Izara Wiki - User contributions [en]

2026-03-19 Deploy and Setting EC2 instances

2026-05-01T06:17:08Z

Seagame: /* Upload AMI to aws account */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
[[File:AddSettingSequrityGroup.png|1000px]]

= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

'''Note:''' If use AMIs exist from another account neo4j browser/backend database will be use old password from that AMIs
* If want to change password with new EC2 instance after install neo4j package

<syntaxhighlight lang="text">
#bash:
sudo systemctl stop neo4j
rm -rf data/dbms/*
rm -rf data/databases/system
rm -rf data/transactions/system
bin/neo4j-admin dbms set-initial-password neo4jComAcc
sudo systemctl start neo4j
</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
*'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
[[File:Step1CreateSpecifyTagEvenBridge.png |1000px]]
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
[[File:CronExpression.png |1000px]]
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

*''' Step2 : Select target '''
[[File:EventBridgeTargetDetial.png|1000px]]
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

*'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

= Download and Upload AMIs on EC2 =
== Download AMI from aws account ==

* '''Create vmimport Role'''
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "vmie.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
</syntaxhighlight>

*'''Permissions in vmImportPolicy'''
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::object-schema",
"arn:aws:s3:::object-schema/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::object-schema/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
</syntaxhighlight>

*'''Create Role Permission'''
** can create from EC2 instance >>Action > security > Modify IAM role
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:ExportImage",
"ec2:DescribeImages",
"ec2:DescribeExportImageTasks"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketLocation"
],
"Resource": "*"
}
]
}
</syntaxhighlight>
'''Set AWS config'''
<syntaxhighlight lang="text">
AWS Access Key ID [****************SVVH]: xxxxxxxxx
AWS Secret Access Key [****************XESH]: yyyyyyyyy
Default region name [us-east-2]: us-east-2
Default output format [json]: json
</syntaxhighlight>

* Start export task
<syntaxhighlight lang="text">
aws ec2 export-image \
--region us-east-2 \
--image-id <ami-01547ffae334d2ca4> \
--disk-image-format VMDK \
--s3-export-location S3Bucket=object-schema,S3Prefix=exports/
</syntaxhighlight>

* How to check progress
<syntaxhighlight lang="text">
aws ec2 describe-export-image-tasks \
--export-image-task-ids <export-ami-69b4fce2df0ce647t> \
--region us-east-2
</syntaxhighlight>

* Download AMIs
<syntaxhighlight lang="text">
aws s3 cp s3://schema-accounting/exports/<export-ami-69b4fce2df0ce647t.vmdk> .
</syntaxhighlight>

== Upload AMI to aws account ==
** If ami download exist in s3 / aws account can run:
<syntaxhighlight lang="text">
cat > containers.json << 'EOF'
[{
"Description": "neo4j-ami-accounting",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "schema-accounting",
"S3Key": "exports/export-ami-69b4fce2df0ce647t.vmdk"
}
}]
EOF
</syntaxhighlight>
** If file export-ami-xxx in local terminal | that download from another account, then want to upload into s3 / other aws account run before:
<syntaxhighlight lang="text">
aws s3 cp ~/JangProgramer/export-ami-819afd57ae1eb750t.vmdk \
s3://schema-accounting/exports/
</syntaxhighlight>

<syntaxhighlight lang="text">
aws ec2 import-image \
--description "Neo4j AMI Import" \
--disk-containers file://containers.json \
--region us-east-2
</syntaxhighlight>

<syntaxhighlight lang="text">
* check status
aws ec2 describe-export-image-tasks // check status
aws ec2 describe-import-image-tasks //
</syntaxhighlight>
[[Category:Working documents| 2026-03-19]]

2026-03-19 Deploy and Setting EC2 instances

2026-05-01T05:51:30Z

Seagame: /* Upload AMI to aws account */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
[[File:AddSettingSequrityGroup.png|1000px]]

= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

'''Note:''' If use AMIs exist from another account neo4j browser/backend database will be use old password from that AMIs
* If want to change password with new EC2 instance after install neo4j package

<syntaxhighlight lang="text">
#bash:
sudo systemctl stop neo4j
rm -rf data/dbms/*
rm -rf data/databases/system
rm -rf data/transactions/system
bin/neo4j-admin dbms set-initial-password neo4jComAcc
sudo systemctl start neo4j
</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
*'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
[[File:Step1CreateSpecifyTagEvenBridge.png |1000px]]
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
[[File:CronExpression.png |1000px]]
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

*''' Step2 : Select target '''
[[File:EventBridgeTargetDetial.png|1000px]]
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

*'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

= Download and Upload AMIs on EC2 =
== Download AMI from aws account ==

* '''Create vmimport Role'''
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "vmie.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
</syntaxhighlight>

*'''Permissions in vmImportPolicy'''
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::object-schema",
"arn:aws:s3:::object-schema/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::object-schema/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
</syntaxhighlight>

*'''Create Role Permission'''
** can create from EC2 instance >>Action > security > Modify IAM role
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:ExportImage",
"ec2:DescribeImages",
"ec2:DescribeExportImageTasks"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketLocation"
],
"Resource": "*"
}
]
}
</syntaxhighlight>
'''Set AWS config'''
<syntaxhighlight lang="text">
AWS Access Key ID [****************SVVH]: xxxxxxxxx
AWS Secret Access Key [****************XESH]: yyyyyyyyy
Default region name [us-east-2]: us-east-2
Default output format [json]: json
</syntaxhighlight>

* Start export task
<syntaxhighlight lang="text">
aws ec2 export-image \
--region us-east-2 \
--image-id <ami-01547ffae334d2ca4> \
--disk-image-format VMDK \
--s3-export-location S3Bucket=object-schema,S3Prefix=exports/
</syntaxhighlight>

* How to check progress
<syntaxhighlight lang="text">
aws ec2 describe-export-image-tasks \
--export-image-task-ids <export-ami-69b4fce2df0ce647t> \
--region us-east-2
</syntaxhighlight>

* Download AMIs
<syntaxhighlight lang="text">
aws s3 cp s3://schema-accounting/exports/<export-ami-69b4fce2df0ce647t.vmdk> .
</syntaxhighlight>

