Documentation shows generic case where PAM cluster in AWS is configured by assigning Elastic IPs (EIPs) which have Public IPs. Although we can configure Security Group or Network ACL in AWS to block accesses from the Internet, for tighter security reason, we may want to deployed PAM within AWS Private network only. This means we don't want to assign EIPs. Can PAM cluster in AWS be configured properly in this kind of requirements? PAM cluster seems to be up and running, however VIP assignment failed. What is the correct PAM cluster configuration in this case?
This article shows step-by-step procedure how to configure PAM cluster in this kind AWS environment.
This article assumes the followings
a. One Site with two PAM nodes cluster
b. All PAM nodes have the same version and license
c. All PAM nodes in the same VPC, subnet and availability zone
b. You have your AWS user account's Access Key ID and Secret Access Key at hand, i.e. the user account you use to create the PAM node instances
d. All PAM nodes are accessible using their Private IP from your office network