AWS Operating Environment
EC2
Begin by starting an EJBCA Enterprise Cloud and a SignServer Enterprise Cloud instance. In this example we will have the following 2 nodes:
- EJBCA Node using IP 172.16.2.21– US East 1 – 172.16.0.0/16 address space
- SignServer Node using IP 172.16.2.98 – US East 1 – 172.16.0.0/16 address space
For simplicity of this guide these nodes are in US-East-1 region.
VPC Configuration
If it is desired to have these two nodes communicate from different VPCs, it is assumed a VPC Peering Connection is setup and in place. For assistance with configuring a VPC Peering Connection, refer to Amazon’s VPC Peering Guide.
Optionally, all nodes can be setup within different VPCs. A Route Table will need to be created that allows these nodes to communicate over the Peering Connection. For more information on configuring Route Tables between VPCs, refer to Amazon’s VPC Peering Guide.
A security group is also needed in each VPC. That configuration is outlined in the section EJBCA/SignServer Peering Security Groups below since it pertains directly to the Galera communication. Consult the AWS documentation for further information.