== Upload AMI to aws account ==
** If ami download exist in s3 / aws account can run:
<syntaxhighlight lang="text">
cat > containers.json << 'EOF'
[{
"Description": "neo4j-ami-accounting",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "schema-accounting",
"S3Key": "exports/export-ami-69b4fce2df0ce647t.vmdk"
}
}]
EOF
</syntaxhighlight>
** If file export-ami-xxx in local terminal | that download from another account, then want to upload into s3 / other aws account run before:
<syntaxhighlight lang="text">
aws s3 cp ~/JangProgramer/export-ami-819afd57ae1eb750t.vmdk \
s3://schema-accounting/exports/
</syntaxhighlight>

<syntaxhighlight lang="text">
aws ec2 import-image \
--description "Neo4j AMI Import" \
--disk-containers file://containers.json \
--region us-east-2
</syntaxhighlight>

<syntaxhighlight lang="text">
aws ec2 describe-export-image-tasks // check status
aws ec2 describe-import-image-tasks //
</syntaxhighlight>
[[Category:Working documents| 2026-03-19]]

2026-03-19 Deploy and Setting EC2 instances

2026-05-01T05:50:52Z

Seagame: /* Upload AMI to aws account */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
[[File:AddSettingSequrityGroup.png|1000px]]

= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

'''Note:''' If use AMIs exist from another account neo4j browser/backend database will be use old password from that AMIs
* If want to change password with new EC2 instance after install neo4j package

<syntaxhighlight lang="text">
#bash:
sudo systemctl stop neo4j
rm -rf data/dbms/*
rm -rf data/databases/system
rm -rf data/transactions/system
bin/neo4j-admin dbms set-initial-password neo4jComAcc
sudo systemctl start neo4j
</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
*'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
[[File:Step1CreateSpecifyTagEvenBridge.png |1000px]]
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
[[File:CronExpression.png |1000px]]
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

*''' Step2 : Select target '''
[[File:EventBridgeTargetDetial.png|1000px]]
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

*'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

= Download and Upload AMIs on EC2 =
== Download AMI from aws account ==

* '''Create vmimport Role'''
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "vmie.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
</syntaxhighlight>

*'''Permissions in vmImportPolicy'''
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::object-schema",
"arn:aws:s3:::object-schema/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::object-schema/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
</syntaxhighlight>

*'''Create Role Permission'''
** can create from EC2 instance >>Action > security > Modify IAM role
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:ExportImage",
"ec2:DescribeImages",
"ec2:DescribeExportImageTasks"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketLocation"
],
"Resource": "*"
}
]
}
</syntaxhighlight>
'''Set AWS config'''
<syntaxhighlight lang="text">
AWS Access Key ID [****************SVVH]: xxxxxxxxx
AWS Secret Access Key [****************XESH]: yyyyyyyyy
Default region name [us-east-2]: us-east-2
Default output format [json]: json
</syntaxhighlight>

* Start export task
<syntaxhighlight lang="text">
aws ec2 export-image \
--region us-east-2 \
--image-id <ami-01547ffae334d2ca4> \
--disk-image-format VMDK \
--s3-export-location S3Bucket=object-schema,S3Prefix=exports/
</syntaxhighlight>

* How to check progress
<syntaxhighlight lang="text">
aws ec2 describe-export-image-tasks \
--export-image-task-ids <export-ami-69b4fce2df0ce647t> \
--region us-east-2
</syntaxhighlight>

* Download AMIs
<syntaxhighlight lang="text">
aws s3 cp s3://schema-accounting/exports/<export-ami-69b4fce2df0ce647t.vmdk> .
</syntaxhighlight>

== Upload AMI to aws account ==
** If ami download exist in s3 / aws account can run:
<syntaxhighlight lang="text">
cat > containers.json << 'EOF'
[{
"Description": "neo4j-ami-accounting",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "schema-accounting",
"S3Key": "exports/export-ami-69b4fce2df0ce647t.vmdk"
}
}]
EOF
</syntaxhighlight>
** If file export-ami-xxx in local terminal | that download from another account, then want to upload into s3 / other aws account run before:
<syntaxhighlight lang="text">
aws s3 cp ~/JangProgramer/export-ami-819afd57ae1eb750t.vmdk \
s3://schema-accounting/exports/
</syntaxhighlight>

<syntaxhighlight lang="text">
aws ec2 import-image \
--description "Neo4j AMI Import" \
--disk-containers file://containers.json \
--region us-east-2
</syntaxhighlight>
aws ec2 describe-export-image-tasks // check status
aws ec2 describe-import-image-tasks //
<syntaxhighlight lang="text">

</syntaxhighlight>
[[Category:Working documents| 2026-03-19]]

2026-03-19 Deploy and Setting EC2 instances

2026-05-01T05:37:46Z

Seagame: /* Download and Upload AMIs on EC2 */

2026-03-19 Deploy and Setting EC2 instances

2026-05-01T05:26:31Z

Seagame: /* Download and Upload AMIs on EC2 */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
[[File:AddSettingSequrityGroup.png|1000px]]

= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

'''Note:''' If use AMIs exist from another account neo4j browser/backend database will be use old password from that AMIs
* If want to change password with new EC2 instance after install neo4j package

<syntaxhighlight lang="text">
#bash:
sudo systemctl stop neo4j
rm -rf data/dbms/*
rm -rf data/databases/system
rm -rf data/transactions/system
bin/neo4j-admin dbms set-initial-password neo4jComAcc
sudo systemctl start neo4j
</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
*'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
[[File:Step1CreateSpecifyTagEvenBridge.png |1000px]]
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
[[File:CronExpression.png |1000px]]
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

*''' Step2 : Select target '''
[[File:EventBridgeTargetDetial.png|1000px]]
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

*'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

= Download and Upload AMIs on EC2 =
* '''Create vmimport Role'''
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "vmie.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
</syntaxhighlight>

*'''Permissions in vmImportPolicy'''
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::object-schema",
"arn:aws:s3:::object-schema/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::object-schema/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
</syntaxhighlight>

*'''Create Role Permission'''
** can create from EC2 instance >>Action > security > Modify IAM role
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:ExportImage",
"ec2:DescribeImages",
"ec2:DescribeExportImageTasks"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketLocation"
],
"Resource": "*"
}
]
}
</syntaxhighlight>

'''Set AWS config'''

[[Category:Working documents| 2026-03-19]]

2026-03-19 Deploy and Setting EC2 instances

2026-05-01T05:20:30Z

Seagame:

