B. Securing your Amazon Elastic Compute Cloud (EC2) environment
Follow these steps to secure your cloud environment.
- Click Create a New X.509 Certificate, as shown in Figure 8.
Figure 9. Create an X.509 certificate
- Click Download private key file.
- Click Download X.509 certificate.
- Click Save to disk, and specify a location such as $HOME/.ec2 in which to save these .pem files.
- Click OK, and click Close. The window showing successful X509 certificate creation appears, as shown in Figure 10.
Figure 10. X509 certificate created
- Verify that the .pem files are saved to the $HOME/.ec2 directory by opening a terminal by clicking Gnome Terminal Command Line Terminal and entering ls $HOME/.ec2/. If two .pem files are displayed, proceed to Configuring the firewall.
- If you saved the files to a different location, open a terminal and move the .pem files to ls $HOME/.ec2/. For example, if you saved the files on the desktop, enter the following command in the terminal window: mv $HOME/Desktop/*.pem $HOME/.ec2/
- Launch the Amazon Web Services Management Console.
- Select EC2, and click Sign in to the AWS Console, as shown in Figure 11.
Figure 11. Signing into the console
- Open the Amazon Management Console Web page, and select Security Groups, as shown in Figure 12.
Figure 12. Networking and security options
- Click Create Security Group.
- Enter db2 as the name of the security group, and provide a description, as shown in Figure 13.
Figure 13. Creating the security group
- Click Create.
- Select db2 security group, as shown in Figure 14.
Figure 14. Selecting the security group
- Open TCP port 50000,50001 (DB2) by filling in the values, as shown in Figure 15, and clicking Save.
Figure 15. Opening the TCP port
- Repeat Step 8 to open ports 60000-60003 (DB2 FCM), as shown in Figure 16.
Figure 16. Opening additional TCP port
- Repeat Step 8 to add port 22 for SSH and to add port 80 for HTTP, as shown in Figure 17.
Figure 17. Adding more ports