Security Groups
Galera replication uses the following port for communication:
- 443 - For TLS connections between the CA and the RA/VA.
To create a security group that allows for TLS traffic within the VPCs, follow the steps below.
In this example, the VPC internal address space is 172.16.0.0/16 in US-East-1 and the address space in US-East-2 is 172.31.0.0/16.
- Create a Security Group called "TLS 443 Traffic to US-East" with the following rules:
This will allow any connections outbound to any address and any inbound connection on port 443 from any address on the 172.16.0.0/16 and 172.31.0.0/16 subnets. The same rule in the other VPC will also need the same rule configured. These rules may be tightened as required for the organization.
- To apply these Security Groups to the EJBCA Enterprise Cloud Nodes in each of the VPCs, right-click the node, select Networking and then Change Security Groups.
- Apply the security group to the instance so that it can communicate with the other nodes in the cluster: