Powershell AWS Automation Management (11)-Create a highly available WordPress blog (middle)

Source: Internet
Author: User
Tags wordpress blog

The theory and the basic architecture have been explained in the previous article, this one directly to see the specific script implementation. First, take a look at the implementation of the previous 10 steps.


  1. Create EC2-S3 role, which is assigned to EC2 virtual machines so that they automatically have access to S3 content after they are created.

  2. Create a VPC Network

  3. Create 2 subnets of a VPC, located in different AZ

  4. Create an Internet gateway

  5. Configure the routing table

  6. Create and configure the EC2 security Group to ensure that 80 and 22 ports are available

  7. Create a highly available MARIADB database

  8. Configure the security Group for the database to ensure that port 3306 is available

  9. Create a S3 Bucket and configure policy

  10. Create CloudFront distribution points, bind S3 buckets

  11. Preparing the WordPress configuration document

  12. Preparing the configuration document for VirtualHost

  13. Uploading the configuration document into the S3 bucket

  14. Configure bash shell scripts, including Lamp,wordpress,aws,crontab and S3 synchronization, and more

  15. Create a EC2 virtual machine, specify the bootstrap command created in 14 steps

  16. Update DNS records, point to the virtual machine

  17. Initializing the WordPress interface

  18. Generate image file after confirmation is correct

  19. Configure Elb

  20. Update DNS records to ELB address

  21. Configuring launch Configuration

  22. Configure Auto Scaling


0 steps, first I need an admin account to log in to AWS

Import-module awspowershellget-module awspowershell#create account from IAM, download user accesskey and secretkey# Generate, List and delete Profileset-awscredentials-accesskey Akiaja11sde5sxvhrq-secretkey pc528dw2/ Qwzoo4pe421p2n618h+yfv1s7jvsbj2m-storeas Myprofileinitialize-awsdefaults-profilename myprofile-region Ap-southeast-2


1. Next create a EC2-S3 role


#  set  trust relationship[email protected] "{  " Version ": " 2012-10-17 ",    "Statement": [         {        "Effect":  "Allow",       "Principal": {          "Service":  "ec2.amazonaws.com"       },        "Action":  "Sts:assumerole"     }    ]} "@ new-iamrole -rolename  "Ec2-s3"  -AssumeRolePolicyDocument  $policy # Set  S3 access rights $policy2  = @ "{" Version ": " 2012-10-17 "," Statement ": [    {      "Effect":  "Allow",     "Action":  "s3:*",     "Resource":   "*"     }]} "@   write-iamrolepolicy -policydocument  $policy 2  -rolename " Ec2-s3 " -PolicyName " ALLOWS3 "

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/84/56/wKiom1eNxeaCVX1AAACBhwgfZ6E379.png "title=" 1.PNG " alt= "Wkiom1enxeacvx1aaacbhwgfz6e379.png"/>



2. Create a VPC

#创建一个新的VPCNew-ec2vpc-cidrblock 10.2.0.0/16


3. Create a subnet under a VPC


#创建两个子网, located in different az$vpcid=get-ec2vpc | where-object {$_. cidrblock -eq  "10.2.0.0/16"} | select -expandproperty vpcidnew-ec2subnet - cidrblock 10.2.1.0/24 -vpcid  $vpcid  -AvailabilityZone ap-southeast-2a  new-ec2subnet -cidrblock 10.2.2.0/24 -vpcid  $vpcid  -AvailabilityZone  ap-southeast-2bedit-ec2subnetattribute -subnetid subid1 -mappubliciponlaunch $ trueedit-ec2subnetattribute -subnetid sbuid2 -mappubliciponlaunch  $true $subid1= Get-ec2subnet | where-object{$_. cidrblock -eq  "10.2.1.0/24"} | select -expandproperty subnetid# add tag Comment $tag= New-object amazon.ec2.model.tag -property @{key= "Name"; value= "Sydney"}new-ec2tag -resource   $subid 1 -tag  $tag $subid2=get-ec2subnet | where-object{$_. cidrblock -eq  "10.2.2.0/24"} | select -expandproperty subneTid$tag2=new-object amazon.ec2.model.tag -property @{key= "Name"; value= "Melbourne"}New-EC2Tag  -Resource  $subid 2 -tag  $tag allow automatic matching of public network ipedit-ec2subnetattribute -subnetid $ subid1 -mappubliciponlaunch  $trueEdit-ec2subnetattribute -subnetid  $subid 2 - mappubliciponlaunch  $true

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/84/56/wKiom1eNxs3iDyVLAABgQUuzT6c209.png "style=" float: none; "title=" 2.PNG "alt=" Wkiom1enxs3idyvlaabgquuzt6c209.png "/>


4. Create a Gateway

#创建Internet网关if (Get-ec2internetgateway | Where-object {$_. Attachments[0]-eq $null} | Measure). Count-eq 0) {new-ec2internetgateway} $igwid =get-ec2internetgateway | Where-object {$_. Attachments[0]-eq $null} | Select-expandproperty internetgatewayid$tagigw=new-object amazon.ec2.model.tag-property @{key= "Name"; value= "AU"} New-ec2tag-resource $igwid-tag $tagigwGet-ec2internetgateway $igwid | Add-ec2internetgateway-vpcid $vpcid


650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/84/56/wKioL1eNxs_gpyXGAABSnjfeF1w946.png "style=" float: none; "title=" 3.PNG "alt=" Wkiol1enxs_gpyxgaabsnjfef1w946.png "/>



5. Configure the route table for your VPC


#配置路由表 #routetable#new-ec2routetable-vpcid $vpcid $routetable =get-ec2routetable | Where-object {$_. Vpcid-eq $vpcid} #Add new Routenew-ec2route-destinationcidrblock "0.0.0.0/0"-gatewayid $igwid-routetableid $ RouteTable. Routetabl