2026-03-19 Deploy and Setting EC2 instances

2026-03-26T08:29:37Z

Seagame: /* Install neo4j using .tar */

2025-04-08 - Frontend Styles

2026-03-22T03:15:45Z

Seagame: add example of styles usage

= styled-components concept=
==Concept==
*Every styleComponet tag can use the same fotmat and every html Tag can use the same styleComponet tag and send propperties to each styleComponet tag for use different cssStyle.
*store all css as object in themeStylesDefault.js.
*mixed cssStyle from defaultCss and objTypeCss.
*defaultCss is look like "tabulation_section_dataType_sort", It only first index of cssPrefix join by "_" with cssSuffix
*objTypeCss is look the same daefaultCss but insert serviceTag and objectType after fist index separate by "_",It look like "tabulation_serviceTag_objectType_section_dataType_sort"
*objTypeCss can cut objectType and left only serviceTag, So objTypeCss can have 2 style.It look like "tabulation_serviceTag_section_dataType_sort"
*objTypeCss will always ovewrite defaultCss (can read more in createComponent function process)

==StyleTag Name Format==

* use "Izara" + html tag + "Style"
* html tag = same tag with styled.tag
<syntaxhighlight lang="JavaScript">
const IzaraInputStyle = styled.input
</syntaxhighlight>

==StyleTag Syntax==
<syntaxhighlight lang="JavaScript">
export const IzaraTextSpanStyle = styled.span`
${(props) => createComponent(props)}
`;
</syntaxhighlight>

=function=

==createComponent==
===Parameter===
===themeStyle===
*type object(can be undefined)
*object from userStyles get from userDetail in store after login, It store styletag as key and css as value
eg.
<syntaxhighlight lang="JavaScript">

themeStyle = {
styles: {
"tableConfig_serviceTag_buyingNavbar_datatype": "width: auto; padding: 5px; padding-right: 10px; background: rgb(204, 214, 166); transition: 0.3s; z-index: 5; height: 35px;",
"tableConfig_buyingNavbar_datatype": "width: auto; flex-direction: row; padding: 5px; padding-right: 10px; background: rgb(199, 242, 164); transition: 0.3s; z-index: 5; height: 35px;",
"tableConfig_serviceTag_buyingNavbar_datatype": "width: auto; flex-direction: row; padding: 5px; padding-right: 10px; background: rgb(223, 232, 204); transition: 0.3s; z-index: 5; 35px;",
"tableOutput_serviceTag_objectType_buyingNavbar_datatype": "width: auto; flex-direction: row; padding: 5px; padding-right: 10px; transition: 0.3s; z-index: 5; height: 35px;",
"tableOutput_buyingNavbar_navbar_datatype": "width: auto; flex-direction: row; padding: 5px; padding-right: 10px; background: rgb(204, 214, 166); transition: 0.3s; z-index: 5; height: 35px;",
"tableOutput_datatype": "width: auto; flex-direction: row; padding: 5px; padding-right: 10px; background: rgb(199, 242, 164); transition: 0.3s; z-index: 5; height: 35px;"
}
};
</syntaxhighlight>

===styletags===
*type array(can be undefined)
*list of use styletag create from createStyleTags function
eg.
<syntaxhighlight lang="JavaScript">
["tableConfig_serviceTag_objectType_section_dataType_sort","tableConfig_serviceTag_section_dataType_sort","tableConfig_section_dataType_sort"]
</syntaxhighlight>

===overwritecssstyles===
*type string(can be undefined)
*Css value obtained from the objectConfig followed by the style tag as a key.
<syntaxhighlight lang="JavaScript">
`color: blue;
margin: 0px 3px;
background-color: transparent;
transition: 0.3s;
font-size: 17px;`
</syntaxhighlight>
===function process===
*Use styleTags to get CssStyle from themeStyle and themeStylesDefault
*When searching for styleTag in themeStylesDefault, the function starts searching for styleTag from the last index first, then searches the second index, and then the first index.
*The last index is defaultStyleTag , which does not specify an objType , but the remaining two indexes are objTypeStyeTag , which does specify an objType , with this process objTypeStyeTag will overwrite defaultStyleTag .
*ThemeStylesDefault is object from local create by dev,It store styletag as key and css as value like themeStyle object
*Create usingCss style by mixed cssStyle from styleTags with cssStyle from overwritecssstyles
===return result===
*type string
<syntaxhighlight lang="JavaScript">
`color: blue;
margin: 0px 3px;
background-color: transparent;
transition: 0.3s;
font-size: 17px;
display: flex;
align-items: center;
:hover{
opacity: 0.6;
color: #B3DBD8 ;
}
color: red;`

</syntaxhighlight>
* About CSS, if the same property exists, such as in the CSS example above, with two color properties, the CSS will cause the bottom line property to overwrite the top line property. In the example, red overwrites blue.

==createStyleTags==
===Parameter===
===cssPrefixs===
*type array(requried)
*List of string create by createCssPrefixs function store at least 1 item but not more than 3 item.
*Reade more and watch example in createCssPrefixs function.
===suffix===
*type string(requried)
*A string generated by the createCssSuffix function that indicates where this cssStyle will be applied on the page, such as rows, cells, or table.
*Conditions can be added after the "_" to further specify or describe the style, such as color, row range, or column range.
*Reade more and watch example in createCssSuffix function.
===return result===
*type array
<syntaxhighlight lang="JavaScript">
["tableOutput_serviceTag_objectType_section_dataType_sort","tableOutput_objectType_section_dataType_sort","tableOutput_section_dataType_sort"]
</syntaxhighlight>

==createCssPrefixs==
===Parameter===
===defaultPrefix===
*type string(requried)
*Specifies which objectConfig is using this cssStyle. eg. menuOutput, tableConfig, sitePageConfig, tableOutput.
===cssPrefixes===
*type array(can be undefined)
*List of ObjTypes must have 2 items, fist index is serviceTag second is objectType.It look like ["serviceTag", "objectType"]
===return result===
type array
<syntaxhighlight lang="JavaScript">
//if not have cssPrefixes
["tableConfig"]
//have cssPrefixes
["tableConfig", "serviceTag", "objectType"]
</syntaxhighlight>

==createCssSuffix==
===Parameter===
===defaultSuffix===
*type string(requried)
*Specifies where this cssStyle will be applied on the page, such as rows, cells, or tables.
===localSuffix===
*type string(can be undefined)
*Specify or further explain defaultSuffix. A string can be a single word or a combination of words, and each word must be separated by "_". eg. "background_blue", "rowSpan_2"
===return result===
*type string
<syntaxhighlight lang="JavaScript">
//if not have localSuffix
"row"
//have localSuffix
"row_rowSpan_2"
</syntaxhighlight>

= Using Styles =

Describes how style tags are generated and merged when using <code>IzaraDivStyle</code> together with helper functions and theme style objects.

