Wednesday 15 April 2015

AWS - Setting up a VPC with public and private subnets (II)


We have made some more changes in our installation since our previous article.

First, best option to avoid paying Elastic IPs fees when the instances are stopped ( and they will stay stopped a lot of hours, only a total of 750h a month of computing time shared among all instances )  and assigning a DNS name to the machine is creating a DDNS account in noip.com and setting up a client. AWS provides this howto ( with a couple of missing points )

# Install noip client
[ec2-user@ip-10-0-0-130 ~]$ sudo yum install epel-release
[ec2-user@ip-10-0-0-130 ~]$ sudo yum-config-manager --enable epel
[ec2-user@ip-10-0-0-130 ~]$ sudo yum install -y noip

# Configure it
[ec2-user@ip-10-0-0-130 ~]$ sudo noip2 -C

# Setup noip as an startup service
[ec2-user@ip-10-0-0-130 ~]$ sudo chkconfig noip on
[ec2-user@ip-10-0-0-130 ~]$ sudo service noip start


As we are going to use an Elastic Load Balancer to balance traffic among our webservers we have configured an additional Security Group, and slightly modified existing configuration (all internal trafic allowed for now):

NAT Instance  -  INBOUND:   ALLOW SSH  (22) TRAFFIC FROM  0.0.0.0/0
                 INBOUND:   ALLOW ANY       TRAFFIC FROM  10.0.0.0/16  ( our VPC ) 
                 OUTBOUND:  ALLOW ANY       TRAFFIC TO    0.0.0.0/0  

Load Balancer -  INBOUND:   ALLOW HTTP (80) TRAFFIC FROM  0.0.0.0/0
                 OUTBOUND:  ALLOW ANY       TRAFFIC TO    0.0.0.0/0  

Default SG    -  INBOUND:   ALLOW ANY       TRAFFIC FROM  10.0.0.0/16
                 OUTBOUND:  ALLOW ANY       TRAFFIC TO    10.0.0.0/16  


Next article will delay a while until we sort out with Amazon Customer Services the absurd quota of only 2 simultaneous instances they have applied to our account.

No comments: