The wordpress-enablement project is a side-project to help my partner rapidly deploy websites she's built using wordpress
and exported to static files. This repository consists of the AWS infrastructure for this.
Created with love by:
Ensure you have the python
version in .python-version
and the terraform
version in .terraform-version
installed. If you want to set these up, I'd recommend installing pyenv
for python and tfenv
for terraform. You can do this with your package manager of choice (I've used linuxbrew here).
brew update && brew install pyenv tfenv
pyenv install && python --version
tfenv install && terraform --version
Install all required packages using apt
and linuxbrew
. Again, most of these packages can be installed from your prefered package manager.
sudo apt update && sudo apt install git git-lfs pipx awscli jq pass gnupg
git lfs install
pipx ensurepath
pipx install checkov
brew update && brew install aws-vault go-task tflint trivy
Set up or link an existing gpg
key. You'll need this in order to push commits to the project and to help with your aws-vault
backend if you're on linux. Follow the tutorial written by Github.
Gottchas:
- Don't forget to set
git
to use your gpg key to sign commits at the end! - Make sure you select
4096
when gpg asks you how long you want your key to be - otherwise Github will reject it!
Set up aws-vault backend. I'm using pass
so the instructions will be specific to that. Pass needs a gpg key added to it when we set it up so it can use that key to encrypt your aws credentials.
# List the PUBLIC keys in your gpg keyring
gpg --list-keys
# ** See the below image to see which bit is your public key **
# Add your public key to pass (change this value to correspond with that you see)
pass init "844E426A53A64C2A916CBD1F522014D5FDBF6E3D"
# Add the following to your ~/.bashrc file (~/.zshrc file or other if relevant)
export AWS_VAULT_BACKEND=pass
export GPG_TTY="$( tty )"
Set up your AWS credentials using aws-vault
and the aws cli.
# Change the profile name to whatever you like - here I'm using 'tom'
aws-vault add tom
# ... follow the prompts, paste in your access_key and secret_key
# Set your default region (change your profile name)
printf "[profile tom]\nregion = eu-west-2\n" > ~/.aws/config
# Test it works - you should see the buckets currently in s3
aws-vault exec tom -- aws s3 ls
Create a .env
file to tell our scripts the name of your aws-vault profile.
# Remember to change your profile name
printf "AWS_VAULT_PROFILE=tom\n" > .env
Set up remote terraform backend and you're done! You can now run the commands in Taskfile.yml
to help you develop with.
task init
# Example further commands - you don't need to run these now
# Plan out and analyse infrastructure change
task plan
# Deploy infrastructure changes
task apply
# Tear down all infrastructure
task destroy
Ensure you have the python
version in .python-version
and the terraform
version in .terraform-version
installed. If you want to set these up, I'd recommend installing pyenv
for python and tfenv
for terraform.
brew update && brew install pyenv tfenv
pyenv install && python --version
tfenv install && terraform --version
Install all required packages using homebrew
.
brew update && brew install git git-lfs awscli jq gnupg aws-vault go-task tflint trivy
git lfs install
pip install --user checkov
Set up or link an existing gpg
key. You'll need this in order to push commits to the project and to help with your aws-vault
backend if you're on linux. Follow the tutorial written by Github.
Gottchas:
- Don't forget to set
git
to use your gpg key to sign commits at the end! - Make sure you select
4096
when gpg asks you how long you want your key to be - otherwise Github will reject it!
Set up your AWS credentials using aws-vault
and the aws cli.
# Change the profile name to whatever you like - here I'm using 'tom'
aws-vault add tom
# ... follow the prompts, paste in your access_key and secret_key
# Set your default region (change your profile name)
printf "[profile tom]\nregion = eu-west-2\n" > ~/.aws/config
# Test it works - you should see the buckets currently in s3
aws-vault exec tom -- aws s3 ls
Create a .env
file to tell our scripts the name of your aws-vault profile.
# Remember to change your profile name
printf "AWS_VAULT_PROFILE=tom\n" > .env
Set up remote terraform backend and you're done! You can now run the commands in Taskfile.yml
to help you develop with.
task init
# Example further commands - you don't need to run these now
# Plan out and analyse infrastructure change
task plan
# Deploy infrastructure changes
task apply
# Tear down all infrastructure
task destroy
Ensure you have the Python version in .python-version
and the Terraform version in .terraform-version
installed. Also install Chocolatey if you don't have it. Ensure your chocolately bin file is in your bash path - this tends to be /c/ProgramData/Chocolatey/bin
or something very similar.
You can install both Python
and Terraform
using choco as follows
choco install terraform --version=1.7.2 # Change depending on contents of .terraform-version file
choco install python --version=3.12.2 # Change depending on contents of .python-version file
You will also need to add your Python scripts path to your local
Windows environment variables.
- Type
Edit the system environment variables
into control panel - Select
Environment Variables
under theAdvanced
tab. - Click on
Path
under theUser variables
(not the system variables) section, then clickEdit
. - Add the Python scripts path as a new variable. This will depend on your version of Python, but mine was
C:\Users\tomv\AppData\Roaming\Python\Python312\Scripts
.
Install all required packages using choco
and manually if not possible. choco
commands might need to be run in an admin version of powershell.
choco install awscli aws-vault jq gnupg go-task tflint trivy
pip install --user checkov
git lfs install
Set up or link an existing gpg
key. You'll need this in order to push commits to the project and to help with your aws-vault
backend if you're on linux. Follow the tutorial written by Github.
Gottchas:
- Don't forget to set
git
to use your gpg key to sign commits at the end! - Make sure you select
4096
when gpg asks you how long you want your key to be - otherwise Github will reject it!
Create a .env
file to tell our scripts the name of your aws-vault profile and that we're running on windows.
# Remember to change your profile name
printf "AWS_VAULT_PROFILE=tom\nWINDOWS_PROFILE=true\n" > .env
Set up your AWS credentials using aws-vault
and the aws cli. Make sure your profile name (tom
in my case) matches what's in your .env
file!
# Change the profile name to whatever you like - here I'm using 'tom'
aws-vault add tom
# ... follow the prompts, paste in your access_key and secret_key
# Set your default region (change your profile name)
printf "[profile tom]\nregion = eu-west-2\n" > ~/.aws/config
# Test it works - you should see the buckets currently in s3
aws-vault exec tom -- aws s3 ls
Set up remote terraform backend and you're done! You can now run the commands in Taskfile.yml
to help you develop with.
task init
# Example further commands - you don't need to run these now
# Plan out and analyse infrastructure change
task plan
# Deploy infrastructure changes
task apply
# Tear down all infrastructure
task destroy
If you're using vscode
to develop on, I'd recommend the following plugins to make your life a bit easier:
- taskfile
- yaml
- terraform (official)
- github actions
- trivy