6.3. Create a Virtual Private Cloud (VPC)

  1. Go to the VPC tab in the AWS console.
  2. Subscribe to the service if needed.
  3. Click on "Create new VPC".
  4. Choose a VPC with one public and one private subnet.
    1. Set the public subnet to be 10.0.0.0/24.
    2. Set the private subnet to be 10.0.1.0/24.
  5. Go to Elastic IPs.
  6. Create an elastic IP for use by the EWS mod_cluster proxy/NAT instance.
  7. Go to Security groups and create a security group to allow all traffic in and out.
  8. Go to Network ACLs
    1. Create an ACL to allow all traffic in and out.
    2. Create an ACL to allow all traffic out and traffic in on only TCP ports 22, 8009, 8080, 8443 and 16163.

Note

VPC is recommended for a JBoss Enterprise Application Platform cluster setup as it greatly simplifies secure communication between cluster nodes, a JON Server and the mod_cluster proxy. Without a VPC all these communication channels need to be encrypted and authenticated. Please refer to JBoss Enterprise Application Platform for detailed instructions on configuring SSL.
Also note that we are using a database external to the VPC in this example. Your security policies may require connection to the database to be encrypted. Please refer to Amazon's RDS FAQ for details about encrypting the database connections.