EC2 Features

Instance

Currently running session on a VPC.

Overall flow

ACM >>> (cname) >>> Route53 <<<(elastic IP)>>> ec2 >>> Load Balancer >>> VPC >>>Target Group > EC2 Instance

Security Group

Default launch-wizard security group has 443 port for HTTPS, 22 port for SSH, 80 port for HTTP access.

Determines which ports are open when accessing EC2.

Also determines which IP addresses can access the instance.

target Group

protocol definitions

defines target

setups monitoring

where you add target group to the instance

  • target group = different ports

Where you define pending targets

  • ports

load balancers (ELB)

scheme as internet or internal facing

maps to vpc (target group)

selectts subnet and security group

Define listeners and rules here.

  • listener can be both HTTP or HTTPS

Define VPC availability zones here.

Links ACM cert here.

  • Public ACM cert should be created proior to this step.
  • Public ACM cert can only be created on a domain name (from Route53) that you own.

In most organizations the SSL is terminated on the load balancer and internal traffic is plain HTTP

ELB should configure HTTP and HTTPs listeners, and the target .

You also need to make every subnet of the region be available.

  • available under Network mapping tab

elastic ip address

An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is allocated to your AWS account, and is yours until you release it. By using an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. Alternatively, you can specify the Elastic IP address in a DNS record for your domain, so that your domain points to your instance

create > associate with instance

If you release the elastic IP, make sure you also delete the DNS record pointing to it. If you don't, you will have a dangling DNS record that can be taken over by an unauthorized user.

connecting ec2 to route53

need to do this to allow certificate from ACM to be used with the load balancer.

  • copy the cname and value from the ACM certificate
  • create a new record in Route53 for the domain
  • paste them as-is in the record