Demo: Architecture Evolution

---

Deploy Base Architecture

---

1. Log into AWS and make sure you are in the N. Virgina Region.
2. Click the deployment link to create the stack
3. This should create a basic VPC with 3 tier architecture (DB, APP, WEB) spread across 3 availability zones.
4. Navigate to the EC2 console
5. Launch an Amazon Linux 2 AMI on a free tier instance type into the sn-pub-A subnet. a. make sure you select the IAM role before deploying b. also select the Unlimited Credit specification. c. Leave the storage, add a tag Name: WP-Manual, add to the SGWordpress Security Group d. You can ignore the SSH port warning and then launch WITHOUT a key pair.
6. Once this is in the running state, you can continue with this tutorial.

Systems Manager Parameters

---

1. Navigate to the Systems Manager console and click on Parameter store.
2. Create the following parameters:

/BY/WP/DBUser - Database User - Standard - String - text - bywpuser
/BY/WP/DBName - Database Name - Standard - String - text - bywpdb
/BY/WP/DBEndpoint - Database Endpoint - Standard - String - text - localhost
/BY/WP/DBPassword - Database PW - Standard - SecureString - My Current Account - KMS Key ID: alias/aws/ssm and set password to BabyYoda123!
/BY/WP/DBRootPassword - Database Root PW - Standard - SecureString - My Current Account - KMS Key ID: alias/aws/ssm and set password to BabyYoda123! 

Install WordPress

1. Connect to the EC2 instance via session manager.
2. run sudo bash and then cd and then clear to tidy up the screen a bit.
   
3. Type each one of these commands in manually, do not copy and paste.

DBPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBPassword --with-decryption --query Parameters[0].Value)
DBPassword=`echo $DBPassword | sed -e 's/^"//' -e 's/"$//'`

DBRootPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBRootPassword --with-decryption --query Parameters[0].Value)
DBRootPassword=`echo $DBRootPassword | sed -e 's/^"//' -e 's/"$//'`

DBUser=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBUser --query Parameters[0].Value)
DBUser=`echo $DBUser | sed -e 's/^"//' -e 's/"$//'`

DBName=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBName --query Parameters[0].Value)
DBName=`echo $DBName | sed -e 's/^"//' -e 's/"$//'`

DBEndpoint=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBEndpoint --query Parameters[0].Value)
DBEndpoint=`echo $DBEndpoint | sed -e 's/^"//' -e 's/"$//'`

4. I mean, you could have copied them, but I really wanted you to get a feel for how tedious that was. Sorry.
5. Update the os by running sudo yum -y update and sudo yum -y upgrade
   
6. Clear the screen by running clear
7. Install dependencies

sudo yum install -y mariadb-server httpd wget
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo amazon-linux-extras install epel -y
sudo yum install stress -y

8. Set the server and database to start on boot

sudo systemctl enable httpd
sudo systemctl enable mariadb
sudo systemctl start httpd
sudo systemctl start mariadb

9. Set the MariaDB default PW sudo mysqladmin -u root password $DBRootPassword
10. Download and extract Wordpress and remove the tarball and folder.

sudo wget http://wordpress.org/latest.tar.gz -P /var/www/html
cd /var/www/html
sudo tar -zxvf latest.tar.gz
sudo cp -rvf wordpress/* .
sudo rm -R wordpress
sudo rm latest.tar.gz

11. Replace the config.php with the environment variables taken from the parameter store.

sudo cp ./wp-config-sample.php ./wp-config.php
sudo sed -i "s/'database_name_here'/'$DBName'/g" wp-config.php
sudo sed -i "s/'username_here'/'$DBUser'/g" wp-config.php
sudo sed -i "s/'password_here'/'$DBPassword'/g" wp-config.php

12. Set perms on the file system:

sudo usermod -a -G apache ec2-user   
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www
sudo find /var/www -type d -exec chmod 2775 {} \;
sudo find /var/www -type f -exec chmod 0664 {} \;

13. Create WP user, set password, create database and then configure perms.

sudo echo "CREATE DATABASE $DBName;" >> /tmp/db.setup
sudo echo "CREATE USER '$DBUser'@'localhost' IDENTIFIED BY '$DBPassword';" >> /tmp/db.setup
sudo echo "GRANT ALL ON $DBName.* TO '$DBUser'@'localhost';" >> /tmp/db.setup
sudo echo "FLUSH PRIVILEGES;" >> /tmp/db.setup
sudo mysql -u root --password=$DBRootPassword < /tmp/db.setup
sudo rm /tmp/db.setup

