Author: Ayush Maggo
In cloud computing, VPC acts as a secure and isolated virtual network environment. VPC provides a robust and scalable networking solution that empowers users to build and manage their cloud infrastructure with control and security. In this comprehensive blog, we will provide you with a step-by-step walkthrough of each stage. From creating a VPC with defined CIDR blocks and configuring subnets for network segmentation to launching EC2 instances with appropriate configurations and deploying Tomcat for hosting Java applications.
- An AWS account with appropriate access permissions.
- Basic understanding of AWS services, VPC concepts, EC2 instances.
What is a Virtual Private Network (VPC)?
VPC (Virtual Private Cloud) is a cloud computing concept that allows users to create isolated virtual networks within a cloud service provider’s infrastructure, providing secure and customizable network environments for deploying applications and resources. A VPC resides in a region.
There are two types of Virtual Private Clouds (VPC):
Default VPC: This VPC is created automatically when an AWS account is created and includes a network gateway by default.
Custom VPC: Users creating a custom VPC have control over the CIDR (Classless Inter-Domain Routing) and can create their own security groups, Network Access Control Lists, and routing tables. By default, this VPC does not have an internet gateway, but users can create one if needed.
What is a Subnet?
A subnet is a range of IP addresses in your VPC and must reside in a single Availability Zone. Once you add subnets, you can deploy AWS resources in your VPC.
There are two types of subnets:
Public subnet: A public subnet is a subnet whose traffic is routed to an internet gateway. Resources placed in public subnets have direct access to the internet, enabling them to send and receive data to and from the outside world.
Private subnet: Private subnets are designed to restrict internet access. Their traffic is not routed to an internet gateway, making them isolated from the public internet.
What is EC2?
EC2, short for Elastic Compute Cloud, is an elastic cloud computing service offering virtual servers, known as instances, to run applications. It simplifies instance provisioning, configuration, and management, providing flexibility, scalability, and seamless integration with various AWS services to build and manage cloud-based infrastructure. With EC2, efficient application deployment and monitoring become achievable in the cloud environment.
What is Tomcat?
Tomcat serves as a Java-based web server and servlet container, enabling the hosting and execution of Java web applications. It handles HTTP requests, manages Java servlets, and delivers web content to users.
Creating a VPC and Subnets
To establish a VPC containing a public subnet and a private subnet across two Availability Zones, adhere to the following procedure:
- Log in to the AWS Management Console, navigate to the VPC Dashboard, choose VPCs and click Create VPC.
Configuring a VPC
- Select VPC and more under Resources to initiate the creation process.
- Provide a name for your VPC in the Name tag auto-generation field.
- Specify the IPv4 CIDR block range for your application, or you can leave it as the default (10.0.0.0/16).
- For the Number of Availability Zones (AZs), choose 2. Alternatively, you can select 1 or 3, depending on your requirements.
- Choose 2 for the Number of public subnets.
- Choose 2 for the Number of private subnets.
- Use the default Customize subnets CIDR blocks. Alternatively, you can customize the subnet CIDR blocks by expanding the settings and entering specific CIDR blocks for the public and private subnets.
- For the NAT gateway, I have chosen None, but you have the option to select either ‘In 1 AZ’ or ‘1 per AZ’. Also there is a charge for each NAT gateway.
- Regarding VPC endpoints, if your instances need access to an S3 bucket, stick with the default S3 Gateway. Otherwise, if you choose “None,” it prevents instances in your private subnet from accessing Amazon S3. You can add a gateway VPC endpoint later. Since there is no cost for the default option, it’s advisable to keep it if you may use an S3 bucket in the future.
- Review the details and click Launch.
- The process may take a few minutes. Once the VPC is successfully launched you are able to see it.
Launching an EC2 instance
- Search for the EC2 service, and after clicking on EC2, proceed to click on Launch Instance.
- Provide a name to the instance.
- Select the Amazon Machine Image (AMI), it contains the operating system, application server, and applications. I am using the “ubuntu” AMI.
- Select an Instance type that suits your computing requirements. I opted for t2.micro.
- Enter the number of instances you want.
- Now, choose a key pair, or you can also create a new key pair.
- In the Network settings, choose the demo-vpc which we created earlier.
- Select the Subnet in which you want to create this EC2 instance.
- Enable Auto-assign public IP.
- For the Firewall (security groups), select Create security group.
- Review the instance details and click Launch to start the instance.
- The process may take a few minutes. Once the instance is successfully launched you are able to see it.
Connecting to the EC2 instance from the terminal
- Open the terminal on your local machine.
- Now switch to the directory where your key pair file is saved.
- Grant the permission to the key pair file.
chmod 600 first-key-pair.pem
- Now, we need to connect to our instance using the Public IP address using the command below.
ssh -i <key_pair_file_name> <AMI_name> @<Public IP>
Run the above command in the path where your key pair file is located.
ssh -i first-key-pair.pem email@example.com
- Now switch to the root user using the sudo su command.
- Execute the apt update command to update the packages.
Installing and Configuring Tomcat on the Instance
- For Tomcat, we need to install the Java Development Kit (JDK). Tomcat requires Java to run.
- Run the below command to install JDK.
apt install openjdk-11-jdk
- Now download Tomcat using the wget command.
Visit the Apache Tomcat website to get the latest version’s download link. (https://tomcat.apache.org/download-90.cgi)
- Extract the downloaded Tomcat archive using the below command.
tar -zvxf apache-tomcat-10.1.11.tar.gz
- Move the extracted Tomcat folder to the desired location using the below command.
mv apache-tomcat-<tomcat-version> /opt/tomcat
- Set the environment variables. For this, create a setenv.sh file under bin.
- Now add the below content to the setenv.sh file, and then save the file.
- Set the below permissions for the Tomcat folder
- Initiate the Tomcat server using the startup script.
Setting up Security Groups
- Open AWS EC2 > SELECT EC2 > select security group > inbound rules > edit inbound rules > add rule > CUSTOM TCP > PORT = 8080 > Source > IPv4 Anywhere > Click on Save rule.
Configuring NACL settings
- Now configure NACL, which is the first layer of defense at the subnet level. In NACL, we allow only the 8080 port range and deny all other traffic.
Accessing Tomcat Through a Web Browser
- By default, Tomcat runs on port 8080. So, access Tomcat in your web browser using the public IP address of the EC2 instance.
- If you are able to see the homepage of Tomcat below, then you have successfully installed Apache Tomcat on your server.
In this blog, we will explore the process of creating a VPC, configuring subnets, launching an EC2 instance, and deploying Tomcat in AWS. A VPC allows you to create a private and logically isolated network within the AWS cloud. This powerful combination empowers you to host web applications in a secure and scalable environment.