More of a [Feature Request] than an Issue.

Our Website is not compatible with our existing site. therefore a request to choose different versions of PHP in my case version PHP5.6

DatabaseEncrpytedBoolean & EfsEncrpytedBoolean parameters are spelled incorrectly in the templates. The templates with the incorrect spelling appear to be:

• aws-refarch-wordpress-master-newvpc.yaml
• aws-refarch-wordpress-03-efsfilesystem.yaml
• aws-refarch-wordpress-03-rds.yaml
• as well as in the sample parameter json file.

I can seem to find any IP to ssh in to change the PHP ini to allow more than 2mbs for upload, is this just pigeonholed to be used as is or is there any room to customize. I was looking for the bastion ip to be able to up the limit server side. Also to change the wp-config without the use of a plugin, becuase that can get shaky at times.

Due to EFS credit balance can be a correct way split wp-content to EFS and EBS and apply versionising for plugins?

Happy New Year Darryl,

Background reference issue #7.

I ran v2.01 of the template without any issues, then imported/migrated an existing Wordpress site (mysite.com) into this new CloudFormation template site (newsite.mysite.com); however, I now have significant latency issues on newsite.mysite.com that I do not have on my original mysite.com (noting, mysite.com is a single t2.medium instance site).

The latency immediately causes instances to fail the Health Check, starting a cycle of termination & launching of instances--changing "HealthCheckType: ELB" to "HealthCheckType: EC2" keeps this in check for now.

In my prior attempt on v1.0 of the template (issue #7), I was definitely running into the Burst Credit issue, which now based on 75GiB of dummy data and my interpretation of the Dashboard Widgets, appears not to be an issue in this most recent attempt on V2.01.

In reviewing the Safari web inspector, there is a significant difference in Time to First Byte: mysite.com <1 seconds, newsite.mysite.com could be anywhere from 7-15+ seconds. Then, the page loads very quick on mysite.com and is long on newsite.mysite.com.

Before I re-engage AWS Tech Support, I wanted to check in here...

Darryl, I would welcome your collaboration and/or your guidance on how to narrow down root cause--any thoughts or suggestions?

Anyone else have a similar experience that they resolved and could share some thinking here?

Very much see the value in this Architecture and can't wait to get it fully functional for our business needs.

Thank you, Mike

@darrylsosborne,

Can you confirm this template enables encryption of data in transit to/from EFS?

I just came across this AWS News Blog announcing Encryption of Data in Transit for Amazon EFS dated after your Version 2.0.2 template, so wanted to check. Reference article: https://aws.amazon.com/blogs/aws/new-encryption-of-data-in-transit-for-amazon-efs/

Thank you, Mike

I just ran this today to see if this would work for my needs. It created everything without any issues but I am not able to access the site.

I opted out of having the DNS entry added as this fails due to this already being setup in Route53. So I added the Cloudfront DNS to the DNS record manually. Either way, the Cloudfront DNS does not work (site won't load even when visiting that directly). I thought this may be due to me using a cert so I updated the DNS record for the domain to use the Cloudfront DNS but still nothing.

I am getting the error:

ERROR
The request could not be satisfied.
CloudFront wasn't able to connect to the origin. 

When I go to the ELB DNS, the site loads with no CSS applied. Further analyis shows that all requests to any wordpress pathing failed (no 50x or 40x errors). Playing with the Dashboard, I am seeing a 100% Cloudfront error (50x) rate.

It appears there are 2 issues happening here.

1. ELB is not able to load the assets, can only output text that is rendered
2. Cloudfront is not able to communicate to ELB (assume SG issue)

I also noted that CloudFront is not configured to pass WordPress cookies so you will have user content mismatch if you use the login system. (although I did see coloudfront with 0 for TTL which I assume is a work-a-round for this issue... I am concerned why this is "best Practice" as this is just a waste of money and passing the cookies seems a better fit) I use this for my WP CloudFront and this works very well: https://aws.amazon.com/blogs/startups/how-to-accelerate-your-wordpress-site-with-amazon-cloudfront/

At this point, I think this is a little much for my needs so I won't be looking further into this. I just wanted to report this as it is not in a working state. I hope this helps. Thanks for all your work, this is really great.

