views:

40

answers:

1

Hi,

How do I create a cluster of computers in Amazon EC2? What are the best practices for security? Can I access other machines in the local network?

Thanks!

A: 

The way AWS likes to do this is by utilizing security groups as firewall.

Generally each instance has a security group - the minimum is one called default. This security group allows you to white-list where others can connect to.

The others include:

  • single ip addresses
  • ip networks
  • other security groups
  • everyone

Example

  • database server:
    • db.example.org
    • security groups:
      • default
      • database
  • two application servers:
    • app1.example.org
    • app2.example.org
    • security groups:
      • default
      • appserver

I assume these instances run and have the security groups associated with them. If not -- it's pretty trivial using the AWS console. Let me know if you need pointers.

In my examples, I use the AWS EC2 CLI tools.

First, open port 80 (web) on the appservers for everyone:

ec2-authorize appserver -p 80

This is the CLI command ec2-authorize, but you can do it on the AWS Console as well. The above command allows everyone to connect to port 80 on your instances when the have the appserver group -- e.g. using a browser to go to your website.

Then allow the application servers to connect to your database server:

ec2-authorize database -u YOURAWSUSERACCOUNTID -o appservers

This will allow each instance that gets the group appservers to connect to any open port on the database server. The YOURAWSUSERACCOUNTID can be found when you log into the console and go to "Account > Security Credentials > Account Identifiers" (at the bottom of the page).

Changes to the security groups sometimes take a while to become active. It's best when they are done before the instance is started.

HTH

Till