What's the best way to use the Tomcat AMIs?

We recommend deploying these AMIs in a CloudFormation stack, using a user-data script to push your .war files out to the /opt/tomcat/webapps folder automatically as the system is built.

If you are running multiple Tomcat servers to achieve optimum high availability, we recommend configuring an Elastic Load Balancer in front of the Tomcat instances. The frontend of the ELB will be configured to listen on port 443 with your actual SSL certificate, and the backend can either run over https/8443 (if your application requires full encryption between all layers), or http/8080 if your ISSO trusts the ELB->EC2 network.

If you are running only a single Tomcat instance, we still recommend running behind an ELB for enhanced security. But you can also run the product standalone - No reconfiguration of Tomcat is needed. Just run the following commands to enable incoming traffic on the standard HTTP and HTTPS ports:

sudo firewalld --add-service=https
sudo firewalld --add-service=https --permanent
sudo firewalld --add-forward-port=port=443:proto=tcp:toport=8443
sudo firewalld --add-forward-port=port=443:proto=tcp:toport=8443 --permanent

sudo firewalld --add-service=http
sudo firewalld --add-service=http --permanent sudo firewalld --add-forward-port=port=80:proto=tcp:toport=8080 sudo firewalld --add-forward-port=port=80:proto=tcp:toport=8080 --permanent

You'll also need to deploy your own SSL certificate into the /opt/apache/conf/localhost-rsa.jks file, and add the desired ports to your AWS Security Groups.

We also have a prebuilt RDS + Tomcat + ELB CloudFormation template available if you want to set up a highly available Tomcat application with almost zero effort. Let us know if you want a copy!

Did this solve your problem?