14. Take a moment and realize how tedious that would be to plan and type out.
15. Copy the IP address from the EC2 instance and open into the browser (use HTTP, not HTTPS as that is not configured)
16. Enter the following information:

• Site Name: BabyYodaPoC
• username: admin
• pw: BabyYoda123!
• email: your personal email address

17. Log in using the above information
    
18. Create a post of your choosing. I did a welcome to the best Baby Yoda Site. Add some pictures. a. Uploading the images adds them to the MariaDB on your new site. We'll move this content out as we split up the infrastructure later.

This Wordpress install is very limited. Imagine if your company installed an app like this and relied on it for production usage.

• It's built in one subnet in one AZ on one EC2 instance.
• All of the components of this site exist on the same EC2 instance.
• Traffic is directed to the public IP (not Elastic, either) for this EC2 instance. Imagine if today you had 3 people visit it, and it went viral overnight and had 100,000 views/day. That free tier instance type would just choke and die.
• as soon as this EC2 instance is restarted, the IP address will change. Good luck setting up your hosted domain or Route53 A record.
• Oh, and WordPress hard-codes the IP address into its application php files so it won't work after the instance restarts anyway. Best of luck to you.

19. Test this out by stopping and starting the instance. Do it. Go for it.

Just imagine if this site was up for about 2 years and had a ton of data on it. If this instance failed right now, you'd lose your entire site unless it was backed up. Then, you'd need to worry about how you'd restore it.

Terminate this instance

---

1. Last step here, to simulate complete EC2 instance failure, terminate the EC2 instance. Yes. Terminate it. Now, try accessing "your company's application". It's gone. All of it.

Rebuilding with Launch template

---

1. Log into AWS and make sure you're in the N. Virginia region
2. Navigate to the EC2 console and click on Launch Templates and click Create Launch Template.
3. Name this BYWordpress and give it a description
4. Under Auto Scaling Guidance, check the "provide guidance" box
   
5. Specify the Amazon Linux 2 AMI.
6. Select a free tier instance type.
7. Skip the key pair option and select the WordPress Security Group.
8. Expand the Advanced Details and select the WordPress Instance Profile
9. Set the Credit specification to Unlimited.
10. Scroll down to the user data box. Here's where we will include the bootstrapping script that will run on first launch to configure the Wordpress install.
11. Copy and paste in this data below. It will look familiar as it's all the code that you manually typed in before.

#!/bin/bash -xe

DBPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBPassword --with-decryption --query Parameters[0].Value)
DBPassword=`echo $DBPassword | sed -e 's/^"//' -e 's/"$//'`

DBRootPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBRootPassword --with-decryption --query Parameters[0].Value)
DBRootPassword=`echo $DBRootPassword | sed -e 's/^"//' -e 's/"$//'`

DBUser=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBUser --query Parameters[0].Value)
DBUser=`echo $DBUser | sed -e 's/^"//' -e 's/"$//'`

DBName=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBName --query Parameters[0].Value)
DBName=`echo $DBName | sed -e 's/^"//' -e 's/"$//'`

DBEndpoint=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBEndpoint --query Parameters[0].Value)
DBEndpoint=`echo $DBEndpoint | sed -e 's/^"//' -e 's/"$//'`

yum -y update
yum -y upgrade

yum install -y mariadb-server httpd wget
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
amazon-linux-extras install epel -y
yum install stress -y

systemctl enable httpd
systemctl enable mariadb
systemctl start httpd
systemctl start mariadb

mysqladmin -u root password $DBRootPassword

wget http://wordpress.org/latest.tar.gz -P /var/www/html
cd /var/www/html
tar -zxvf latest.tar.gz
cp -rvf wordpress/* .
rm -R wordpress
rm latest.tar.gz

sudo cp ./wp-config-sample.php ./wp-config.php
sed -i "s/'database_name_here'/'$DBName'/g" wp-config.php
sed -i "s/'username_here'/'$DBUser'/g" wp-config.php
sed -i "s/'password_here'/'$DBPassword'/g" wp-config.php
sed -i "s/'localhost'/'$DBEndpoint'/g" wp-config.php

usermod -a -G apache ec2-user   
chown -R ec2-user:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;

echo "CREATE DATABASE $DBName;" >> /tmp/db.setup
echo "CREATE USER '$DBUser'@'localhost' IDENTIFIED BY '$DBPassword';" >> /tmp/db.setup
echo "GRANT ALL ON $DBName.* TO '$DBUser'@'localhost';" >> /tmp/db.setup
echo "FLUSH PRIVILEGES;" >> /tmp/db.setup
mysql -u root --password=$DBRootPassword < /tmp/db.setup
rm /tmp/db.setup

