTING --source 0/0 --destination internal-ip-address-of-endpoint-vm -p tcp --dport 80 -j REDIRECT 
    --to-ports 8080
  9. Log out of the Endpoint VM.

What to do next

Set up a cloud tunnel for Amazon EC2 deployments to communicate with the Application Services server. See Create a Cloud Tunnel to Connect to Amazon EC2.