650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/84/56/wKiom1eNxtKRajALAAA7s9JX1Pk870.png "style=" float: none; "title=" 4.PNG "alt=" Wkiom1enxtkrajalaaa7s9jx1pk870.png "/>


6. Configure a EC2 security group, open 22 and 80 ports so that users can remotely administer and access blogs

#6. Configuring Securitygroup and Ports Ssh,http,mysqlnew-ec2securitygroup-groupname wordpress-description "WordPress Security Group" -vpcid $vpcid $ip1=new-object amazon.ec2.model.ippermission$ip1. Ipprotocol= "TCP" $ip 1. Fromport=22$ip1. toport= "1" $ip. Iprange= "0.0.0.0/0" $ip 2=new-object amazon.ec2.model.ippermission$ip2. Ipprotocol= "TCP" $ip 2. Fromport=80$ip2. Toport=80$ip2. Iprange.add ("0.0.0.0/0") get-ec2securitygroup | Where-object {$_. Groupname-eq "WordPress"} | Grant-ec2securitygroupingress-ippermission @ ($ip 1, $ip 2)


650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/84/56/wKiom1eNyJ3C0nS8AABDrjNXAGA253.png "style=" float: none; "title=" 5.PNG "alt=" Wkiom1enyj3c0ns8aabdrjnxaga253.png "/>


7. Then create a highly available mariadb, for the sake of simplicity, database name, username, password are set to wordpress, note I here specifically recorded this database instance ID number, this is for the later configuration WordPress needs.


#创建RDS multipleaznew-rdsdbinstance-allocatedstorage 5-dbinstanceidentifier "wordpress"-masterusername "WordPress"- Masteruserpassword "WordPress" '-autominorversionupgrade $true-copytagstosnapshot $false-dbinstanceclass " Db.t2.micro "'-dbname" WordPress "-engine" mariadb "-multiaz $true $rdssgid = (get-rdsdbinstance-dbinstanceidentifier" W Ordpress "| Select-expandproperty vpcsecuritygroups). vpcsecuritygroupid



650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/84/56/wKioL1eNyKCTq2GsAADGKRpAy2c819.png "style=" float: none; "title=" 6.PNG "alt=" Wkiol1enykctq2gsaadgkrpay2c819.png "/>


8. Then to make sure that he can be accessed by my WordPress server, I have to open 3306 port

#Configure Security Group of Db$ip3=new-object AMAZON.EC2.MODEL.IPPERMISSION$IP3. Ipprotocol= "TCP" $IP 3. Fromport=3306$ip3. Toport=3306$ip3. Iprange.add ("0.0.0.0/0") get-ec2securitygroup | Where-object{$_. Groupid-eq $rdssgid} | Grant-ec2securitygroupingress-ippermission @ ($ip 3)


9. Next configure the S3 bucket and related policy, the purpose of this bucket is 2, the first is for all EC2 instances have the same WordPress and vhosts configuration file, the second is to synchronize with the EC2 instance of the local directory to save all the pictures, Similar features WordPress has a lot of plugins can do, but here with a script to achieve


#创建S3 bucketnew-s3bucket-bucketname yuanliwordpress-region ap-southeast-2get-s3bucket-bucketname yuanliwordpress# Allow the uploads folder inside the bucket to have public readable permissions, this folder will be used to save WordPress inside the picture [email protected] "{" Version ":" 2012-10-17 "," Statement " : [{"Sid": "Addpem", "Action": ["S3:getobject"], "Effect": "Allow", "Resource": "Ar n:aws:s3:::yuanliwordpress/uploads/* "," Principal ":" * "}]}" @Write-s3bucketpolicy-bucketname yuanliwordpress-p Olicy $policy 3get-s3bucketpolicy-bucketname yuanliwordpress


650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/84/57/wKiom1eNyzWyBI0iAABXA16--Q4085.png "title=" 7.PNG " alt= "Wkiom1enyzwybi0iaabxa16--q4085.png"/>



10. Then create a CDN distribution point for this S3, so that the child can access my blog from any region of the world quickly.


#配置S3和CloudFront $origin  = new-object amazon.cloudfront.model.origin$origin. Domainname= "yuanliwordpress.s3.amazonaws.com" $origin. id= "S3-yuanliwordpress" $origin. S3originconfig = new-object amazon.cloudfront.model.s3originconfig$origin. s3originconfig.originaccessidentity =  "" $cfd =new-cfdistribution  '        -DistributionConfig_Enabled  $true   '       -distributionconfig_ comment  "Test distribution"         -Origins_Item  $origin   '       -Origins_Quantity 1  '        -distributionconfig_callerreference wordpresstest  '       - defaultcachebehavior_targetoriginid  $origin. id  '       -ForwardedValues_QueryString  $true   '        -cookies_forward all  '       -WhitelistedNames_Quantity 0  '        -TrustedSigners_Enabled  $false   '       -trustedsigners_quantity  0  '       -defaultcachebehavior_viewerprotocolpolicy allow-all   '       -DefaultCacheBehavior_MinTTL 1000  '        -DistributionConfig_PriceClass  "Priceclass_all"          -CacheBehaviors_Quantity 0  '       -aliases_quantity 0


650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/84/57/wKioL1eNyw3Ap-mJAADCdHrVpJk799.png "title=" 8.PNG " Style= "Float:none;" alt= "Wkiol1enyw3ap-mjaadcdhrvpjk799.png"/>





This article is from the "Mapo Tofu" blog, please be sure to keep this source http://beanxyz.blog.51cto.com/5570417/1827752

Powershell AWS Automation Management (11)-Create a highly available WordPress blog (middle)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.