12. Click Create Launch Template
    

Launch new EC2 instance

---

1. Click on the template and then click Actions and then Launch Instance from Template.
2. Specify no key pair and a subnet (sn-pub-A) just like the last one.
3. Add tag Name: BYWPTemplate
4. Click Launch Template.
5. Click on the instance and wait a few minutes for it to build. Once it's built, you should be able to copy the Public IP into your browser just like we did before.
6. Copy the IP address from the EC2 instance and open into the browser (use HTTP, not HTTPS as that is not configured)
7. Enter the following information:

• Site Name: BabyYodaPoC
• username: admin
• pw: BabyYoda123!
• email: your personal email address

8. Log in using the above information
   
9. Create a post of your choosing. I did a welcome to the best Baby Yoda Site. Add some pictures. a. Uploading the images adds them to the MariaDB on your new site. We'll move this content out as we split up the infrastructure later.

This shows you can automate some of the steps and not do this manually, however with this, all we've done is automate the same architecture as we had before.

• Single EC2 with app and DB, single AZ, direct traffic via IP.

What this also shows is that maybe we can find a way to launch multiple instances of this and then have each one of those instances all have the same copy of the App.

Create RDS Subnet Group

---

1. Navigate to the RDS console.

2. Click on Subnet Groups on the left.

3. Click Create

4. Name this BYWPRDSSubnetGroup and enter a description

5. Select the VPC

6. Select the Availablity Zones that are in the database tier us-east-1a, 1b, 1c

7. Select the Database subnets (10.16.16.0/20, 10.16.80.0/20, 10.16.144.0/20)

8. Click Create.

Create Database

---

1. Click on Databases and then click Create Database.
2. Select Standard and then MySQL.
3. For the version, select 5.7.31
4. Select the Free tier template
5. For the DB instance identifier, name this byWordPress
6. For the Credentials, enter in the same username and password as you used to manually create the database.

bywpuser - BabyYoda123!

7. Notice we can't select other database sizes due to being in the free tier.
8. Scroll down and select our VPC under the Connectivity section
9. Notice that the Subnet Group automatically populates.
10. Select No on the public access for the database.
11. Remove the Default Security group and then select the SGDatabase security group from the dropdown.
12. Select us-east-1a from the availability zone dropdown
13. Scroll down to Database Authentication and then expand Additional Configuration
14. Name this database the same as you had before: bywpdb
15. Scroll through the remaining options and click Create database.
16. This might take a good 30 minutes to complete the creation of this database.

Migrate Database

---

1. Navigate back to the EC2 Console
2. Connect to the EC2 instance via Session Manager.
3. Type in sudo bash followed by cd followed by clear to give us a fresh window
4. Copyand paste in the commands below to load the variables from the parameter store into the environment variables.

DBPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBPassword --with-decryption --query Parameters[0].Value)
DBPassword=`echo $DBPassword | sed -e 's/^"//' -e 's/"$//'`

DBRootPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBRootPassword --with-decryption --query Parameters[0].Value)
DBRootPassword=`echo $DBRootPassword | sed -e 's/^"//' -e 's/"$//'`

DBUser=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBUser --query Parameters[0].Value)
DBUser=`echo $DBUser | sed -e 's/^"//' -e 's/"$//'`

DBName=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBName --query Parameters[0].Value)
DBName=`echo $DBName | sed -e 's/^"//' -e 's/"$//'`

DBEndpoint=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBEndpoint --query Parameters[0].Value)
DBEndpoint=`echo $DBEndpoint | sed -e 's/^"//' -e 's/"$//'`

5. Backup the database mysqldump -h $DBEndpoint -u $DBUser -p$DBPassword $DBName > bydatabasedump.sql
6. Verify the backup exists by running ls -la
   
