In this post we are going to create our own custom AWS VPC (Virtual Private Cloud) with below
architecture.
In this architecture there are two subnet
1. Public Subnet
2. Private Subnet
In both subnet we will create two EC2 instances, one for
public subnet and one for private subnet. In Both instances of EC2 we will
deploy Spring Boot applications. Finally we will hit rest api of public subnet
which internally will invoke rest api of Private subnet and return to the
browser.
Other component would be
-
Internet Gateway
-
Public route table
-
Main route table
-
Network Access control list
-
Security Group
-
S3
-
EC2
1. VPC
3.Create Private Subnet
Till now we have created two subnet
1. 10.1.3.0_PublicSubnet
2. 10.1.4.0_PrivateSubnet
Now we need to make 10.1.3.0_PublicSubnet subnet as actual
public .
Select the subnet which you want to make public and go to
action and select “Modify auto assign IP
settings”
Make sure you select “Auto-assign IPv4 ” check box.
Once you will finish it, you should be able to see
“Auto-assign public IPv4 address” as ‘Yes’ as highlighted below.
Once it is created it would be detached state, you need to
attach this gateway with VPC you have created.
Once you will click Attach button, it would be attached to
your VPC.
You should be able to see your custom route table in the
list, also highlighted one is default route table which got created when VPC is
created.
7 Associate Subnet
·
EC2 instance for Public Subnet
1. Login to AWS console and
select EC2 service
- Now create Launch Instance
button from the EC2 landing page
3. Then select the AMI and go to the next page
4. Now
select the instance type (Choose only the free tire eligible, else charges
will apply)
5. Give your VPC in
network, public subnet in ‘subnet’ and “S3 IAM role” in IAM role section. Rest
would be default one.
6. Tag
7. Security group
8. Key-Pair
- EC2 instance for Private subnet
2. Then select the AMI and go to the next page
3. Now select the instance type (Choose only the free tire eligible,
else charges will apply)
4. Give your VPC in network, private subnet in ‘subnet’ and “S3 IAM
role” in IAM role section. Rest would be default one.
You need to make sure to mention your public
subnet source
7. Key pair
Spring
Boot on Public Subnet
Make sure the IP address in rest template
should be the private subnet EC2 instance.
Spring boot
application on private subnet
You can download project from below GitHub repository
If you don’t have secure
shell app extension for your browser than download the extension.
11. Connect to private subnet EC2 from public subnet
EC2
13. Now we can proceed further to configure EC2
instances. First we will prepare public subnet EC2 instance. Let’s connect to
EC2 instance.
Once connected give it to sudo permission
# install updates
yum
update –y
# install apache
httpd
yum install httpd –y
yum install java-1.8.0 –y
# create the
working directory
mkdir /opt/spring-boot-ec2-demo
26.create configuration specifying the used profile
echo
"RUN_ARGS=--spring.profiles.active=ec2" >
/opt/spring-boot-ec2-demo/spring-boot-ec2-demo.conf
# download the
maven artifact from S3
aws s3 cp
s3://myfirsts3bucketsumit/myproject.jar /opt/spring-boot-ec2-demo/
37. Execute below commands
# create a
springboot user to run the app as a service
useradd springboot
chown
springboot:springboot /opt/spring-boot-ec2-demo/mypublicproject.jar
chmod 500 /opt/spring-boot-ec2-demo/ mypublicproject.jar
18.#
create a symbolic link
ln
-s /opt/spring-boot-ec2-demo/mypublicproject.jar
/etc/init.d/spring-boot-ec2-demo
19.
#forward port 80 to 8080
echo
"<VirtualHost *:80>
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>" >>
/etc/httpd/conf/httpd.conf
20. service httpd start
java -jar /opt/spring-boot-ec2-demo/mypublicproject.jar
Let’s verify it on browser
If you are able to see above output that means your
public subnet is up and running. Let’s prepare private subnet EC2 instance.
14. Connect to public subnet first.
15. Now connect to private subnet
Now we need to install apache, java8 and other
configuration, since there is no way to connect outside private subnet we will
be not able to do so. For this we need to create NAT GATEWAY.
16. Go to VPC and create Nat Gateway
Click on Create NAT Gateway button. NAT Gateway
should be available on public subnet so please your public subnet and create
new EIP button.
17. Once it is created click on ‘Edit route tables’
button. Select main root table for Private subnet and click ‘Edit routes’.
18. Select the NAT gateway instance from drop down.
Once its created you should be able to connect to internet.
19. Lets connect to
private subnet and install required software.
# install updates
yum
update –y
# install apache
httpd
yum install httpd –y
yum install java-1.8.0 –y
# create the
working directory
mkdir /opt/spring-boot-ec2-demo
# create
configuration specifying the used profile
echo
"RUN_ARGS=--spring.profiles.active=ec2" >
/opt/spring-boot-ec2-demo/spring-boot-ec2-demo.conf
# download the
maven artifact from S3
aws s3 cp s3://myfirsts3bucketsumit/myprivateproject.jar
/opt/spring-boot-ec2-demo/
# create a
springboot user to run the app as a service
useradd springboot
chown
springboot:springboot /opt/spring-boot-ec2-demo/myproject.jar
chmod 500 /opt/spring-boot-ec2-demo/myprivateproject.jar
#
create a symbolic link
ln
-s /opt/spring-boot-ec2-demo/myproject.jar /etc/init.d/spring-boot-ec2-demo
#forward
port 80 to 8080
echo
"<VirtualHost *:80>
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>" >>
/etc/httpd/conf/httpd.conf
service
httpd start
java -jar /opt/spring-boot-ec2-demo/myprivateproject.jar
20. Verify it on browser
