Deploying WP using AWS RDS with bastion host

6 min readJul 27, 2020

This blog is some improvement to my previous project. In this i will improve security to my earlier RDS and WordPress instance and added NAT Gateway to allow connectivity to my private subnets to go to public world.

I suggest if you haven’t read my earlier bolg. Please read it first for better understanding.

Necessary Requirements:

AWS CLI software configured with a profile. You can get from here
Knowledge of AWS Cloud Computing and Terraform.
Terraform setup. You can get from here
You can get my code from here
I have used MYSQL Workbench to show connectivity to our RDS instance

Steps while performing our project:

1. Write an Infrastructure as code using terraform, which automatically create a VPC.

2. In that VPC we have to create subnets:

* public subnet [ Accessible for Public World! ]

* private subnet [ Restricted for Public World! ]. Here the catch is that we have to create 2 private subnets in different availability zones as per requirement of db instance.

3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instances in our VPC can connect to outside world, update and associate it with public subnet.

5. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network

6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet

7. Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site and port 22 for ssh from our bastion host only. Also attach the key to instance for further login into it.

8. Launch a rds db instance which has MYSQL setup already having security group allowing port 3306 to our WordPress instance and bastion host

9. Launch a ec2 instance for contacting our WP and db instances for management purpose. The security group allow port 22 to anywhere so that we can connect to it easily. You can also improve security by adding recognized IP instead of Anywhere.

Below are the steps how you can successfully execute my code:

Step 1: Configure your aws profile with below cmd

aws configure

Step 2: Now below will be steps for code completion. If you are not interested then you may skip to Step 3.

For providing provider info

# AWS Providerprovider "aws" {
region = "ap-south-1"
profile = "apeksh"
}

For creating new key and key pair for ssh login

For creating VPC and private and public subnets

For creating Internet Gateway , NAT Gateway, Route Table and associating respective Subnets with it.

For creating Security groups for Wordpress, db instance and bastion host

For creating EC2 instance for Wordpress, db instance for database and another ec2 instance for bastion host

That’s it for coding part. Now execution part resumes

Step 3: Go inside directory where your terraform files are present and run

terraform init

It will install all the necessary plugins for your code.

Step 4: Now run

terraform apply

Then it will prompt to say yes to setup whole services

It will take some time to complete and then after it will do all the thing for you. You can verify from your AWS console also .

Step 5: Now go to Public IP of your WEB instance in EC2 or you can also get from publicIP.txt
You will see the WordPress installation page like this

Fill your Database details as mentioned under RDS instance in instance.tf file.
Note: In database host copy the host address from DB_host.txt file

Step 6: This is one of the main step. Now you will be redirected to this page. Then copy the entire text and you have to copy this into your ec2 instance.

Step 7: Now direct ssh to WordPress site is blocked by Security Group so you have to ssh to bastion host and then ssh to WordPress site. It is also known as SSH tunneling.
For doing ssh from bastion to WP instance you have to provide the generated key to bastion host. Here i have used WinSCP tool to provide key.

Step 8: After successful ssh, then use below commands in WP instance

sudo su
cd /var/www/html/
cp wp-config-sample.php wp-config.php
vim wp-config.php

Now just edit your database details as shown below.

Step 9: Then click on Run the Installation

If you get this page that means you have successfully configured WordPress.
Now enter your details and login into WordPress.

That’s it for installation part.

That’s a test blog

Step 10: For showing connectivity to RDS instance i have used MYSQL Workbench. You can see my successful connection from below images. There also i have used ssh tunneling which is one of very secure way to connect to rds instance.

Now from here you can manage and see your database

Step 8: For removing all your setup use command

terraform destroy

then it will prompt to say yes, enter yes to delete your whole setup in one go. Again it will take some time to destroy your whole setup. So be patient.