Feature Consideration--Could you extend the RDS Template to include a configuration/parameter for encryption?

Feature Consideration:

For your consideration, you may want to you expose the Bastion Instance Type as a configuration element before the user runs the CloudFront Template (currently, it just defaults to t2.large within the Yaml file).

I realized it had a large server after the Templates ran. I changed it via making a copy of the Launch Configuration and reassigning the revised configuration to the ASG; but, thought it would be a nice extension to your comprehensive Template.

When I run the Master Template, it fails and does a rollback at the point of the Web Template. As such, I ran the Templates individually successfully until I run the Web Template where it fails and does a rollback (of just the web template).

The issue is new instances fail the Health Check, and as a result, the ASG launches another EC2 instance, another fails, it launches a new instance, etc... hence, causing the Web Template to fail and rollback.

As a result, I changed the Web Template from "HealthCheckType: ELB" to "HealthCheckType: EC2" and the Web Template runs successfully to completion and the ASG does not continually launch instances. As such, it appears the Heath Check is not visible from the ELB as it should be.

Aside from the above modification, the only other modification I made to the Templates was changing the subnet IP ranges from 10.0.x.x/xx to 10.10.x.x/xx. in the VPC Template.

Is there some other configuration I need to make as a result of adjusting the CIDR ranges? or are there any other configuration I need to make in the AWS Console for these Templates to execute in totality?

Would appreciate any/all guidance and thoughts re how to get the Health Check from the ELB working.

Thank you, Mike

Please Increase Default "upload_max_filesize" Parameter

I installed the master template with the latest version of WP and php 7. I didn't understand why is not available W3 Total Cache plugin as written in the README.md https://github.com/aws-samples/aws-refarch-wordpress/tree/d2b1c38cc0b0255e171360cb594415dcec6e58b9#setup-w3-total-cache

If you grab the templates from S3 (e.g., https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-04-web.yaml), there are big diffs vs. the master head here on GitHub. At a minimum, AFAICT, there's no longer any attempt to install W3 Total Cache (so #52 should be re-opened and #49 doesn't work as a patch against the code on AWS).

It would be great if whatever is actually on s3 could get pulled into the repository, and if the documentation could be updated accordingly.

Hi,

First of all, thank you for the great job. We are planning to build our new institutionnal website on wordpress and this set of template will be a great help.

Can you provide a parameters json file in a sample folders please ?

This project is an excellent starter-kit to help someone (me) with novice experience to build a production-ready AWS environment with minimal effort--thank you! With that said, I'm having a difficult time accessing the files stored on the EFS from a NFS client on my mac. Ideally, I am looking for an easy solution similar to FTP, where I can connect to an EFS server to CRUD files included in the WordPress distribution, but I don't know where to start. On a similar note, I successfully implemented "W3 Total Cache" per the instructions found in this document: http://d0.awsstatic.com/whitepapers/deploying-wordpress-with-aws-elastic-beanstalk.pdf (page 23). I attached an S3 Origin to my CloudFront distribution, now I can access the wp-includes and wp-content folders directly from my FTP client, Transmit, that supports S3. I would like to access EFS in a similar fashion to FTP, please help.

Hello,

I've tried to utilise this stack twice without success. As soon as it tries to set up the Route 53 section it fails, terminates and rolls back. I'm trying to set it up in ap-southeast-2 using the launch button. Whilst I'm no AWS expert I can't see what I might be doing wrong.

Also, I note whilst ap-southeast-2 is listed as supported in the description here, it is not listed in the CloudFormation stack description, only the other regions are. Any advice is appreciated.

