# Make Environment Publicly Accessible using AWS LB Configuration This document provides step-by-step instructions to make environment publicly accessible without wire guard configuration. Generally, all environments are privately accessible using wire guard configuration. Notes: The naming conventions may vary depending on the environment and this documentation will be applicable when using an AWS load balancer. ### Create Target Group for external-**http** 1. In the EC2 dashboard, under the ***Load Balancing*** section, select ***Target Groups*** from the menu. 2. Click the ***Create Target Group*** button to create a new Target Group. 3. Configure Target Group * Choose target type - `IP addresses` * Target Group name - `openg2p--external-http` * Protocol : Port - `TCP : 30080` * VPC - Select the VPC in which the instances are located * Health check protocol : Path : Port (**Traffic Port**) - `HTTP : /healthz/ready : 30521` 4. Register Targets * After configuring the Target Group, click the ***Next*** button. * Select the targets (instances) to register with the Target Group. * Click the ***Add to registered*** button to add the selected targets to the Target Group. 5. Review the configuration settings for the Target Group. After verification, click the ***Create Target Group*** button to create the Target Group. 6. Once the Target Group is created, make a note of the Amazon Resource Name (ARN) of the newly created Target Group. This ARN is required when you configure Load Balancers or other services that use the Target Group. ### Create Target Group for external-**httpsredirect** 1. To create a Target Group for "external-httpsredirect," follow the same steps mentioned above. Only for the **Configure Target Group** section, use the following configurations. * Choose target type - `IP addresses` * Target Group name - `openg2p--ext-httpsredirect` * Protocol : Port - `TCP : 30081` * VPC - Select the VPC in which the instances are located. * Health check protocol : Path : Port (**Overide**) - `HTTP : /healthz/ready : 30521` ### Create a Target Group for PostgreSQL 1. For PostgreSQL, there is no need to create a Target Group (TG). Instead, create a record with the name **internal.sandbox-name** and map the Internal NLB DNS name of the environment to it in AWS Route53. ### Create external n**etwork Load Balancer** 1. In the EC2 dashboard, click the ***Load Balancers*** tab and then click ***Create Load Balancer.*** 2. Choose Load Balancer Type as **Network Load Balancer.** 3. Configure Load Balancer Settings * Create NLB with name - `openg2p--external` * Select VPC - Select the VPC and region in which the instances are located * Select Security Group - Select the Security Group in which the instances are located Notes: Click [here](https://docs.openg2p.org/1.3/deployment/deployment-guide/aws/create-security-group-on-aws) to create Security Group, if required * Configure Routing - Define Target Groups to route traffic to specific instances * Listeners and routing **Protocol : Port : Default action** Notes: Below the default action, select the Target Groups already created from the above steps. * `TLS : 443 : openg2p--external-http` * `TCP : 80 : openg2p--ext-httpsredirect` * Select `ACM certificate` as per environment domain name. Notes: Click [here](https://docs.openg2p.org/1.3/deployment/deployment-guide/aws/create-acm-certificate-on-aws) to create ACM certificate, if required. * Review the configuration settings and create the Load Balancer. * Do mapping on AWS Route53.