This project demonstrates how to host a WordPress website on AWS, leveraging various AWS services to ensure high availability, scalability, and security. The deployment involves setting up a Virtual Private Cloud (VPC), configuring an Application Load Balancer (ALB), utilizing Auto Scaling Groups, and implementing security best practices. The reference architecture diagram and deployment scripts are available in this repository.
The architecture includes the following components:
- VPC with Public and Private Subnets: Distributed across two availability zones for high availability.
- Internet Gateway: Facilitates internet access for instances in the VPC.
- Security Groups: Act as virtual firewalls to control inbound and outbound traffic.
- Application Load Balancer: Distributes incoming traffic across multiple EC2 instances.
- Auto Scaling Group: Automatically adjusts the number of EC2 instances based on demand.
- EC2 Instances: Host the WordPress application.
- Elastic File System (EFS): Provides shared file storage for the WordPress application.
- Relational Database Service (RDS): Manages the WordPress database.
- Route 53: Manages DNS for the domain.
- Certificate Manager: Secures communications with SSL/TLS certificates.
- Simple Notification Service (SNS): Sends notifications for Auto Scaling events.
- AWS account with necessary permissions.
- Domain name registered in Route 53.
- GitHub account for version control.
- Create a VPC with CIDR block
10.0.0.0/16. - Create two public subnets and two private subnets in different availability zones.
- Enable DNS resolution and DNS hostnames for the VPC.
- Create an Internet Gateway and attach it to the VPC.
- Update the route table for public subnets to route internet traffic through the Internet Gateway.
- Create a security group for ALB to allow inbound HTTP (port 80) and HTTPS (port 443) traffic.
- Create a security group for EC2 instances to allow inbound traffic from ALB and allow SSH access from your IP.
- Create a security group for RDS to allow traffic from EC2 instances.
- Launch EC2 instances in private subnets.
- Configure instances to use EC2 Instance Connect for secure access.
- Install Apache, PHP, and MySQL as per the provided script.
- Create an ALB in public subnets.
- Create a target group and register EC2 instances.
- Configure listeners for HTTP and HTTPS traffic.
- Create a launch template with the provided script for setting up WordPress.
- Create an Auto Scaling Group with the launch template.
- Set scaling policies to manage the number of instances based on demand.
- SSH into one of the EC2 instances.
- Mount the EFS file system to
/var/www/html. - Download and configure WordPress as per the provided script.
- Create a hosted zone in Route 53.
- Add an A record to point to the ALB DNS name.
# create to root user
sudo su
# update the software packages on the ec2 instance
sudo yum update -y
# create an html directory
sudo mkdir -p /var/www/html
# environment variable
EFS_DNS_NAME=fs-064e9505819af10a4.efs.us-east-1.amazonaws.com
# mount the efs to the html directory
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport "$EFS_DNS_NAME":/ /var/www/html
# install the apache web server, enable it to start on boot, and then start the server immediately
sudo yum install -y httpd
sudo systemctl enable httpd
sudo systemctl start httpd
# install php 8 along with several necessary extensions for wordpress to run
sudo dnf install -y php php-cli php-cgi php-curl php-mbstring php-gd php-mysqlnd php-gettext php-json php-xml php-fpm php-intl php-zip php-bcmath php-ctype php-fileinfo php-openssl php-pdo php-tokenizer
# install the mysql version 8 community repository
sudo wget https://dev.mysql.com/get/mysql80-community-release-el9-1.noarch.rpm
# install the mysql server
sudo dnf install -y mysql80-community-release-el9-1.noarch.rpm
sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2023
sudo dnf repolist enabled | grep "mysql.*-community.*"
sudo dnf install -y mysql-community-server
# start and enable the mysql server
sudo systemctl start mysqld
sudo systemctl enable mysqld
# set permissions
sudo usermod -a -G apache ec2-user
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;
sudo find /var/www -type f -exec sudo chmod 0664 {} \;
chown apache:apache -R /var/www/html
# download wordpress files
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
sudo cp -r wordpress/* /var/www/html/
# create the wp-config.php file
sudo cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php
# edit the wp-config.php file
sudo vi /var/www/html/wp-config.php
# restart the webserver
sudo service httpd restart#!/bin/bash
# update the software packages on the ec2 instance
sudo yum update -y
# install the apache web server, enable it to start on boot, and then start the server immediately
sudo yum install -y httpd
sudo systemctl enable httpd
sudo systemctl start httpd
# install php 8 along with several necessary extensions for wordpress to run
sudo dnf install -y php php-cli php-cgi php-curl php-mbstring php-gd php-mysqlnd php-gettext php-json php-xml php-fpm php-intl php-zip php-bcmath php-ctype php-fileinfo php-openssl php-pdo php-tokenizer
# install the mysql version 8 community repository
sudo wget https://dev.mysql.com/get/mysql80-community-release-el9-1.noarch.rpm
# install the mysql server
sudo dnf install -y mysql80-community-release-el9-1.noarch.rpm
sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2023
sudo dnf repolist enabled | grep "mysql.*-community.*"
sudo dnf install -y mysql-community-server
# start and enable the mysql server
sudo systemctl start mysqld
sudo systemctl enable mysqld
# environment variable
EFS_DNS_NAME=fs-02d3268559aa2a318.efs.us-east-1.amazonaws.com
# mount the efs to the html directory
echo "$EFS_DNS_NAME:/ /var/www/html nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0" >> /etc/fstab
mount -a
# set permissions
chown apache:apache -R /var/www/html
# restart the webserver
sudo service httpd restart