 Hi, I'm Chris Hampartsoumian. I work here in the office at AWS. Today I will talk about deploying WordPress on Amazon Web Services. So I'll do this. Oops, let's turn that on. So we have a Twitter handle. You can tweet at the handle if you want. We'll join the conversation. So we'll look at three ways to run WordPress on AWS. First, I'll do a simple WordPress site using the AWS components, EC2, Elastic IP, and relational database service. So it's a managed database. Then I'll do the same thing with a CloudFormation script. CloudFormation is JSON notation, and it automates your deployment of your environment. So the first one, you'll see me do it manually. The second one is a JSON file, which does it all automatically. Both end up with the same thing. One's automatic, one's not. And the third one, I make a highly available WordPress site. So that uses Amazon Elastic Load Balancer. So that balances the load between more than one node. Auto-scaling potentially, which means you increase the number of nodes as the traffic increases. And Amazon Elastic File System, which is a new service which is in preview. So you may have discovered with WordPress, if you use more than one server, when you install plugins or you update WordPress, you normally do it to one server. But if you do it to two servers, it causes a bit of a problem. WordPress is more geared around one server and one file system. So Elastic File System is a new service that was announced in February. And it's in preview at the moment. So it's not generally available, but we'll have a look at it today. And it's basically an NFS V4 server. So that's NFS, if you are unfamiliar, it's Network File System. So it presents the file system to one, two, three, 10, or 50 servers. And they all mount the same file system. Now that's actually very convenient for WordPress because then if you've got two servers or 10 servers, it doesn't matter. They've all got that same bit of file system mounted over the network. So we'll have a little look at that as an idea for a highly available WordPress site. So by the end of it, we will look to ET2, which is the Elastic Compute Cloud. Auto-scaling, which is our algorithm, which is free, which increases the number or decreases the number of hosts depending on load. Elastic Load Balancer, which is the load balancer, that's kind of depicting three hosts behind a load balancer. Elastic File System, which is the one I spoke about just now, which you can have lots of servers mount the same file system. Amazon RDS, that's Relational Database Service. So as you know, WordPress uses MySQL. And instead of installing MySQL yourself and patching it and updating it and backing it up, Relational Database Service is a fully managed database. It's MySQL all the same, but you'll say, oh, backup window, oh, maintenance window. And you'll see that, I'll do that. AWS CloudFormation is that JSON template file that I said, which describes your whole environment and can redeploy your whole environment. You can make your own JSON templates or CloudFormation templates. S3, our backup, the single instance, I'll do a backup to S3. S3 is the cheap, simple storage service, which is an object-based HTTP service. So I'll show you how you tell ET2 to use an Identity Access Management Role to backup to Amazon S3. I've added CloudFront and Route 53 on the end. CloudFront is our content delivery network, CDN, and Route 53 is our DNS service. Probably won't get to them today, maybe next session or whatever, but they're the typical components that you'd use to build a highly available WordPress site. So if you are, if you're not familiar with Amazon Web Services, I'll give you a quick overview of the standard environment. So this represents the AWS Cloud and inside the cloud, you choose your region. And this dotted line is the region. In this case, it's AP, Asia Pacific, Southeast one. That means, in this case, it's Singapore. We have 11 regions and there's Sydney, Singapore, Tokyo, Beijing, plenty in America and Europe. But we're gonna work with Singapore region for this example. Availability, regions like Singapore have at least two availability zones. Our first one will install one server, but for a highly available WordPress, you want to use both availability zones. Now availability zone is a completely separate data center, which isn't reliant on the other one in any way with separate power, separate floodplain, completely independent. And if you architect your application across two availability zones, you have a very highly available application. So you can withstand the complete failure of a data center. And when we get onto a relational database service, you'll see that it's very, very simple. You just say, oh, I want it in both availability zones and it's called, it's synchronous block level replication. So it means when you write a block to your database, it's synchronously right to both sides of the availability zone before it tells the RDBMS MySQL that the block has been committed to disk. So you never lose a block. That's something quite unique for a very highly available database, so you don't lose data. If your application requires it. If you don't, just use one. Okay, so inside the two availability zones, we have what we call VPC now. It's virtual private cloud. And this is your own little space of the AWS cloud carved out for yourself. You have your own 172 subnet range in there. And there's a default one configured. And we're gonna use the default because it's there. Default one comes with a subnet, a VPC subnet, 172.31.0.0 slash 20 and 172.31.16.0 slash 20. So there are two halves of a slash 20 network. Notice that a subnet doesn't