Build Three-Tier VPC from scratch

First, we are going to follow the architecture diagram from above.

Create a VPC in us-east-1 region with IPv4 CIDR 10.0.0.0/16

Enable Hostname configuration for your VPC

Create an Internet Gateway and attach it to Dev VPC that we created.

Internet Gateway is used to communicate all outside internet traffic to our VPC.

Attach the Internet Gateway to the Dev VPC that you created. You can attach and detach the VPC from action tab.

Create subnets in 2 Availability Zones in our VPC for high availability and fault tolerance architecture

Create a subnet and make sure you select your VPC with correct zone and IPv4 address. You will find those details on architecture photo

Create route table who linked our public subnets to our Dev Internet Gateway

Edit routes:

Attach the Dev Internet Gateway with IP 0.0.0.0/0 which means from everywhere:

Edit subnet associations:

Attach your public subnets to it:

Create Nate Gateways

Nate gateway is being used to communicate traffic of our private subnet to Internet gateway.

As you can see in above diagram, 2 Nate gateways are created in public subnets and it is being attached to new private route table that has private subnets attached to it respectively.

• Nate Gateway -> Private Route Table AZ1 -> Private Data Subnet AZ1 and Private App Subnet AZ1
• Nate Gateway -> Private Route Table AZ2 -> Private Data Subnet AZ2 and Private App Subnet AZ2

Create a new Nate gateway named Nate Gateway AZ1 in Public Subnet AZ1 and Nate Gateway AZ2 in Public Subnet AZ2

Create 2 new routes tables named Private Route Table AZ1 and Private Route Table AZ2 under Dev VPC

Go to Private Route Table AZ1 and edit routes:

Allow all Internet traffic to Nate Gateway AZ1

Add both Private App Subnet AZ1 and Private Data Subnet AZ2 in the Route table

Follow same steps for Private Route table AZ2 and add Nate Gateway AZ2 and Private App Subnet AZ2 and Private Data Subnet AZ2

Create Security Groups

1. ALB Security Group

2. SSH Security Group

3. Webserver Security Group

4. Database Security Group

5. EFS Security Group Once you create EFS Security Group, click on Edit Inbound Rules: Add EFS Security Group

Create RDS Database

Go to Amazon RDS

First, we will create a subnet group to group together our private database subnets in us-east-1a and us-east-1b

Now, create a new RDS DB using following details. Make sure you'll create a RDS in our DEV VPC

![Screen Shot 2022-11-11 at 3.57.29 PM.png](https://cdn.hashno

Create Elastic File System (EFS)

Go to EFS

Create a new EFS

Install Wordpress

Let's first create on EC2 instance for test purpose in Public Subnet AZ1

Now SSH into the instance and run the following commands

#1. create the html directory and mount the efs to it
sudo su
yum update -y
mkdir -p /var/www/html
#Go to EFS system and find DNS nameme
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport FILE_SYSTEM_NAME:/ /var/www/html


#2. install apache 
sudo yum install -y httpd httpd-tools mod_ssl
sudo systemctl enable httpd 
sudo systemctl start httpd


#3. install php 7.4
sudo amazon-linux-extras enable php7.4
sudo yum clean metadata
sudo yum install php php-common php-pear -y
sudo yum install php-{cgi,curl,mbstring,gd,mysqlnd,gettext,json,xml,fpm,intl,zip} -y


#4. install mysql5.7
sudo rpm -Uvh https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
sudo yum install mysql-community-server -y
sudo systemctl enable mysqld
sudo systemctl start mysqld


#5. set permissions
sudo usermod -a -G apache ec2-user
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;
sudo find /var/www -type f -exec sudo chmod 0664 {} \;
chown apache:apache -R /var/www/html 


#6. download wordpress files
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
cp -r wordpress/* /var/www/html/


#7. create the wp-config.php file
cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php


#8. edit the wp-config.php file
nano /var/www/html/wp-config.php
#you need to edit the config file to attach RDS DB and SSL certificate 
/* SSL Settings */
define('FORCE_SSL_ADMIN', true);

// Get true SSL status from AWS load balancer
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
  $_SERVER['HTTPS'] = '1';
}



#9. restart the webserver
service httpd restart