== Overview ==

* <code>createCssPrefixs(defaultPrefix, cssPrefixes)</code> composes an array of prefixes starting with <code>defaultPrefix</code>.
* <code>createStyleTags(cssPrefixes, suffix)</code> builds class-like tags from those prefixes (most specific first).
* Styles are merged from defaults to backend/theme overrides in order of specificity.

== Examples ==

# Single extra prefix:

<syntaxhighlight lang="javascript">
<IzaraDivStyle
styletags={createStyleTags(
createCssPrefixs('formEditConfig', ['output_Testt']),
'div'
)}
/>
</syntaxhighlight>

Generated tags (ordered from most specific to least):

<pre>
['formEditConfig_output_Testt_div', 'formEditConfig_div']
</pre>

# Multiple prefixes:

<syntaxhighlight lang="javascript">
<IzaraDivStyle
styletags={createStyleTags(
createCssPrefixs('formEditConfig', ['output', 'Testt']),
'div'
)}
/>
</syntaxhighlight>

Generated tags:

<pre>
[
'formEditConfig_output_Testt_div',
'formEditConfig_output_div',
'formEditConfig_div'
]
</pre>

== Merge behavior (how CSS is composed) ==

Given these theme objects:

<syntaxhighlight lang="javascript">
export const themeStylesDefault = {
formEditConfig_div: `
display:flex;
`,
formEditConfig_output_div: `
color:red;
`,
formEditConfig_output_Testt_div: `
background-color: coral;
`
};

export const themeStylesBackend = {
formEditConfig_div: `
display:flex;
justify-content:center;
`,
formEditConfig_output_div: `
color:green;
`
};
</syntaxhighlight>

The merged result for the tags above becomes:

<syntaxhighlight lang="css">
{
display:flex;
justify-content:center; /* from backend override */
color:green; /* backend overrides default */
background-color: coral;/* most specific default */
}
</syntaxhighlight>

Notes:

* Styles are combined by iterating <code>styletags</code> from most specific to least specific, collecting backend/theme overrides first (if present) and falling back to defaults.
* The final CSS string concatenates defaults first, then theme/backend values to ensure overrides apply.
== Summary ==

* Use <code>createCssPrefixs</code> + <code>createStyleTags</code> to derive style keys.
* Provide <code>themeStyle</code> (backend overrides) and <code>themeStylesDefault</code> (defaults) to the component.
* The merge order ensures more specific and backend-provided styles override defaults.

== Note ==

Now we receive <code>themeStyle</code> from props of IzaraDivStyle component , but in the future it will come from the backend.

[[Category:Working documents| 2025-04-08]]
[[Category:Working documents - Frontend Styles| 2025-04-08]]

Per Service Schemas

2026-03-21T05:34:05Z

Seagame: /* Relationships Schema | ObjectRelationships.js */

= Overview =

Each service manages a schema of object/resources that it is responsible for, this schema is available to other services and frontends. The schema includes a list of fields available for each object.

= File Structure =

* see [[Repository structure#schemas|Repository structure]]

= ObjectSchema | ObjectFieldSchema.js =

== Not extendObjType ==

<syntaxhighlight lang="javascript">
{
objectType: "xx",
shortNameObjectType:"x", // optional, use when generate code create lambda role with long name
canDelete: false, // whether any fields can be deleted // default = false
belongTo: {
serviceTag:"iii",
objectType:"jjj"
},
// how is the object created
// userGenerated there will be generated endpoints for api or sqs (used in importBatchMain) to create object
// systemGenerated must be created by flow/s
// searchResultGenerated see separate notes below
generatedBy: "userGenerated" || "systemGenerated" || "searchResultGenerated" // required
searchResultGeneratedFlowType: {}, // for generatedBy = searchResultGenerated
addOnDataStructure: [ // optional, add for additional setting to objectType
{
// all fields that a user can edit must be in versionedData, and all fields in versionedData must be editable by user
type:"versionedData",
versionedDataLabel: "xx", // versionedData label name
storageResourceTag : "xx", // ref to storegeResourceTag
fieldNames: { // fieldName in versionedData cannot have in in main objectSchema.fieldNames
"aaa":{ // fieldName
type: "xx", // string|integer|number|timestamp|currency|currencyValue|float|special|object|boolean|arrayMixed|arrayNumeric|arrayString
requiredOnCreate: false, // default = false
optionalOnCreate: false, // default = false,
validation: {
itemValidation:{} // for validate item in array
},
// probably impossible to have fromObjType, because data can be changed by user here
fromObjType:{
serviceTag: "xxx",
objectType: "xxx"
},
},
// ...
}
},
{ // can have multiple addOn of type attributeTree
type:"attributeTree",
},
{
type:"translation"
},
{
type:"propertyValue"
},
{
type:"mediaLink"
},
// ...
],
storageResources:{
"xxx":{ // storageResourceTag
storageType: "xx", // graph
graphServerTag: "xx", // setting for storageType graph
additionalGraphIndexes:[['fieldName1', 'fieldName2', ...], [...]] // will make graph index with specific fieldName
},
"zzz":{ // storageResourceTag
storageType: "xx", // dynamoDB
// setting for storageType dynamoDB
tableName: "xx",
groupByPartitionKeyField: "xx", // use groupByPartitionKeyField as partition key and not have sort key in dynamoDB, if have multiple identifiers will concat it. And use it as partitionKey.
serviceTag:"zz"// default own service.
}
},
fieldNames: {
xxx: { // fieldName
type: "xx", // string|integer|number|timestamp|currency|currencyValue|float|special|object|boolean|arrayMixed|arrayNumeric|arrayString
randomOnCreate: false, // default = false , can set true in fieldName that part of identifiers and identifiers have single identifierFieldname
requiredOnCreate: false, // default = false
optionalOnCreate: false, // default = false
canUpdate: true, // default = true (only system/flows can edit, no history of changes unless flow manually adds)
validation: {
itemValidation:{} // for validate item in array
}, // maybe ajv syntax
storageResourceTags: ["xx","yy"], // reference to storageResources property
fromObjType:{
serviceTag: "xxx",
objectType: "xxx"
},
hashOnCreate: ["xx", "yy"], // reference to other fieldName,
statusField: true, // use for objectSchema inside flowSchema, identify which field is statusField
},
// ...
},
compositeKeyDeliminator: "xx", // join partitionKey and sortKey
identifiers: [
// for dynamoDB storageType
{
type: "partitionKey",

fieldNames: ["xx","yy"], // composite partition keys in DynamoDB
deliminator: "xx", // optional, defaults to "_"
name: "zz", // name of field in database
// or
fieldName: "xx"

