# AWS CLI, Session Manager & Database Access Guide ## 1. Setup - Download **AWS CLI** - Download **AWS Session Manager Plugin** - Generate **Key for KCCB** ____________________________________________________________ ### Production: (Run in systemctl) - cd /etc/systemd/system - vi IB.service ``` [Unit] Description= Internet Banking Frontened Application in Node After=network.target [Service] # Use absolute path for node or npm User=ib_new Group=ib_new WorkingDirectory=/home/ib_new/IB Environment=PATH=/home/ib_new/.local/bin:/home/ib_new/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/opt/node-v20.19.5-linux-x64/bin ExecStart=/opt/node-v20.19.5-linux-x64/bin/npm start Restart=on-failure RestartSec=5 Environment=NODE_ENV=production Environment=PORT=3000 SuccessExitStatus=143 [Install] WantedBy=multi-user.target ``` - sudo systemctl status IB - sudo systemctl start IB - sudo journalctl -u IB - sudo systemctl stop IB - sudo systemctl restart IB --- ## Machine ```bash UAT (IB- frontend Test) : i-0b55435e15425f1c3 Linux : i-0c850dcf8b85b1447 (Test) # Prod : i-088e64c3435cb5078 (For IB & MB) --old Prod : i-070a81f88a984f7c6 (For IB and MB) Mobile banking Prod DB: i-086d4cb13afc2cd83 //IB user: ib_new psw: ib_new ``` ## 2. list of Port : - 8686 (fetch the customer details) - 5432 (postgres) - 8080 (IB- backend port) - 8688 (fetch the account statement) - 8687 (for customer name fetch in CBS -- when add beneficiary) - 8689 (payment port) - 6379( redis port) ## 3. Port Forwarding ### API (localhost → EC2:8080) ```bash aws ssm start-session --target i-0c850dcf8b85b1447 --document-name --profile kccb AWS-StartPortForwardingSession --parameters "portNumber"=["8080"],"localPortNumber"=["8080"] ``` ### PostgreSQL (localhost:5431 → EC2:5432) ```bash aws ssm start-session --target i-0c850dcf8b85b1447 --document-name --profile kccb AWS-StartPortForwardingSession --parameters "portNumber"=["5432"],"localPortNumber"=["5431"] ``` ### CBS (localhost → EC2:8686) ```bash aws ssm start-session --target i-0c850dcf8b85b1447 --document-name --profile kccb AWS-StartPortForwardingSession --parameters "portNumber"=["8686"],"localPortNumber"=["8686"] ``` ## Database Access ```bash aws ssm start-session --target i-0c850dcf8b85b1447 --profile kccb ``` ## 4.PostgreSQL Commands ```bash # Connect as postgres psql -U postgres # List all databases \l # Connect to kmobile psql -U admin -d kmobile # Password: kmobile # Query data SELECT * FROM users; # Expanded display \x # See all tables \d # Table details \d users; # Switch database with specific user \c kmobile_banking kmobile_app_rw # Grant permissions grant select, insert, update, delete on table admin to kmobile_app_rw; ``` ## 5. Linux Machine Access ```bash # Run the .bat file first ssh username@localhost # Enter your password ``` ## 6.Copy File from Local → Linux ```bash scp -P 9022 Smsservice/smsserviceapplication.jar @localhost:/home/ # ssh nabanita@localhost -p 9022 ``` ## 7.About Backend - If user "is_first_login" = true means Users did not login in IB. - **ib_access_level** or **mb_access_level** - **0** → Disabled - **1** → Transaction - **2** → Read Only -**null** → not configured consider as disabled ## 8. NGINX setup: - sudo vi /etc/nginx/conf.d/ib.conf - sudo cat /etc/nginx/conf.d/ib.conf ``` server { listen 80; server_name _; return 301 https://$host$request_uri; # redirect all HTTP to HTTPS } server { listen 443 ssl; server_name _; ssl_certificate /etc/nginx/ssl/IB.crt; ssl_certificate_key /etc/nginx/ssl/IB.key; # Your chosen log files error_log /var/log/nginx/ib_error.log warn; access_log /var/log/nginx/ib_access.log; location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } ``` - sudo nginx -t - sudo systemctl reload nginx