The wordpress-enablement project is a side-project to help my partner rapidly deploy websites she's built using wordpress and exported to static files. This repository consists of the AWS infrastructure for this.

Created with love by:

• Tom Vaughan - Github - LinkedIn
• Sam Fallowfield - Github - LinkedIn

Ensure you have the python version in .python-version and the terraform version in .terraform-version installed. If you want to set these up, I'd recommend installing pyenv for python and tfenv for terraform. You can do this with your package manager of choice (I've used linuxbrew here).

    brew update && brew install pyenv tfenv
    pyenv install && python --version
    tfenv install && terraform --version

Install all required packages using apt and linuxbrew. Again, most of these packages can be installed from your prefered package manager.

    sudo apt update && sudo apt install git git-lfs pipx awscli jq pass gnupg
    git lfs install
    pipx ensurepath
    pipx install checkov
    brew update && brew install aws-vault go-task tflint trivy

Set up or link an existing gpg key. You'll need this in order to push commits to the project and to help with your aws-vault backend if you're on linux. Follow the tutorial written by Github.

Gottchas:

• Don't forget to set git to use your gpg key to sign commits at the end!
• Make sure you select 4096 when gpg asks you how long you want your key to be - otherwise Github will reject it!

Set up aws-vault backend. I'm using pass so the instructions will be specific to that. Pass needs a gpg key added to it when we set it up so it can use that key to encrypt your aws credentials.

    # List the PUBLIC keys in your gpg keyring
    gpg --list-keys

    # ** See the below image to see which bit is your public key **

    # Add your public key to pass (change this value to correspond with that you see)
    pass init "844E426A53A64C2A916CBD1F522014D5FDBF6E3D"

    # Add the following to your ~/.bashrc file (~/.zshrc file or other if relevant)
    export AWS_VAULT_BACKEND=pass
    export GPG_TTY="$( tty )"

Set up your AWS credentials using aws-vault and the aws cli.

    # Change the profile name to whatever you like - here I'm using 'tom'
    aws-vault add tom
    # ... follow the prompts, paste in your access_key and secret_key

    # Set your default region (change your profile name)
    printf "[profile tom]\nregion = eu-west-2\n" > ~/.aws/config

    # Test it works - you should see the buckets currently in s3
    aws-vault exec tom -- aws s3 ls

Create a .env file to tell our scripts the name of your aws-vault profile.

    # Remember to change your profile name
    printf "AWS_VAULT_PROFILE=tom\n" > .env

Set up remote terraform backend and you're done! You can now run the commands in Taskfile.yml to help you develop with.

    task init



    # Example further commands - you don't need to run these now
    # Plan out and analyse infrastructure change
    task plan

    # Deploy infrastructure changes
    task apply

    # Tear down all infrastructure
    task destroy

Ensure you have the python version in .python-version and the terraform version in .terraform-version installed. If you want to set these up, I'd recommend installing pyenv for python and tfenv for terraform.

    brew update && brew install pyenv tfenv
    pyenv install && python --version
    tfenv install && terraform --version

Install all required packages using homebrew.

    brew update && brew install git git-lfs awscli jq gnupg aws-vault go-task tflint trivy
    git lfs install
    pip install --user checkov

Set up or link an existing gpg key. You'll need this in order to push commits to the project and to help with your aws-vault backend if you're on linux. Follow the tutorial written by Github.

Gottchas:

• Don't forget to set git to use your gpg key to sign commits at the end!
• Make sure you select 4096 when gpg asks you how long you want your key to be - otherwise Github will reject it!

Set up your AWS credentials using aws-vault and the aws cli.

    # Change the profile name to whatever you like - here I'm using 'tom'
    aws-vault add tom
    # ... follow the prompts, paste in your access_key and secret_key

    # Set your default region (change your profile name)
    printf "[profile tom]\nregion = eu-west-2\n" > ~/.aws/config

    # Test it works - you should see the buckets currently in s3
    aws-vault exec tom -- aws s3 ls

Create a .env file to tell our scripts the name of your aws-vault profile.

    # Remember to change your profile name
    printf "AWS_VAULT_PROFILE=tom\n" > .env

Set up remote terraform backend and you're done! You can now run the commands in Taskfile.yml to help you develop with.

    task init



    # Example further commands - you don't need to run these now
    # Plan out and analyse infrastructure change
    task plan

    # Deploy infrastructure changes
    task apply

    # Tear down all infrastructure
    task destroy

Ensure you have the Python version in .python-version and the Terraform version in .terraform-version installed. Also install Chocolatey if you don't have it. Ensure your chocolately bin file is in your bash path - this tends to be /c/ProgramData/Chocolatey/bin or something very similar.

You can install both Python and Terraform using choco as follows

    choco install terraform --version=1.7.2 # Change depending on contents of .terraform-version file
    choco install python --version=3.12.2 # Change depending on contents of .python-version file

You will also need to add your Python scripts path to your local Windows environment variables.

• Type Edit the system environment variables into control panel
• Select Environment Variables under the Advanced tab.
• Click on Path under the User variables (not the system variables) section, then click Edit.
• Add the Python scripts path as a new variable. This will depend on your version of Python, but mine was C:\Users\tomv\AppData\Roaming\Python\Python312\Scripts.

Install all required packages using choco and manually if not possible. choco commands might need to be run in an admin version of powershell.

    choco install awscli aws-vault jq gnupg go-task tflint trivy
    pip install --user checkov
    git lfs install

Set up or link an existing gpg key. You'll need this in order to push commits to the project and to help with your aws-vault backend if you're on linux. Follow the tutorial written by Github.

Gottchas:

• Don't forget to set git to use your gpg key to sign commits at the end!
• Make sure you select 4096 when gpg asks you how long you want your key to be - otherwise Github will reject it!

Create a .env file to tell our scripts the name of your aws-vault profile and that we're running on windows.

    # Remember to change your profile name
    printf "AWS_VAULT_PROFILE=tom\nWINDOWS_PROFILE=true\n" > .env

Set up your AWS credentials using aws-vault and the aws cli. Make sure your profile name (tom in my case) matches what's in your .env file!

    # Change the profile name to whatever you like - here I'm using 'tom'
    aws-vault add tom
    # ... follow the prompts, paste in your access_key and secret_key

    # Set your default region (change your profile name)
    printf "[profile tom]\nregion = eu-west-2\n" > ~/.aws/config

    # Test it works - you should see the buckets currently in s3
    aws-vault exec tom -- aws s3 ls

Set up remote terraform backend and you're done! You can now run the commands in Taskfile.yml to help you develop with.

    task init



    # Example further commands - you don't need to run these now
    # Plan out and analyse infrastructure change
    task plan

    # Deploy infrastructure changes
    task apply

    # Tear down all infrastructure
    task destroy

If you're using vscode to develop on, I'd recommend the following plugins to make your life a bit easier:

• taskfile
• yaml
• terraform (official)
• github actions
• trivy