{"id":27096472,"url":"https://github.com/saloniamatteo/aws-wordpress-deployment","last_synced_at":"2026-03-06T22:02:21.554Z","repository":{"id":286191092,"uuid":"957884912","full_name":"saloniamatteo/aws-wordpress-deployment","owner":"saloniamatteo","description":"Matteo Salonia's WordPress deployment on AWS","archived":false,"fork":false,"pushed_at":"2025-04-04T20:51:02.000Z","size":425,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-04T21:37:26.930Z","etag":null,"topics":["aws-cloudformation","cloudformation","docker","docker-wordpress","wordpress","wordpress-aws","wordpress-docker"],"latest_commit_sha":null,"homepage":"","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/saloniamatteo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-31T09:51:16.000Z","updated_at":"2025-04-04T20:51:06.000Z","dependencies_parsed_at":"2025-04-04T21:37:33.504Z","dependency_job_id":"2d36e1e6-842d-46f3-9895-ae41ead06a62","html_url":"https://github.com/saloniamatteo/aws-wordpress-deployment","commit_stats":null,"previous_names":["saloniamatteo/aws-wordpress-deployment"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/saloniamatteo/aws-wordpress-deployment","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saloniamatteo%2Faws-wordpress-deployment","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saloniamatteo%2Faws-wordpress-deployment/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saloniamatteo%2Faws-wordpress-deployment/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saloniamatteo%2Faws-wordpress-deployment/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/saloniamatteo","download_url":"https://codeload.github.com/saloniamatteo/aws-wordpress-deployment/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saloniamatteo%2Faws-wordpress-deployment/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30200756,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T19:07:06.838Z","status":"ssl_error","status_checked_at":"2026-03-06T18:57:34.882Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-cloudformation","cloudformation","docker","docker-wordpress","wordpress","wordpress-aws","wordpress-docker"],"created_at":"2025-04-06T09:54:08.579Z","updated_at":"2026-03-06T22:02:21.505Z","avatar_url":"https://github.com/saloniamatteo.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Wordpress deployment on AWS\n\nThis project creates a secure, resilient, scalable, replicable, distributed Wordpress deployment.\n\nThe following technologies are used:\n- AWS CloudFormation (stack deployment)\n- AWS CloudFront\n- AWS CloudWatch\n- AWS ECS\n- AWS EFS\n- AWS ELB\n- AWS IAM\n- AWS KMS\n- AWS RDS\n- AWS S3\n- AWS SNS\n- AWS Secrets Manager\n- AWS VPC\n\n![Infra](infra.png)\n\n## Structure\nThis project is structured as follows:\n```\n├── Makefile\n├── templates\n│   └── *.yaml\n├── wordpress-dev.json\n└── wordpress-prod.json\n```\n\nThe `templates` folder contains the following:\n\n```\n├── alb.yaml\n├── cloudfront.yaml\n├── cloudwatch.yaml\n├── ecs.yaml\n├── efs.yaml\n├── env.yaml\n├── kms.yaml\n├── network.yaml\n├── rds.yaml\n├── s3.yaml\n├── secrets-manager.yaml\n└── sns.yaml\n```\n\nEach file creates a piece of infrastructure.\n\nIn order to deploy this stack, `rain merge` is used to create one singular file.\n\n## Prerequisites\nIn order to deploy this stack \u0026 work with it, the following tools are required:\n- [rain](https://github.com/aws-cloudformation/rain)\n- [jq](https://github.com/jqlang/jq)\n\n## Makefile overrides\nThe `rain` binary in `Makefile` is called from `RAIN_CMD`, which defaults to `$HOME/go/bin/rain`.\nChange this parameter if your path is different!\n\nExample:\n\n```bash\nRAIN_CMD=/usr/local/bin/rain make deploy\n```\n\nSimilarly, the following Makefile variables can be overridden:\n\n- `STACK_NAME`: the name of the stack (default: `WordpressStack`)\n- `RAIN_CMD`: path to `rain` (default: `${HOME}/go/bin/rain`)\n- `PARAMS_FILE`: path to the development parameters (default: `wordpress-dev.json`)\n- `PARAMS_FILE_PROD`: path to the production parameters (default: `wordpress-prod.json`)\n\n## Deploying the stack\nDeploying the CloudFormation stack is real easy.