Deploy Wordpress site using Three-Tier AWS Network

Build Three-Tier VPC from scratch

2._VPC_Reference_Architecture.jpg

First, we are going to follow the architecture diagram from above.

Create a VPC in us-east-1 region with IPv4 CIDR 10.0.0.0/16

Screen Shot 2022-11-11 at 10.53.51 AM.png

Enable Hostname configuration for your VPC

Screen Shot 2022-11-11 at 11.12.05 AM.png

Screen Shot 2022-11-11 at 11.14.46 AM.png

Create an Internet Gateway and attach it to Dev VPC that we created.

Internet Gateway is used to communicate all outside internet traffic to our VPC.

Screen Shot 2022-11-11 at 12.07.20 PM.png

Attach the Internet Gateway to the Dev VPC that you created. You can attach and detach the VPC from action tab.

Screen Shot 2022-11-11 at 12.11.33 PM.png

Create subnets in 2 Availability Zones in our VPC for high availability and fault tolerance architecture

Create a subnet and make sure you select your VPC with correct zone and IPv4 address. You will find those details on architecture photo

Screen Shot 2022-11-11 at 12.20.37 PM.png

Screen Shot 2022-11-11 at 12.19.14 PM.png

Create route table who linked our public subnets to our Dev Internet Gateway

Screen Shot 2022-11-11 at 12.27.38 PM.png

Edit routes: Screen Shot 2022-11-11 at 12.30.06 PM.png

Attach the Dev Internet Gateway with IP 0.0.0.0/0 which means from everywhere: Screen Shot 2022-11-11 at 12.31.04 PM.png

Edit subnet associations: Screen Shot 2022-11-11 at 12.32.42 PM.png

Attach your public subnets to it: Screen Shot 2022-11-11 at 12.33.11 PM.png

Create Nate Gateways

Nate gateway is being used to communicate traffic of our private subnet to Internet gateway.

3._Nat_Gateway_Reference_Architecture.jpg

As you can see in above diagram, 2 Nate gateways are created in public subnets and it is being attached to new private route table that has private subnets attached to it respectively.

  • Nate Gateway -> Private Route Table AZ1 -> Private Data Subnet AZ1 and Private App Subnet AZ1
  • Nate Gateway -> Private Route Table AZ2 -> Private Data Subnet AZ2 and Private App Subnet AZ2

Create a new Nate gateway named Nate Gateway AZ1 in Public Subnet AZ1 and Nate Gateway AZ2 in Public Subnet AZ2

Screen Shot 2022-11-11 at 3.08.17 PM.png

Create 2 new routes tables named Private Route Table AZ1 and Private Route Table AZ2 under Dev VPC

Screen Shot 2022-11-11 at 3.13.19 PM.png

Go to Private Route Table AZ1 and edit routes: Screen Shot 2022-11-11 at 3.14.57 PM.png

Allow all Internet traffic to Nate Gateway AZ1 Screen Shot 2022-11-11 at 3.17.02 PM.png

Add both Private App Subnet AZ1 and Private Data Subnet AZ2 in the Route table Screen Shot 2022-11-11 at 3.18.26 PM.png

Follow same steps for Private Route table AZ2 and add Nate Gateway AZ2 and Private App Subnet AZ2 and Private Data Subnet AZ2

Create Security Groups

4.WordPress_SG.jpg

  1. ALB Security Group Screen Shot 2022-11-11 at 3.33.33 PM.png

  2. SSH Security Group Screen Shot 2022-11-11 at 3.34.47 PM.png

  3. Webserver Security Group Screen Shot 2022-11-11 at 3.37.05 PM.png

  4. Database Security Group Screen Shot 2022-11-11 at 3.39.34 PM.png

  5. EFS Security Group Screen Shot 2022-11-11 at 3.41.19 PM.png Once you create EFS Security Group, click on Edit Inbound Rules: Screen Shot 2022-11-11 at 3.42.32 PM.png Add EFS Security Group Screen Shot 2022-11-11 at 3.43.42 PM.png

Create RDS Database

Go to Amazon RDS

First, we will create a subnet group to group together our private database subnets in us-east-1a and us-east-1b Screen Shot 2022-11-11 at 3.51.27 PM.png

Now, create a new RDS DB using following details. Make sure you'll create a RDS in our DEV VPC

Screen Shot 2022-11-11 at 3.56.55 PM.png Screen Shot 2022-11-11 at 3.57.08 PM.png Screen Shot 2022-11-11 at 3.57.15 PM.png Screen Shot 2022-11-11 at 3.57.22 PM.png ![Screen Shot 2022-11-11 at 3.57.29 PM.png](cdn.hashno Screen Shot 2022-11-11 at 3.57.34 PM.png Screen Shot 2022-11-11 at 3.57.51 PM.png

Create Elastic File System (EFS)

Go to EFS

Create a new EFS

Screen Shot 2022-11-11 at 4.08.28 PM.png Screen Shot 2022-11-11 at 4.09.02 PM.png

Install Wordpress

Let's first create on EC2 instance for test purpose in Public Subnet AZ1

Screen Shot 2022-11-11 at 4.17.31 PM.png Screen Shot 2022-11-11 at 4.17.43 PM.png

Now SSH into the instance and run the following commands

#1. create the html directory and mount the efs to it
sudo su
yum update -y
mkdir -p /var/www/html
#Go to EFS system and find DNS nameme
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport FILE_SYSTEM_NAME:/ /var/www/html


#2. install apache 
sudo yum install -y httpd httpd-tools mod_ssl
sudo systemctl enable httpd 
sudo systemctl start httpd


#3. install php 7.4
sudo amazon-linux-extras enable php7.4
sudo yum clean metadata
sudo yum install php php-common php-pear -y
sudo yum install php-{cgi,curl,mbstring,gd,mysqlnd,gettext,json,xml,fpm,intl,zip} -y


#4. install mysql5.7
sudo rpm -Uvh https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
sudo yum install mysql-community-server -y
sudo systemctl enable mysqld
sudo systemctl start mysqld


#5. set permissions
sudo usermod -a -G apache ec2-user
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;
sudo find /var/www -type f -exec sudo chmod 0664 {} \;
chown apache:apache -R /var/www/html 


#6. download wordpress files
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
cp -r wordpress/* /var/www/html/


#7. create the wp-config.php file
cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php


#8. edit the wp-config.php file
nano /var/www/html/wp-config.php
#you need to edit the config file to attach RDS DB and SSL certificate 
/* SSL Settings */
define('FORCE_SSL_ADMIN', true);

// Get true SSL status from AWS load balancer
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
  $_SERVER['HTTPS'] = '1';
}



#9. restart the webserver
service httpd restart

Screen Shot 2022-11-11 at 4.29.18 PM.png Screen Shot 2022-11-11 at 4.24.33 PM.png