top of page
sophia-logo.png

Built By Soniya

  • Linkedin

Business Implications

This design delivers a fault-tolerant, scalable CMS with managed database durability and shared storage, minimizing downtime and administrative overhead. Segmented networking and strict security groups reduce attack surface, while the ALB enables seamless maintenance and future horizontal scaling as traffic grows.

Final
Outcome

Production-ready WordPress behind ALB

Steps Performed

Provisioned networking, security, and routing; launched RDS and EFS; configured bastion and web servers; deployed WordPress on EC2; fronted traffic with ALB and validated end-to-end.

1.

Build VPC topology

Created a VPC in us-east-1 with two public and four private subnets across AZs. Enabled DNS hostnames, attached an Internet Gateway, and established public and private route tables mapped to the appropriate subnets.

2.

Egress and security controls

Allocated two Elastic IPs and created dual NAT Gateways in each public subnet. Built security groups for ALB, web tier, database, EFS, and SSH, enforcing least-privilege ingress and open egress for necessary updates.

3.

Database and shared storage

Configured an RDS MySQL instance in private subnets via a DB Subnet Group, no public access. Provisioned EFS with mount targets in app subnets and an EFS security group permitting NFS from the web tier.

4.

EC2 and bastion setup

Launched a temporary bastion in a public subnet for SSH. Deployed two EC2 instances in private subnets using user-data to install Apache, PHP, utilities, mount EFS to /var/www/html, and prepare WordPress runtime.

5.

ALB and WordPress finalize

Provisioned an internet-facing ALB across two AZs with a target group registering both app servers. Completed WordPress configuration, updated site URLs to the ALB DNS, verified health checks, and removed the temporary bastion.

AWS Services Used

Amazon VPC
Elastic Load Balancing (ALB)
Amazon EC2
Amazon RDS
Amazon EFS
AWS IAM
NAT Gateway
IGW Gateway
Route Tables
Security Groups

AWS CLI
PuTTY
Apache HTTPD
PHP

Technical Tools Used

VPC design and subnet segmentation
Secure three-tier application hardening
Load balancing and health-check routing
Managed MySQL and shared NFS storage

Skills Demonstrated

Classic 3-Tier WordPress on AWS

Scalable, secure, highly available blog hosting

Deployed WordPress on a classic three-tier AWS architecture: VPC with public/private subnets, ALB, EC2 in private subnets, RDS MySQL, and EFS for shared storage. Configured NAT for outbound updates, hardened security groups, and routed traffic through the ALB for a resilient production setup.

Related Projects

CI/CD For Dockerized 2048 Game

CI/CD For Dockerized 2048 Game

Amazon ECS

Go
Multi-Cloud Weather Tracker with DR (AWS+Azure)

Multi-Cloud Weather Tracker with DR (AWS+Azure)

Azure+AWS

Go
Amazon Polly Text Narrator

Amazon Polly Text Narrator

Amazon Polly

Go
Automated Receipt Processing System - Amazon Textract

Automated Receipt Processing System - Amazon Textract

Amazon Textract

Go
Reinforcement Learning Auto-Scaler for LLM Inference

Reinforcement Learning Auto-Scaler for LLM Inference

RL-Based LLM Autoscaler

Go
AWS Serverless Event Announcement System

AWS Serverless Event Announcement System

AWS Lambda

Go
bottom of page