create Role “ec2_ssm_cloudwatch”
Attach policies:
- AmazonSSMFullAccess
- CloudWatchAgentServerPolicy
Activity:
-
create ec2 instance attach IAM role
-
open tomcat port 8080 in security group
#!/bin/bash
# Script to install Java and Apache Tomcat 10 on Ubuntu/Debian
set -e
## create tomcat user and add tomact group
sudo useradd -m -d /opt/tomcat -U -s /bin/false tomcat
# Update system and install Java
sudo apt update
sudo apt install -y default-jdk || sudo apt-get install -y openjdk-17-jdk
# Verify Java installation
java -version
# Create tomcat user and group if not exists
if ! id -u tomcat >/dev/null 2>&1; then
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
fi
# Download and extract Tomcat
cd /tmp
wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.54/bin/apache-tomcat-10.1.54.tar.gz
sudo mkdir -p /opt/tomcat
sudo tar xzvf apache-tomcat-10.1.54.tar.gz -C /opt/tomcat --strip-components=1
# Set permissions
sudo chown -R tomcat:tomcat /opt/tomcat
sudo chmod -R u+x /opt/tomcat/bin
# Configure tomcat-users.xml
sudo tee /opt/tomcat/conf/tomcat-users.xml > /dev/null <<EOF
<tomcat-users>
<role rolename="manager-gui"/>
<user username="manager" password="manager_password" roles="manager-gui"/>
<role rolename="admin-gui"/>
<user username="admin" password="admin_password" roles="manager-gui,admin-gui"/>
</tomcat-users>
EOF
# Adjust manager context.xml
sudo tee /opt/tomcat/webapps/manager/META-INF/context.xml > /dev/null <<EOF
<Context antiResourceLocking="false" privileged="true">
<CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
sameSiteCookies="strict" />
<!-- RemoteAddrValve disabled for external access -->
<Manager sessionAttributeValueClassNameFilter="java.lang.(?:Boolean|Integer|Long|Number|String)|org.apache.catalina.filters.Csr"/>
</Context>
EOF
# Create systemd service file
sudo tee /etc/systemd/system/tomcat.service > /dev/null <<EOF
[Unit]
Description=Apache Tomcat 10
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target
EOF
# Reload systemd and start Tomcat
sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl enable tomcat
# Show status
sudo systemctl status tomcat --no-pager
