├── main.tf
└── README.md


/main.tf:
--------------------------------------------------------------------------------
  1 | provider "aws" {
  2 |   region = "us-west-2"  #you can change to any region
  3 | }
  4 | 
  5 | # Fetch the latest Ubuntu AMI ID from the SSM parameter store
  6 | data "aws_ssm_parameter" "ubuntu_ami" {
  7 |   name = "/aws/service/canonical/ubuntu/server/jammy/stable/current/amd64/hvm/ebs-gp2/ami-id"
  8 | }
  9 | 
 10 | # Create a VPC with a CIDR block
 11 | resource "aws_vpc" "main" {
 12 |   cidr_block = "10.0.0.0/16"
 13 | }
 14 | 
 15 | # Create an Internet Gateway to allow internet access
 16 | resource "aws_internet_gateway" "igw" {
 17 |   vpc_id = aws_vpc.main.id
 18 | }
 19 | 
 20 | # Create a public subnet within the VPC
 21 | resource "aws_subnet" "public_subnet" {
 22 |   vpc_id                  = aws_vpc.main.id
 23 |   cidr_block              = "10.0.1.0/24"
 24 |   availability_zone       = "us-west-2a"
 25 |   map_public_ip_on_launch = true
 26 | }
 27 | 
 28 | # Create a route table for the public subnet
 29 | resource "aws_route_table" "public_rt" {
 30 |   vpc_id = aws_vpc.main.id
 31 | 
 32 |   # Route all outbound traffic (0.0.0.0/0) to the Internet Gateway
 33 |   route {
 34 |     cidr_block = "0.0.0.0/0"
 35 |     gateway_id = aws_internet_gateway.igw.id
 36 |   }
 37 | }
 38 | 
 39 | # Associate the route table with the public subnet
 40 | resource "aws_route_table_association" "public_rt_assoc" {
 41 |   subnet_id      = aws_subnet.public_subnet.id
 42 |   route_table_id = aws_route_table.public_rt.id
 43 | }
 44 | 
 45 | # Create a security group to allow HTTP and SSH access
 46 | resource "aws_security_group" "web_sg" {
 47 |   name_prefix = "web-sg-"
 48 | 
 49 |   vpc_id = aws_vpc.main.id
 50 | 
 51 |   # Allow HTTP access
 52 |   ingress {
 53 |     from_port   = 80
 54 |     to_port     = 80
 55 |     protocol    = "tcp"
 56 |     cidr_blocks = ["0.0.0.0/0"]
 57 |   }
 58 | 
 59 |   # Allow SSH access
 60 |   ingress {
 61 |     from_port   = 22
 62 |     to_port     = 22
 63 |     protocol    = "tcp"
 64 |     cidr_blocks = ["0.0.0.0/0"]
 65 |   }
 66 | 
 67 |   # Allow all outbound traffic
 68 |   egress {
 69 |     from_port   = 0
 70 |     to_port     = 0
 71 |     protocol    = "-1"
 72 |     cidr_blocks = ["0.0.0.0/0"]
 73 |   }
 74 | }
 75 | 
 76 | # Launch an EC2 instance with the specified AMI and instance type
 77 | resource "aws_instance" "legacy_web_server" {
 78 |   ami                    = data.aws_ssm_parameter.ubuntu_ami.value
 79 |   instance_type          = "t2.micro"
 80 |   subnet_id              = aws_subnet.public_subnet.id
 81 |   key_name               = "vockey" # Replace with your actual key pair name
 82 |   vpc_security_group_ids = [aws_security_group.web_sg.id]
 83 | 
 84 |   # User data script to configure the instance on launch
 85 |   user_data = <<-EOF
 86 |               #!/bin/bash
 87 |               apt-get update -y
 88 |               apt-get install -y apache2 php php-mysql mysql-server
 89 |               systemctl start apache2
 90 |               systemctl enable apache2
 91 |               systemctl start mysql
 92 |               systemctl enable mysql
 93 | 
 94 |               # Setup MySQL database and user for WordPress
 95 |               mysql -e "CREATE DATABASE wordpress;"
 96 |               mysql -e "CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'password';"
 97 |               mysql -e "GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';"
 98 |               mysql -e "FLUSH PRIVILEGES;"
 99 | 
100 |               # Download and extract WordPress
101 |               cd /var/www/html
102 |               wget https://wordpress.org/latest.tar.gz
103 |               tar -xzf latest.tar.gz
104 |               mv wordpress/* .
