Powershell AWS Automation Management (11)-Create a highly available WordPress blog (middle)

The theory and the basic architecture have been explained in the previous article, this one directly to see the specific script implementation. First, take a look at the implementation of the previous 10 steps.

2. Create EC2-S3 role, which is assigned to EC2 virtual machines so that they automatically have access to S3 content after they are created.

4. Create a VPC Network

6. Create 2 subnets of a VPC, located in different AZ

8. Create an Internet gateway

10. Configure the routing table

12. Create and configure the EC2 security Group to ensure that 80 and 22 ports are available

14. Create a highly available MARIADB database

16. Configure the security Group for the database to ensure that port 3306 is available

18. Create a S3 Bucket and configure policy

20. Create CloudFront distribution points, bind S3 buckets

22. Preparing the WordPress configuration document

24. Preparing the configuration document for VirtualHost

26. Uploading the configuration document into the S3 bucket

28. Configure bash shell scripts, including Lamp,wordpress,aws,crontab and S3 synchronization, and more

30. Create a EC2 virtual machine, specify the bootstrap command created in 14 steps

32. Update DNS records, point to the virtual machine

34. Initializing the WordPress interface

36. Generate image file after confirmation is correct
    

38. Configure Elb

40. Update DNS records to ELB address

42. Configuring launch Configuration

44. Configure Auto Scaling

0 steps, first I need an admin account to log in to AWS

Import-module awspowershellget-module awspowershell#create account from IAM, download user accesskey and secretkey# Generate, List and delete Profileset-awscredentials-accesskey Akiaja11sde5sxvhrq-secretkey pc528dw2/ Qwzoo4pe421p2n618h+yfv1s7jvsbj2m-storeas Myprofileinitialize-awsdefaults-profilename myprofile-region Ap-southeast-2

1. Next create a EC2-S3 role

#  set  trust relationship[email protected] "{  " Version ": " 2012-10-17 ",    "Statement": [         {        "Effect":  "Allow",       "Principal": {          "Service":  "ec2.amazonaws.com"       },        "Action":  "Sts:assumerole"     }    ]} "@ new-iamrole -rolename  "Ec2-s3"  -AssumeRolePolicyDocument  $policy # Set  S3 access rights $policy2  = @ "{" Version ": " 2012-10-17 "," Statement ": [    {      "Effect":  "Allow",     "Action":  "s3:*",     "Resource":   "*"     }]} "@   write-iamrolepolicy -policydocument  $policy 2  -rolename " Ec2-s3 " -PolicyName " ALLOWS3 "

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/84/56/wKiom1eNxeaCVX1AAACBhwgfZ6E379.png "title=" 1.PNG " alt= "Wkiom1enxeacvx1aaacbhwgfz6e379.png"/>

2. Create a VPC

#创建一个新的VPCNew-ec2vpc-cidrblock 10.2.0.0/16

3. Create a subnet under a VPC

#创建两个子网, located in different az$vpcid=get-ec2vpc | where-object {$_. cidrblock -eq  "10.2.0.0/16"} | select -expandproperty vpcidnew-ec2subnet - cidrblock 10.2.1.0/24 -vpcid  $vpcid  -AvailabilityZone ap-southeast-2a  new-ec2subnet -cidrblock 10.2.2.0/24 -vpcid  $vpcid  -AvailabilityZone  ap-southeast-2bedit-ec2subnetattribute -subnetid subid1 -mappubliciponlaunch $ trueedit-ec2subnetattribute -subnetid sbuid2 -mappubliciponlaunch  $true $subid1= Get-ec2subnet | where-object{$_. cidrblock -eq  "10.2.1.0/24"} | select -expandproperty subnetid# add tag Comment $tag= New-object amazon.ec2.model.tag -property @{key= "Name"; value= "Sydney"}new-ec2tag -resource   $subid 1 -tag  $tag $subid2=get-ec2subnet | where-object{$_. cidrblock -eq  "10.2.2.0/24"} | select -expandproperty subneTid$tag2=new-object amazon.ec2.model.tag -property @{key= "Name"; value= "Melbourne"}New-EC2Tag  -Resource  $subid 2 -tag  $tag allow automatic matching of public network ipedit-ec2subnetattribute -subnetid $ subid1 -mappubliciponlaunch  $trueEdit-ec2subnetattribute -subnetid  $subid 2 - mappubliciponlaunch  $true

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/84/56/wKiom1eNxs3iDyVLAABgQUuzT6c209.png "style=" float: none; "title=" 2.PNG "alt=" Wkiom1enxs3idyvlaabgquuzt6c209.png "/>

4. Create a Gateway

#创建Internet网关if (Get-ec2internetgateway | Where-object {$_. Attachments[0]-eq $null} | Measure). Count-eq 0) {new-ec2internetgateway} $igwid =get-ec2internetgateway | Where-object {$_. Attachments[0]-eq $null} | Select-expandproperty internetgatewayid$tagigw=new-object amazon.ec2.model.tag-property @{key= "Name"; value= "AU"} New-ec2tag-resource $igwid-tag $tagigwGet-ec2internetgateway $igwid | Add-ec2internetgateway-vpcid $vpcid

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/84/56/wKioL1eNxs_gpyXGAABSnjfeF1w946.png "style=" float: none; "title=" 3.PNG "alt=" Wkiol1enxs_gpyxgaabsnjfef1w946.png "/>

5. Configure the route table for your VPC

#配置路由表 #routetable#new-ec2routetable-vpcid $vpcid $routetable =get-ec2routetable | Where-object {$_. Vpcid-eq $vpcid} #Add new Routenew-ec2route-destinationcidrblock "0.0.0.0/0"-gatewayid $igwid-routetableid $ RouteTable. Routetabl