span an availability zone. So there's one on each side. So these are the, and this is all, this is all the standard VPC. It has a thing called a, what is it called? A routing table, which basically routes all your subnets to one another. So you could have several tiers if you wanted to and they can all talk to one another by default. And at the top, the little cloud there, that's known as an internet gateway. So the default VPC has an internet gateway. That means it's connected to the internet, hosts in the VPC can speak out to the internet and you can route to hosts in the VPC. Some customers, obviously not for a WordPress site, but they like a private VPC with no internet connection. And then they use a direct connect or a VPN to connect to their virtual private cloud, okay? So a whole bunch of terms there, hopefully some might be useful, but that's your standard. You don't have to build any of that. That's all built for you. So what I'll do, I'll fade out the bits that are built for you, right? And you'll just see me when I call them out there, the default ones. What we'll build is, I believe, ah, there we go. A single EC2, that's an elastic compute cloud instance with a database, that's a relational database service, in this case mySQL, and an elastic IP. The reason I call that an elastic IP is normally instances in AWS, they get assigned an IP address. And if you reboot them or you stop them and you start them, they come back with a different IP address. Now typically, it's much easier if the IP address stays the same. So we'll build that, that's a basic one. This thing out here, this red thing, is that denotes S3, so that is simple storage service. So we'll back up our EC2 instance to S3, because it's easy. Okay, let's do it. Okay. So if you haven't seen the AWS console before, that's it. There's EC2 and S3 and RDS, and some of the services that I talked about. So the first thing I'm gonna do, sorry, the first thing I'm gonna do is before I do an EC2, I'm gonna do a relational database service. Okay, so get started now. You've got a choice of mySQL, Postgres, Oracle, or SQL Server. I'll move quite quickly so we can get a lot done. Yes, use multi AZ deployment, or no, this is intended to use outside of production. So we'll go with a single availability zone, as per my diagram for the moment. Normal license, you've got a choice of versions. We're gonna use a T2 micro, that's one VCPU and one gig of RAM. The reason I choose that one, because you can actually run this in the free tier. So I'll quickly mention now, if you sign up for an AWS account, there's a free tier which lasts 12 months, and you can run a certain amount of compute and a certain amount of RDS and a certain amount of S3 storage for free for a year. And a T2 micro, that's one VCPU and one gig of RAM, qualifies for free tier in one availability zone. If you want two availability zones, if you want it multi AZ deployment, it's not free. So we're gonna say single AZ for the moment. Comes with five gig of SSD and DB Identifier. This will be WordPress user group demo. Username, DB user. Password, right, because I've got to enter this later. I'm gonna use that password, which is WordPress user group pass123. Okay, VPC, if you remember, I said there was a default VPC. Voila, there it is. So I've got a few other ones, but we're gonna go with the default. Subnet default, publicly available. I'm gonna leave it as yes, but to be honest, I could easily do that as no. I'll create a new security group, database name. I'll call it WordPress user group. Database port, MySQL 3306, normal. Encryption no, so we actually offer encryption if you're using InnoDB. So this is what we're talking about, about managed database. Backup, backup retention period. Let's stick with seven days. Backup window, select the window. So the time's in UTC, so if we go for say, 20 hundred hours UTC, that's four AM in Singapore. So we've just created a half an hour backup window at four AM, just so that you're not backing up your database at the most busy time. And that's it, it's done. That's pretty handy for backing up your database. Maintenance, auto minor version upgrade, yes. Maintenance window, any time or select window. So we can say Monday, now let's choose Tuesday because we're sensible. And then we will choose not 20 hundred hours, we'll choose 21 hundred hours UTC for half an hour. All right, so now what happens at 430 after your backup, if there's any minor upgrade to MySQL, this allows Amazon to conduct that upgrade for you. So that's, and I'll launch the DB. So that's pretty convenient for managing on MySQL database. It's backed up, it's maintained, it could be across two availability zones and it took that long to set up. View your database instance. Okay, endpoint, we're gonna be interested in the endpoint to connect to it. It takes a few minutes to set up. So I will go and I'll do my EC2 compute instance first. Let me make sure I haven't missed anything in my list. Create an RDS instance, show backup window and updates. Don't use my own password, use this one. Create a T2 micro including creating a new security group. So running instances, I appear to have one here from earlier, but let's launch a new one. So lots of different distros, Amazon Linux, Red Hat, Susie, Windows, everything. Let's just go with Amazon Linux. Oh, I'll show you. These are just the Amazon provided ones. There's marketplace and community, Amazon machine images as well. We'll just go with Amazon Linux. Again, we'll choose T2 micro because it's free tier illegible, one VCPU, one gig of memory. But if you notice, if you go down here to things like M3, two extra large, there's eight