},
{
type: "sortKey",

fieldNames: ["xx","yy"], // composite partition keys in DynamoDB
deliminator: "xx", // optional, defaults to "_"
name: "zz", // name of field in database
// or
fieldName: "xx"

},

// for graph storageType
{
type: "identifier",
fieldNames: ["xx","yy"], // identifier field in graph or composite partition keys in DynamoDB
name: "zzz" // use when save in dynamoDB partitionKey
deliminator: "xx", // optional, defaults to "_"
// or
fieldName: "xx"
},
]
}
</syntaxhighlight>

== extendObjType ==

<syntaxhighlight lang="javascript">
{
// for objects stored in graph this will add another node label
objectType: "xx", // new label to add
extendObjType: { // core object that this object extends
serviceTag: "xxx",
objectType: "xxx"
},
addOnDataStructure: [],
storageResources:{ // these are the storageResources that carry the extended objects settings,
// (see above)
},
fieldNames: {
// (see above)
},
// canDelete/identifiers come from the core object
}
</syntaxhighlight>

== searchResultGenerated ==

* must be created by flow
* eg: variantProduct
* not have any storageResources
* identifiers are automatically searchResultData identifiers
* a searchResult request for this object will enter the searchResultGeneratedFlowType flow which creates searchResultData that can then be queried/sorted
* all relationships must be storageType = lambda, eg translate from variantProduct to variant uses a translateId flow to query the variantProduct identifier (searchResultData) to find the variantId in it's requiredData results
* searchResultGeneratedFlowType takes over after creating searchResultMain record until processRequiredData
* if objectSchema defines any fieldnames, then they are found using a flow, maybe as hooks in per service findData
* when finding direct fieldname, will need to check if requireData already exists, if not enter flow/findData to create
* no fields can be edited, so can show in forms but no updates performed

= Relationships Schema | ObjectRelationships.js =

* stored in top level schemas folder
* parent/child determines relationship direction for graph relationships
* have one service that contains information of each relationship

<syntaxhighlight lang="javascript">
// relationship schema in responsible service
[
{
"xxx": { // relationshipTag - name of relationship type stored in graph
generatedBy: "userGenerated" || "systemGenerated" // default="userGenerated"
canChangeToRelTypes: [
{
relType: { // relType that this relType can change to
serviceTag:"xxx",
relationshipTag: "yyy"
},
changeBy: "user" // "systemNoUserId" | "systemWithUserId" | "user", default="user"
}
// another relType
],
// moveBy allows the relationship to be moved between 2 instances of the same objType only
moveBy: "none" // "systemNoUserId" | "systemWithUserId" | "user" | "none", default="none"
storageResources:{
"xxx":{ // storageResourceTag
storageType: "xx", // dynamoDB | graph | lambda
// if storageType="dynamoDB" will not specify tableName in relationship schema

// setting for storageType graph
graphServerTag: "xx",
additionalGraphIndexes:[['fieldName1', 'fieldName2', ...], [...]], // will make graph index with specific fieldName

// setting for storageType lambda
serviceTag: "xx",
functionName: "xx",
}
},
fieldNames: {
"xxx": { // relationship property name
type: "string", // "string" | "number" ...
requiredOnCreate: false, // default=false
optionalOnCreate: false, // default = false
updateBy: "user" // "systemNoUserId" | "systemWithUserId" | "user" | "none", default="user"
validation: {} // ajv syntax
},
//...other relationship properties
},
links: [
{
storageResourceTags: ["xxx"], // reference from storageResources property
canDelete: false // default = false, if set true will allow delete relationship between 2 objType
from: {
objType: {
serviceTag: "xx",
objectType: "xx"
},
requiredOnCreate: true, // if set true will create relationshipTag when create objType data, if both "from" and "to" linkType="many" should not have requiredOnCreate, exists in "from" or "to" only
linkType: "", // one | many
},
to: {
objType: {
serviceTag: "yy",
objectType: "yy"
},
linkType: "", // one | many
},
requestProperties: {
// if storageType is Lambda and translateIds/linkPath requires properties set them here (eg sellOffer>orderPrice)
tag_deliverTo: {
requestPropertyType: "objectIdentifier",
objType: {
serviceTag: "Locations",
objectType: "locationNode" // deliversToLocationNode
},
identifiersFieldName: "locationNodeId"
},
// ... other request properties
}
}
// ...other link
]
}
}
]

</syntaxhighlight>

= Reference Relationships Schema | RefObjectRelationships.js =

<syntaxhighlight lang="javascript">
// reference to relationshipTag in external service
[
{
objectType: "zz", // objectType in local service
relationshipTag: "xxx", // name of relationshiptag of objType
relationshipServiceTag: "xx" // point to service tag that contain data of relationshipTag of objType
}
]

</syntaxhighlight>

= Flow Schema | FlowSchemas.js =

<syntaxhighlight lang="javascript">
[
{
flowTag: "yyy",
initiateBy:"user", // "user" | "system" -- if receive plugin should be user
handleObj:"one", // "one" | "multi"
statusType:"statusField", // "statusField" | "storedCache" | "none" | "triggerCache"

// statusType="triggerCache" setting
triggerType: "storedCache", // "storedCache" | "switch"
triggerFlowTypes:[
//... triggerFlowType
],

// statusType="statusField" | "triggerCache" | "storedCache" setting:
objType:{},

event:["ownTopic"], // "ownTopic" | "extTopic" | "s3" | "eventBridge" | "lambdaSyncInv" | "lambdaSyncApi" | "generatedCode"

// event="s3" setting
bucketName: "xxx", // bucket for s3 event
createBucket: boolean, // if true will generate new bucket with bucketName if false will point to old bucket that already have

// event="eventBridge" setting
schedules:[
{
name: 'your-scheduled-rate-event-name',
description: 'your scheduled rate event description',
rate: ["rate(1 minute)", ],
input:{}
}
],