105 |               rm -rf wordpress latest.tar.gz
106 |               chown -R www-data:www-data /var/www/html
107 |               chmod -R 755 /var/www/html
108 | 
109 |               # Create the wp-config.php file
110 |               cat > /var/www/html/wp-config.php <<-EOF2
111 |               <?php
112 |               define('DB_NAME', 'wordpress');
113 |               define('DB_USER', 'wpuser');
114 |               define('DB_PASSWORD', 'password');
115 |               define('DB_HOST', 'localhost');
116 |               define('DB_CHARSET', 'utf8');
117 |               define('DB_COLLATE', '');
118 |               \$table_prefix  = 'wp_';
119 |               define('WP_DEBUG', false);
120 |               if ( !defined('ABSPATH') )
121 |                   define('ABSPATH', dirname(__FILE__) . '/');
122 |               require_once(ABSPATH . 'wp-settings.php');
123 |               EOF2
124 |               EOF
125 | 
126 |   tags = {
127 |     Name = "LegacyWebServer"  #Any name for your web server or instance
128 |   }
129 | }
130 | 
131 | # Associate an Elastic IP to the EC2 instance for a static IP address
132 | resource "aws_eip" "eip" {
133 |   instance = aws_instance.legacy_web_server.id
134 | }
135 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | Stephen Oloo
  2 | 
  3 | Last Updated: 09/03/2025 22:44
  4 | 
  5 | 
  6 | ---
  7 | 
  8 | # AWS Terraform Configuration for WordPress Deployment
  9 | 
 10 | This repository contains Terraform scripts to deploy a WordPress website on AWS using EC2, Apache, PHP, and MySQL. The infrastructure setup includes creating a VPC, public subnet, internet gateway, security groups, and configuring an EC2 instance.
 11 | 
 12 | ## Infrastructure Components
 13 | 
 14 | ### AWS Provider Configuration
 15 | ```hcl
 16 | provider "aws" {
 17 |   region = "us-west-2"
 18 | }
 19 | ```
 20 | Specifies the AWS provider and the region where the resources will be deployed.
 21 | 
 22 | ### Ubuntu AMI Data Source
 23 | ```hcl
 24 | data "aws_ssm_parameter" "ubuntu_ami" {
 25 |   name = "/aws/service/canonical/ubuntu/server/jammy/stable/current/amd64/hvm/ebs-gp2/ami-id"
 26 | }
 27 | ```
 28 | Retrieves the latest Ubuntu AMI ID using AWS Systems Manager Parameter Store.
 29 | 
 30 | ### VPC, Internet Gateway, and Subnet
 31 | ```hcl
 32 | resource "aws_vpc" "main" {
 33 |   cidr_block = "10.0.0.0/16"
 34 | }
 35 | 
 36 | resource "aws_internet_gateway" "igw" {
 37 |   vpc_id = aws_vpc.main.id
 38 | }
 39 | 
 40 | resource "aws_subnet" "public_subnet" {
 41 |   vpc_id                  = aws_vpc.main.id
 42 |   cidr_block              = "10.0.1.0/24"
 43 |   availability_zone       = "us-west-2a"
 44 |   map_public_ip_on_launch = true
 45 | }
 46 | ```
 47 | Sets up the VPC, Internet Gateway, and a public subnet for the instance.
 48 | 
 49 | ### Route Table for Public Subnet
 50 | ```hcl
 51 | resource "aws_route_table" "public_rt" {
 52 |   vpc_id = aws_vpc.main.id
 53 | 
 54 |   route {
 55 |     cidr_block = "0.0.0.0/0"
 56 |     gateway_id = aws_internet_gateway.igw.id
 57 |   }
 58 | }
 59 | 
 60 | resource "aws_route_table_association" "public_rt_assoc" {
 61 |   subnet_id      = aws_subnet.public_subnet.id
 62 |   route_table_id = aws_route_table.public_rt.id
 63 | }
 64 | ```
 65 | Configures a route table to route all traffic (`0.0.0.0/0`) through the Internet Gateway for the public subnet.
 66 | 
 67 | ### Security Group (Firewall Rules)
 68 | ```hcl
 69 | resource "aws_security_group" "web_sg" {
 70 |   name_prefix = "web-sg-"
 71 | 
 72 |   vpc_id = aws_vpc.main.id
 73 | 
 74 |   ingress {
 75 |     from_port   = 80
 76 |     to_port     = 80
 77 |     protocol    = "tcp"
 78 |     cidr_blocks = ["0.0.0.0/0"]
 79 |   }
 80 | 
 81 |   ingress {
 82 |     from_port   = 22
 83 |     to_port     = 22
 84 |     protocol    = "tcp"
 85 |     cidr_blocks = ["0.0.0.0/0"]
 86 |   }
 87 | 
 88 |   egress {
 89 |     from_port   = 0
 90 |     to_port     = 0
 91 |     protocol    = "-1"
 92 |     cidr_blocks = ["0.0.0.0/0"]
 93 |   }
 94 | }
 95 | ```
 96 | Defines a security group allowing inbound HTTP (port 80) and SSH (port 22) traffic.
