To run Serverless WordPress using AWS Elastic Container Service (Fargate) and Aurora Serverless Database. This article deals with the Serverless WordPress VPC configuration. Files will be stored in AWS Elastic File System and shared among the WordPress ECS Tasks.
In Part 1, you will configure a new VPC (Virtual Private Cloud) and create a bastion host ec2 instance,to access the files and database. The VPC will provide the base private networking that will connect everything together.
Serverless WordPress VPC configuration
1a. Create a new VPC. I called it wordpress-stack and assigned it a CIDR (main subnet) of 10.0.0.0/16
VPC > Your VPC’s > Create VPC
1b. I enabled DNS hostname generation for the VPC. This is a required setting (for EFS to resolve correctly)
Select VPC > Actions > Edit DNS Hostnames > Enable
1c. Create 2 public subnets; one in each availability zone. I used the Singapore region, which has 2 availability zones – ap-southeast-1a and 1b. You may also create 2 private subnet for the Aurora Serverless DB, in order to keep the database service off the Internet.
- public-1a – 10.0.0.0/24
- public-1b – 10.0.1.0/24
- private-1a – 10.0.2.0/24
- private-1b – 10.0.3.0/24
Subnets > Create Subnet > Select the new VPC > Subnet Name: public-1a > Availablility Zone: ap-southeast-1a > CIDR block: 10.0.0.0/24
For the public subnets, enable auto assignment of public IP addresses.
Select the subnet > Actions > Modify auto assign IP settings > Enable auto-assign public IPv4 address
1d. Create an Internet Gateway and attach it to the VPC.
Internet Gateways > Create internet gateway > Name: wp-stack-igw > Select it > Attach to VPC.
1e. Configure the public route table and add the public subnets to it. Add a default route pointing to the new Internet Gateway.
Route Tables > Create > Name: wp-stack-public > VPC: wordpress-stack
Select wp-stack-public > Subnet associations > Edit > Add public-1a, public-1b
Routes > Edit > Add a default route to the Internet Gateway.
1f. Configure the private route table and add the private subnets to it.
Route Tables > Create > Name: wp-stack-private > VPC: wordpress-stack
Select wp-stack-private > Subnet associations > Edit > Add private-1a, private-1b
Serverless WordPress VPC configuration is now done.
Next, we will create an EC2 instance that will act as a Bastion Host.
2. Create an EC2 instance in a public subnet that will act as a Bastion Host. This can be used to access the files and database of WordPress.
EC2 > Launch instances > Amazon Linux 2 AMI > t2.micro > Network: wordpress-stack > Subnet: ap-southeast-1a > Next > Add Tags > Name: bastion-host > New security group > Name: wp-stack-bastion-sg > Allow only SSH