Bootstrapper Script to start Tomcat 9 on EC2 and Expose it to WWW via AWS Elastic Load Balancer (Application)

bootstrapper.sh

#!/bin/bash -v
#
# Install Java
sudo yum upgrade
sudo yum install java-1.8.0-openjdk-headless.x86_64 -y
export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64/
#
#
# Download tomcat
sudo rm -r /opt/tomcat
sudo mkdir /opt/tomcat && sudo chmod 775 -R /opt/tomcat
cd /opt/tomcat
sudo yum install wget -y
sudo wget https://apache.mirrors.nublue.co.uk/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.zip
sudo yum install unzip -y
sudo unzip apache-tomcat-9.0.41.zip
sudo rm apache-tomcat-9.0.41.zip
#
#
# Start tomcat
#
cd /opt/tomcat/apache-tomcat-9.0.41/bin
sudo chmod 755 startup.sh
sudo chmod 755 shutdown.sh
sudo chmod 755 catalina.sh
sudo ./startup.sh &

HowToWorkWithSubnets

** THE PROJECT INVOLVES CONNECTING ELB (Application LB) with your Private Subnets and re-route traffic **


WHAT IS COVERED BY THIS EXERCISE
_____________________________________
1. AWS Networking (VPC, Subnet, Security Group, NACL)
2. AWS High Availability (Load Balancer)

WHAT IS OUR ASSUMPTION
_______________________
1. We have some fundamental knowledge of VPC,Subnet,Route Tables,Security Groups, NACLs, Internet Gateway, NAT Gateway, Load Balancer, and EC2 Instances.


1. Ensure that a VPC exists with Internet Gateway and Nat Gateway
2. Ensure that 2 public and private subnets exists.
   2.1 Ensure that a Route Table exists which Routes traffic locally and via Internet Gateway (for Public Subnet)
   2.1 Ensure that a Route Table exixts which Routes traffic locally and via NAT Gateway (for Private/Hybrid Subnet)
3. IMPORTANT - Ensure that Route Table from 2.1 is attached to all public subnets
4. IMPORTANT - Ensure that Route Table from 2.2 is attached to all private subnets
5. Create a Launch Template and use the bootstrapper.sh (look into the other Gist) to create a d2.xlarge instance from Amazon AMI
   5.1 IMPORTANT - make sure that Advanced Settings > Userdata is populated with the Gist bootstrapper.sh file
6. Attach a private subnet to the EC2 instance
7. Launch the EC2 instance
8. Create 2 Security Groups
   8.1 A Security Group that allows ALL INCOMING TCP traffic at PORTS 80-8080 FROM ANY SOURCE (TBD Later)
   8.2 A Security GRUOP that allows ALL INCOMING TCP traffic at PORTS 80-8080 FROM ANY SOURCE
   8.3 Now, add an OUTBOUND RULE for Security Group created in 8.2 to have destination as Security Group created in 8.1
   8.4 Reverse the process i.e. create an INBOUND rule for Security Group created in 8.2. Delete any existing rule.
9. Create an Application Load Balancer
   9.1 Ensure that a listener is working for port 80 - This is where you will HIT YOUR REQUEST
   9.2 Ensure that the TARGET GROUP is configured at port 8080 - this is where tomcat is bootstrapped off-the-shelf.
10. Once the ELB is created, copy the DNS name, paste on the browser - happy website!

WHAT HAS BEEN DONE
____________________
1. We connected a private EC2 instance to public internet-facing Load Balancer (Application Load Balancer) on AWS
2. We CANNOT access the EC2 machine from internet or SSH - Better for security
3. We bootstrapped the machine (sort of) using userdata script
4. We have used a Launch Template for AWS EC2 Instance to simplify things (Well... for future)