Nathan
Stack Detail.pdf

Hello Folks,

I tried to update an available update from WordPress, but when I did it, my current ec2 instance was terminated and another one was initialized.

Is not possible to update wp? Tips?

The configuration seems to allow access to the website with both the public IP address and the domain name (both has been indexed by Google in my case).

Eg: https://107.XX.XX.XX/ and https://www.example.com will both work.

What should be the correct way to prevent (or redirect) access from the public IP address? It would believe that it's an ELB configuration but I couldn't find it.

I have tried to kick off the stac creation. Everything looks fine until the stack rolls back with the following error.

It feels like the instances aren't given enough time to start up.

Any guidance appreciated.

Received 1 SUCCESS signal(s) out of 2. Unable to satisfy 100% MinSuccessfulInstancesPercent requirement
19:44:21 UTC+1100	UPDATE_IN_PROGRESS	AWS::AutoScaling::AutoScalingGroup	WebAutoScalingGroup	Failed to receive 1 resource signal(s) for the current batch. Each resource signal timeout is counted as a FAILURE.
19:41:44 UTC+1100	CREATE_IN_PROGRESS	AWS::AutoScaling::AutoScalingGroup	WebAutoScalingGroup	Received SUCCESS signal with UniqueId i-0b3ce92aef06b21fb
19:39:20 UTC+1100	CREATE_IN_PROGRESS	AWS::AutoScaling::AutoScalingGroup	WebAutoScalingGroup	Resource creation Initiated

I'm not sure if the issue I'm seeing is related to either issue #25 or #7 so I'll add the steps to duplicate.
I have a fresh install of the Wordpress application (used for AWS training purposes only). I've used t2.micro instances for the WP EC2 instances, and have db.t2.small instances for RDS. I also loaded it with 1 GB of sample data.

I have not put any load against the application.

What I wanted to test and learn more about is the use of Auto Scaling Health Checks, and specifically the difference when using the EC2 vs. ELB health check option. My understanding is that with the ELB option, if a health check fails then the instance will be terminated and new instance created. The WP architecture is configured to use the ELB health check option. The target group for the WP EC2 instances uses a health check that looks for /wp_login.php.

To simulate the failure, I logged in to one of my WP EC2 instances and changed the name of the health check file from wp_login.php to wp_login0.php, and then logged out. I was expecting that instance to be terminated and a new instance created.

I got busy with another task, and when I came back to the EC2 console about an hour later I found during that timeframe there were 13 successful launches and 13 successful terminations listed in the Activity History of the ASG, and more were in process.

I have not yet determined which setting I need to change, whether the health check grace period, the cool down setting, or if there's some other item such as the choice of instance size that was resulting in this loop. However, this was done using the default settings in the CloudFormation script and perhaps something needs to be adjusted.

Hi, I wanted to asked what would I need to do so as to change AWS Aurora in the template for the free tier MySQL, because for know Aurora would be an additional cost, that for know and for my needs, just does not make sense.

Thanks, Charlie

Forgive me for being somewhat new to this. How does one make a permanent change to Apache settings?

Editing apache server settings seems necessary to enable WordPress permalinks. I've noticed some plugins don't install, giving a 504 error. I suppose this has to do with apache settings as well.

Would a shell script appended to the user data section in the ec2 launch configuration be the best(only?) solution?

I am input parameter Cloudfront Certificate ARN already and run CloudFormation is COMPLETE
But i am not access web it is show 502 ERROR

Then I am set CloudFront Distributions > Origins and Origin Groups
Now : Origin Protocol Policy = HTTPS Only (can not access web 502 ERROR)
**But if **
Set : Origin Protocol Policy = HTTP Only (access web OK but can not load css & js)

I'm not sure How to setting CloudFront Distributions?
more question

• if i am input parameter Cloudfront Certificate ARN then i must be input ALB Certificate ARN?
• Cloudfront Certificate ARN and ALB Certificate ARN is same ?

Please advise me.

