...
VPC ID: vpc-f67abf93 (172.16.0.0/16)
2.) After the VPC is created, create a new Internet Gateway and attach it to the new VPC:
...
10.) Launch instances into the VPC to setup the proper environment (e.g. Dev, QA, Prod, etc.). This can be done maually, or through a CloudFormation template. Ensure that only the ELB and Bastion server reside in the Public Subnet. All other instances should reside in a private subnet. Instances should be launched in the 'CommIT VPC'. Details about each enviornment requirements are below:
General
AWS Resource | Tag: Name | Security Group | Subnet | Zone | Notes |
|---|---|---|---|---|---|
t2.micro | CommIT-VPC-Bastion-Server | commit-vpc-bastion-server | 172.16.0.0/24 | us-west-2a | This server is accessible via SSH key from anywhere and can connect to the private instances. Once launched and Elastic IP should be assigned to it for use by the server. |
...
AWS Resource | Tag: Name | Security Group | Subnet | Zone | Notes |
|---|---|---|---|---|---|
m3.medium | | CommIT-VPC-Dev-IDP-1 | commit-vpc-dev-idp-servers | 172.16.100.0/24 | us-west-2a | ami-d13845e1 |
m3.medium | CommIT-VPC-Dev-IDP-2 | commit-vpc-dev-idp-servers | 172.16.100.0/24 | us-west-2a | ami-d13845e1 |
m3.medium | CommIT-VPC-Dev-CPR-1 | commit-vpc-dev-cpr-servers | 172.16.100.0/24 | us-west-2a | ami-d13845e1 |
m3.medium | CommIT-VPC-Dev-CPR-2 | commit-vpc-dev-cpr-servers | 172.16.100.0/24 | us-west-2a | ami-d13845e1 |
ELB | CommIT-VPC-Dev-IDP-ELB | commit-vpc-dev-idp-public-elb | 172.16.0.0/24 | us-west-2a | Listener for 80 and 443; Health thresholds are 2 each; Disable connection draining; Enable Cross-Zone Load balancing; Add Dev IDP instances |
ELB | CommIT-VPC-Prod-IDP-ELB | commit-vpc-dev-cpr-public-elb | 172.16.0.0/24 | us-west-2a | Listener for 80 and 443; Health thresholds are 2 each; Disable connection draining; Enable Cross-Zone Load balancin; Add Dev CPR instances |
m3.medium | CommIT-VPC-Dev-LDAP-1 | commit-vpc-dev-ldap-servers | 172.16.100.0/24 | us-west-2a | ami-d13845e1 |
m3.medium | CommIT-VPC-Dev-LDAP-2 | commit-vpc-dev-ldap-servers | 172.16.100.0/24 | us-west-2a | ami-d13845e1 |
m3.medium | CommIT-VPC-Dev-Salt-Master | commit-vpc-dev-salt-master | 172.16.100.0/24 | us-west-2a | ami-d13845e1 |
m3.medium | CommIT-VPC-Dev-Rsyslog | commit-vpc-dev-log-server | 172.16.100.0/24 | us-west-2a | ami-d13845e1 |
Production (to be filled in when launched)
...
13.) Once you add the key, you should now SSH to the bastion server as the 'ec2-user' (no need to use a specific key file as you took care of that in the previous step).
14.) Once you are logged into the bastion server, you can SSH to the private instances as 'ec2-user' using their Private IP address. Later on, after the Salt Master has deployed accounts users can use their regular account name and key as they will then exist on the servers.