Terraform Script Documentation: Deploying a WordPress Site on AWS

This Terraform script automates the deployment of a WordPress site on AWS. It creates a Virtual Private Cloud (VPC), public and private subnets, an internet gateway, NAT gateway, Elastic IP, security groups, Application Load Balancer, Auto Scaling Group, Launch Configuration, RDS instance, RDS subnet group, and a Route 53 record.

Prerequisites

• An AWS account with the necessary permissions to create resources.
• Terraform installed on your local machine.

Variables

The script includes the following variables:

• aws_region: The region in which to create the resources. Default is us-west-2.
• vpc_cidr_block: The CIDR block for the VPC. Default is 10.0.0.0/16.
• public_subnet_cidr_block: The CIDR block for the public subnet. Default is 10.0.1.0/24.
• private_subnet_cidr_block: The CIDR block for the private subnet. Default is 10.0.2.0/24.
• key_name: The name of the key pair to use for SSH access to the instances. Default is my_key_pair.
• ami_id: The ID of the Amazon Machine Image (AMI) to use for the instances. Default is ami-0c55b159cbfafe1f0 (Amazon Linux 2).
• instance_type: The instance type to use for the instances. Default is t2.micro.
• desired_capacity: The desired number of instances in the Auto Scaling Group. Default is 2.
• max_size: The maximum number of instances in the Auto Scaling Group. Default is 4.
• min_size: The minimum number of instances in the Auto Scaling Group. Default is 2.
• db_name: The name of the database for WordPress. Default is wordpress.
• db_username: The username for the database. Default is admin.
• db_password: The password for the database. Default is password123.

Resources

The script creates the following resources:

• aws_vpc: Creates a VPC with the specified CIDR block.
• aws_subnet: Creates a public and a private subnet within the VPC with the specified CIDR blocks and availability zones.
• aws_internet_gateway: Creates an internet gateway.
• aws_vpc_attachment: Attaches the internet gateway to the VPC.
• aws_nat_gateway: Creates a NAT gateway in the public subnet.
• aws_eip: Creates an Elastic IP.
• aws_eip_association: Associates the Elastic IP with the NAT gateway.
• aws_security_group: Creates a security group for the instances and RDS instance.
• aws_security_group_rule: Allows inbound traffic to the instances from the public subnet and to the RDS instance from the private subnet.
• aws_lb: Creates an Application Load Balancer in the public subnet.
• aws_autoscaling_group: Creates an Auto Scaling Group with the specified Launch Configuration and desired, minimum, and maximum capacities.
• aws_launch_configuration: Creates a Launch Configuration with the specified AMI, instance type, key pair, security group, and user data.
• aws_db_instance: Creates an RDS instance with the specified configuration and security group.
• aws_db_subnet_group: Creates an RDS subnet group with the private subnet.
• aws_route53_record: Creates a Route 53 record for the Load Balancer.

Outputs

The script includes the following outputs:

• wordpress_lb_url: The URL of the Load Balancer.
• wordpress_rds_url: The URL of the RDS instance.

Usage

1. Create a .tf file with the script content.
2. Set the AWS access keys with the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables or by using a credentials file.
3. Run terraform init to initialize the Terraform environment.
4. Run terraform plan to view the changes to be made.
5. Run terraform apply to create the resources.
6. To destroy the resources, run terraform destroy.

Security Considerations

• The security group rules allow all traffic from the public subnet to the instances. To restrict access, modify the cidr_blocks attribute of the aws_security_group_rule resource to include only the IP addresses that need access.
• The RDS instance is created with a default security group that allows all inbound traffic from the VPC. To restrict access, modify the security group rules or create a custom security group that allows only the necessary traffic.
• The user data script for the Launch Configuration installs Apache, PHP, and WordPress using yum. To ensure that the packages are up-to-date and secure, consider using a more secure installation method or updating the packages after the instances are launched.
• The RDS instance is created with a default parameter group that may not be optimized for performance. Consider creating a custom parameter group and modifying the instance to use it.
• The script creates an Elastic IP and associates it with the NAT gateway. Ensure that the Elastic IP is not left unassociated or unused to avoid unnecessary charges.
• The script creates an Application Load Balancer that is publicly accessible. If the site should only be accessible from a private network, consider using a Network Load Balancer instead.
• The script creates an Auto Scaling Group with a desired, minimum, and maximum capacity. Ensure that the capacity settings are appropriate for the expected traffic and load on the site.

Conclusion

This Terraform script provides a convenient and automated way to deploy a WordPress site on AWS. However, it is important to consider the security implications and performance optimizations for each resource created in the script to ensure that the site is secure and performant.