Skip to content

Latest commit

 

History

History
executable file
·
84 lines (47 loc) · 3.95 KB

README.md

File metadata and controls

executable file
·
84 lines (47 loc) · 3.95 KB
Raw

Part 2 - Configuring Traffic Rules

In this step, we'll attach a public IP address to the EC2 instance with our website on it, and then open it up to our IP address so that we can view the website from the public Internet.

Attaching a public IP address

In order to access our EC2 instance from the Internet, we need to add a public IP address to it so that Internet-connected machines know where to find it.

  1. Go to 'Elastic IPs' in the VPC sidebar, and click on 'Allocate new address'.

    Elastic IP page

  2. Make sure you have 'Amazon pool' selected, and click on 'Allocate'.

    Allocating Elastic IP

  3. Right-click on your new IP address, and click 'Associate address'.

    Associating IP address

  4. Associate the Elastic IP address with your EC2 instance.

    Add IP to instance

Testing public access to the instance

  1. SSH into your EC2 instance using the key pair from Part 1, and verify that you're able to connect to the database from it. You can get the SSH connection string by right-clicking on the instance in the EC2 dashboard and selecting Connect.

  2. Run the following command inside the EC2 instance:

    git clone https://github.com/lisushka/secure-ec2

  3. Run the following command to load data into the RDS instance:

    psql -U <database admin username> -h <RDS DNS name> -W

    The admin username was generated when you created the database in Part 1. The RDS DNS name can be found on the RDS instance page under 'DNS name'. The command line will prompt you for a password - this is the password that you gave when you created the database in Part 1. Then, you'll need to give it the name of the file we're importing.

  4. Run the following commands to set up and start the web application:

    yum install postgresql-devel
yum install ruby-devel
bundle install --path vendor/bundle
bundle exec ./app.rb

  5. Go to the public IP address that you allocated to your instance in the previous step. You'll notice that even though the network ACL is configured to allow traffic from your IP address, you still can't access the web application on the instance. That's because the security group doesn't have a rule to allow HTTPS traffic. In the next step, we'll add this rule so that we can access the EC2 instance from the Internet.

Opening up the security group attached to the EC2 instance

  1. Navigate back to the main console, and open the VPC management page.

  2. Open the 'Security groups' tab in the left sidebar, and click on the security group attached to the EC2 instance (public-sg in this example).

    AWS security groups

  3. Click on the 'Inbound Rules' tab, and then click on 'Edit rules'.

    Edit security group

  4. Add rules for HTTP and HTTPS as follows.

    Add HTTP/S rules

You should now be able to access your EC2 instance in the browser.

Accessing the web application in the browser

Go to the public IP address that you allocated to your instance during the Attaching a public IP address step. You should see an HTML page that looks like this:

Bland HTML search page

You can search the database by last name to verify that the EC2 instance is able to send and receive traffic to and from the RDS instance.

Note: Even if you configure network rules to open the RDS instance to the Internet, you will still not be able to access it as it is not publically accessible by default. If you want to access an RDS instance from the Internet, you need to set the 'Publically accessible' flag in Connectivity > Additional connectivity configuration to Yes. You can do this by modifying the RDS instance after creation, as well as during the creation process.

To continue on to more advanced AWS security features, go to Part 3.

Back to home