In the world of cloud hosting creating an infrastructure on AWS requires planning and skilled troubleshooting. This detailed blog post explores the process of establishing WordPress hosting in the Region discussing the structure, security measures and creative solutions developed to tackle obstacles.
Infrastructure Overview:
Our hosting environment is segregated into two Virtual Private Clouds (VPCs): Staging and Production, each meticulously architected to meet specific requirements.
Staging VPC Configuration:
- 2 Public Subnets: One houses the Staging Application Load Balancer (ALB), while the other accommodates the Central Bastion Host for secure access.
- 2 Private Subnets: Segmented to host two websites each, facilitating efficient management and isolation.
- All websites run on EC2 instances, ensuring scalability and flexibility.
Production VPC Configuration:
- 1 Public Subnet: Hosts the Production ALB, serving as the entry point for users accessing the production websites. Within the Production ALB, we’ve employed Host-Based Routing to efficiently route traffic to the appropriate backend servers based on the host header in the HTTP request. This enables granular control over traffic distribution, enhancing the overall performance and reliability of our hosting environment.
- 4 Private Subnets: Dedicated to hosting the production websites, ensuring segregation and minimizing potential points of failure.
- Production RDS: Situated in a separate Private Subnet, enhancing security and facilitating centralised management.
- CloudFront: To optimise content delivery and minimize latency, we’ve configured CloudFront to point to the Production ALB as the origin server. Leveraging caching policies and behaviors, we’ve fine-tuned content delivery to ensure rapid response times and efficient resource utilisation.
Security Measures
- Well-Architected Framework (WAF): Our framework, based on AWSs practices, focuses on excellence, security, reliability, efficient performance, cost optimization and sustainability.
- Bastion Host: The Bastion Host serves as the access point, for managing both Staging and Production servers by enforcing access controls to enhance security.
- VPC Peering: When it comes to VPC peering in our setup it plays a role in facilitating communication between the Staging and Production VPCs. In our design the Central Bastion Host in the Staging VPC acts as the gateway for accessing both staging and production environments. Through VPC peering we’ve created a direct connection that allows the Bastion Host to communicate with the production servers in the Production VPC. This streamlined communication pathway ensures resource management and monitoring across environments while maintaining high security standards.
- ACM: To enhance data security and confidentiality we’ve implemented SSL encryption at the Load Balancer level using AWS Certificate Manager for end-to-end encryption of data transmitted between clients and our infrastructure.
Architecture Diagram:
Challenges Faced:
Our journey wasn’t without its hurdles.We faced an issue when dealing with the DNS configuration, on Godaddy specifically when trying to add records to the main domain. Moreover setting up HTTPS redirection for websites presented another challenge as the usual approaches didn’t work well in our system.
Solutions Implemented:
- pizza.redirect: Faced with the DNS limitation, we innovated with a solution dubbed pizza.redirect. This inventive approach involved routing users through a series of redirects—from Godaddy to CloudFront and finally to the Production ALB—circumventing the CNAME restriction and ensuring seamless domain resolution.
- Cost-Optimised: Initially considering Global Accelerator for A-NAME record which we will later put on Godaddy has pivoted to be more costly than pizza.redirect solution. By prioritising cost optimization without compromising performance, we achieved the desired outcome while maintaining affordability for our customers.
Conclusion
Our journey of setting up WordPress hosting on AWS underscores the importance of adaptability, creativity, and strategic decision-making. By meticulously crafting our infrastructure, leveraging innovative solutions, and prioritising customer requirements, we’ve established a robust hosting environment that excels in security, performance, and cost efficiency. As technology continues to evolve, we remain committed to staying at the forefront of innovation, delivering exceptional solutions that exceed customer expectations.