// event="generatedCode" setting
generatedCodeConfig:{
generatedCodeTag: "create", // tag for generated code, eg "create" | "update" | "delete"
codeHookTag: "xx", // which codeHook to initiate flow from
// maybe validate: invocationType must exist in "event" array, so don't need to check 2 places when eg creating sns topic
invocationType: "ownTopic", // "ownTopic" | "lambdaSyncInv"

objType: {}, // which cases in the generated code trigger the flow
// .. other settings depending on generated code
}

outputTopic: boolean,

flowSteps:[
In:{ // will generate Topic serviceTag_stage_yyy_In
properties:[], // reference to stepProperties key
messageAttributes: [] // reference to stepProperties key
},
// another flow steps
flowStep1:{ // will generate Topic serviceTag_stage_yyy_Flow1
properties:[], // reference to stepProperties key
messageAttributes: [] // reference to stepProperties key
event:["ownTopic"], // "ownTopic" | "extTopic" | "s3" | "eventBridge" | "lambdaSyncInv" | "lambdaSyncApi" | "generatedCode"
// handle splitting logic into awaitingStep/awaitingMultipleSteps
// handle splitting logic into paginated lambda

plugInHooks: [
{
plugInHookTag: "",
objType:{}, // used to query connection dynamo for an object instance in current flow
},
]
},
Out:{ // will generate Topic serviceTag_stage_yyy_Out
properties:[], // reference to stepProperties key
messageAttributes: [] // reference to stepProperties key
},
]

stepProperties:{
"uuid":{
propertyName:"xxx",
type:"string",
},
"uuid2":{
objectField:{
objType:{},
fieldName:"xx"
},
overwritePropertyName:"xx" // optional, if have objectField and have overwritePropertyName will overwrite fieldName
}
},
}
]
</syntaxhighlight>

= System Text Schema | SystemTextSchemas.js =

<syntaxhighlight lang="javascript">
[
{
namespace: "xxx", // groups files downloaded by frontend
systemTextTag: "yyy",
}
]
</syntaxhighlight>

== Auto generated systemText and namespaces ==

=== systemNotification names ===

* namespace: "sysNotification_{notificationGrouping}"
* systemTextTag: "{notificationTag}"
* eg shown on notification settings page

=== objType names ===

* namespace: "objTypes"
* systemTextTag: "{serviceTag}_{objectType}"
* eg shown on config pages, eg pulldown list of object types

=== objType field name descriptions ===

* namespace: "objType_fielddesc_{serviceTag}_{objectType}"
* systemTextTag: "{fieldname}"
* eg shown on config pages, eg info box for each field name

= System Notification Schema | SystemNotificationSchemas.js =

<syntaxhighlight lang="javascript">
[
{
notificationTag: "xxx",
notificationGrouping: "yyy",
weight: "##",
},
]
</syntaxhighlight>

= Generated S3 files =

* generate multiple files for different uses, eg:
*# list of saved fieldNames for Create
*# list of saved+calculated for Update/Info pages
*# graphSchemas
*# relationships (used by Search/Sort Results)

= Use Cases =

== Find Deployed Service Name ==

* other services can use fixed serviceTag to get deployed serviceName from serviceSchema on S3
* used to build resource names for external services
* eg when one service needs to send a message into an SNS belonging to a different service

== Standard Create, Update, List, Delete pages ==

* List and Delete are maybe not required, use table data system instead.
* object schema can add validation information that can be used on the frontend to check before sending to backend, and by the backend to validate the data before handling

=== Create Object ===

* can configure what fields are shown
* requiredOnCreate fields must be shown

=== Edit Object ===

* users setup any number of pages for object types with configurable fields shown
* fields can be either display only or edit
* each field can adjust it's display properties (perhaps via cssStyles)

== Menu Config ==

When adding menu items can add links to create, update, list, delete objects, user chooses the service then from that service's list of objects and what action is being performed. For update/delete perhaps links to a standard page that asks for the identifier before presenting the page.

== Tabled Data ==

When viewing tabled data the frontend pulls the tableId's config from backend, then when requesting the data also requests the serviceTag > objectType schema for use when displaying the data.

== Code Standardization ==

Code such as middleware validation schema and saving data to databases can be standardized.

== Code Generation ==

Endpoints per object for actions such as Create/Delete/Update can be automatically generated from objectSchema.

=== Code Generation Structure ===

* npm for generic code generation, can be used in any project, includes functions for generating Source files from templates and developer files
* npm for per project specific files, eg templates for the project (Create/Update/.. code)
* Empty Service Template has GenerateCode.js script file in root dir that is run to generate code, it invokes a generation function from generic npm with param that points to per project npm's templates
* generated Source retains hook tags (and any developer added code), so if developer wants to update developer's file with updated template code they can generate code and simply copy generated Source to src folder

= Graph Server Config =

* S3 has a list of graphServerTag's linking to the GraphHandler serviceTag responsible for the graph
* multiple graphServerTags can point to one GraphHandler, combining graphs into one server
* when creating each GraphHandler's graph schemas, for each field split out the fields into each GraphHandler using the graphServerTag, if multiple graphServerTags for a field point to the same GraphHandler combine the fields to create GraphHandler's graph schema
* every GraphHandler an object is saved into will require it's identifiers
* when eg updating fields for an object separate the fields per GraphHandler before sending the request to update each graph

= Extended Object Types =

* Allows for one graph node to have multiple labels
* graph schema is created for both the core object and the extended object
* eg Media Manager's has a node schema for "media" object type, and Image service has a node schema for "image" object type
* the extended object builds it's schema by combining core + extended settings

= Working documents =

[[:Category:Working_documents - Per Service Schemas|Per Service Schemas]]

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T04:32:10Z

Seagame: /* Schedules Instance using AWS EventBridge */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
[[File:AddSettingSequrityGroup.png|1000px]]

= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
*'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
[[File:Step1CreateSpecifyTagEvenBridge.png |1000px]]
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
[[File:CronExpression.png |1000px]]
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

*''' Step2 : Select target '''
[[File:EventBridgeTargetDetial.png|1000px]]
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

*'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

[[Category:Working documents| 2026-03-19]]

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T04:31:11Z

Seagame: /* Schedules Instance using AWS EventBridge */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
[[File:AddSettingSequrityGroup.png|1000px]]

= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
[[File:Step1CreateSpecifyTagEvenBridge.png |1000px]]
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
[[File:CronExpression.png |1000px]]
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

''' Step2 : Select target '''
[[File:EventBridgeTargetDetial.png|1000px]]
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

