|
| 1 | +# terraform-aws-serverless-static-wordpress |
| 2 | + |
| 3 | +[](https://github.com/techtospeech/terraform-aws-serverless-static-wordpress/actions/workflows/testsuite-master.yaml?query=branch%3Amaster+event%3Apush+workflow%3Atest-suite) |
| 4 | +<a href="https://twitter.com/intent/follow?screen_name=TechToSpeech"><img src="https://img.shields.io/twitter/follow/TechToSpeech?style=social&logo=twitter" alt="follow on Twitter"></a> |
| 5 | + |
| 6 | +## Introduction |
| 7 | + |
| 8 | +Serverless Static Wordpress is a Community Terraform Module from TechToSpeech that needs nothing more than a registered |
| 9 | +domain name with its DNS pointed at AWS. |
| 10 | + |
| 11 | +It creates a complete infrastructure framework that allows you to launch a temporary, transient Wordpress container. |
| 12 | +You then log in and customize it like any Wordpress site, and finally publish it as a static site fronted by a global |
| 13 | +CloudFront CDN and S3 Origin. When you’re done you shut down the Wordpress container and it costs you almost nothing. |
| 14 | + |
| 15 | +The emphasis is on extremely minimal configuration as the majority of everything you’d need is pre-installed and |
| 16 | +pre-configured in line with industry best practices and highly efficient running costs. |
| 17 | + |
| 18 | +## Architecture Overview |
| 19 | + |
| 20 | + |
| 21 | + |
| 22 | +## Pre-requisites |
| 23 | + |
| 24 | +- A domain name either hosted with AWS, or with its DNS delegated to a Route53 hosted zone. |
| 25 | +- A VPC configured with at least one public subnet in your desired deployment region. |
| 26 | + |
| 27 | +## Provider Set-up |
| 28 | + |
| 29 | +Terraform best practice is to configure providers at the top-level module and pass them downwards through implicit |
| 30 | +inheritance or explicit passing. Whilst the module and child-modules reference `required_providers`, it is also necessary |
| 31 | +for you to provide a regional alias for operations that _must_ be executed in us-east-1 (CloudFront, ACM, and WAF). |
| 32 | +As such you should include the following in your provider configuration: |
| 33 | + |
| 34 | +``` |
| 35 | +terraform { |
| 36 | + required_version = "> 0.15.1" |
| 37 | + required_providers { |
| 38 | + aws = { |
| 39 | + source = "hashicorp/aws" |
| 40 | + version = "~> 3.0" |
| 41 | + configuration_aliases = [aws.ue1] |
| 42 | + } |
| 43 | + } |
| 44 | +} |
| 45 | +
|
| 46 | +provider "aws" { |
| 47 | + alias = "ue1" |
| 48 | + region = "us-east-1" |
| 49 | +} |
| 50 | +
|
| 51 | +``` |
| 52 | + |
| 53 | +The `ue1` alias is essential for this module to work correctly. |
| 54 | + |
| 55 | +## Module instantiation example |
| 56 | + |
| 57 | +``` |
| 58 | +locals { |
| 59 | + aws_account_id = "998877676554" |
| 60 | + aws_region = "eu-west-1" |
| 61 | + site_name = "peterdotcloud" |
| 62 | + profile = "peterdotcloud" |
| 63 | + site_domain = "peter.cloud" |
| 64 | +} |
| 65 | +
|
| 66 | +data "aws_caller_identity" "current" {} |
| 67 | +
|
| 68 | +module "peterdotcloud_website" { |
| 69 | + source = "TechToSpeech/serverless-static-wordpress/aws" |
| 70 | + version = "0.1.0" |
| 71 | + main_vpc_id = "vpc-e121c09b" |
| 72 | + subnet_ids = ["subnet-04b97235","subnet-08fb235","subnet-04b97734"] |
| 73 | + aws_account_id = data.aws_caller_identity.current.account_id |
| 74 | +
|
| 75 | + # site_name will be used to prepend resource names - use no spaces or special characters |
| 76 | + site_name = local.site_name |
| 77 | + site_domain = local.site_domain |
| 78 | + wordpress_subdomain = "wordpress" |
| 79 | + hosted_zone_id = "Z00437553UWAVIRHANGCN" |
| 80 | + s3_region = local.aws_region |
| 81 | +
|
| 82 | + # Send ECS and RDS events to Slack |
| 83 | + slack_webhook = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX" |
| 84 | + ecs_cpu = 1024 |
| 85 | + ecs_memory = 2048 |
| 86 | + cloudfront_aliases = ["www.peter.cloud", "peter.cloud"] |
| 87 | + waf_enabled = true |
| 88 | +
|