CPUs and 30 gig of memory and even 36 CPUs, 60 gig of memory and 32 CPUs and 244 gig of memory. But we're gonna go with the T2 micro because it's suitable. Number of instances, one. Auto assign public IP, yes. IAM role, let's go with S3 all access. That means my instance will be able to use what's called secure token service to have access to S3, to copy and read files to S3, without me having to put any keys on it or do any certificate setup. Take care of it for you. It's a very secure way of enabling credentials on your server when you deploy them. Advanced details, we won't do any today, but this is user data. This is when an EC2 instance comes up, you can run shell commands in user data. We'll look at that in our next example. Add storage, there's the root volume, eight gig. We could add a new volume, we're not gonna bother. Tag instance, name, WordPress user group. Configure security group, I think my notes told me to create a new group and we'll call it WordPress user group and we'll call it HTTP and SSH. So SSH, this is how I can remote shell to it, port 22 from anywhere. Add a rule, HTTP somewhere. There it is. On port TCP, protocol TCP, port 80 from anywhere. So review and launch. So some of you, we spoke about in the break, what not the break before the session, you need a key to log into an AWS server. That means it saves us sort of setting a default password so that everyone's logging in or giving you a password that you may or may not lose. And I've got a key called IDRSA Singapore and I'm saying, yeah, I've got that key, I will be able to log in. Okay, so up the instance comes. View instance details, pending status checks initializing. I deployed it in zone one B, I meant to deploy it in one A, but it doesn't matter. There we go, it's got a public DNS name. It'll take a moment to come up. All right, let's check my notes. Yep. So I will show you because I was speaking to someone in the break about this. Config. This is my SSH config file. So if anyone's interested in logging into easy to host without having to specify their key, I've specified this. So all of the regions, it specifies my default user and the key for that region. This will mean something to you if you've used AWS before. So what that means is I can SSH, I can put the host name and I can log straight in. First time it asked me to add the key to my key ring. And there we go, I'm logged in. If I say up time, that's been up for zero minutes. So that's the host that I just deployed. So if you've ever had to do the certificates and the keys is SSH config, which means you can auto configure it. Okay. I said I'd create an elastic IP. So let's do that. So you see how easy it is. So allocate a new address. Are you sure you want to allocate a new address? Yes. New address is that. Close. I think that was the one I just created. Associate address. If I click in there, WordPress user group, that was the instance I just created. So associate that. Okay. And it's done. That is how easy it is to apply a permanent IP address. So you don't pay for an IP address unless it's not assigned. So I created it and I assigned it immediately. So there's no cost of having an elastic IP. You can see now, public IP is 5274187.87. An elastic IP is the same. Yeah. It's logged me out. So I need to log in again. I knew that was going to happen. Oh, it's got a new name probably. Excuse me. I should have given it to elastic IP address before I... Right. Because I changed the IP address of that host. It said, hey, the IP address of that host has changed. Are you sure you know what you're logging into? It's like, yes. Delete the key. Bad example. Okay. Let's check what my notes say. Edit the RDS security group to allow an inbound from my EC2 security group. So if I go back to my RDS instance, let's see if it's come up now. Oh, it's backing up. First thing it does is back up. So that means it's available, publicly available, yes, end point, WordPress user group demo. So it's ready. The other thing was the security group. So launch wizard. So if I look at that security group, the inbound rules, my SQL TCP port 3306, the source, I want to be my EC2 instance. So I go edit. And I called that security group WordPress user group. Okay. So I've now made that RDS. It can only be accessed on port 3306 on TCP from my EC2 instance. So my database is secure. The only thing that can access it is my EC2 instance. And if you remember, I had the option there. I said, make it public, a public listening IP address. I said yes, but I could have easily said no. And then we would have had a secure database with no external IP address and a security group that only allows access from EC2, which is good practice. Okay, install some software. Okay. So on my EC2 instance here, I'm going to install with sudo yum install minus y. So it doesn't ask me any questions. HTTPD, PHP, PHP, MySQL, MySQL common and MySQL 55. So I just run that command and it installs everything I want, which is handy. Test the connection to the MySQL database. So if I go MySQL minus you, I called it DB user minus host. That was that endpoint of the RDS that I wanted. So I go back to my RDS instance, go here, go endpoint, copy that password. And the password I used was that one. There we go. Show databases. And if you remember, I created one database called WPG WordPress user group. Show tables. No tables in it yet because all that's existing now is the database in the EC2 instance. But so secure database is backed up. It's got incremental patches. It's not only accessible from my EC2 instance. My EC2 instance has an elastic IP and all of this is free tier. None of this costs any money. All right, what do my