7. Navigate back to the RDS console and select the database.
8. Copy the endpoint URL and navigate to the Parameter Store.
9. Delete the endpoint parameter (the one we set to localhost)
10. Create a new parameter to replace this, but this time the value will be bywordpress.ckdygzaxp0wx.us-east-1.rds.amazonaws.com or whatever you have copied.
11. Run these commands again to refresh the DBEndpoint:

DBEndpoint=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBEndpoint --query Parameters[0].Value)
DBEndpoint=`echo $DBEndpoint | sed -e 's/^"//' -e 's/"$//'`

12. Restore the database by running this command:

mysql -h $DBEndpoint -u $DBUser -p$DBPassword $DBName < bydatabasedump.sql 

Update WordPress configuration

1. Run sudo sed -i "s/'localhost'/'$DBEndpoint'/g" /var/www/html/wp-config.php
2. Disable and stop MariaDB

sudo systemctl disable mariadb
sudo systemctl stop mariadb

3. Refresh the Baby Yoda Wordpress site and it should load using the MySQL RDS Database.

Modify Launch template

---

1. Navigate back to the EC2 console and select Launch Template
2. Modify this template
3. Rename the description to single server App only
4. Scroll down to the user data section (remember we have the mariaDB code there)
5. Remove the two systemctl lines that refer to MariaDB and the section that creates the database. Finished userdata block should look like this:

#!/bin/bash -xe

DBPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBPassword --with-decryption --query Parameters[0].Value)
DBPassword=`echo $DBPassword | sed -e 's/^"//' -e 's/"$//'`

DBRootPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBRootPassword --with-decryption --query Parameters[0].Value)
DBRootPassword=`echo $DBRootPassword | sed -e 's/^"//' -e 's/"$//'`

DBUser=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBUser --query Parameters[0].Value)
DBUser=`echo $DBUser | sed -e 's/^"//' -e 's/"$//'`

DBName=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBName --query Parameters[0].Value)
DBName=`echo $DBName | sed -e 's/^"//' -e 's/"$//'`

DBEndpoint=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBEndpoint --query Parameters[0].Value)
DBEndpoint=`echo $DBEndpoint | sed -e 's/^"//' -e 's/"$//'`

yum -y update
yum -y upgrade

yum install -y mariadb-server httpd wget
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
amazon-linux-extras install epel -y
yum install stress -y

systemctl enable httpd
systemctl start httpd

wget http://wordpress.org/latest.tar.gz -P /var/www/html
cd /var/www/html
tar -zxvf latest.tar.gz
cp -rvf wordpress/* .
rm -R wordpress
rm latest.tar.gz

sudo cp ./wp-config-sample.php ./wp-config.php
sed -i "s/'database_name_here'/'$DBName'/g" wp-config.php
sed -i "s/'username_here'/'$DBUser'/g" wp-config.php
sed -i "s/'password_here'/'$DBPassword'/g" wp-config.php
sed -i "s/'localhost'/'$DBEndpoint'/g" wp-config.php

usermod -a -G apache ec2-user   
chown -R ec2-user:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;

6. Save template and then set this new template as the default.
   

Your infrastructure stack now looks like this.

Separate WPContent from EC2 instance

---

1. Navigate to EFS console in AWS.
2. Click on Create File System and click Customize
3. Name this BY-WP-Content
4. Leave the defaults except for Enable Encryption at rest, uncheck that.
5. Click next to configure the network access.
6. Select the VPC we are using and then uncheck the default security groups.
7. Select the sn-app-A, B, C respectively for the AZs.
8. For the security groups, select the SGEFS Groups.
9. Click next, review the options here, click next again, and then Create.
10. Click on the file system and navigate to the network tab. These are the mountpoints that are being created. These will need to be in the available state.
11. Copy the file system ID (fs-0b1636ae73dec8f51
12. Navigate back to the parameter store in systems manager.
13. Create a new parameter:

/BY/WP/EFSFSID
Filesystem
Standard
Text
fs-0b1636ae73dec8f51

14. Navigate back to the EFS console and make sure these mountpoints are in the available state.

Configure EC2 Instance to connect to EFS

---

1. Navigate back to the EC2 console and click on our EC2 instance.
2. Connect via session manager.
3. Type in sudo bash followed by cd followed by clear to give us a fresh window
4. Install the efs tools by running sudo yum -y install amazon-efs-utils
5. cd /var/www/html into that folder. Run ls -la to view the contents.
6. Move the wp-content folder to a temp directory by running sudo mv wp-content/ /tmp
7. Create a mountpoint folder sudo mkdir wp-content
8. Run the next two commands to get the FSID from the parameter store.