Hi,

given the high costs of the nat gateway, is it possible to use one through all 3 NATRouteTables?

I'm having trouble connecting to the MySQL database with JetBrains DataGrip, here are the "Data Source Properties":

GENERAL
Host: (My Cluster Endpoint)
Port: 3306
Database: (My Database Name)
User: (My Database Username)
Password: (My Database Password)
URL: (My Cluster Endpoint):3306/(My Database Name)

SSH/SSL
Use SSH Tunnel: FALSE
Proxy Host: Undefined
Proxy User: Undefined
Auth Type: Undefined
Proxy Password: Undefined

Use SSL: TRUE
CA File: Undefined
Client Certificate File: Undefined
Client Key File: (My_Security_Group_PEM_File.pem)

I can't figure out what I'm doing wrong here, please help.

Despite several attempts, I'm unable to deploy the stack.
Here is the output that leads to a rollback :

11:37:04 UTC+0200	ROLLBACK_IN_PROGRESS	AWS::CloudFormation::Stack	TestDom	The following resource(s) failed to create: [publicalb, efs, rds, bastion, elasticache]. . Rollback requested by user.
	Physical ID:arn:aws:cloudformation:us-east-1:560474847061:stack/TestDom/9ab57870-6ad2-11e7-84fb-503aca2616d1
	Client Request Token:Console-CreateStack-8372e6ab-fe26-4512-a6fd-5027b2a18a33
	11:37:02 UTC+0200	CREATE_FAILED	AWS::CloudFormation::Stack	bastion
	Physical ID:arn:aws:cloudformation:us-east-1:560474847061:stack/TestDom-bastion-1ACPD1KWG5K7/41cf0720-6ad3-11e7-be2a-500c28b4e461
	Client Request Token:Console-CreateStack-8372e6ab-fe26-4512-a6fd-5027b2a18a33
	11:37:02 UTC+0200	CREATE_FAILED	AWS::CloudFormation::Stack	elasticache
	Physical ID:arn:aws:cloudformation:us-east-1:560474847061:stack/TestDom-elasticache-15WXD68ALIO17/41721a10-6ad3-11e7-a1fc-500c289032fe
	Client Request Token:Console-CreateStack-8372e6ab-fe26-4512-a6fd-5027b2a18a33
	11:37:02 UTC+0200	CREATE_FAILED	AWS::CloudFormation::Stack	publicalb
	Physical ID:arn:aws:cloudformation:us-east-1:560474847061:stack/TestDom-publicalb-12T7R99A3XTRZ/41dc9bb0-6ad3-11e7-9f7c-503aca261629
	Client Request Token:Console-CreateStack-8372e6ab-fe26-4512-a6fd-5027b2a18a33
	11:37:02 UTC+0200	CREATE_FAILED	AWS::CloudFormation::Stack	efs
	Physical ID:arn:aws:cloudformation:us-east-1:560474847061:stack/TestDom-efs-FOUIV7P1YWCS/421537e0-6ad3-11e7-805a-50d5ca6e604a
	Client Request Token:Console-CreateStack-8372e6ab-fe26-4512-a6fd-5027b2a18a33
	11:37:01 UTC+0200	CREATE_FAILED	AWS::CloudFormation::Stack	rds
	Physical ID:arn:aws:cloudformation:us-east-1:560474847061:stack/TestDom-rds-1P8GDUYQ491N7/41c89e80-6ad3-11e7-85c4-5044763dbb7b
	Client Request Token:Console-CreateStack-8372e6ab-fe26-4512-a6fd-5027b2a18a33

Launching the stack via the "Launch Stack" button does NOT prompt for:

• Clone EFS, use the System ID of an existing EFS Filesystem.

• DBRestore from Snapshot, enter the cluster Snapshot name from the RDS console. (formatted rds:wordpress-stack-name-rds-xxxxxxxx-databasecluster-apzdbrozmzcn-snapshot-date)

However, the individual Templates (03-efsfilesystem, 03-rds) clearly have provisions regarding the same.