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/84/56/wKiom1eNxtKRajALAAA7s9JX1Pk870.png "style=" float: none; "title=" 4.PNG "alt=" Wkiom1enxtkrajalaaa7s9jx1pk870.png "/>

6. Configure a EC2 security group, open 22 and 80 ports so that users can remotely administer and access blogs

#6. Configuring Securitygroup and Ports Ssh,http,mysqlnew-ec2securitygroup-groupname wordpress-description "WordPress Security Group" -vpcid $vpcid $ip1=new-object amazon.ec2.model.ippermission$ip1. Ipprotocol= "TCP" $ip 1. Fromport=22$ip1. toport= "1" $ip. Iprange= "0.0.0.0/0" $ip 2=new-object amazon.ec2.model.ippermission$ip2. Ipprotocol= "TCP" $ip 2. Fromport=80$ip2. Toport=80$ip2. Iprange.add ("0.0.0.0/0") get-ec2securitygroup | Where-object {$_. Groupname-eq "WordPress"} | Grant-ec2securitygroupingress-ippermission @ ($ip 1, $ip 2)

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/84/56/wKiom1eNyJ3C0nS8AABDrjNXAGA253.png "style=" float: none; "title=" 5.PNG "alt=" Wkiom1enyj3c0ns8aabdrjnxaga253.png "/>

7. Then create a highly available mariadb, for the sake of simplicity, database name, username, password are set to wordpress, note I here specifically recorded this database instance ID number, this is for the later configuration WordPress needs.

#创建RDS multipleaznew-rdsdbinstance-allocatedstorage 5-dbinstanceidentifier "wordpress"-masterusername "WordPress"- Masteruserpassword "WordPress" '-autominorversionupgrade $true-copytagstosnapshot $false-dbinstanceclass " Db.t2.micro "'-dbname" WordPress "-engine" mariadb "-multiaz $true $rdssgid = (get-rdsdbinstance-dbinstanceidentifier" W Ordpress "| Select-expandproperty vpcsecuritygroups). vpcsecuritygroupid

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/84/56/wKioL1eNyKCTq2GsAADGKRpAy2c819.png "style=" float: none; "title=" 6.PNG "alt=" Wkiol1enykctq2gsaadgkrpay2c819.png "/>

8. Then to make sure that he can be accessed by my WordPress server, I have to open 3306 port

#Configure Security Group of Db$ip3=new-object AMAZON.EC2.MODEL.IPPERMISSION$IP3. Ipprotocol= "TCP" $IP 3. Fromport=3306$ip3. Toport=3306$ip3. Iprange.add ("0.0.0.0/0") get-ec2securitygroup | Where-object{$_. Groupid-eq $rdssgid} | Grant-ec2securitygroupingress-ippermission @ ($ip 3)

9. Next configure the S3 bucket and related policy, the purpose of this bucket is 2, the first is for all EC2 instances have the same WordPress and vhosts configuration file, the second is to synchronize with the EC2 instance of the local directory to save all the pictures, Similar features WordPress has a lot of plugins can do, but here with a script to achieve

#创建S3 bucketnew-s3bucket-bucketname yuanliwordpress-region ap-southeast-2get-s3bucket-bucketname yuanliwordpress# Allow the uploads folder inside the bucket to have public readable permissions, this folder will be used to save WordPress inside the picture [email protected] "{" Version ":" 2012-10-17 "," Statement " : [{"Sid": "Addpem", "Action": ["S3:getobject"], "Effect": "Allow", "Resource": "Ar n:aws:s3:::yuanliwordpress/uploads/* "," Principal ":" * "}]}" @Write-s3bucketpolicy-bucketname yuanliwordpress-p Olicy $policy 3get-s3bucketpolicy-bucketname yuanliwordpress

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/84/57/wKiom1eNyzWyBI0iAABXA16--Q4085.png "title=" 7.PNG " alt= "Wkiom1enyzwybi0iaabxa16--q4085.png"/>

10. Then create a CDN distribution point for this S3, so that the child can access my blog from any region of the world quickly.

#配置S3和CloudFront $origin  = new-object amazon.cloudfront.model.origin$origin. Domainname= "yuanliwordpress.s3.amazonaws.com" $origin. id= "S3-yuanliwordpress" $origin. S3originconfig = new-object amazon.cloudfront.model.s3originconfig$origin. s3originconfig.originaccessidentity =  "" $cfd =new-cfdistribution  '        -DistributionConfig_Enabled  $true   '       -distributionconfig_ comment  "Test distribution"         -Origins_Item  $origin   '       -Origins_Quantity 1  '        -distributionconfig_callerreference wordpresstest  '       - defaultcachebehavior_targetoriginid  $origin. id  '       -ForwardedValues_QueryString  $true   '        -cookies_forward all  '       -WhitelistedNames_Quantity 0  '        -TrustedSigners_Enabled  $false   '       -trustedsigners_quantity  0  '       -defaultcachebehavior_viewerprotocolpolicy allow-all   '       -DefaultCacheBehavior_MinTTL 1000  '        -DistributionConfig_PriceClass  "Priceclass_all"          -CacheBehaviors_Quantity 0  '       -aliases_quantity 0

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/84/57/wKioL1eNyw3Ap-mJAADCdHrVpJk799.png "title=" 8.PNG " Style= "Float:none;" alt= "Wkiol1enyw3ap-mjaadcdhrvpjk799.png"/>

This article is from the "Mapo Tofu" blog, please be sure to keep this source http://beanxyz.blog.51cto.com/5570417/1827752

Powershell AWS Automation Management (11)-Create a highly available WordPress blog (middle)