The theory and the basic architecture have been explained in the previous article, this one directly to see the specific script implementation. First, take a look at the implementation of the previous 10 steps.
Create EC2-S3 role, which is assigned to EC2 virtual machines so that they automatically have access to S3 content after they are created.
Create a VPC Network
Create 2 subnets of a VPC, located in different AZ
Create an Internet gateway
Configure the routing table
Create and configure the EC2 security Group to ensure that 80 and 22 ports are available
Create a highly available MARIADB database
Configure the security Group for the database to ensure that port 3306 is available
Create a S3 Bucket and configure policy
Create CloudFront distribution points, bind S3 buckets
Preparing the WordPress configuration document
Preparing the configuration document for VirtualHost
Uploading the configuration document into the S3 bucket
Configure bash shell scripts, including Lamp,wordpress,aws,crontab and S3 synchronization, and more
Create a EC2 virtual machine, specify the bootstrap command created in 14 steps
Update DNS records, point to the virtual machine
Initializing the WordPress interface
Generate image file after confirmation is correct
Configure Elb
Update DNS records to ELB address
Configuring launch Configuration
Configure Auto Scaling
0 steps, first I need an admin account to log in to AWS
Import-module awspowershellget-module awspowershell#create account from IAM, download user accesskey and secretkey# Generate, List and delete Profileset-awscredentials-accesskey Akiaja11sde5sxvhrq-secretkey pc528dw2/ Qwzoo4pe421p2n618h+yfv1s7jvsbj2m-storeas Myprofileinitialize-awsdefaults-profilename myprofile-region Ap-southeast-2
1. Next create a EC2-S3 role
# set trust relationship[email protected] "{ " Version ": " 2012-10-17 ", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "Sts:assumerole"     }    ]} "@ new-iamrole -rolename "Ec2-s3" -AssumeRolePolicyDocument $policy # Set  S3 access rights $policy2 = @ "{" Version ": " 2012-10-17 "," Statement ": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "*"     }]} "@ write-iamrolepolicy -policydocument $policy 2 -rolename " Ec2-s3 " -PolicyName " ALLOWS3 "
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/84/56/wKiom1eNxeaCVX1AAACBhwgfZ6E379.png "title=" 1.PNG " alt= "Wkiom1enxeacvx1aaacbhwgfz6e379.png"/>
2. Create a VPC
#创建一个新的VPCNew-ec2vpc-cidrblock 10.2.0.0/16
3. Create a subnet under a VPC
#创建两个子网, located in different az$vpcid=get-ec2vpc | where-object {$_. cidrblock -eq "10.2.0.0/16"} | select -expandproperty vpcidnew-ec2subnet - cidrblock 10.2.1.0/24 -vpcid $vpcid -AvailabilityZone ap-southeast-2a new-ec2subnet -cidrblock 10.2.2.0/24 -vpcid $vpcid -AvailabilityZone ap-southeast-2bedit-ec2subnetattribute -subnetid subid1 -mappubliciponlaunch $ trueedit-ec2subnetattribute -subnetid sbuid2 -mappubliciponlaunch $true $subid1= Get-ec2subnet | where-object{$_. cidrblock -eq "10.2.1.0/24"} | select -expandproperty subnetid# add tag Comment $tag= New-object amazon.ec2.model.tag -property @{key= "Name"; value= "Sydney"}new-ec2tag -resource $subid 1 -tag $tag $subid2=get-ec2subnet | where-object{$_. cidrblock -eq "10.2.2.0/24"} | select -expandproperty subneTid$tag2=new-object amazon.ec2.model.tag -property @{key= "Name"; value= "Melbourne"}New-EC2Tag -Resource $subid 2 -tag $tag allow automatic matching of public network ipedit-ec2subnetattribute -subnetid $ subid1 -mappubliciponlaunch $trueEdit-ec2subnetattribute -subnetid $subid 2 - mappubliciponlaunch $true
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/84/56/wKiom1eNxs3iDyVLAABgQUuzT6c209.png "style=" float: none; "title=" 2.PNG "alt=" Wkiom1enxs3idyvlaabgquuzt6c209.png "/>
4. Create a Gateway
#创建Internet网关if (Get-ec2internetgateway | Where-object {$_. Attachments[0]-eq $null} | Measure). Count-eq 0) {new-ec2internetgateway} $igwid =get-ec2internetgateway | Where-object {$_. Attachments[0]-eq $null} | Select-expandproperty internetgatewayid$tagigw=new-object amazon.ec2.model.tag-property @{key= "Name"; value= "AU"} New-ec2tag-resource $igwid-tag $tagigwGet-ec2internetgateway $igwid | Add-ec2internetgateway-vpcid $vpcid
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/84/56/wKioL1eNxs_gpyXGAABSnjfeF1w946.png "style=" float: none; "title=" 3.PNG "alt=" Wkiol1enxs_gpyxgaabsnjfef1w946.png "/>
5. Configure the route table for your VPC
#配置路由表 #routetable#new-ec2routetable-vpcid $vpcid $routetable =get-ec2routetable | Where-object {$_. Vpcid-eq $vpcid} #Add new Routenew-ec2route-destinationcidrblock "0.0.0.0/0"-gatewayid $igwid-routetableid $ RouteTable. Routetabl
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/84/56/wKiom1eNxtKRajALAAA7s9JX1Pk870.png "style=" float: none; "title=" 4.PNG "alt=" Wkiom1enxtkrajalaaa7s9jx1pk870.png "/>
6. Configure a EC2 security group, open 22 and 80 ports so that users can remotely administer and access blogs
#6. Configuring Securitygroup and Ports Ssh,http,mysqlnew-ec2securitygroup-groupname wordpress-description "WordPress Security Group" -vpcid $vpcid $ip1=new-object amazon.ec2.model.ippermission$ip1. Ipprotocol= "TCP" $ip 1. Fromport=22$ip1. toport= "1" $ip. Iprange= "0.0.0.0/0" $ip 2=new-object amazon.ec2.model.ippermission$ip2. Ipprotocol= "TCP" $ip 2. Fromport=80$ip2. Toport=80$ip2. Iprange.add ("0.0.0.0/0") get-ec2securitygroup | Where-object {$_. Groupname-eq "WordPress"} | Grant-ec2securitygroupingress-ippermission @ ($ip 1, $ip 2)
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/84/56/wKiom1eNyJ3C0nS8AABDrjNXAGA253.png "style=" float: none; "title=" 5.PNG "alt=" Wkiom1enyj3c0ns8aabdrjnxaga253.png "/>
7. Then create a highly available mariadb, for the sake of simplicity, database name, username, password are set to wordpress, note I here specifically recorded this database instance ID number, this is for the later configuration WordPress needs.