EFSFSID=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/EFSFSID --query Parameters[0].Value)
EFSFSID=`echo $EFSFSID | sed -e 's/^"//' -e 's/"$//'`

9. Run cat /etc/fstab to view the file system mounts
10. Run echo -e "$EFSFSID:/ /var/www/html/wp-content efs _netdev,tls,iam 0 0" >> /etc/fstab to add the mountpoint to the EFS
11. Mount the EFS by running mount -a -t efs defaults
12. Verify by running df -k
13. Move the content back into the new EFS share by running mv /tmp/wp-content/* /var/www/html/wp-content/
14. Fix the permissions on this new folder by running chown -R ec2-user:apache /var/www/
15. Reconnect to the EC2 instance using session manager
16. run df -k to list the volumes.
17. Copy in the Public IP and you should be able to refresh the site.

Update the Launch Template to use the EFS file system

---

1. Navigate to the EC2 console and into the Launch Templates
2. Edit this launch template and change the description to App Only, Uses EFS
3. Scroll all the way down to the user data where we will make some changes to configure this to use EFS.
4. On the 3rd line, paste the following code:

EFSFSID=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/EFSFSID --query Parameters[0].Value)
EFSFSID=`echo $EFSFSID | sed -e 's/^"//' -e 's/"$//'`

5. Scroll down to the yum install -y line and add amazon-efs-utils at the end of it.
6. Add the following code under the systemctl start httpd line:

mkdir -p /var/www/html/wp-content
chown -R ec2-user:apache /var/www/
echo -e "$EFSFSID:/ /var/www/html/wp-content efs _netdev,tls,iam 0 0" >> /etc/fstab
mount -a -t efs defaults

7. The code for the user data section should look like this:

#!/bin/bash -xe

EFSFSID=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/EFSFSID --query Parameters[0].Value)
EFSFSID=`echo $EFSFSID | sed -e 's/^"//' -e 's/"$//'`

DBPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBPassword --with-decryption --query Parameters[0].Value)
DBPassword=`echo $DBPassword | sed -e 's/^"//' -e 's/"$//'`

DBRootPassword=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBRootPassword --with-decryption --query Parameters[0].Value)
DBRootPassword=`echo $DBRootPassword | sed -e 's/^"//' -e 's/"$//'`

DBUser=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBUser --query Parameters[0].Value)
DBUser=`echo $DBUser | sed -e 's/^"//' -e 's/"$//'`

DBName=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBName --query Parameters[0].Value)
DBName=`echo $DBName | sed -e 's/^"//' -e 's/"$//'`

DBEndpoint=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/DBEndpoint --query Parameters[0].Value)
DBEndpoint=`echo $DBEndpoint | sed -e 's/^"//' -e 's/"$//'`

yum -y update
yum -y upgrade

yum install -y mariadb-server httpd wget amazon-efs-utils
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
amazon-linux-extras install epel -y
yum install stress -y

systemctl enable httpd
systemctl start httpd

mkdir -p /var/www/html/wp-content
chown -R ec2-user:apache /var/www/
echo -e "$EFSFSID:/ /var/www/html/wp-content efs _netdev,tls,iam 0 0" >> /etc/fstab
mount -a -t efs defaults

wget http://wordpress.org/latest.tar.gz -P /var/www/html
cd /var/www/html
tar -zxvf latest.tar.gz
cp -rvf wordpress/* .
rm -R wordpress
rm latest.tar.gz

sudo cp ./wp-config-sample.php ./wp-config.php
sed -i "s/'database_name_here'/'$DBName'/g" wp-config.php
sed -i "s/'username_here'/'$DBUser'/g" wp-config.php
sed -i "s/'password_here'/'$DBPassword'/g" wp-config.php
sed -i "s/'localhost'/'$DBEndpoint'/g" wp-config.php

usermod -a -G apache ec2-user   
chown -R ec2-user:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;