\n\nThe provided `Makefile` provides the following commands:\n- `make lint`: lint the merged CloudFormation template\n- `make deploy`: deploy the CloudFormation stack using rain (development values)\n- `make deploy-prod`: deploy the CloudFormation stack using rain (production values)\n- `make delete`: delete the deployed CloudFormation stack using the AWS CLI\n- `make clean`: remove the merged CloudFormation template\n\nRunning `make deploy` is an easy, hassle-free way to get started with this stack.\n\n**NOTE**: please set the `AdminEmail` parameter before deploying.\nMore info below.\n\n### Outputs\nThe following outputs are produced:\n- `CFDomainName`: the CloudFront distribution's publicly-accessible DNS Name. This is the Wordpress deployment's URL.\n\n## Technical design notes\n### Admin Email\nThis stack provides the following CloudWatch Alerts:\n- ECS: CPUUtilization average \u003e= 70% for 5 minutes\n- RDS: CPUUtilization average \u003e= 70% for 5 minutes\n\nThe thresholds (70%) can be changed independently of each other.\n\nAlerts are then relayed to an SNS Topic, which is configured to send\nemail to the provided `AdminEmail` parameter through an SNS Subscription.\n\n**Don't forget to set this value!** The default is `CHANGEME@example.com`.\n\n### ALB\nThe Application Load Balancer (ALB) enables stickiness, provided by an LB cookie,\nfor a total duration of 15 minutes. This value can be changed.\n\nStickiness needs to be turned on in order to allow logins.\nWithout it, trying to login would result in a page refresh.\n\n### CloudFront \u003c-\u003e ALB\nThe ALB only accepts direct traffic from CloudFront, by creating a\n[CloudFront VPC Origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-vpc-origins.html).\n\nThe ALB is internal only, and is therefore placed in all three private subnets.\n\n**NOTE**: the Managed Prefix List ID (`com.amazonaws.global.cloudfront.origin-facing`)\nis fetched when running `make deploy` (or `make deploy-prod`), so as to avoid hardcoded values.\nThis is needed in order to restrict access to the load balancer, and to allow only CloudFront.\n\n### RDS DB Credentials\nThe credentials used to access the RDS DB (username \u0026 password) are generated\nautomatically (and therefore, stored) by Secrets Manager.\n\nConstraints:\n- Username: 16 characters max, no numbers, no punctuation, no uppercase chars, no spaces\n- Password: default 32 characters, no spaces, `\"@/\\` characters excluded\n\nThese are then referenced by both RDS and ECS.\n\nSecrets are encrypted using a KMS Key generated by this stack.\nThe default key encryption used is `AES-128-GCM`.\n\n### RDS Deployment\nWhen `EnvType` is set to `prod` (production), the RDS DB is deployed\nwith `MultiAZ = true`. Otherwise, the DB is deployed in a single AZ.\n\n**NOTE**: a MultiAZ deployment does not deploy the DB in all three AZs.\nInstead, it creates a master instance in a random AZ, and a\nsecondary/slave instance in another random AZ, totaling two AZs.\n\nThe RDS Storage is encrypted with another KMS Key generated by this stack.\n\n**NOTE**: that the provided storage type is `gp2`, which is the one\nprovided in the free tier. Change this value accordingly.\n\n### VPC\nThe CIDR of the VPC is (obviously) a parameter. The value in the provided parameter files\nis set to `10.14.0.0/16`.\n\nSubsequently, the subnets' CIDRs (both public \u0026 private) are not hardcoded,\nmeaning their values are automatically calculated from the VPC CIDR value,\nby using the following formula:\n\n```yaml\n!Select [n, !Cidr [ !Ref VPCCIDR, c, 8 ]]\n```\n\nWhere:\n- `n`: generated CIDR number (from 0 to 5; the first 3 are used for the public subnets)\n- `c`: how many subnets to create (6)\n- `8`: subnet bits (`32 - 24 = 8`); a `/24` address space is assigned for each subnet\n\n### Wordpress version\nThe wordpress version is parametrized, meaning the `WordpressVersion` parameter\ncan be used to set a specific version. The recommended default is `latest`.\n\nYou can see available versions [here](https://hub.docker.com/_/wordpress).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaloniamatteo%2Faws-wordpress-deployment","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsaloniamatteo%2Faws-wordpress-deployment","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaloniamatteo%2Faws-wordpress-deployment/lists"}