[[Category:Working documents| 2026-03-19]]

File:EventBridgeTargetDetial.png

2026-03-20T04:28:30Z

Seagame:

File:CronExpression.png

2026-03-20T04:26:27Z

Seagame:

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T03:57:08Z

Seagame: /* Schedules Instance using AWS EventBridge */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
[[File:AddSettingSequrityGroup.png|1000px]]

= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
[[File:Step1CreateSpecifyTagEvenBridge.png |1000px]]
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
// wait for image
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

''' Step2 : Select target '''
// wait for image
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
// wait for image
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

[[Category:Working documents| 2026-03-19]]

File:Step1CreateSpecifyTagEvenBridge.png

2026-03-20T03:54:36Z

Seagame:

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T03:51:12Z

Seagame: /* Resource Ec2 settings */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
[[File:AddSettingSequrityGroup.png|1000px]]

= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
// wait for image
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
// wait for image
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

''' Step2 : Select target '''
// wait for image
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
// wait for image
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

[[Category:Working documents| 2026-03-19]]

File:AddSettingSequrityGroup.png

2026-03-20T03:50:52Z

Seagame:

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T03:46:08Z

Seagame: /* Create Internet Gateway */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
// wait for image
= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
// wait for image
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
// wait for image
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

''' Step2 : Select target '''
// wait for image
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
// wait for image
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

[[Category:Working documents| 2026-03-19]]

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T03:45:14Z

Seagame: /* Create VPC Endpoint */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
// wait for image
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
[[File:Screenshot from 2026-03-18 15-32-04.png|1000px]]
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
[[File:AddSubNet.png |1000px]]
* '''Security groups '''
[[File:AddSequrityGroup.png |1000px]]
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
// wait for image
= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
// wait for image
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
// wait for image
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

''' Step2 : Select target '''
// wait for image
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
// wait for image
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

[[Category:Working documents| 2026-03-19]]

File:AddSequrityGroup.png

2026-03-20T03:44:41Z

Seagame:

File:AddSubNet.png

2026-03-20T03:42:30Z

Seagame:

File:Screenshot from 2026-03-18 15-32-04.png

2026-03-20T02:58:49Z

Seagame:

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T02:55:44Z

Seagame: /* Create Route Table */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
// wait for image
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
[[File:CreateRouteTable.png |1000px ]]
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
[[File:SubnetAssociations.png |1000px]]
* Connect internet gateway for protect config : Select your route table >> edit route
[[File:EditRoute.png |1000px ]]
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created

=== Create VPC Endpoint ===
// wait for image
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
// wait for image
* '''Security groups '''
// wait for image
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
// wait for image
= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
// wait for image
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
// wait for image
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

''' Step2 : Select target '''
// wait for image
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
// wait for image
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

[[Category:Working documents| 2026-03-19]]

File:EditRoute.png

2026-03-20T02:40:48Z

Seagame:

File:SubnetAssociations.png

2026-03-20T02:39:12Z

Seagame:

File:CreateRouteTable.png

2026-03-20T02:37:23Z

Seagame:

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T02:35:36Z

Seagame: /* Create Subnet */

= Deploy EC2 Instance =
* EC2 instance types are purpose-built configurations of virtual servers, designed with different resource combinations to help your applications perform at their best.
== Setting Ec2 on AWS ==

=== Create Key pairs ===
[[File:CreateKeyPairs.png |1000px ]]
* Enter key pair name you want
* select key pair type to RSA
* select Private key file format to .pem
* When you created new key pair it will auto download file it will be used later

=== Create VPC ===
Sign in to aws account that want to create instance -> VPC -> Virtual private cloud -> your VPC
* '''Create VPC if not exist '''
[[File:CreateVPCIfNotExist.png |1000px ]]

* Required: IPv4 CIDR // ex : 172.16.0.0/16

* ''' VCP exist '''
[[File:CreateVPCifExist.png |1000px ]]
*'''Note''' : can shared VPC for create another instance in same account
[[File:Screenshot from 2026-03-18 14-28-11.png|1000px]]

=== Create Subnet ===
[[File:CreateSubNet.png |1000px ]]
* Select VPC
[[File:Screenshot from 2026-03-18 14-55-26.png |1000px ]]
* enter subnet name and select Availability Zone then enter IPv4 subnet CIDR block when you finish first subnet click add new subnet and then repeat 3 subnet process
* Availability Zone
** Stage : Ohio >> (us-east-2a),(us-east-2b),(us-east-2c)
* IPv4 subnet CIDR block
** us-east-2a : 172.16.10.0/24
** us-east-2b : 172.16.20.0/24
** us-east-2c : 172.16.30.0/24

=== Create Internet Gateway ===
// wait for image
* When you finish create internet gateway then back to internet gateways page
* Attach with your VPC: select your internet gateway -> action -> Attach to VPC and then select your VPC

=== Create Route Table ===
// wait for image
* Select you VPC and then create route table
* Select your route table -> action -> edit subnet associate and then select your subnet
// wait for image
* Connect internet gateway for protect config : Select your route table >> edit route
// wait for image
* Add route
* Destination : 0.0.0.0/0
* Target : Internet Gateway>> select your Igw from created
=== Create VPC Endpoint ===
// wait for image
* '''Select Service:'''
** com.amazonaws.us-east-2.s3
** com.amazonaws.us-east-2.dynamodb
Select Type: Gateway >> VPC >> route table
** com.amazonaws.us-east-2.sns
** com.amazonaws.us-east-2.sqs
** com.amazonaws.us-east-2.lambda
Select Type : Interface >> VPC >> route table >> subnet >> Security groups
* '''Subnet settings'''
// wait for image
* '''Security groups '''
// wait for image
* '''Note''' : Endpoint Type : Interface , can create those endpoint after created Security groups from deploy Resource EC2 finished

== Resource Ec2 settings ==
* '''in ResourceEC2/ ec2.yml'''

<syntaxhighlight lang="YAML">
Parameters:

ExistingVpcId:
Type: AWS::EC2::VPC::Id
Description: Use existing VPC
Default: vpc-0ce9f21b10cb179f9

SshKeyPairNeo4j:
Description: SSH Keypair to login to the instance
Type: AWS::EC2::KeyPair::KeyName
Default: ${self:custom.iz_DefaultKeyPairName} # name to config same imageId

Resources:

Neo4jSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Neo4j Security Group shared
GroupName: share-neo4j-shared
SecurityGroupIngress:
# - CidrIp: 0.0.0.0/0 # set to all traffic for send msg to sns
# IpProtocol: "-1"
- IpProtocol: tcp
FromPort: 22 # SSH
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7687 # private neo4j port
ToPort: 7687
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7474 # public neo4j port: neo4j
ToPort: 7474
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 7473 # # public neo4j port: Bolt
ToPort: 7473
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0 # set all traffic
IpProtocol: "-1"
# VpcId: !Ref VPC
VpcId: !Ref ExistingVpcId

# create neo4j instance
Neo4jShared:
Type: AWS::EC2::Instance
Properties:
ImageId: ${self:custom.iz_ImageId}
# InstanceInitiatedShutdownBehavior: stop # default
InstanceType: t2.medium
SecurityGroupIds:
- !Ref Neo4jSecurityGroup
KeyName: !Ref 'SshKeyPairNeo4j' # NOTE: require existing keypair, please make sure have private key in local.
SubnetId: ${self:custom.iz_subnetIds1a}

## Elastic IP: neo4j instance public IP address will not chabge everytime we stop/start instance(NOT security)
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Neo4jShared
</syntaxhighlight>

'''Note:''' Security Group section after deploy if has config between lambda endpoint not send message out… should add setting inbound rules:
* Type:HTTPS>>TPC>>443>>172.16.0.0/16
// wait for image
= Install Neo4j in terminal =
After EC2 instance was created: ** must have ec2 instance existing **
== Install neo4j using .tar ==
* '''ssh EC2 instance: in Terminal'''

<syntaxhighlight lang="text">
# set permission of key
chmod 400 <your keys pairs> // ex. GraphHandler-ver-05.pem

# connect ec2 instance by SSH command
ssh -i "your-key.pem" ec2-user@<public-ip> -L 7687:<private-ip>:7687

# Install java:
sudo yum install java-17-amazon-corretto -y // neo4j version-5 use java version more than version 11

# Download and extract neo4j
wget https://neo4j.com/artifact.php?name=neo4j-community-5.20.0-unix.tar.gz

tar -xzf neo4j.tar.gz

mv neo4j-community-* neo4j

cd neo4j

# Configure Neo4j bash
nano conf/neo4j.conf

Then Add this into file:

server.default_listen_address=0.0.0.0
server.default_advertised_address=<your-ec2-private-ip or public-ip>
server.bolt.listen_address=:7687
server.http.listen_address=:7474

#Setting start on reboot bash
bin/neo4j stop

sudo nano /etc/systemd/system/neo4j.service

Add this code in file:
[Unit]
Description=Neo4j Graph Database
After=network.target

[Service]
Type=forking
User=ec2-user
WorkingDirectory=/home/ec2-user/neo4j
ExecStart=/home/ec2-user/neo4j/bin/neo4j start
ExecStop=/home/ec2-user/neo4j/bin/neo4j stop
Restart=on-failure
RemainAfterExit=true
Environment=NEO4J_HOME=/home/ec2-user/neo4j
Environment=JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto

[Install]
WantedBy=multi-user.target

# set neo4j password
bin/neo4j-admin dbms set-initial-password NewPassword123 // < your password>

# Then
bin/neo4j start

</syntaxhighlight>

== Connect Neo4j Browser ==
* run EC2 Instance that connect to neo4j on AWS > Instance state > Start instance : running status
* Example browser : http://16.59.197.49:7474/browser/
* Connect URL:
<syntaxhighlight lang="text">
neo4j:// public -ip:7687
Username: neo4j
Password : xxxxxx
</syntaxhighlight>

= Stop and start EC2 instances automatically =
== Schedules Instance using AWS EventBridge ==
'''Step1: Specify schedule detail'''
* Go to Amazon EventBridge >> Schedules → Create Schedules
// wait for image
* '''Schedule pattern:'''
* Occurrence → Recurring schedule
* Time zone: → asia/Bangkok
* Schedule type → Cron-based schedule
// wait for image
* '''Note:''' monday to saturday stop instance on 18:00 / 6:00PM
* Flexible time window : off → next page

''' Step2 : Select target '''
// wait for image
* Amazon EC2 → StopInstances then push Instance Id into JSON format → next page

'''Step3 : Settings '''
* Schedule state : enable
* Action after schedule completion : NONE
* Retry policy and dead-letter queue (DLQ) : NONE
* Set Permissions: → Go to IAM console to create role permission then select an existing role after created finished
// wait for image
* IAM → Roles → Create roles
** Custom trust policy:
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
</syntaxhighlight>

* Add Permission : if permission for stop Instance not exist , have to create before or skip this step then add those permission later
<syntaxhighlight lang="JSON">
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:StopInstances",
"Resource": "arn:aws:ec2:us-east-2:418867772665:instance/i-0569d4b408c5a75db"
}
]
}
</syntaxhighlight>

'''Note:''' "Resource": "arn:aws:ec2:us-east-2:<Account-Id>:instance/<instanceIds>"
* Name, review, and create : create roles name

''' Step4 : Review and create schedule '''
* Check detail the create schedule
// wait for image

== Idea: Stop and start Instance using Systems Manager ==
* Go to AWS → Systems Manager
* In the left menu click → Quick Setup
* Get started with Quick Setup → Get started
* Choose Configuration Type
* 👉 Resource Scheduler (Powered by AWS Solutions) → Create

* Specify instance tag :
** Key : Value >> should set key & value like those instance want to set Auto Scheduler
** go to EC2 Console → Instances
** Select your specific instance
** Click Tags → Manage tags → Add tag

* Target
** Choose : current account and current region
** Local deployment roles : Use new IAM local deployment roles

[[Category:Working documents| 2026-03-19]]

File:Screenshot from 2026-03-18 14-55-26.png

2026-03-20T02:34:36Z

Seagame:

File:CreateSubNet.png

2026-03-20T02:33:05Z

Seagame:

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T02:31:00Z

Seagame: /* Create VPC */

File:Screenshot from 2026-03-18 14-28-11.png

2026-03-20T02:29:18Z

Seagame:

File:CreateVPCifExist.png

2026-03-20T02:27:07Z

Seagame:

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T02:21:41Z

Seagame: /* Create VPC */

File:CreateVPCIfNotExist.png

2026-03-20T02:20:40Z

Seagame:

2026-03-19 Deploy and Setting EC2 instances

2026-03-20T02:04:57Z