IB/instruction.md

# AWS CLI, Session Manager & Database Access Guide

## 1. Setup
- Download **AWS CLI**
- Download **AWS Session Manager Plugin**
- Generate **Key for KCCB**

____________________________________________________________
### Production: (Run in systemctl)
 - cd /etc/systemd/system
  <!-- IB is the service name -->
 - vi IB.service
  ```
[Unit]
Description= Internet Banking Frontened Application in Node
After=network.target
 
[Service]
# Use absolute path for node or npm
User=ib_new
Group=ib_new
WorkingDirectory=/home/ib_new/IB
Environment=PATH=/home/ib_new/.local/bin:/home/ib_new/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/opt/node-v20.19.5-linux-x64/bin
ExecStart=/opt/node-v20.19.5-linux-x64/bin/npm start
Restart=on-failure
RestartSec=5
Environment=NODE_ENV=production
Environment=PORT=3000
SuccessExitStatus=143
 
[Install]
WantedBy=multi-user.target

    <All value are changed as per domain>
  ```
 - sudo systemctl status IB
 - sudo systemctl start IB  
   - sudo journalctl -u IB 
 - sudo systemctl stop IB 
 - sudo systemctl restart IB
 
---

## Machine 
```bash

UAT (IB- frontend Test) : i-0b55435e15425f1c3
Linux : i-0c850dcf8b85b1447 (Test)
# Prod : i-088e64c3435cb5078 (For IB & MB) --old
Prod : i-070a81f88a984f7c6 (For IB and MB)
Mobile banking Prod DB: i-086d4cb13afc2cd83  //IB user: ib_new psw: ib_new
```

## 2. list of Port :
  - 8686 (fetch the customer details)
  - 5432 (postgres)
  - 8080 (IB- backend port)
  - 8688 (fetch the account statement)
  - 8687 (for customer name fetch in CBS -- when add beneficiary)
  - 8689 (payment port)
  - 6379( redis port)


## 3. Port Forwarding

### API (localhost → EC2:8080)
```bash
aws ssm start-session --target i-0c850dcf8b85b1447 --document-name --profile kccb AWS-StartPortForwardingSession --parameters "portNumber"=["8080"],"localPortNumber"=["8080"]
```
### PostgreSQL (localhost:5431 → EC2:5432)
```bash
aws ssm start-session --target i-0c850dcf8b85b1447 --document-name --profile kccb AWS-StartPortForwardingSession --parameters "portNumber"=["5432"],"localPortNumber"=["5431"]
```
### CBS (localhost → EC2:8686)

```bash
aws ssm start-session --target i-0c850dcf8b85b1447 --document-name --profile kccb AWS-StartPortForwardingSession --parameters "portNumber"=["8686"],"localPortNumber"=["8686"]
```

## Database Access

```bash
aws ssm start-session --target i-0c850dcf8b85b1447 --profile kccb
```
## 4.PostgreSQL Commands

```bash
# Connect as postgres
psql -U postgres

# List all databases
\l

# Connect to kmobile
psql -U admin -d kmobile

# Password: kmobile

# Query data
SELECT * FROM users;

# Expanded display
\x

# See all tables
\d

# Table details
\d users;

# Switch database with specific user
\c kmobile_banking kmobile_app_rw

# Grant permissions
grant select, insert, update, delete on table admin to kmobile_app_rw;
```
## 5. Linux Machine Access

```bash
# Run the .bat file first
ssh username@localhost
# Enter your password
```
## 6.Copy File from Local → Linux

```bash
scp -P 9022 Smsservice/smsserviceapplication.jar <username>@localhost:/home/<username>

# ssh nabanita@localhost -p 9022
```
## 7.About Backend

- If user "is_first_login" = true means Users did not login in IB.
- **ib_access_level** or **mb_access_level**
  - **0** → Disabled  
  - **1** → Transaction  
  - **2** → Read Only
  -**null** → not configured consider as disabled

## 8. NGINX setup:
 
- sudo vi /etc/nginx/conf.d/ib.conf
 
- sudo cat /etc/nginx/conf.d/ib.conf
 
```
    server {
        listen 80;
        server_name _;
        return 301 https://$host$request_uri;   # redirect all HTTP to HTTPS
    }
 
    server {
        listen 443 ssl;
        server_name _;
 
        ssl_certificate /etc/nginx/ssl/IB.crt;
        ssl_certificate_key /etc/nginx/ssl/IB.key;
 
        # Your chosen log files
        error_log /var/log/nginx/ib_error.log warn;
        access_log /var/log/nginx/ib_access.log;
 
        location / {
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }
    }
```
 
- sudo nginx -t
- sudo systemctl reload nginx