#创建RDS multipleaznew-rdsdbinstance-allocatedstorage 5-dbinstanceidentifier "wordpress"-masterusername "WordPress"- Masteruserpassword "WordPress" '-autominorversionupgrade $true-copytagstosnapshot $false-dbinstanceclass " Db.t2.micro "'-dbname" WordPress "-engine" mariadb "-multiaz $true $rdssgid = (get-rdsdbinstance-dbinstanceidentifier" W Ordpress "| Select-expandproperty vpcsecuritygroups). vpcsecuritygroupid
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/84/56/wKioL1eNyKCTq2GsAADGKRpAy2c819.png "style=" float: none; "title=" 6.PNG "alt=" Wkiol1enykctq2gsaadgkrpay2c819.png "/>
8. Then to make sure that he can be accessed by my WordPress server, I have to open 3306 port
#Configure Security Group of Db$ip3=new-object AMAZON.EC2.MODEL.IPPERMISSION$IP3. Ipprotocol= "TCP" $IP 3. Fromport=3306$ip3. Toport=3306$ip3. Iprange.add ("0.0.0.0/0") get-ec2securitygroup | Where-object{$_. Groupid-eq $rdssgid} | Grant-ec2securitygroupingress-ippermission @ ($ip 3)
9. Next configure the S3 bucket and related policy, the purpose of this bucket is 2, the first is for all EC2 instances have the same WordPress and vhosts configuration file, the second is to synchronize with the EC2 instance of the local directory to save all the pictures, Similar features WordPress has a lot of plugins can do, but here with a script to achieve
#创建S3 bucketnew-s3bucket-bucketname yuanliwordpress-region ap-southeast-2get-s3bucket-bucketname yuanliwordpress# Allow the uploads folder inside the bucket to have public readable permissions, this folder will be used to save WordPress inside the picture [email protected] "{" Version ":" 2012-10-17 "," Statement " : [{"Sid": "Addpem", "Action": ["S3:getobject"], "Effect": "Allow", "Resource": "Ar n:aws:s3:::yuanliwordpress/uploads/* "," Principal ":" * "}]}" @Write-s3bucketpolicy-bucketname yuanliwordpress-p Olicy $policy 3get-s3bucketpolicy-bucketname yuanliwordpress
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/84/57/wKiom1eNyzWyBI0iAABXA16--Q4085.png "title=" 7.PNG " alt= "Wkiom1enyzwybi0iaabxa16--q4085.png"/>
10. Then create a CDN distribution point for this S3, so that the child can access my blog from any region of the world quickly.
#配置S3和CloudFront $origin = new-object amazon.cloudfront.model.origin$origin. Domainname= "yuanliwordpress.s3.amazonaws.com" $origin. id= "S3-yuanliwordpress" $origin. S3originconfig = new-object amazon.cloudfront.model.s3originconfig$origin. s3originconfig.originaccessidentity = "" $cfd =new-cfdistribution ' -DistributionConfig_Enabled $true ' -distributionconfig_ comment "Test distribution" -Origins_Item $origin ' -Origins_Quantity 1 ' -distributionconfig_callerreference wordpresstest ' - defaultcachebehavior_targetoriginid $origin. id ' -ForwardedValues_QueryString $true ' -cookies_forward all ' -WhitelistedNames_Quantity 0 ' -TrustedSigners_Enabled $false ' -trustedsigners_quantity 0 ' -defaultcachebehavior_viewerprotocolpolicy allow-all ' -DefaultCacheBehavior_MinTTL 1000 ' -DistributionConfig_PriceClass "Priceclass_all" -CacheBehaviors_Quantity 0 ' -aliases_quantity 0
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/84/57/wKioL1eNyw3Ap-mJAADCdHrVpJk799.png "title=" 8.PNG " Style= "Float:none;" alt= "Wkiol1enyw3ap-mjaadcdhrvpjk799.png"/>
This article is from the "Mapo Tofu" blog, please be sure to keep this source http://beanxyz.blog.51cto.com/5570417/1827752
Powershell AWS Automation Management (11)-Create a highly available WordPress blog (middle)