Creating the Public Security Group - Fluid Topics - 3.6 - Technical Notes

Prepare AWS for an Installation of Fluid Topics on Multiple Servers

Product
Fluid Topics
FT_Version
3.6
Category
Technical Notes
audience
public
  1. Check "Create a new security group".Checking "Create a new security group"
  2. Enter a name for the security group.
    We recommend using "Fluid Topics public group".
  3. Enter a description for the security group.
    We recommend using "public security group".
    1. Configure SSH as follows:

      Configuring SSH
      • Type: SSH
      • Protocol: TCP
      • Port Range: 22
      • Source: enter one of the following. The source is the responsibility of the customer.
        • My IP: only the creator of the instance (whose IP will be displayed) can access the security group.
        • Custom IP: all IPs entered in this field can access the instance (one IP per line).
        • Anywhere: the security group can be accessed from anywhere.

        We recommend entering AT LEAST "My IP".

    2. Click Add Rule.
    3. Select "HTTP".
    4. Configure "HTTP" as follows:
      HTTP configuration
      • Type: HTTP

        "HTTP" is required to access the service from external source (web page).

      • Protocol: TCP
      • Port Range: 80
      • Source: Anywhere
    5. Click Add Rule.
    6. Select All traffic.
    7. Configure All traffic as follows:
      Configuring "All traffic"
      • Type: All traffic

        All traffic allows communication between all instances within this security group.

      • Protocol: All
      • Port Range: 0-65535

        We recommend using all port range, but this parameter can be configured for security reasons.

      • Source: Custom IP

        We recommend at first to enter the IP of the subnet. In our example: 10.0.0.0/27

        This should be edited when creating a new subnet in the future.

        It is also possible to enter the IP of the VPC. In our example: 10.0.0.0/24

    8. Click Review and Launch.
    Note: The addition of a "HTTPS" rule is the responsibility of the customer. It should fulfill the same requirements that the "HTTP" rule, but with 443 as a port. To add a "HTTPS" rule, a certificate is required from the customer side. In this case, the Load Balancer has to be configured consequently.