8. Click on create template version
9. Set this to the default version.

Your architecture now looks like this:

Adding a Load Balancer

---

1. Navigate to the EC2 console and click on Load Balancers
2. Create an ALB.
3. Name this BYWPALB, internet facing, IPv4, select the VPC and the Subnets a. check the boxes and then select sn-pub-A, B, C respectively.
4. Delete the default security group and select the SGLoadbalancer SG.
5. Leave HTTP port 80
6. Create a new target group, name this one BYWPALBTG a. Target type is instances, HTTP:80, Select the VPC and set the protocol to HTTP1, health check protocol is HTTP.
7. On the Load balancer tab, click refresh on the Listeners and routing section and then select the new target group.
   
8. Create load balancer.

Create new ELB Parameter

---

1. Copy the DNS name of the newly created load balancer. BYWPALB-416203232.us-east-1.elb.amazonaws.com
2. Navigate back to the parameter store and create a new parameter.

/BY/WP/ALBDNSNAME
Load Balancer DNS
Standard
String
text
Value = BYWPALB-416203232.us-east-1.elb.amazonaws.com

Update WP config to use ELB

---

Remember earlier when we talked about the IP address that is hardcoded into the WP configuration? Well, after creating the Load Balancer, we need to update the WP config to point to the load balancer DNS entry that we just loaded into the Parameter Store. Follow?

1. Navigate back to the EC2 console and select the launch template and then Modify that launch template for the 4th time.
2. Change the description to WP APP ELB Version
3. Scroll all the way to the bottom to user data
4. On the 3rd line (right after the first -xe line and an empty), paste this code:

ALBDNSNAME=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/ALBDNSNAME --query Parameters[0].Value)
ALBDNSNAME=`echo $ALBDNSNAME | sed -e 's/^"//' -e 's/"$//'`

5. Move to the bottom of this user data block and paste in the following code:

cat >> /home/ec2-user/update_wp_ip.sh<< 'EOF'
#!/bin/bash
source <(php -r 'require("/var/www/html/wp-config.php"); echo("DB_NAME=".DB_NAME."; DB_USER=".DB_USER."; DB_PASSWORD=".DB_PASSWORD."; DB_HOST=".DB_HOST); ')
SQL_COMMAND="mysql -u $DB_USER -h $DB_HOST -p$DB_PASSWORD $DB_NAME -e"
OLD_URL=$(mysql -u $DB_USER -h $DB_HOST -p$DB_PASSWORD $DB_NAME -e 'select option_value from wp_options where option_id = 1;' | grep http)

ALBDNSNAME=$(aws ssm get-parameters --region us-east-1 --names /BY/WP/ALBDNSNAME --query Parameters[0].Value)
ALBDNSNAME=`echo $ALBDNSNAME | sed -e 's/^"//' -e 's/"$//'`

$SQL_COMMAND "UPDATE wp_options SET option_value = replace(option_value, '$OLD_URL', 'http://$ALBDNSNAME') WHERE option_name = 'home' OR option_name = 'siteurl';"
$SQL_COMMAND "UPDATE wp_posts SET guid = replace(guid, '$OLD_URL','http://$ALBDNSNAME');"
$SQL_COMMAND "UPDATE wp_posts SET post_content = replace(post_content, '$OLD_URL', 'http://$ALBDNSNAME');"
$SQL_COMMAND "UPDATE wp_postmeta SET meta_value = replace(meta_value,'$OLD_URL','http://$ALBDNSNAME');"
EOF

chmod 755 /home/ec2-user/update_wp_ip.sh
echo "/home/ec2-user/update_wp_ip.sh" >> /etc/rc.local
/home/ec2-user/update_wp_ip.sh

6. Create template version and set as default.

Create an autoscaling group

---

1. Navigate to the EC2 instance and then click on Auto Scaling Groups and then click Create Auto Scaling Group
2. Name this BYWPASG
3. Scroll down and select the LATEST version (4th iteration) of the Launch Template.
   
4. Click next to set up the networking options
5. Select the VPC and the 3 public subnets and click next.
   
6. Select Attach to an existing load balancer and select the ELB.
   
7. Select the ELB health check box and click next. 8 Leave the defaults (all at 1) on the next screen.
8. Click next, next, add a tag of Name: BYWPASG and then create Auto Scaling Group
9. Navigate back to EC2 and terminate the existing instance that we've been using.
10. You may see the 1 new instance that was created as part of the new ASG.

