Beginner’s guide to deploying/building a web application on AWS infrastructure.
Today we will be going over some elementary AWS and web hosting concepts for creating an Infrastructure in AWS Cloud using WordPress with an SSL-enabled connection and setting up a Budget Alarm to monitor usage and costs.
So Why WordPress?
WordPress is by far the most popular open source Content Management System (CMS) and is known to everyone due to its free-to-install, deploy, and upgrade feature. You can build dynamic/static websites which are highly configurable and customizable plus you can also choose from their pre-existing templates. I have been using WordPress to deploy a website application on Hostinger that we would be today migrating to AWS.
To deploy a website, you would first require a host that basically stores website-related files on the internet which is then accessed by the web application to deliver the content to the user when they hit your domain through an HTTPS/HTTP connection (browser session).
We will be going through a quick and step-by-step process of deploying a WordPress website on AWS. You can build your own Portfolio, Resume, or even a Business Website. The first step is that you require a domain name that can be purchased from various registrars like wix.com / godaddy.com / or through Amazon’s Route 53 service. In my case, I already own a domain name from GoDaddy.com so I would just need to create a DNS record over there, or else I could have migrated the domain to Route 53 by registering nameservers. (We’ll cover both steps in more detail along the way)
Let’s get our hands dirty.
Part 1: Deploy WordPress
(i) Launching a virtual instance — using EC2 in AWS Console
An EC2 instance is a virtual server in Amazon’s Elastic Compute Cloud (EC2) for running applications on the Amazon Web Services (AWS) infrastructure.
(ii) Search for ‘WordPress’ in AWS Marketplace and select WordPress Certified by Bitnami and Automatic solution.
(iii) Choose instance type ‘t2 micro’. This will keep you in AWS free tier and provide ample compute capacity to deal with the application workload initially. However, since this is a customized AMI from MarketPlace you will get charges if you are out of your free tier and t2 is the lowest configuration you can go for. Also, AWS gives you an option for setting up AutoScaling Groups (ASG) which lets you handle capacity as demand grows.
(iv) Leave all the configurations as default and Click ‘Add Storage’. Also, AWS gives you an option to add User data which are Scripts to automatically download/install patches and upgrades during the Instance launch. We can also define ASGs here, and much more but we will skip all that part as it is not needed now.
(iv) Add EBS storage for your compute server. Think of it as a C drive for your PC where all configuration files are stored. You can add additional volumes apart from the Root but we won’t be using it for now. You can select ‘General Purpose gp2’ EBS volume type which is used for most workloads and it can provide up to 16000 IOPS & 250 MiB/s of throughput for a Volume size ranging from 1Gib to 16 TiB
(v) You can leave the tags as default for now. This is used for various purposes. One good use case — it can be used as an identification marker for granting IAM roles to services as per tags/groups and thus provides better security & control for your applications
(vi) Security Groups are the first line of defense for your instance. You can define inbound and outbound rules for the traffic flow. Leave everything default since we are just defining a web server and we don’t mind users accessing it from the internet. As you can see everything here is open to ‘0.0.0.0/0’ for SSH, HTTP, HTTPS which means anyone from the internet can access it. To get better control of traffic going in and out of the instances, we can specify who is allowed to communicate with the instance on port inbound/outbound rules in the Security Group section however you can’t define deny rules here (Use NACLs for that). Remember Security groups are stateful which means if you define any IP address in inbound, it is automatically allowed for outbound rules as well. These configurations are required for more secured infrastructure utilizing different other tons of services.
(vii) Download the Keypair and store the file in a safe place. Anyone who has the access to this .pem file can modify/access your instance. We will be needing the keypair to ssh into the instance for doing SSL configuration in Part 3 so that the user connection is secure and HTTPS enabled.
Bonus Tip: Also, Keep in mind, Since we didn’t modify any Instance configuration setting, AWS will be launching the instance in the default Subnet inside in any Availability zone with the default VPC having a default Security group (i.e, Inbound is allowed for the Security Group Instance ID itself -meaning any instance attached to this security group can talk to each other and since Security Groups are stateful, outbound is allowed automatically)
(viii) Grab the public IP Address for the Instance that we just launched. This public IPv4 address can be used to access your Instance from anywhere using the Internet.
Part 2: Configuring Domain
Grab the public IP Address for the Instance that we just launched. This public IPv4 address can be used to access your Instance from anywhere using the Internet. Now we need to make sure that the domain points to this Instance IP address. (Meaning adding an Arecord for your domain)
Domains can be registered or managed using amazon’s Route53 service. If you have already purchased a domain, you can either (Method 1) transfer your domain to Amazon Route53 and add ‘Arecord’ there or (Method 2) Simply open the website of your Domain Name provider and list ‘Arecord’ over there.