Additionally, the 2 links to review the [master] template gives a 404 error.

The two alarms for EFS are being created concurrently, which can lead to a race condition and a fail:

  | 16:48:03 UTC+0100 | CREATE_COMPLETE | AWS::CloudWatch::Alarm | CriticalAlarm |  
  | 16:48:03 UTC+0100 | CREATE_FAILED | AWS::CloudWatch::Alarm | WarningAlarm | A separate request to update this alarm is in progress.
  | 16:48:03 UTC+0100 | CREATE_IN_PROGRESS | AWS::CloudWatch::Alarm | CriticalAlarm | Resource creation Initiated

As you can see, the create for one hasn't terminated when the other is started, leading to a failure of "A separate request to update this alarm is in progress.". Then it completes the alarm creation, but from then on, it's all rolled back of course because of the failure due to the concurrent creation. Please fix :)

When I try to render the model in Designer it fails with following error message :

Cannot render the template because of an error.: YAMLException: duplicated mapping key at line 292, column 32: Condition: DeployCloudFront ^

Lines 291-292 show :

    Condition: AvailableAWSRegion
    Condition: DeployCloudFront

I'm new to the syntax (first time ever using it) and I'm wondering which between these two is correct :

Condition: [ AvailableAWSRegion, DeployCloudFront ]

or

Condition:
- AvailableAWSRegion
- DeployCloudFront

Same question applies for lines 320-321 / 386-387

Hi,

I've been trying to run the stack on eu-west-1 but it always rollback on Route53:

15:47:52 UTC+0000 | CREATE_FAILED | AWS::CloudFormation::Stack | route53 | Embedded stack arn:aws:cloudformation:eu-west-1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx was not successfully created: The following resource(s) failed to create: [RecordSet].

How can I debug this error?
I'm trying to use a subdomain like sites.mydomain.com, and I already have the hosted zone for mydomain.com created.
I didn't created the sites record on route53.

Thanks!

getting this error while creating stack from cloudformation.

Have the option to choose between Application ELB and Network ELB.

Does anyone have a working process for automating updating versions of a website via s3 place archive file, or github, or another git service?

Running 2.0.1
Min. 2 Instances
Max 4 Instances
2 AZs

ASG running ELB Health check, scaling, but I do not see any reason why. Starts 2 new instances and shuts down the original two. Caught in a loop and stops on the 5th cycle.

Issue looks to be similar to #7

Nevermind... please delete.

Here can I find this information bellow:

Thanks :(

Hello, it seems that there is an error when trying to enable elastic cache client. The error I get is below

PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/7.0/modules/amazon-elasticache-cluster-client.so' - /usr/lib64/php/7.0/modules/amazon-elasticache-cluster-client.so: undefined symbol: igbinary_unserialize in Unknown on line 0

I replaced the .so file with the one provided by Amazon (downloaded it today) and it works fine. So I guess the file in the stack needs to be updated.

Thanks
Christos

@darrylsosborne

Not withstanding issue #42, I am using the templates individually, and am having issues with the EFS template not enabling the mount to my existing EFS to then facilitate the copy to the new template EFS.

My existing EFS is in the AWS Std. VPC 172.31.x.x/16, the RefArch templates use a new VPC 10.1.x.x/16. We have successfully worked with AWS technicians to understand & resolve:

• VPC Peering, route tables, 'DNS resolution', validated NACLs, etc.
• EFS data load instance C5 (or M5) required by EFS to mount within VPC Peering connection

This line in the template is failing as the the DNS Name cannot be resolved: sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 $COPY_SYSTEM_ID.efs.$region.amazonaws.com:/ /$COPY_SYSTEM_ID and we have been informed by AWS Engineers, that AWS does not support this DNS Resolution across VPC Peering connections. We can only manually mount across the VPC peering connection if we use an IP address.

