OPS705 Assignment 2
In this assignment, you will install a WordPress blog in AWS using Elastic Beanstalk and RDS. You will construct this assignment in our AWS Academy Learner Lab classroom.
Unlike labs, assignments have minimal instructions. You are given specifications on what the assignment needs, and you must rely on your previous work in the course. If the assignment doesn't have the command you need, you can find it in your labs. As with Assignment 1, don't be afraid to do a little research!
Assignments in OPS705 are built as an assessment of your ability to meet the course objectives.
Task 1: Networking
In this task, you will create all the networking required for your new web application.
Virtual Private Cloud
Create a new VPC with the following settings:
- VPC only
- Name: Wordpress VPC
- IPv4 CIDR: 10.0.0.0/16
- Leave all other settings on default
Once created, modify this VPC (Edit VPC Settings) with the following actions:
- Enable DNS resolution: Checked
- Enable DNS hostnames: Checked
Subnets
Create two private IPv4 subnets in this VPC:
- Private Subnet 1 – 10.0.1.0/24 – us-east-1a
- Private Subnet 2 – 10.0.2.0/24 – us-east-1b
Create two public IPv4 subnets in this VPC:
- Public Subnet 1 – 10.0.11.0/24 – us-east-1a
- Public Subnet 2 – 10.0.12.0/24 – us-east-1b
Edit your public subnets (Edit subnet settings) with the following settings:
- Enable auto-assign public IPv4 address: Checked
- Enable resource name DNS A record on launch: Checked
Internet Gateway
Create a new Internet Gateway with the following:
- Name: Wordpress Gateway
- Once created, attach it to your Wordpress VPC.
Route Tables
Find your default route table for your Wordpress VPC and add the name: VPC-local Route Table
Create a second route table:
- Name: Wordpress Website Route Table
- VPC: Wordpress VPC
- Routes Entry 1:
- Destination: 10.0.0.0/16
- Target: local
- Routes Entry 2:
- Destination: 0.0.0.0/0
- Target: Internet Gateway – Wordpress Gateway
Security Groups
Create a security group with the following settings:
- Name: Wordpress Website SG
- Description: Allows HTTP traffic inbound
- VPC: Wordpress VPC
- Inbound Rule:
- Type: HTTP
- Source: Anywhere – IPv4 (0.0.0.0/0)
Create a security group with the following settings:
- Name: Wordpress Database SG
- Description: Allows MySQL traffic locally
- VPC: Wordpress VPC
- Inbound Rule:
- Type: MYSQL/Aurora
- Source: Custom (Select Wordpress Website SG in the search field)
Edit both public subnets’ route table associations to: Wordpress Website Route Table
Task 2: Database
Create a new RDS instance with the following settings:
- Engine type: MySQL
- Engine Version: MySQL 8.0.32 (or current latest version available)
- Templates: Free tier
- DB instance identifier: wordpress-db
- Master username: admin
- Auto generate a password: Checked
- DB instance class: db.t3.micro
- Allocated storage: 5
- Enable storage autoscaling: Unchecked
- Virtual private cloud (VPC): Wordpress VPC
- DB subnet group: Create new DB Subnet Group (if you're redoing your database creation, there will already be an entry here. Make sure you're using the Wordpress VPC in the setting above!)
- Public access: No
- VPC security group: Choose existing
- Existing VPC security groups: Remove default VPC, add Wordpress Database VPC (look to see that it's there below the dropdown after you select it)
- Availability Zone: us-east-1a
- Monitoring > Enable Enhanced monitoring: Unchecked
- Below the Monitoring section, Additional configuration > Initial database name: wordpress (Write the database name down! You will need this later.)
- Enable automated backups: Unchecked
- Enable encryption: Unchecked
Once the database has finished creating, click on the View connection details button by the green success message at the top of the page. This gives you your database password.
Store the Master username, Master password, and Endpoint in a saved document along with your Initial database name. You’ll need it later.
Task 3: Wordpress Source Code Modification
Download and Unzip - Local Computer
- On your local machine, download the current Wordpress source code from here: https://wordpress.org/latest.zip
- Unzip the file. You should end up with a wordpress directory. (Do not delete the original .zip file)
Modify Wordpress Configuration File
From your work with Wordpress in Assignment 1, you know you can simply upload the source code and the first time you load the webpage, you'll be asked for database connector information. However, Elastic Beanstalk applications are meant to be disposable. In A1, when you were adding that database connector info, it was being saved in a file called wp-config.php. This is fine for that kind of setup, but in Elastic Beanstalk, changes made to static HTML or PHP are not saved it the Beanstalk application restarts, which it will do often. Whenever the application restarts, it will load from the source zip file. If you did as in A1, you'd have to constantly re-enter your DB connector info every time you started up your Learner Lab environment.
We could add the DB connector info to wp-config.php manually before we upload the source code, but there's a much better way. We use environment variables to allow us to put all the info in the Elastic Beanstalk application wizard. That way, every time the application restarts and reloads from the source code zip, it'll then read our connector information from AWS. Read below for details and steps.