 97 | 
 98 | ### EC2 Instance (WordPress Server)
 99 | ```hcl
100 | resource "aws_instance" "legacy_web_server" {
101 |   ami                    = data.aws_ssm_parameter.ubuntu_ami.value
102 |   instance_type          = "t2.micro"
103 |   subnet_id              = aws_subnet.public_subnet.id
104 |   key_name               = "vockey" # Replace with your actual key pair name
105 |   vpc_security_group_ids = [aws_security_group.web_sg.id]
106 | 
107 |   user_data = <<-EOF
108 |               #!/bin/bash
109 |               apt-get update -y
110 |               apt-get install -y apache2 php php-mysql mysql-server
111 |               systemctl start apache2
112 |               systemctl enable apache2
113 |               systemctl start mysql
114 |               systemctl enable mysql
115 | 
116 |               mysql -e "CREATE DATABASE wordpress;"
117 |               mysql -e "CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'password';"
118 |               mysql -e "GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';"
119 |               mysql -e "FLUSH PRIVILEGES;"
120 | 
121 |               cd /var/www/html
122 |               wget https://wordpress.org/latest.tar.gz
123 |               tar -xzf latest.tar.gz
124 |               mv wordpress/* .
125 |               rm -rf wordpress latest.tar.gz
126 |               chown -R www-data:www-data /var/www/html
127 |               chmod -R 755 /var/www/html
128 | 
129 |               cat > /var/www/html/wp-config.php <<-EOF2
130 |               <?php
131 |               define('DB_NAME', 'wordpress');
132 |               define('DB_USER', 'wpuser');
133 |               define('DB_PASSWORD', 'password');
134 |               define('DB_HOST', 'localhost');
135 |               define('DB_CHARSET', 'utf8');
136 |               define('DB_COLLATE', '');
137 |               \$table_prefix  = 'wp_';
138 |               define('WP_DEBUG', false);
139 |               if ( !defined('ABSPATH') )
140 |                   define('ABSPATH', dirname(__FILE__) . '/');
141 |               require_once(ABSPATH . 'wp-settings.php');
142 |               EOF2
143 |               EOF
144 | 
145 |   tags = {
146 |     Name = "LegacyWebServer"
147 |   }
148 | }
149 | ```
150 | Deploys an EC2 instance using the specified Ubuntu AMI, configures Apache, PHP, MySQL, and installs WordPress. The `user_data` script sets up the database, downloads and configures WordPress, and creates the `wp-config.php` file.
151 | 
152 | ### Elastic IP (EIP)
153 | ```hcl
154 | resource "aws_eip" "eip" {
155 |   instance = aws_instance.legacy_web_server.id
156 | }
157 | ```
158 | Associates an Elastic IP address with the EC2 instance for a static public IP.
159 | 
160 | ## Serving WordPress from the Root Directory
161 | 
162 | To serve WordPress from the root directory (`/`), the Apache virtual host configuration (`/etc/apache2/sites-available/000-default.conf`) needs to be modified to point to `/var/www/html` where WordPress is installed. This adjustment ensures the WordPress site is active on the root of the server, not the default Apache test page.
163 | 
164 | Add or modify this in your `user_data` script after setting up WordPress:
165 | 
166 | ```bash
167 | sed -i 's|DocumentRoot /var/www/html|DocumentRoot /var/www/html|' /etc/apache2/sites-available/000-default.conf
168 | systemctl restart apache2
169 | ```
170 | 
171 | This command changes the Apache document root to `/var/www/html`, where WordPress is installed, and restarts Apache to apply the changes.
172 | 
173 | ## Summary
174 | 
175 | This Terraform script automates the deployment of a WordPress website on AWS, including setting up necessary infrastructure components and configuring an EC2 instance to serve WordPress from the root directory. It provides a robust and scalable solution for hosting a WordPress site on AWS. Do Not Edit ReadMe
176 | 
177 | --- 
178 | 
179 | STEPHEN OLOO 
180 | 
181 | 


--------------------------------------------------------------------------------