Launching Public Wordpress site with Private MySQL as a database

Image for post
Image for post
Wordpress Site hosted using MySQL as database

If you can’t figure out how to secure your own WordPress site , then you are in the right place.

To do this we are using AWS Network as a Service and Terraform Infrastructure as Code.

STEP1: Specifying Provider

We specify Terraform that we are going to use AWS as our cloud service provider and the user we are going to use. The user should be configured already in your system.

AWS provider
Image for post
Image for post

STEP2: Creating Key-Pair

We create key-pair to ssh into our instance.

Image for post
Image for post

STEP3: Create Virtual Private Cloud(VPC)

Amazon Virtual Private Cloud (Amazon VPC) lets us provision a logically isolated section of the AWS Cloud where we can launch AWS resources in a virtual network that we define. We have complete control over your virtual networking environment, including selection of our own IP address range, creation of subnets, and configuration of route tables and network gateways. We can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

For our VPC, the name will come as set in variables and the IPv4 CIDR as 192.168.0.0/16. Hostnames and DNS support have been kept as true so as auto public IP allocation can be done.

Image for post
Image for post

STEP4: Creating Subnets in VPC

A VPC spans all of the Availability Zones in the Region. After creating a VPC, we can add one or more subnets in each Availability Zone.When we create a subnet, we specify the CIDR block for the subnet, which is a subset of the VPC CIDR block. Each subnet must reside entirely within one Availability Zone and cannot span zones.

The configuration for this scenario includes a virtual private cloud (VPC) with a public subnet and a private subnet. We want to run a public-facing web application, while maintaining back-end servers that aren’t publicly accessible. For example , we are creating a multi-tier architecture, with the Wordpress site in a public subnet and the database servers in our case MySQL in a private subnet. We can set up security and routing so that the web servers can communicate with the database servers.

The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can’t. Instead, the instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet. The database servers can connect to the Internet for software updates using the NAT gateway, but the Internet cannot establish connections to the database servers.

STEP5 : Creating security group

We create 2 security groups:

  • Security group1 allowing inbound ssh (from port 22) and http(from port 80) protocols into instances in the public subnet.
  • Security group2 allowing only inbound requests to port 3306(MySQL) from sg1.
Image for post
Image for post

STEP6: route_table,route_table,route_table_association

Internet Gateway: An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

To enable access to or from the internet for instances in a subnet in a VPC, we must do the following:

  • Attach an internet gateway to your VPC.
  • Creating a route table that directs requests to the internet gateway. And associate it with public subnet 1

STEP7: EC2 instances

Launch the WordPress instance in the public subnet with Security group1.

Launching MySQL instance in the private subnet with security group 2. So it will only be accessible from public subnet security group 1 and not from the outside world.

We are done with the Terraform code now. So to run that do:

terraform init
Image for post
Image for post

Then apply the changes:

terraform apply -auto-approve
Image for post
Image for post

Then after everything is setup. We have to SSH into the wordpress instance and edit the wp-config.php file contained in the /var/www/html directory.

Image for post
Image for post

Note the private IP of the MySQL instance and substitute it there.

Image for post
Image for post

We’ve done it !!! The infrastructure is now set up!

Now we can visit the wordpress site using the Public DNS/IP.

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

To destroy the infrastructure, run

terraform destroy -auto-approve
Image for post
Image for post

To get the complete code:

Written by

I am a DevOps Enthusiast and recently taken to Cloud Computing. Learning Flutter App Development currently. In my free time I engage in competitive coding.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store