- In the local wordpress folder, find a file called: wp-config-sample.php
- Duplicate this file, and call it: wp-config.php
- Open wp-config.php in a plain text editor. I recommend Sublime. (https://www.sublimetext.com/download)
Adding Database Connector Info as Environment Variables
In this file (wp-config.php), you will be adding database connector information as environment variables, not the actual connector information. (We'll add that information later.) Find the following lines and add the bolded values:
- define('DB_NAME', getenv('DB_NAME'));
- define('DB_USER', getenv('DB_USER'));
- define('DB_PASSWORD', getenv('DB_PASSWORD'));
- define('DB_HOST', getenv('DB_HOST'));
Adding Authentication Unique Keys and Salts as Environment Variables
In the same file (wp-config.php), you'll be adding the authentication keys and salts as environment variables. Find the following lines and add the bolded values:
- define('AUTH_KEY', getenv('AUTH_KEY'));
- define('SECURE_AUTH_KEY', getenv('SECURE_AUTH_KEY'));
- define('LOGGED_IN_KEY', getenv('LOGGED_IN_KEY'));
- define('NONCE_KEY', getenv('NONCE_KEY'));
- define('AUTH_SALT', getenv('AUTH_SALT'));
- define('SECURE_AUTH_SALT', getenv('SECURE_AUTH_SALT'));
- define('LOGGED_IN_SALT', getenv('LOGGED_IN_SALT'));
- define('NONCE_SALT', getenv('NONCE_SALT'));
Zip As New File and Rename - Local Computer
- Find the wordpress folder on your local computer.
- Zip the entire wordpress directory, not just the files inside. (Use the zip compression protocol. Don't use something else like .rar.)
- Rename your new zip file: wordpress-6.1.1-modded.zip (Use whatever version the source zip file has.)
Task 4: Elastic Beanstalk
Create a new Elastic Beanstalk application with the following settings:
Environment Tier
Select: Web server environment
Main settings
- Application name: wordpress
- Environment name: Wordpress-env
- Domain: yourSenecaUsername-assignment2 (Click on the Check availability button to verify the URL is free.)
- Platform: PHP
- Platform branch: PHP 8.1 (or current latest)
- Application code: Upload your code
- Choose file: wordpress-6.1.1-modded.zip (From your local computer)
- Version label: wordpress-6.1.1
Configure more options
Software
Before beginning this section, you will need two things:
- Your database connector information (you saved this, right?)
- Randomly generated auth keys and salts from here: https://api.wordpress.org/secret-key/1.1/salt/ (it's a good idea to save these in a text file, too)
Settings:
- Document root: /wordpress
- Environment properties
- DB_HOST: your RDS database URL
- DB_NAME: initial database name
- DB_USER: admin
- DB_PASSWORD: your auto-generated database password
- AUTH_KEY: (use gathered info from salt page)
- SECURE_AUTH_KEY: (use gathered info from salt page)
- LOGGED_IN_KEY: (use gathered info from salt page)
- NONCE_KEY: (use gathered info from salt page)
- AUTH_SALT: (use gathered info from salt page)
- SECURE_AUTH_SALT: (use gathered info from salt page)
- LOGGED_IN_SALT: (use gathered info from salt page)
- NONCE_SALT: (use gathered info from salt page)
Security
- Service role: LabRole
- EC2 key pair: vockey
- IAM instance profile: LabInstanceProfile
Monitoring
- System: Basic
Managed updates
- Enabled: Unchecked
Notifications
- Email: YourSenecaE-mailAddress
Network
- VPC: Wordpress VPC
- Public IP address: Checked
- Instance subnets: Public Subnet 1, Public Subnet 2 (both checked)
- Database subnets: Private Subnet 1, Private Subnet 2 (both checked)
Instances
- EC2 Security Groups: Wordpress Website SG (both checked)
Create the application.
While you wait for the creation to complete, check your e-mail to confirm your notification subscription.
Task 5: Site Configuration
Open the URL presented in the Wordpress EBS instance and begin the site setup:
Site Information
Set the following site information:
- Site Title: OPS705 Winter 2023 A2 - Full Name
- Username: yourSenecaUsername
- Password: Choose a strong password (do not reuse the DB password)
- Your Email: yourSenecaEmailAddress
- Search engine visibility: Unchecked
Task 5: Blog Posts
Delete the first template post. In your own words, answer the following questions in individual blog posts:
Blog Post: 1
How would you describe how you set up this Elastic Beanstalk+Database instance of Wordpress to a student who has just finished OPS705 Week 1?
Blog Post: 2
What was the most difficult part of this assignment for you?
Blog Post: 3
What parts of this assignment did you find easier compared to our IaaS version of Wordpress from Assignment 1?
Blog Post: 4
In the context of this assignment, briefly describe the function of the following: VPCs, subnets, security groups, route tables, internet gateways
Lab Submission
As with previous labs, your work will be evaluated by accessing your site directly. To formally submit, you must include the following:
- In the comment section of your submission, paste the URL of your new site.
- A single screenshot showing your active and complete Wordpress blog.
Once submitted, you can leave your resources running.