Menu
I want to set up my AWS to autoscale EC2 instances (Windows Server 2012). The catch is that they need to have their IP addresses added to a Security Group so they can communicate with another EC2.
Is there a way that AWS can handle this automatically through its autoscaling feature? (The closest I could find was to assign an IAM role to the new instances, but I don't I can add an IAM role to a Security Group, I can only add IP addresses.)
The way I am currently looking into is to use the AWS CLI (command line) as a startup script.
ec2-authorize mySecurityGroup -p 1433 -s xx.xx.xx.xx/32
But how do I get the public IP of the current instance? Is there a AWS CLI command to get this? I'd rather not depend on an external website like "curl echoip.com". I heard about ec2-metadata, but I don't think that works for Windows, and I'd prefer not to use another third party software.
433
Create a security group called web. For the sake of an example, lets say the id of that group is: sg-7aa91911
Create a security group called db. Add a new rule to the db security group for port 1433 with the source of sg-7aa91911
Create an Autoscaling launch configuration and set the SecurityGroups to sg-7aa91911 and any other configuration you need.
Create Autoscaling group with that launch configuration.
I wrote up a quick CloudFormation template to do this task. You should be able to just run it and it will create an Autoscaling group with the connected security groups. It'll also create a blank instance where you can store your db.
If you prefer not to use a CloudFormation template, just look at where the security groups are defined. It shows how the 2 security groups are to be connected
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "test tempalte",
"Parameters" : {
"KeyName" : {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type" : "String"
}
},
"Mappings" : {
"RegionMap" : {
"us-east-1" : { "AMI" : "ami-7f418316" },
"us-west-1" : { "AMI" : "ami-951945d0" },
"us-west-2" : { "AMI" : "ami-16fd7026" },
"eu-west-1" : { "AMI" : "ami-24506250" },
"sa-east-1" : { "AMI" : "ami-3e3be423" },
"ap-southeast-1" : { "AMI" : "ami-74dda626" },
"ap-northeast-1" : { "AMI" : "ami-dcfa4edd" }
}
},
"Resources" : {
"WebServerGroup" : {
"Type" : "AWS::AutoScaling::AutoScalingGroup",
"Properties" : {
"AvailabilityZones" : { "Fn::GetAZs" : "" },
"LaunchConfigurationName" : { "Ref" : "LaunchConfig" },
"MinSize" : "1",
"MaxSize" : "10",
"DesiredCapacity" : "1"
}
},
"LaunchConfig" : {
"Type" : "AWS::AutoScaling::LaunchConfiguration",
"Properties" : {
"InstanceType" : "m1.small",
"KeyName" : { "Ref" : "KeyName" },
"SecurityGroups" : [ {"Ref" : "websg"} ],
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}
}
},
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"KeyName" : { "Ref" : "KeyName" },
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
"UserData" : { "Fn::Base64" : "80" }
}
},
"websg" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH and access, 8080, and 80",
"SecurityGroupIngress" : [
{"IpProtocol" : "tcp", "FromPort" : "8080", "ToPort" : "8080", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"}
]
}
},
"dbsg" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Port opened only to security group",
"SecurityGroupIngress" : [
{"IpProtocol" : "tcp", "FromPort" : "1433", "ToPort" : "1433", "SourceSecurityGroupName" : {"Ref" : "websg"}
}
]
}
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
