Security group

First we need to log in to AWS profile NORTH VERGINI Region

I also have cert wich will be using for  HTTPs on Load balancer, check pre request part to get the certificate from your domain.

Go to Ec2 Instance: 

First we need to create security group. 

Security Group and key pairs:               

Go to ec2 instances then click Security group

Create a security group for load balancer 

Give a name : vprofile-ELB-SG-------->Description: Security group for vprofile prod load balancer.--------->Vpc : choose a default one

Inbound rules:

Type: HTTP -------->check port :80------->source: Anywhere (because we are public host our website)

Add Second Inbound Rule

Type: HTTPS-------->Port: 443---->Source: Anywhere 

Create a security group for Tomcat

Name: vprofile-app-sg----------->Description: Security group for tomcat instances----->vpc: choose a default one

Inbound rules:

Type: custom TCP--------->Port:8080--------->Source: custom

Choose security of load balancer 

Description: Allow traffic from vprofile prod ELB ------>Save this.

Need to add one more security group for Backend server RabbitMQ, Memcached and MySQL.

Name: vprofile-backend-sg----------->Description: Security group for vprofile-backend server--------->vpc: choose a default one

Inbound rules:

Type: MYSQL/Aurora--------->Port:3306--------->Source: custom   Allow only from application security group or choose vprofile-app-sg----->Description: allow 3306 from application 

Two other source is working in this server:

Add two more rules.

Inbound Rules:

Type: custom Tcp--------->port:11211--------->Source: custom  Allow only from application security group or choose vprofile-app-sg------->Description: Allow tomcat to connect Memcached   

Inbound rules:

Type: custom tcp------->Port:5672-------->Source: custom  Allow only from application security group or  choose vprofile-app-sg--------------> Description: allow tomcat to connect RabbitMQ---------->Save security group 

Now we have Three security group

1.Load balancer

2.Backend server

3.Application server

we need make one more change in backend security group 3 services, it will also interact each other.

Go to backend security group 

inbound ----> edit

Inbound rules:

Type: All traffic--------->Port:All-------->Source: custom  Choose its own security id or choose vprofile-backend-sg------->Description: allow internet traffic to flow on all port.--------->save the changes 

Now time to create a key pairs 

Left side you can find key pair click that 

Create key pair--->Name: vprofile-prod-key------> Format: if your using putty choose ppk or if your using gitbash then choose pem, I am using gitbash so am choosing pem format.-------->Then click create key pair.

Next step we need to install EC2 click the link below to follow the steps.

EC2 Instance