0

I have written a client-server application in Java and I want to run it on Amazon EC2 Ubuntu instacnes. The client runs on an EC2 instance and the server on one and the third EC2 instance is for hosting postgreSQL database. I have some questions regarding the network connection and hope that somebody could help. :)

  1. I know that I have to use the public DNS to connect from the client to the server. Can I just use socket = new Socket(host, port); with the host the public DNS as a string or do I have to use something like InetAddress address = InetAddress.getByName(host);?

  2. Which ports are I am allowed to use? Socket will listen on this port.

  3. Do I have to configure something else for the EC2 instance to get a connection?

  4. On one EC2 instance I will install postgreSQL. I think that I just can install it like with normal Ubuntu. Can I then just connect to the database using the public DNS from the EC2 instance and the port I set in the postgreSQL or do I have to maker other settings?

machinery
  • 103
  • 4

1 Answers1

0

In general it'd best to avoid this sort of multi-question. It's hard to provide a definitive answer to four questions in one, especially with not fully overlapping areas of expertise. Still, best effort:

  1. Establishment of TCP socket connections is the same within EC2 as outside it. Everything you do in normal TCP/IP networking you do the same within ETC.

    The only difference is outside your code, and that's the fact that within an EC2 region the hostnames for other nodes in that region resolve as internal IPs, while outside that region they resolve as public IPs.

    That's usually just what you want to have happen automatically, and you generally don't have to change anything.

  2. You can use any port you like so long as you allow it in your security groups. EC2 is no different to anything else here. The usual rules apply, e.g. on most unix/linux systems ports 1024 and below are reserved for root.

  3. EC2-classic instances can always connect to the Internet for outbound connections.

    To connect to each other, and to receive inbound connections from the wider Internet, you must add security group settings that allow other security groups and/or IP addresses to connect. See the EC2 documentation on security groups.

    For VPC instances you configure VPC security groups, and you also have subnet routing rules. For details, see the documentation on VPC. Increasingly EC2-classic is being deprecated in favour of VPC, so it might be worth starting with a single-subnet VPC with default public IP addresses instead of starting with EC2 classic.

  4. Use the hostname (yes, "public DNS"), not the IP address, to connect to the instance running PostgreSQL. It'll resolve to the internal IP address when connecting from another EC2 instance in the same region, which is what you want to happen so your traffic isn't metered as Internet traffic.

    You'll have to configure the security group for the instance to allow incoming connections on the port. If the host OS has a firewall you'll need to allow connections through it, too. Finally, you'll need to set PostgreSQL's listen_addresses so it actually accepts connections from non-local addresses.

I strongly advise you to study some EC2 tutorial and documentation material before attempting this. Play with some micro instances and get used to working with security groups, the split public/private DNS arrangement, etc.

Craig Ringer
  • 11,083
  • 9
  • 40
  • 61
  • Thank you very much. It's now much clearer to me. Let's say my application receives incoming messages on port 4444 and writes outgoing messages to port 5555 (using java sockets). In this case I just have to allow this two ports in the security groups? Let's say I have set the port 9999 in postgreSQL. Is this only the incoming port or also the outgoing port, i.e. which ports do I have to set in the security group when using postgreSQL? Last but not least, how and to what value can I set the postgreSQL listen_addresses? – machinery Oct 11 '14 at 16:08
  • @user1684118 er... If you're using tcp you don't generally "write outgoing messages" on a different port; or rather the client port is auto selected and random. It's a bidirectional connection oriented protocol. Time to read some introductory networking material on IP and TCP networking. Also "connection tracking firewall". – Craig Ringer Oct 11 '14 at 20:26
  • Thanks, I will read some material but first I have two last questions. How can I check from another machine if the postgreSQL database running on a EC2 machine is reachable (i.e. connection with JDBC will work)? And how can I check if another EC2 machine (not running a database) is reachable through a specific port (so that java socket connections will work)? Last but not least, I will use Ubuntu on the EC2 machines. Do I have to set there something in the firewall to get it working? – machinery Oct 11 '14 at 21:13
  • 1. Connect to it. Did it work? Then it's reachable. 2. Connect to it. If it accepts the connection, then it's reachable. 3. The Ubuntu documentation covers its firewall; take a look at that. – Craig Ringer Oct 11 '14 at 23:14