Showing posts with label Amazon VPC. Show all posts
Showing posts with label Amazon VPC. Show all posts

Friday, August 2, 2013

Configure VPC with scenario 1 "VPC with a Public Subnet Only"

Set up the VPC, subnet, and Internet gateway:
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. Click VPC Dashboard in the navigation pane.
  3. Locate the Your Virtual Private Cloud area of the dashboard and clicks get started creating a VPC, if you have no VPC resources, or click Start VPC Wizard.
  4. Select the first option, VPC with a Single Public Subnet Only, and then click Continue.
  5. The confirmation page shows the CIDR ranges and settings that you've chosen. Make any changes that you need, and then click Create VPC to create your VPC, subnet, Internet gateway, and route table.

Create WebServerSG and Adding Rules to the Security Group
The WebServerSG security group is the security group that you'll specify when you launch your web servers into your public subnet. The following table describes the recommended rules for this security group, which allow the web servers to receive Internet traffic, as well as SSH and RDP traffic from your network. The web servers can also initiate traffic to the Internet and read and write requests to the database servers in the private subnet.
Inbound
Source Protocol Port Range Comments
0.0.0.0/0 TCP 80 Allow inbound HTTP access to the web servers from anywhere
0.0.0.0/0 TCP 443 Allow inbound HTTPS access to the web servers from anywhere
18.71.152.166/32 TCP 3389 Allow inbound RDP access to Windows instances from your network (over the Internet gateway)
Outbound
Destination Protocol Port Range Comments
0.0.0.0/0 TCP 80 Allow web servers to initiate outbound HTTP access to the Internet (for example, for software updates)
0.0.0.0/0 TCP 443 Allow web servers to initiate outbound HTTPS access to the Internet (for example, for software updates)
The ID of your DBServerSG security group TCP 1433 Allow outbound Microsoft SQL Server access to the database servers assigned to DBServerSG
Create the WebServerSG security group and add rules:
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
  2. Security Groups in the navigation pane.
  3. Click the Create Security Group button.
  4. Specify WebServerSG as the name of the security group, and provide a description. Select the ID of your VPC from the VPC menu, and then click Yes, Create
  5. Select the WebServerSG security group that you just created. The details pane include a tab for information about the security group, plus tabs for working with its inbound rules and outbound rules.
  6. On the Inbound tab, do the following:
    • Select HTTP from the Create a new rule list, make sure that Source is 0.0.0.0/0, and then click Add Rule.
    • Select HTTPS from the Create a new rule list, make sure that Source is 0.0.0.0/0, and then click Add Rule.
    • Select RDP from the Create a new rule list, make sure that Source is “Office IP Address” , and then click Add Rule
    • Click Apply Rule Changes to apply these inbound rules.
  7. On the Outbound tab, do the following:
    • Locate the default rule that enables all outbound traffic, and then click Delete.
    • Select HTTP from the Create a new rule list, make sure that Destination is 0.0.0.0/0, and then click Add Rule.
    • Select HTTPS from the Create a new rule list, make sure that Destination is 0.0.0.0/0, and then click Add Rule.
    • Select My SQL from the Create a new rule list, make sure that Destination is “ID of DBServerSG”, and then click Add Rule.
    • Click Apply Rule Changes to apply these outbound rules.


Create DBServerSG and Adding Rules to the Security Group
The DBServerSG security group is the security group that you'll specify when you launch your database servers into your private subnet. The following table describes the recommended rules for this security group, which allow read or write database requests from the web servers. The database servers can also initiate traffic bound for the Internet (your route table sends that traffic to the NAT instance, which then forwards it to the Internet over the Internet gateway).
DBServerSG:Rules
Inbound
Source Protocol Port Range Comments
The ID of your WebServerSG security group TCP 1433 Allow web servers assigned to WebServerSG Microsoft SQL Server access to database servers assigned to DBServerSG
18.71.152.166/32 TCP 3389 Allow inbound RDP access to Windows instances from your network (over the Internet gateway)
Outbound
Destination Protocol Port Range Comments
0.0.0.0/0 TCP 80 Allow outbound HTTP access to the Internet (for example, for software updates)
0.0.0.0/0 TCP 443 Allow outbound HTTPS access to the Internet (for example, for software updates)


To add the recommended rules to the DBServerSG security group
  1. Select the DBServerSG security group that you created. The details pane displays the details for the security group, plus tabs for working with its inbound and outbound rules.
  2. Add rules for inbound traffic using the Inbound tab as follows:
    1. Select MYSQL from the Create a new rule list. In the Source box, specify the ID of your WebServerSG security group, and then click Add Rule.
    2. Select RDP from the Create a new rule list. In the Source box, specify IP Address of office security group, and then click Add Rule.
    3. Click Apply Rule Changes.
  3. Add rules for outbound traffic using the Outbound tab as follows:
    1. Select HTTP from the Create a new rule list. Make sure that Destination is 0.0.0.0/0, and then click Add Rule.
    2. Select HTTPS from the Create a new rule list. Make sure that Destination is 0.0.0.0/0, and then click Add Rule.
    3. Click Apply Rule Changes.

To launch First Web instance
  1. Start the Classic wizard:
    1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
    2. Click the Launch Instance button from the dashboard.
    3. On the Create a New Instance page, select Classic Wizard, and then click Continue.
  2. On the CHOOSE AN AMI page, the Quick Start tab displays a list of basic configurations called Amazon Machine Images (AMI). Choose the AMI that you want to use and click its Select button.
  3. On the INSTANCE DETAILS page, under Launch Instances, select the subnet to launch the instance into. Keep the other default settings on this page and click Continue.
  4. To use the default settings on the next INSTANCE DETAILS pages, just click Continue on each page.
  5. Select EBS Volume
  6. On the CREATE A KEY PAIR page, you can choose from any existing key pairs that you've created, or follow the wizard directions to create a new key pair.
  7. On the Configure Firewall page, select the security group you want to use for the instance (WebServerSG), and then click Continue.
  8. Review your settings. When you're satisfied with your selections, click Launch.
    Before you can access an instance in your public subnet, you must assign it an Elastic IP address.
To allocate Elastic IP address and assign it to an instance
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. Click Elastic IPs in the navigation pane.
  3. Click the Allocate New Address button.
  4. In the Allocate New Address dialog box, in the EIP used in list, select VPC, and then click Yes, Allocate.
  5. Select the Elastic IP address from the list, and then click the Associate Address button.
  6. In the Associate Address dialog box, select the network interface or instance. Select the address to associate the Elastic IP address with from the corresponding Private IP Address list, and then click Yes, Associate.
To create password for this instance
  1. Go to instance in EC2 and Right Click on instance.
  2. Click on “Get Windows Password” , select your Private key pair file and generate password by clicking on “Decrepit Password”
To create password for this instance To launch First Web instance
We have to launch a seperate Instance for Database with the security group "DBServerSG" (specified above) on the same public subnet mask.
Now you can connect to database server from Web server by using Private IP of Database Instance.