notes say? Done some stuff, testing my connection. Configure WordPress in Apache. I'll do this in one hit, right? So log out of the database, CD to my home directory. I will get WordPress. Okay, and then I'll CD to what I know is the doc root of the web server. I will untar it. And then I'll go upper directory. I don't know if you're familiar when you unpack WordPress, they're unpacking it in a directory called WordPress. What do I do? Oh yeah, I move everything up a directory. Move upper directory myself and I'm WordPress. I need to sudo. Okay. Oh, you'll also know that there's some good permissions to give WordPress. So I'm gonna chown the WordPress content directory to Apache. And if you didn't know Apache doc means the user Apache and Apache's default group, which happens to also be Apache. Short hand syntax. You could do Apache colon Apache if you want. I'm gonna chagroup minus our capital R recursively everything to Apache. And I'm gonna chown minus our EC2 user doc the current directory. This is what I did when I tested it. So it seems to be all right. Oh, I'm gonna make sure my web server starts on reboot to configure HTTP on. And I'll start my web server starting HTTP. Okay, go to the web page and run the install. So if I am not mistaken, we called it WordPress user group and it was a T2 micro. So I can now go to that in a browser. Okay, that's a new WordPress install. So I won't configure automatic right to WordPress config, but I'll go database name. It was WPUG username was DB user. Password was this guy. That's why I did it and I didn't see my password otherwise. Host was that was that endpoint of RDS. Just get it from that. Okay, table prefix submit. Okay, so what it says, copy this into WPConfig.php and then run the install. Okay, site title WordPress user group username chrsh. Okay, we won't allow search engines in today. Okay, success. I never got it. A two tier with RDS backed up secure elastic IP free tier installed WordPress setup. Okay, so I'll show you one other thing. And that is if I log into the database now, that was the database password. And I show database is use wp user group show tables. If you remember, there was none before. There's my tables. So that is, that's it. So it's a pretty quick setup, but what that should look like is, is that. If you remember, there was an elastic IP address. There was an EC2 instance and there was an RDS instance. All right, one more thing I said I'd do I'll back this guy up to, to S3. And then I'll probably have to leave it there because I'm running out of time. But let's, right. If you remember, in my EC2 instance, I said create an S3 role and the S3 role was S3 all access. So if I go AWS S3 make bucket S3 colon slash slash, we'll call it WordPress user group backup. Okay, make bucket is done. Now, the reason that my, my that instance had the permission to do that because I assigned that IAM or identity access management role to the EC2 instance. So there's been no copying of keys or certificates around but it is created that, that bucket. Now, here's all my HTML files. AWS S3 sync dot to my bucket name, which I just created sync will synchronize the data. So that's it. I'm doing my first backup. So now my database is back up and more of my PHP and WordPress content files are all backed up as well. Okay, that will take 200 of 1200. So it'll take just a minute longer. Well, that backs up. So that's hands on. This is the HA. I think I'm out of time to show you any of this part, right? Shall I show the cloud formation or shall I just leave it at that? The one she couldn't, like, will hold by 90 minutes. All right, all right, okay. I'll show that back up. But effectively it took longer than I was expecting in a demo but we did one instance in RDS so you can make it to two instances and this, we don't have an icon yet but this is the elastic file system. So you present one file system to your two EC2 instances and then you have a load balancer. I stuck root 53 up there which is DNS. Autoscaling will automatically scale these out and that's S3 for backup. So I'll just show that back up. If I run that S3 sync command again, what happens is nothing because I didn't change any files. So then what you do if you go CD, ETC, Cron dot daily and you get this command and you go VI WordPress back, back up. Actually, oops, you go sudo WordPress back up. Hash bang bin bash. Okay, now it's backed up daily. So the website's backed up daily. Database is backed up. Was it weekly or whatever? Secure and it's reasonably set up and this is not that much different. You probably wouldn't back this up to S3 because your EFS file system is distributed and backed up. So hopefully it's given you an idea of some of the tools that you can use with AWS and it's not very difficult. I can give you a copy of that which was my list of commands and you can do it yourself and actually everything we've done you can do in the free tier. So if you want your own WordPress site and you want to experiment with AWS, you can. So next steps, you can sign up for a free account at aws.amazon.com. Take advantage of the free tier. Start experimenting. I've got two small announcements if I can. We've got an AWS user group meetup here on the 14th of July if you're interested. We have re-invent in October in Las Vegas or Las Vegas I think it should be. And that's my typo. And we have a Twitter handle so you can find out what we're doing. So hopefully you found that useful and I'll pass back to you. I think it should be okay to upload this on night, right? It's the mic's recording it. Yeah, sure. So this is mine. It's been recording all of the talks like all of the tech meetups basically.