| 89 | + # Provides the toggle to launch Wordpress container |
| 90 | + launch = 0 |
| 91 | +
|
| 92 | + ## Passing in Provider block to module is essential |
| 93 | + providers = { |
| 94 | + aws.ue1 = aws.ue1 |
| 95 | + } |
| 96 | +} |
| 97 | +``` |
| 98 | + |
| 99 | +Do not to set `launch` to 1 initially as the module uses a Codebuild pipeline to take a vanilla version |
| 100 | +of the Wordpress docker container and rebake it to include all of the pre-requisites required to publish the Wordpress |
| 101 | +site to S3. |
| 102 | + |
| 103 | +The step to push the required Wordpress container from Dockerhub to your own ECR repository can be tied into your |
| 104 | +module instantiation using our [helper module](https://github.com/TechToSpeech/terraform-aws-ecr-mirror) as follows: |
| 105 | + |
| 106 | +Note this requires Docker to be running on your Terraform environment with either a named AWS profile or credentials |
| 107 | +otherwise available. |
| 108 | +``` |
| 109 | +module "docker_pullpush" { |
| 110 | + source = "TechToSpeech/ecr-mirror/aws" |
| 111 | + version = "0.0.6" |
| 112 | + aws_account_id = data.aws_caller_identity.current.account_id |
| 113 | + aws_region = local.aws_region |
| 114 | + docker_source = "wordpress:php7.4-apache" |
| 115 | + aws_profile = "peterdotcloud" |
| 116 | + ecr_repo_name = module.peterdotcloud_website.wordpress_ecr_repository |
| 117 | + ecr_repo_tag = "base" |
| 118 | + depends_on = [module.peterdotcloud_website] |
| 119 | +} |
| 120 | +``` |
| 121 | + |
| 122 | +The CodeBuild pipeline takes a couple of minutes to run and pushes back a 'latest' tagged version of the container, |
| 123 | +which is what will be used for the Wordpress container. This build either needs to be triggered manually from the |
| 124 | +CodeBuild console, or you can use this snippet to trigger the build as part of your Terraform flow: |
| 125 | + |
| 126 | +``` |
| 127 | +resource "null_resource" "trigger_build" { |
| 128 | + triggers = { |
| 129 | + codebuild_etag = module.peterdotcloud_website.codebuild_package_etag |
| 130 | + } |
| 131 | + provisioner "local-exec" { |
| 132 | + command = <<-EOT |
| 133 | + aws codebuild start-build --project-name "${module.peterdotcloud_website.codebuild_project_name}" |
| 134 | + --profile "${local.profile}" --region "${local.aws_region}" |
| 135 | + EOT |
| 136 | + } |
| 137 | + depends_on = [ |
| 138 | + module.peterdotcloud_website, module.docker_pullpush |
| 139 | + ] |
| 140 | +} |
| 141 | +``` |
| 142 | + |
| 143 | +Whilst this might feel convoluted (and you might ask: why not just provide a public customized Docker image?), it was |
| 144 | +felt important that users should 'own' their own version of the Wordpress container, built transparently from the official Wordpress docker image with full provenance. |
| 145 | + |
| 146 | +Finally, if you wish to fully automate the creation _and_ update of the domain's nameservers if it's registered in |
| 147 | +Route53 within the same account, you can add these additional snippets to include this in your flow. |
| 148 | + |
| 149 | +``` |
| 150 | +resource "aws_route53_zone" "apex" { |
| 151 | + name = "peter.cloud" |
| 152 | +} |
| 153 | +
|
| 154 | +resource "null_resource" "update_nameservers" { |
| 155 | + triggers = { |
| 156 | + nameservers = aws_route53_zone.apex.id |
| 157 | + } |
| 158 | + provisioner "local-exec" { |
| 159 | + command = <<-EOT |
| 160 | + aws route53domains update-domain-nameservers --region us-east-1 --domain-name "${local.site_domain}" |
| 161 | + --nameservers Name="${aws_route53_zone.apex.name_servers.0}" Name="${aws_route53_zone.apex.name_servers.1}" |
| 162 | + Name="${aws_route53_zone.apex.name_servers.2}" Name="${aws_route53_zone.apex.name_servers.3}" --profile peterdotcloud |
| 163 | + EOT |
| 164 | + } |
| 165 | + depends_on = [aws_route53_zone.apex] |
| 166 | +} |
| 167 | +``` |
| 168 | +See [examples](docs/examples) for full set-up example. |
0 commit comments