An example project that deploys Wordpress to ECS Fargate w/ an Aurora MySql database. Uses the stelligent/mu framework for pipeline management.
- Clone the repo locally.
- Install AWS CLI.
- Create an IAM Dev User with the following Policy
AdministratorAccess
- Run AWS Configure
aws configure
- Put In your access key and secret from step 3 when prompted
- Install stelligent/mu.
- Create an IAM Application User and configure access keys. User should have at least the following permissions:
-
s3:GetObject
-
s3:GetObjectVersion
-
s3:GetObjectVersionTagging
-
s3:DeleteObject
-
s3:DeleteObjectVersion
-
s3:DeleteObjectTagging
-
s3:PutObject
-
s3:PutObjectAcl
-
s3:PutObjectTagging
-
s3:ListBucket
-
s3:ListAllMyBuckets
-
s3:ListBucketVersions
-
NOTE: The template will create a user with these permissions that you can assign an access key to, however this requires two deployments (one to create the access key, then a manual step, then another to set the environment variable)
-
- Put the access key id and secret in separate parameters in parameter store which can be found in EC2 Systems Manager
- Update mu.yml with the names of the parameters, just use the name of key, the docker file will call getParameter to decode the actual value, no brackets are needed
- Create a new Hosted zone for your domain in Route 52 and ensure your domain is set up to use amazon's nameservers.
- Replace shhorsfi.myinstance.com in mu.yml with the domain of your hosted zone
- Run
mu pipeline up
.- Input a GitHub OAuth Token when prompted.
- See stelligent/mu documentation for details.
- Logon to Wordpress by navigating to your domain (Create Admin/Password).
- Enable WP Offload S3 Lite Plugin
- Enable the following Settings:
- Copy Files to S3
- Rewrite File URLs
- CloudFront or Custom Domain
- Remove Files From Server
- The WP Offload S3 Lite Plugin doesn't support ECS Task IAM Roles. To work-around this we need to create an IAM user, and configure access keys. Currently the access key id and secret are stored in parameter store. The name of the parameters are defined as environment variables in mu.yml.
- You have to manually activate the WP Offload S3 Lite Plugin, and configure some of its settings.
- Plugins are not handled in a way that they can be applied across all tasks without re-building the docker container image. If Fargate handled peristent data-volumes this could be solved, or the provider could be changed from ECS-FARGATE to ECS, and the templates could be updated to handle an EFS volume. This would require a process for building a custom AMI or bootstrap an ECS optimized AMI. Tutorial
- Wordpress upgrades are not handled (this is tracked as an issue in the official Docker image).
- Put WP Offload S3 Lite settings in entrypoint.sh script.
- Auto-put secrets in parameter store as part of template. (Create User, Create Access Key, Create Parameter).
- Error handling in entrypoint script.
- Pretty Diagrams
- CloudFront Configuration