25.2.13

Making your EC2 instances application friendly

App-oriented cloud servers like OpenShift, Heroku, and Google AppEngine come "out of the box" configured for immediate usability.  In constrast, EC2 instances provide you with a higher amount of flexibility at the cost of some initial, upfront configuration.




So, in order to define some of the common modifications you need to set up an EC2 server, lets walk through the set up of a jenkins build server on EC2.  Like any server, a build server will require a few non-trivial modifications:
  1. Security groups need to be correctly defined, so that ports are unblocked.
  2. Elastic ips need to be setup so that you can access your server at the same ip address.
  3. Enabling HTTP ports (i.e. 80, 8080, ...).
 1) Setting up Security Groups 
  
At first glance, it appears that the "Default" security groups in AWS are wide open to the outside world.  However, AWS machine default security settings are very restrictive and generally need to be loosened up for any kind of server: the default settings only allow machines in the *exact same* security group to see one another.   The below image compares opened security group with closed one.  The difference is in the definition of the "Source" attribute, which specifies a range.  0.0.0.0/0 essentially means "Any and everyone in the entire universe". 



2) Attaching Elastic IPs to your instances:

"Elastic IP" addresses in AWS are essentially static IP addresses which are bound at the cloud layer, rather than at the machine layer.  That is, you associate elastic-ip addresses directly with named machine instances, rather than machines themselves.  This allows you to dynamically reroute the traffic to an instance without modifying any files on the AMI instance itself.

The below window shows an elastic ip, which is bound directly to an instance id.  The nice thing about the elastic-ip is that it can be rebound directly from this same interface, with no need of mucking with the individual machine. 

Unlike other application oriented cloud-providers (i.e. heroku, openshift), AWS doesn't natively support easy-to-remember machine names, so you have to set up your own DNS CNAME records if you want a meaningful named host.



3) Enabling HTTP ports

Double check that you have HTTP access opened up (the below screenshot is taken from http://coenraets.org/) :


Next, by default, certain AMI instances may have IP tables turned ON (i.e. RHEL).  To turn off iptables:

/etc/init.d/iptables stop

Finally, you should be able to access your services at: http://ec2-[XXXX].amazonaws.com:[PORT]/ (i.e. http://ec2-22-333-44-555.compute-1.amazonaws.com:8080/).


at

1 comment:

  1. likithaOctober 5, 2018 at 11:13 PM

    Nice work, your blog is concept oriented ,kindly share more blogs like this
    AWS Online Course

    ReplyDelete