Production ready (HA) Wordpress Deployment for AWS using Fargate and Aurora Serverless.
This stack uses tag propagation which requires new resource-id format Before launching cloudformation stack.
The stack expects a public domain to be registered prior to launching the stack.
Note: For testing, you may modify the host file and use self signed certificates.
This stack expects Route53 Zone to be pre-created. Either it can be created manually or using cloudformation template.
Once the zone is created, updated the name server of the domain registrar to point to this zone.
- Login to AWS Account (dev/production) and go to ACM wizard.
- Switch to desired region where this stack needs to be created.
- Add domain names for loadbalancer: lb.example.com, admin.example.com
- Use DNS Validation for verifying domain.
- Create the request and use option : "Create record in route53" to automatically create verification records.
- Now switch region to us-east-1 and create new ACM Certificate for cloudfront
- Add public facing domains to the certificate: example.com, www.example.com
- Use DNS Validation for verifying domain.
- Create the request and use option : "Create record in route53" to automatically create verification records.
For end-to-end encryption, we need to create TLS certificates for the application container as well. The certificate and private key needs to be stored into SSM Parameter as secure string.
- Generate self signed certificates for the container
mkdir -p certs
openssl req -new -newkey rsa:2048 -days 1825 -nodes -x509 -keyout certs/server.key -out certs/server.crt- Add private key to SSM Parameter store as secure string.
aws ssm put-parameter \
--name "/wordpress/ssl/server.key" \
--type "SecureString" \
--value "file://./certs/server.key" \
--description "Wordpress SSL Private Key" \
--overwrite \
--tier Intelligent-Tiering \
--region <region>- Add bundled cert to SSM Parameter store as secure string
aws ssm put-parameter \
--name "/wordpress/ssl/server.crt" \
--type "SecureString" \
--value "file://./certs/server.crt" \
--description "Wordpress SSL Cert Bundle" \
--overwrite \
--tier Intelligent-Tiering \
--region <region>This step is only required if using wordpress full stack with VPC or when client vpn stack is setup directly. The stack uses mutual authentication for setting up client VPN.
Follow the steps at AWS Client VPN Documentation to create
- CA Certificate
- Server Certificate
- Client Certificate
Only Server certificate needs to be uploaded to ACM.
For added security, global WAF needs to be setup in us-east-1 region.
Note: This is an optional step and can be skipped if WAF is not needed.
| Stack | Description | Quick Launch Url |
|---|---|---|
| wordpress-fullstack | Launches full wordpress stack with vpc and client vpn |  |
| wordpress-fullstack-no-vpc | Launches full wordpress stack without vpc | |
| vpn-client | Client VPN Stack for connecting to admin | |
Note: To deploy to different region, simply change region in AWS Console
For support around this stack or need help around your AWS Infrastructure and application, contact: cloudsales@intraedge.com
- python3
- pip3
In order to validate the cloudformation template, install the pre-commit git hooks using command:
pip3 install -r pre-commit
pre-commit install