AWS Operating Environment

EC2

Begin by starting an EJBCA Enterprise Cloud and a SignServer Enterprise Cloud instance. In this example we will have the following 2 nodes:

  • EJBCA Node using IP 172.16.2.21– US East 1 – 172.16.0.0/16 address space
  • SignServer Node using IP 172.16.2.98 – US East 1 – 172.16.0.0/16 address space

For simplicity of this guide these nodes are in US-East-1 region. 

 

VPC Configuration

If it is desired to have these two nodes communicate from different VPCs, it is assumed a VPC Peering Connection is setup and in place. For assistance with configuring a VPC Peering Connection, refer to Amazon’s VPC Peering Guide.

Optionally, all nodes can be setup within different VPCs. A Route Table will need to be created that allows these nodes to communicate over the Peering Connection. For more information on configuring Route Tables between VPCs, refer to Amazon’s VPC Peering Guide.

A security group is also needed in each VPC. That configuration is outlined in the section EJBCA/SignServer Peering Security Groups below since it pertains directly to the Galera communication. Consult the AWS documentation for further information.