In this recipe we are going to create a RabbitMQ cluster on Amazon AWS. We will create the cluster inside a VPC (http://aws.amazon.com/vpc/). A VPC is a private network on the cloud, protected from the outside network, so we don't need to configure any firewall.
The schema we are going to create contains one VPC with the following two subnets:
In order to create the schema, AWS provides a ready VPC template that you can use. Perform the following steps:
scp -i rabbitmqkey.pem rabbitmqkey.pem ec2-user@yourstaticip:/tmp
Store the key locally.
To create a RabbitMQ cluster on AWS, you can use two public EC2 instances, but we prefer to use a VPC to protect the instances. The VPC ensures the right security and contains some important features to easily create a cluster:
Well, on the last wizard (step 2) you will have two subnets, one EC2 NAT instance and one Elastic IP as shown in the following screenshot:
The wizard will automatically select the availability zone for the subnets. Visit http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html for more details.
After finishing the wizard, you will be able to connect to the EC2 NAT instance via SSH using the public IP we just created (step 4).
Now you can launch two RabbitMQ instances from your image (step 5), and choose the VPC private network in this wizard step:
After completing the step 6 you should have a situation as shown in the following screenshot:
In our case the internal machines have the following IPs:
You can access the two private EC2 instances only from the EC2 NAT instance machine, using:
[ec2-user@natmachine key]$ sudo ssh -i rabbitmqkey.pem [email protected] (or 10.0.1.174).
Inside the VPC, it's possible to use VPC's private DNS and create the cluster you have to execute by using the following code:
rabbitmqctl join_cluster rabbit@ip-10-0-1-132 Clustering node 'rabbit@ip-10-0-1-174' with 'rabbit@ip-10-0-1-132' ...
...done.
Ok, now your private cluster is ready, and you can use it only from the public subnet.
As you know the RabbitMQ cluster must have the same .erlang.cookie
file. If you use a master EC2 image, you don't need to change anything because the file is stored on the image. If you don't use the image, remember to copy the .erlang.cookie
file (as we saw in the Creating a simple cluster recipe in Chapter 6, Developing Scalable Applications).
In order to access the VPC from the outside, it's needed either to have a proxy on the gateway host, or to use a VPN so that you can use it as your private RabbitMQ cluster on the cloud. Alternatively, as we will see in the next recipe, it's possible to access the RabbitMQ cluster from the Internet through a public load balancer.
Read the VPC Whitepaper and Security Whitepaper PDF documents from http://aws.amazon.com/vpc/.