How to set up WordPress with a dedicated Database Server on AWS Cloud?
The motive is to create a fully secured Web Portal for a company. For this, I have created a setup for WordPress software with a dedicated database server that will only be accessible by WordPress & not by the outside world.
What is WordPress?
WordPress (WP, WordPress.org) is a free and open-source content management system (CMS) written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes.
Project Description
Steps to be followed:-
1- Write an Infrastructure as code using Terraform, which automatically creates a VPC.
2- In that VPC we have to create 2 subnets: a) public subnet [ Accessible for Public World! ] b) private subnet [ Restricted for Public World! ]
3- Create a public-facing internet gateway for connecting our VPC/Network to the internet world and attach this gateway to our VPC.
4- Create a routing table for the Internet gateway so that the instance can connect to the outside world, update and associate it with the public subnet.
5- Launch an ec2 instance that has WordPress already set up, having the security group allowing port 80 so that our client can connect to our WordPress site. Also, attach the key to the instance to facilitate further login.
6- Launch an ec2 instance that has MYSQL already set up with a security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same. Also, attach the key with the same.
Note: WordPress instance has to be part of a public subnet so that our client can connect with our site. MYSQL instance has to be part of a private subnet so that the outside world can’t connect to it. Don’t forget to add auto IP assign and the auto DNS name assignment option should also be enabled.
Let’s get started…
Step 1:- First of all, configure your AWS profile in your local system using cmd. Fill in your details & press Enter. Use the following command for the same:-
aws configureStep 2:- Next, we need to create a VPC. Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
The terraform code to create a VPC is as follows:-
resource "aws_vpc" "ananya_vpc" {
cidr_block = "192.168.0.0/16"
instance_tenancy = "default"
enable_dns_hostnames = true
tags = {
Name = "ananya_vpc"
}
}Step 3:- Now, we need to create two subnets in this VPC :
a) public subnet [ Accessible for Public World! ]
b) private subnet [ Restricted for Public World! ]
Subnet is “part of the network”, in other words, part of entire availability zone. Each subnet must reside entirely within one Availability Zone and cannot span zones. The terraform code to create both the Private & the Public Subnet is as follows :-
resource "aws_subnet" "ananya_public_subnet" {
vpc_id = "${aws_vpc.ananya_vpc.id}"
cidr_block = "192.168.0.0/24"
availability_zone = "ap-south-1a"
map_public_ip_on_launch = "true"
tags = {
Name = "ananya_public_subnet"
}
}
resource "aws_subnet" "ananya_private_subnet" {
vpc_id = "${aws_vpc.ananya_vpc.id}"
cidr_block = "192.168.1.0/24"
availability_zone = "ap-south-1a"
tags = {
Name = "ananya_private_subnet"
}
}Step 4:- Next, we create a Public facing Internet Gateway. An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
The terraform code to create the Gateway is as follows:-
resource "aws_internet_gateway" "ananya_gw" {
vpc_id = "${aws_vpc.ananya_vpc.id}"
tags = {
Name = "ananya_gw"
}
}Step 5:- Next, we create a Routing Table & associate it with the Public Subnet. A routing table, or routing information base (RIB), is an electronic file or database-type object that is stored in a router or a networked computer, holding the routes (and in some cases, metrics associated with those routes) to particular network destinations. This information contains the topology of the network close to it. The terraform code for the same is as follows:-
resource "aws_route_table" "ananya_rt" {
vpc_id = "${aws_vpc.ananya_vpc.id}"route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.ananya_gw.id}"
}tags = {
Name = "ananya_rt"
}
}resource "aws_route_table_association" "ananya_rta" {
subnet_id = "${aws_subnet.ananya_public_subnet.id}"
route_table_id = "${aws_route_table.ananya_rt.id}"
}
Step 6:- Now, we create our security group which will be used while launching Wordpress. This security group has the permissions for outside connectivity. A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. Security groups are associated with network interfaces.
resource "aws_security_group" "ananya_sg" {name = "ananya_sg"
vpc_id = "${aws_vpc.ananya_vpc.id}"ingress {
description = "allow_http"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0"]}ingress {
description = "allow_ssh"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "allow_icmp"
from_port = 0
to_port = 0
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "allow_mysql"
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {Name = "ananya_sg"
}
}
Step 7:- Now, we create another security group that will be used to launch MySQL. This security group will keep MySQL accessible only through WordPress and not through the outside world.
The terraform code for the same is as follows:-
resource "aws_security_group" "ananya_sg_private" {name = "ananya_sg_private"
vpc_id = "${aws_vpc.ananya_vpc.id}"
ingress {
description = "allow_mysql"
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = [aws_security_group.ananya_sg.id]
}ingress {
description = "allow_icmp"
from_port = -1
to_port = -1
protocol = "icmp"
security_groups = [aws_security_group.ananya_sg.id]
}egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {Name = "ananya_sg_private"
}
}
Step 8:- Now, we are ready to go. We launch our WordPress and MySQL instances using all the resources that we have created above.
WordPress:-
resource "aws_instance" "wordpress" {
ami = "ami-ff82f990"
instance_type = "t2.micro"
key_name = "ananya_key"
subnet_id = "${aws_subnet.ananya_public_subnet.id}"
security_groups = ["${aws_security_group.ananya_sg.id}"]
associate_public_ip_address = true
availability_zone = "ap-south-1a"tags = {
Name = "ananya_wordpress"
}
}
MySQL:-
resource "aws_instance" "sql" {
ami = "ami-08706cb5f68222d09"
instance_type = "t2.micro"
key_name = "ananya_key"
subnet_id = "${aws_subnet.ananya_private_subnet.id}"
availability_zone = "ap-south-1a"
security_groups = ["${aws_security_group.ananya_sg_private.id}"]
tags = {
Name = "ananya_sql"
}
}Step 9:- Now, we run our terraform code. For doing so, we first run the command terraform init. This will download the necessary plugins.
Then, we run the command terraform apply — auto-approve. This will run the code and create the mentioned resources on the configured AWS Cloud.
Soon, we see that all our resources are added !!
Now, we can access our WordPress site using the Public IP address that is mentioned in the instance description.
Thanks for reading :)