Create scale up ASG Scaling Policy

---

1. Navigate to the EC2 console and select Auto Scaling Groups and the select our ASG.
2. Click the Automatic Scaling tab and then click Create Dynamic Scaling Policy.
3. Name this HIGHCPU and then Create a CloudWatch Alarm.
4. Click Select Metric and select EC2 > By Auto Scaling Group > CPU Utilization.
5. Threshold type is Static, Greater than 40.
6. Remove anything under notification (although you can set this up to notify when this alarm is triggered)
7. Name this WPHighCPU and click Next.
8. Make sure this is selected, then click 1 capacity unit to add and then click Create.

Create scale down ASG Scaling Policy

1. Navigate to the EC2 console and select Auto Scaling Groups and the select our ASG.
2. Click the Automatic Scaling tab and then click Create Dynamic Scaling Policy.
3. Name this LOWCPU and then Create a CloudWatch Alarm.
4. Click Select Metric and select EC2 > By Auto Scaling Group > CPU Utilization.
5. Threshold type is Static, Lower than 40.
6. Remove anything under notification (although you can set this up to notify when this alarm is triggered)
7. Name this WPLowCPU and click Next.
8. Make sure this is selected, then click 1 capacity unit to remove and then click Create.
   
9. Edit the Maximum Capacity to show maximum of 3 instances.

Simulating Load

---

1. Navigate back to the EC2 console and connect to the EC2 instance using Session Manager.

2. Type in sudo bash followed by cd followed by clear to give us a fresh window

3. run stress -c 2 -v -t 3000

4. Back in the EC2 > Auto Scaling Groups console, select the ASG and click on the activity tab.
   

5. In a few minutes you'll see this occur:
   

6. Navigate to the DNS address of the ELB - BYWPALB-416203232.us-east-1.elb.amazonaws.com

7. The site should still load.

8. Simulate a failure by Terminating this new EC2 instance.

9. That should create a new instance.
   

10. In the EC2 Session Manager, hit Ctrl+C to stop the stress utility and this should autoscale back down to one instance.

Your Architecture should look like this:

Migrating from RDS to AWS Aurora Cluster

---

THIS IS NOT FREE TIER AND MIGHT COST A COUPLE BUCKS

1. Navigate to the RDS console
2. Click on Snapshots, then select the BYWPDatabase and name this BabyYoda-RDS
3. Wait for this snapshot to create, it might take a few seconds.
4. Click on the box next to the new snapshot and then click Migrate Snapshot.
5. Select the aurora-mysql database version 5.7.12 and then select the Burstable db.t3.small (smallest) DB instance.
6. For the DB identifier, call it bydb-aurora
7. Make sure the VPC and the Subnet Group is selected.
8. Select the SGDatabase Security Group and remove the default.
9. Availability Zone is set to no preference.
10. Click Migrate and wait for the database to migrate
11. Once these show available, you can select the database and then click Add Reader
12. Name this bydb-aurora-reader1
13. Set this to no preference for the AZs and then Add reader.
14. Create a second reader, calling it bydb-aurora-reader2
15. Wait for these to become available
    

Changing WP Config to use Aurora over RDS

---

1. Copy the Writer endpoint to the Aurora Cluster
2. Update the parameter in the Parameter store to the new Aurora Cluster by deleting and recreating it with the new Aurora Cluster DNS name.
3. This will cutover from RDS to Aurora.

Refresh instances

---

1. On the Auto Scaling Group, go to the Instance Refresh tab and refresh the instances.
2. You want to really have as many instances you need and then create a rolling refresh because using one instance, there may be some downtime. a. I had a 504 bad Gateway error on my instance refresh:
   

Accessing this HA environment

---

Navigate to the DNS entry on the ELB That's it

Clean up

---

1. Delete the Load Balancer
2. Delete the Target Group
3. Delete the Auto Scaling Groups
4. Delete the EFS file system
5. Delete the RDS database instances
6. Remove all the replicas from the Aurora Cluster
7. Delete the launch template
8. Verify the RDS and Aurora Cluster has been deleted.
9. Delete RDS Snapshots
10. Delete CloudFormation Stack

Was sad to see this go :(