How to Deploy WordPress Website on AWS using EC2, RDS, ALB and more (Part2).

How to Deploy WordPress Website on AWS using EC2

Build this hands-on demo step by step with my detailed tutorial on Julien Muke YouTube. Feel free to subscribe 🔔!

🚨 Tutorial

This repository contains the steps corresponding to an in-depth tutorial available on our YouTube channel, Julien Muke.

If you prefer visual learning, this is the perfect resource for you. Follow my tutorial to learn how to build projects like these step-by-step in a beginner-friendly manner!

🤖 Introduction

Welcome to Part 2 of our tutorial on deploying a WordPress website on AWS! In the first part, we set up our WordPress site using Amazon EC2 for hosting and Amazon RDS for the database. Now, we’re going to take it a step further by improving scalability, reliability, and performance.

In the second part, we’ll configure an Amazon Application Load Balancer (ALB) to efficiently distribute incoming traffic across multiple EC2 instances efficiently, ensuring high availability and fault tolerance. We’ll also integrate Amazon Route 53, AWS’s powerful DNS service, to manage our domain and route traffic to our WordPress application smoothly, lastly, we will secure our website with a free SSL certificate by using Amazon certificate manager.

📐 Architecture Diagram Overview

• Users will request to open WordPress website, that request will be received by Route 53 which is a domain Management Service in AWS.
• We will use Route 53 to host DNS entries of the website's domain.
• Route 53 will send request to Application Load Balancer (ALB), it handles distribution of the traffic, if you have multiple instances of the same website, it will handle all the incoming requests.
• ALB also support SSL certificate through AWS Certificate Manager, we will use it to issue a new SSL certificate for our domain name and ALB will apply that SSL certificate and send request to EC2 instance.
• EC2 instance is a virtual server where we will install all the needed packages to run WordPress and create files of our WordPress website.
• We will make EC2 and RDS accessible to public source and enforce security via Security Group rules.
• We will create an EC2 instance which will be our Virtual Server and RDS instance which will be used for Database Hosting.

☑️ Steps

The procedure for deploying this architecture on AWS consists of the following steps:

• Step 1. Create Application Load Balancer on AWS
• Step 2. Add a custom domain managed by a third-party DNS provider
• Step 3. Set up Free AWS SSL certificate

➡️ Step 1 - Create Application Load Balancer on AWS

We are going to create an Application Load Balancer to point to our EC2 Instance.

To configure your load balancer:

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
2. In the navigation pane, choose Load Balancers
3. Choose Create Load Balancer.

4. Under Application Load Balancer, choose Create.

5. For Load balancer name, enter a name for your load balancer wp-lb
6. For Scheme, choose Internet-facing. An internet-facing load balancer routes requests from clients to targets over the internet.
7. For IP address type, choose IPv4, Dualstack, or Dualstack without public IPv4. Choose IPv4 if your clients use IPv4 addresses to communicate with the load balancer. Choose Dualstack if your clients use both IPv4 and IPv6 addresses to communicate with the load balancer. Choose Dualstack without public IPv4 if your clients use only IPv6 addresses to communicate with the load balancer.

8. For VPC, select the VPC that you used for your EC2 instances. If you selected Internet-facing for Scheme, only VPCs with an internet gateway are available for selection.
9. For Mappings, enable zones for your load balancer by selecting Subnets from two or more Availability Zones.

10. For Security groups, let's create a new one.

11. Enter Security group name wp_lb-SG
12. Make sure your default VPC is selected
13. For Inbound rules, we are going to create 2 new rules, one for HTTP and HTTPS Rules with source of 0.0.0.0/0
14. Keep Outbound rules as default
15. Use a tag as a label that you assign to an AWS resource with Key=Name and Value=LB-SG
16. Click Create security group

17. Go back to Application Load Balancer and select the new wP_lb-SG security group.
18. Under Listeners and routing, a listener is a process that checks for connection requests using the port and protocol you configure, let's create a new target group, choose Create target group.

19. Choose Instances as target type
20. Enter Target group name wp-site-TG
21. Select your default VPC and keep everything as default, click Next

22. Under Register targets, let's select the EC2 instance and click on Include as pending below.
23. Once the EC2 instance is add to the Review targets, click Create target group.

24. We have created our WordPress site Target group and currently it's not associated with any load balancer, let's add it to our load balances. Back to Application Load Balancer select the new target group wp-site-TG

25. Keep the rest as default.
26. Review the load balancer configurations, we've created:

• An Internet-facing Load Balancer
• A Security groups
• A Network mapping with 1 VPC and 3 availabity zones
• 1 Target group

The Target group will be associated to the Load Balancer, and the EC2 instance will be added to the Target group and make sure the EC2 instance is healthy, lastly our load balancer will be in active State.

Let's test our Application Load Balancer, copy DNS name of the load balancer and and open it on a new browser.

As you can see below we can now access our WordPress site from Load Balancer DNS.

Next, we need to edit the security group in such a way that our application load balancer can only be accessed from HTTP and HTTPS traffic from our load balancer Security Group and not from all IP addresses(0.0.0.0/0).

• Go to EC2 Instance conlose, then choose security group.
• Copy the ID of the load balancer Security Group
• select Security Group attached to EC2 instance and go to inbound rules click on edit inbound.

• We have to create two new rules which only allow HTTPS and HTTPS traffic from our load balancer Security Group and not from the whole.
• Paste the security group ID from application load balancer and click Save.