Method 1 : (It will cost you a little extra $15–20 to start using Route53 services for managing the domain if you don’t buy the domain itself from Route53 in the first place and plan to migrate. Since I already purchased a domain from a different registrar, I will go with Method 2 to save some cost).
However, I will recommend using Route53 itself if you are starting fresh.
Method 2:
Navigate to your domain name provider and find the settings page for Domain and add an ‘A Record’ and set it as the same as the Public IPv4 address for your EC2 instance. All the traffic to your domain will now be pointed towards the EC2 instance. Also, create a ‘CNAME’ record and add your domain here.
Part 3: Configuring SSL
Time to do some coding!
Now we will be configuring auto-renewing SSL certificates for our WordPress website on AWS.
(i) Return to your EC2 dashboard and click on your instance ID.
(ii) Select the ‘Connect’ button and from the Connect instance screen, go to SSH Client Tab. Then, Copy the sample EC2 connect command. And, Open your Terminal emulator and SSH and SFTP client (You can use GitBash for windows or mac).
(iii) Go to the location where you downloaded the keypair (.pem) file
=> cd Downloads/
(iv) Now you’re in the right directory, run chmod command to change the permissions of the learningcloudHG.pem file
=> chmod 600 learningcloudHG.pem
(v) Use the following ssh command to access the instance. Remember to use your exact instance ID and region details or From the Connect to instance screen, click on the SSH client tab, then copy the Example SSH command. Your command shall look like this :
=> ssh -i “key_pair_file_name.pem” bitnami@your_instance_id.region.compute.amazonaws.com
(vi) Press yes and Now you are connected to the Instance if you see this screen
(vii) Copy this command and execute it to automate the process of configuring SSL certificates. Press Enter.
=> sudo /opt/bitnami/bncert-tool
(viii) You’ll be asked a series of questions:
Domain list []: lawprofessionals.in www.lawprofessionals.in
Enable HTTP to HTTPS redirection [Y/n]: y
Enable non-www to www redirection [Y/n]: n
Enable www to non-www redirection [y/N]: y
Do you agree to these changes? [Y/n]: y
E-mail address []: xyz@lawprofessionals.in
Do you agree to the Let’s Encrypt Subscriber Agreement? [Y/n]: y
(ix) Now we also want to enable HTTP to HTTPS redirection. Press ‘y’
(x) Press ‘y’ and agree to the changes made.
(xi) Enter your email address and agree to the subscriber agreement
Wait for a minute!
Now we have finished deploying WordPress, configured our domain name & enabled Auto-Renewing SSL.
(xii) Now to view your WordPress Login credentials, execute the following command while you’re connected to the instance and note down username & password
=>sudo cat /home/bitnami/bitnami_credentials
(xiii) Now you can log in to your WordPress website by accessing this URL in your web browser
=>”yourdomainname”/wp-login
Now you can now configure your website here.
If you need some reference on design ideas, here’s the website I hosted. It took me around a week to design, upload content, and update relevant information on the Website.
Part 4: Creating a Budget Alarm
Creating a Budget is a recommended best-practices to keep costs under control and monitor your instance usage and it is quick & easy to set up.
(i) Go to AWS Management Console & search for Billing.
(ii) Select Cost Budget and go to the next page.
(iii) Setup Period which could be monthly, weekly, etc.
(iv) Enter your budgeted amount and give a name to your budget, Click Next.
(v) On this page, you can set a threshold value which would define a limit beyond which you will be notified via email that your costing for resources is crossing the threshold limit. For example — you can set 80% of your budgeted amount that we selected in the previous step. Setup the same for both triggers ‘Actual’ & ‘Forecasted’ to be safe.
(vi) Enter the list of recipients where you would like to send notifications.
(vii) Confirm Budget.
Here you can see the cost and utilization related to your AWS resources
Great Job! Now we have successfully deployed a WordPress Website with a custom domain name, auto-renewing SSL Certificates and Creating a Simple Budget Alarm on AWS infrastructure and more importantly learned some basic AWS concepts.
A big shout out to A Cloud Guru and DolfinEd’s Udemy course and hands-on learning labs that helped me ace AWS Solution Architect & Cloud Practioner Course. Also, thank you Samarpan Biswas for helping me out with WordPress Website backend Management.
I would love to hear your thoughts on this article as it’s my first time publishing a story on medium. I can be reached out here on LinkedIn
Thanks! :)