cloudsoft.io

Launch from Marketplace

Visual Composer is available in the AWS Marketplace.

Important: For best results, DO NOT USE the “Launch from Website” option and follow the instructions below. This allows IAM Roles to be configured, so that the Visual Composer can populate drop-downs such as AMIs and VPCs from your environment. If you do use Launch from Website, you can subsequently add an IAM Role to the EC2 Instance.

Finding the product in the AWS Marketplace

To choose the Visual Composer from the AWS Marketplace:

  1. Locate the Cloudsoft Visual Composer from the AWS Marketplace.
  2. From this product page, press the “Continue to Subscribe” button.
  3. From the Subscription page press the “Continue to Configuration” button.

Choose Version and Location

On the “Configure this software” page, select “64-bit Amazon Machine Image (AMI)” as your Fulfillment Option, choose the most recent version of Visual Composer, and choose your region.

Marketpace - configure this software

Then click “Continue to Launch”.

Launch Through EC2

In the “Launch this Software” page, choose the action “Launch through EC2”.

Marketpace - launch this software

Click “Launch” to go to the EC2 launch page (note this will not yet launch the instance).

Choose an Instance Type

Choose the instance type - we recommend t3.medium.

Marketpace - choose an instance type

Click “Next: Configure Instance Details”.

Configure Instance Details

This screen is the reason we have used “Launch through EC2” instead of 1-click setup. There are some settings you can specify on this screen, unavailable through 1-click, that improve the functionality of your Visual Composer instance.

Marketpace - configure instance details

We recommend the following configuration: * “Number of instances”: leave as default (1, unless you want multiple instances) * “Purchasing option”: leave as default (i.e. unchecked) * “Network”: choose a VPC that will allow you to access the https endpoint of your new instance. * “Subnet”: choose a subnet that will allow you to access the https endpoint of your new instance. A common case is for this to be a public subnet, where the instance has a public IP for direct access. Alternatively, you may have VPN connections already configured, in which case an appropriate subnet can be used. * “Auto-assign public IP”: this depends very much on the account’s network setup (see above). A common case is to enable this. * “Placement Group”: use the default (i.e. not enabled) * “Capacity Reservation”: use the default (i.e. “Open”) * “IAM Role”: See the section below. * “Shutdown behaviour”: use the default (i.e. “Stop”). * “Enable termination protection”: we suggest you enable this. * “Monitoring”: we suggest enabling this. * “Tenancy”: use the default (i.e. “shared hardware instance”) * T2/T3 Unlimited: we recommend you enable this.

Warning: Do not continue with the launch until a new IAM Role is created and selected for the instance. See the below section on completing this.

Setting up a new IAM Role

The IAM Role gives permissions for the Visual Composer instance to perform AWS queries. This is used to provide context assistance, such as showing dropdowns of available VPCs, image ids, etc.

Using “Create new IAM role” Wizard

The “Create new IAM role” option on this screen allows a new role to be created. Follow that link. It normally opens in a new tab.

This lists the existing roles. Click the “Create role” button.

Choose “EC2” as the service that will use this role, then “Next: permissions”.

Marketpace - create role ec2

Click the “Create policy” button to define an IAM policy with the required permissions. This normally opens in a new tab.

You can switch to the JSON view, and paste the policy below, then click “Review policy”.

Marketpace - create policy json

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:DescribeVpcs",
                "ec2:DescribeSubnets",
                "ec2:DescribeInternetGateways",
                "ec2:DescribeEgressOnlyInternetGateways",
                "ec2:DescribeVpcEndpoints",
                "ec2:DescribeNatGateways",
                "ec2:DescribeCustomerGateways",
                "ec2:DescribeVpnGateways",
                "ec2:DescribeVpnConnections",
                "ec2:DescribeRouteTables",
                "ec2:DescribeAddresses",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeNetworkAcls",
                "ec2:DescribeImages"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Sid": "ReadOnly"
        },
        {
            "Action": [
                "s3:CreateBucket",
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::visualblueprintcomposer*",
                "arn:aws:s3:::visualblueprintcomposer*/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "cloudformation:ValidateTemplate",
                "servicecatalog:CreateProduct",
                "servicecatalog:AssociateProductWithPortfolio"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Sid": "ServiceCatalogProductWriter"
        }
    ]
}

Add a policy name and description, then click “Add Policy”.

Marketpace - create policy review

Go back to the “Create role” tab, refresh the list of policies, filter for “composer”, and choose your newly created policy. Then click “Next: tags”.

Add any tags you desire, as per your organization’s tagging strategy. Then click “Next: Review”.

Add a Role name, description, and then click “Create role”.

Marketpace - create role review

Go back to the “Configure Instance Details” page (i.e. in the original tab). Click the refresh button next to IAM role, and then choose your newly created IAM Role from the dropdown.

Using CloudFormation to Create IAM Role

Alternatively, see the Using Instance Profile instructions for the required permissions, and also for how to create the instance profile using CloudFormation.

Add Storage

The next screen is for choosing the default root volume size, and attaching additional volumes.

The default size is sufficient.

Click “Next: Add Tags”.

Marketpace - add storage

Add Tags.

The next screen allows you to add any instance tags you desire, including the instance “Name” and any other tags (e.g. to associate the instance with a cost center in your organization).

Click “Next: Configure Security Group”.

Configure Security Group

The next screen is for creating a security group, or choosing an existing security group.

The minimum access required is TCP port 443 (for HTTPS), where the range of allowed IPs includes your source access.

Click “Review and Launch”.

Marketpace - configure security group

Review Instance Launch

You are now ready to launch your Visual Composer instance. Hit the Launch” button at the bottom-right.

You will be prompted for a key pair, which can later be used to ssh to the instance.

Marketpace - keypair

Your instance will now be launched. Click on the instance id link to view it in the AWS console, or the “View Instances” button to view all of your EC2 instances in that region.

Marketpace - launch status

Accessing the Instance

Once the instance has initialised, you can find its Public DNS and/or IP address via the EC2 console.

It will normally take a few minutes to start, after which you can access Visual Composer via your browser (Chrome is recommended, but other browsers are also supported). Enter the hostname or IP of the instance into a web browser, such as https://ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com.

We recommend https, but note you may have warnings about the certificate being invalid; this is normal as unless a custom certificate is installed it will not match the hostname being used. All traffic is still encrypted.

To login to the web-console, the username is admin and the and password is the AWS EC2 instance id (e.g. i-012345689abcdef).

To ssh to the instance, the username is ubuntu and the ssh key is the private key pair you set. Note that TCP port 22 (SSH) will need to be open in the security group.

If this is your debut with the Visual Composer, see the main docs here.