We are now only allowing traffic from ALB and not from any other source.

➡️ Step 2 - Add a custom domain managed by a third-party DNS provider

If you are not using Amazon Route 53 to manage your domain, you can add a custom domain managed by a third-party DNS provider to your application.

We are going to create a Public Hosted Zone, which is a container that holds information about how you want to route traffic on the internet for a specific domain, such as example.com, after you create a hosted zone, you create records that specify how you want to route traffic for the domain and subdomains.

To create a public hosted zone using the Route 53 console:

1. Sign in to the AWS Management Console and open the Route 53 console at https://console.aws.amazon.com/route53/
2. If you're new to Route 53, choose Get started under DNS management. If you're already using Route 53, choose Hosted zones in the navigation pane.
3. Choose Create hosted zone.

4. In the Create Hosted Zone pane, enter the name of the domain that you want to route traffic for, in my case it's julienmuke.cloud which is domain that i purchased from hostinger.com
5. For Type, accept the default value of Public Hosted Zone.
6. Choose Create.

Note: By default you will get two records for your domain which are SOA and NS. NS stands for Name Server record which determine the location of your domain and help you manage mapping, we have to add this name servers to our domain provider so the provider can know where is your DNS hosted in my case it's hostinger.com.

Now, let's add the Name Server record to Hostinger.

• Copy the Name Server value from Route 53.

• Paste the Name Server value to DNS Nameservers in Hostinger.

• Next, we will Create records that specify how you want to route traffic for the domain, so that when anyone opens our domain URL it will show the WordPress website from the load balancer.

• Click on Create record

• Keep the Record name blank
• There are various DS record types, make sure to select A - Routes traffic to an IPv4 address and some AWS resources
• Enable Alias
• Select Alias Alias to Application and Classic Load Balancer.
• Select your region where you have created your load balancer i will select North Virginia
• Select our WordPress application load balancer
• Keep everything else default and click on create records

Next, we will create a record to migrate traffic from www to our domain, so if anyone adds www in front of your domain, it will not throw error rather it will redirect to your main domain.

• Enter www record name, make sure you select record type A - Routes traffic to an IPv4 address and some AWS resources
• Enable Alias
• Choose Alias to another record in this hosted zone
• Select record created julienmuke.cloud. previously and click create record.

Now any traffic coming to www record will go to load balance at DNS.

➡️ Step 2 - Set up Free AWS SSL certificate

Let's move to AWS Certificate Manager (ACM) to request a Free SSL certificate for our domain.

To request an ACM public certificate (console):

1. In the AWS Management Console and open the ACM console at https://console.aws.amazon.com/acm/home.
2. Choose Request a certificate.
3. Choose Request a public certificate, click Next.

4. In the Domain names section, type your domain name, mine is julienmuke.cloud
5. To add another name, choose Add another name to this certificate and type the name in the text box. This is useful for protecting both a bare or apex domain (such as example.com) and its subdomains such as (*.example.com) in my case i will add *julienmuke.cloud
6. In the Validation method section, choose either DNS validation – recommended.
7. In the Key algorithm section, choose RSA 2048 (default) then click Request.

8. Click on view certificate, it will be in Pending validation status.(it will take 3-5 minuntes to validate).
9. Next, click on Create DNS records in Amazon Route 53, which will add records to our host Zone.

10. Select your Domains, and click Create records.

11. Let's add SSL certificate to our Load Balancer:

a. Go to the ECS conlose, then select Load Balancer, click on the existing one b. Under Listeners and rules, click on Add listener

c. Select HTTPS as Protocol, and the Port will be 443. d. Select the Target group wp-site-TG

e. Under Default SSL/TLS server certificate, select the certificate that will be applied as the default SSL/TLS server certificate for this load balancer's secure listeners. f. Keep everything as default and click Add

Next, let's redirect all traffic coming from HTTP to HTTPS.

1. Go to EC2 console, then Load Balancer and select the wp-lb
2. Under Listeners and rules select HTTP:80, click on Edit Rules

3. Select Default rules, go to Actions and select Edit rule

4. Under Routing actions, select "Redirect to URL"
5. Keep "Protocol" as HTTPS and enter "Port" = 443 then click "Save changes"

Before we test our website, let's edit the wp-config.php to allow proper HTTPS request

• Go back to your EC2 instance console, select your instance wp-instance
• Click on "Connect", choose "EC2 instance connect" then click "Connect"
• Change the directory to access the website, run the following command:

cd /var/www/html/

• To edit wp-config.php let's use vim editor, run the following command:

sudo vim wp-config.php

• To edit in vim editor type i key to enter into insert mode.
• Then paste the code below:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
    $_SERVER['HTTPS']='on';

define( 'WP_HOME', 'http://YOUR-DOMAIN-NAME' );
define( 'WP_SITEURL', 'http://YOUR-DOMAIN-NAME' );

Note: This code will tell the server to use HTTPS protocole, make sure you change the URL to your own domain name.

• Once you are done, to save the change and exit vim editor, type Esc key then type :wq

To test the website, enter your domain name in the URL bar. You should be able to see your new WordPress site.

🏆 You have successfully set up a WordPress website on AWS. It features an Amazon Application Load Balancer connected to the domain name through Amazon Route 53 and a secure SSL certificate.

💰 Cost

All services used are eligible for the AWS Free Tier. However, charges will incur at some point so it's recommended that you shut down resources after completing this tutorial.