Would welcome your assistance, thoughts, or any suggested workarounds...

Thank you, Mike

I am sorry to ask this here but I am not able to figure it out via my research.

How do you reference a parameter file such as https://github.com/awslabs/aws-refarch-wordpress/blob/master/samples/aws-refarch-wordpress-parameters-newvpc.json when you are creating a CloudFormation stack?

https://github.com/awslabs/aws-refarch-wordpress/blob/4cc5db2cb1d3fe038bfa949c47d6c06c2dca3519/templates/aws-refarch-wordpress-04-web.yaml#L583

Maybe in the next version add the [--version=] option documented here : https://developer.wordpress.org/cli/commands/core/download/

It could be a great help to maintain environments.

If long resource IDs are enabled on the account, the VPC created by this stack is given an ID that doesn't pass the validation regex in the subnet template, causing stack creation to fail. This is a feature that can be manually enabled for now, but will automatically be turned on after June 2018.

https://aws.amazon.com/about-aws/whats-new/2018/02/longer-format-resource-ids-are-now-available-in-amazon-ec2/

Hello,

Thank you for taking the time to create this template and make it publicly available for use to the Wordpress/AWS communities. Could you possibly a range of expected costs for this configuration?

I understand that there are a wide variety of parameters in this template that could affect cost, so perhaps you could speak to the typical estimated costs for small, medium, large setups.. etc, etc.

The AWS calculator is a great tool for costing out a build. For someone who has never deployed a template or used the calculator, it can be difficult to set the parameters just right to get a reasonable estimate.

Thank you for consideration.

I'm using HTTPS and when using cloudfront the system fails to detect that, so it's refrencing some content in http which then Chrome blocks. Any one else had this issue?

Thank you for the Template... this is great work! Very Much Appreciated!

All appears to be working as expected, and now, we want to run the infrastructure through its paces with the contents (users, posts, plugins, custom code, etc.) of our current singe EC2 Prod site, so I'm looking for any best practices and/or recommendations to basically replicate/promote/copy the contents of our current Prod site into this new much more complex infrastructure. Any suggestions?

Our Goal would be this new infrastructure becomes our new Prod.

Currently, our prod infrastructure is basic: Route53, Cloudfront, Single EC2 (for web & db), and S3.

Thank you, Mike

We are receiving an Error establishing database connection when users try to connect. I configured the Max_connection limits to 1000, but we are still receiving the error. Disabled all of my plugins. All plugins are purchased from Envato Market. Established a WAF to prevent DDOS, since I was not sure if we may be getting hit by bots.

I launched the stack and everything was working fine, but then I activated multisite option and follow the Wordpress network setup I can't open the site anymore.
When I try to login wp-login.php is fine and 200 but it also tries to load load-styles.php directly from one of the private ips that is not even up anymore.
It was the ip I used to ssh from bastion to change wp-config.
Any ideas what could be the problem?

I also checked issue #14 and added more ports to alb health check but didn't fix the problem.

Thanks

Have you ever tried this arch in a very trafficked site? EFS is a performance killer, you really should not use it for a Wordpress site

After running the template, I can get my site to work but W3 Total Cache's compatibility modal reports that Memcached is not installed. As such, it's not available in any of the dropdowns for caching options.

Hi I just got started with AWS,one of the important things on this architecture is to be able to use memcached, using W3 Total Cache, which I cant use if I dont have installed php-memcached in the EC2 instance, and for that I need to be able to acces via ssh so as to install it, which I cannot, and I dont know why.

Every time I try to access it just says on ubuntu command line "resource temporarily unavailable"

So to check that there is not any problem with what I am doing, I launched an EC2 instance for testing purpouses, which I was able to acces through ssh with ease.

I have been going at this problem for a week now, and I am kind of desperate. I am aware that I am doing things wrong, but I dont know what is it that Im screwing up. And I have not found any solution, or similar problem online.

Any help will be much appreciated.

Thanks, Charlie