Security group
First we need to log in to AWS profile NORTH VERGINI Region
First we need to log in to AWS profile NORTH VERGINI Region
I also have cert wich will be using for HTTPs on Load balancer, check pre request part to get the certificate from your domain.
I also have cert wich will be using for HTTPs on Load balancer, check pre request part to get the certificate from your domain.
Go to Ec2 Instance:
Go to Ec2 Instance:
First we need to create security group.
First we need to create security group.
Security Group and key pairs:
Security Group and key pairs:
Go to ec2 instances then click Security group
Go to ec2 instances then click Security group
Create a security group for load balancer
Create a security group for load balancer
Give a name : vprofile-ELB-SG-------->Description: Security group for vprofile prod load balancer.--------->Vpc : choose a default one
Give a name : vprofile-ELB-SG-------->Description: Security group for vprofile prod load balancer.--------->Vpc : choose a default one
Inbound rules:
Inbound rules:
Type: HTTP -------->check port :80------->source: Anywhere (because we are public host our website)
Type: HTTP -------->check port :80------->source: Anywhere (because we are public host our website)
Add Second Inbound Rule
Add Second Inbound Rule
Type: HTTPS-------->Port: 443---->Source: Anywhere
Type: HTTPS-------->Port: 443---->Source: Anywhere
Create a security group for Tomcat
Create a security group for Tomcat
Name: vprofile-app-sg----------->Description: Security group for tomcat instances----->vpc: choose a default one
Name: vprofile-app-sg----------->Description: Security group for tomcat instances----->vpc: choose a default one
Inbound rules:
Inbound rules:
Type: custom TCP--------->Port:8080--------->Source: custom
Type: custom TCP--------->Port:8080--------->Source: custom
Choose security of load balancer
Choose security of load balancer
Description: Allow traffic from vprofile prod ELB ------>Save this.
Description: Allow traffic from vprofile prod ELB ------>Save this.
Need to add one more security group for Backend server RabbitMQ, Memcached and MySQL.
Need to add one more security group for Backend server RabbitMQ, Memcached and MySQL.
Name: vprofile-backend-sg----------->Description: Security group for vprofile-backend server--------->vpc: choose a default one
Name: vprofile-backend-sg----------->Description: Security group for vprofile-backend server--------->vpc: choose a default one
Inbound rules:
Inbound rules:
Type: MYSQL/Aurora--------->Port:3306--------->Source: custom Allow only from application security group or choose vprofile-app-sg----->Description: allow 3306 from application
Type: MYSQL/Aurora--------->Port:3306--------->Source: custom Allow only from application security group or choose vprofile-app-sg----->Description: allow 3306 from application
Two other source is working in this server:
Two other source is working in this server:
Add two more rules.
Add two more rules.
Inbound Rules:
Inbound Rules:
Type: custom Tcp--------->port:11211--------->Source: custom Allow only from application security group or choose vprofile-app-sg------->Description: Allow tomcat to connect Memcached
Type: custom Tcp--------->port:11211--------->Source: custom Allow only from application security group or choose vprofile-app-sg------->Description: Allow tomcat to connect Memcached
Inbound rules:
Inbound rules:
Type: custom tcp------->Port:5672-------->Source: custom Allow only from application security group or choose vprofile-app-sg--------------> Description: allow tomcat to connect RabbitMQ---------->Save security group
Type: custom tcp------->Port:5672-------->Source: custom Allow only from application security group or choose vprofile-app-sg--------------> Description: allow tomcat to connect RabbitMQ---------->Save security group
Now we have Three security group
Now we have Three security group
1.Load balancer
1.Load balancer
2.Backend server
2.Backend server
3.Application server
3.Application server
we need make one more change in backend security group 3 services, it will also interact each other.
we need make one more change in backend security group 3 services, it will also interact each other.
Go to backend security group
Go to backend security group
inbound ----> edit
inbound ----> edit
Inbound rules:
Inbound rules:
Type: All traffic--------->Port:All-------->Source: custom Choose its own security id or choose vprofile-backend-sg------->Description: allow internet traffic to flow on all port.--------->save the changes
Type: All traffic--------->Port:All-------->Source: custom Choose its own security id or choose vprofile-backend-sg------->Description: allow internet traffic to flow on all port.--------->save the changes
Now time to create a key pairs
Now time to create a key pairs
Left side you can find key pair click that
Left side you can find key pair click that
Create key pair--->Name: vprofile-prod-key------> Format: if your using putty choose ppk or if your using gitbash then choose pem, I am using gitbash so am choosing pem format.-------->Then click create key pair.
Create key pair--->Name: vprofile-prod-key------> Format: if your using putty choose ppk or if your using gitbash then choose pem, I am using gitbash so am choosing pem format.-------->Then click create key pair.
Next step we need to install EC2 click the link below to follow the steps.
Next step we need to install EC2 click the link below to follow the steps.