AWS Technical Challenge: Multi-Service Web Application Deployment with Terraform
Objective:
Design and deploy a highly available web application on AWS using Terraform. The application
should utilize multiple AWS services and consider cost optimization.
Task Description:
Apply the task to a WordPress+MySql setup, one per EC2 instance
1. WordPress Server (Machine 1):
- Role: Web Server.
- Software Stack:
- OS: Linux (e.g., Ubuntu or CentOS).
- Web Server: Apache or Nginx.
- PHP: Required by WordPress.
- WordPress: The core application.
- Configuration:
- WordPress configuration to connect to the remote MySQL database.
- Appropriate security configurations to ensure only necessary ports are
open and the server is hardened.
2. MySQL Server (Machine 2):
- Role: Database Server.
- Software Stack:
- OS: Linux.
- MySQL: For database requirements of WordPress.
- Configuration:
- Security: Only allow database connections from the WordPress server.
- Regular backups and performance tuning as necessary.
Deployment Steps:
1. MySQL Server Setup:
- Install MySQL on Machine 2.
- Create a database for WordPress.
- Create a user with the necessary privileges and grant access from Machine 1's IP.
- Ensure the firewall only allows connections on the MySQL port from Machine 1.
2. WordPress Server Setup:
- Install the web server, PHP, and other required modules on Machine 1.
- Download and install WordPress.
- During the installation, specify the remote MySQL database on Machine 2.
- Complete the WordPress setup, including themes, plugins, etc.
1. Infrastructure Setup:
- Use Terraform to provision four EC2 instances across two availability zones (2 in each).
- Set up an Application Load Balancer (ALB) to distribute incoming traffic to the EC2 instances.
- Use Auto Scaling Groups to ensure there are always 2 instances running in each availability zone.
2. Database Configuration:
- Set up an RDS instance (preferably MySQL or PostgreSQL).
- The RDS instance should be Multi-AZ for high availability.
- Secure the RDS instance by placing it in a private subnet.
�3. Storage:
- Create an S3 bucket to store application logs.
- Configure the EC2 instances to push their logs to this S3 bucket periodically.
4. Networking:
- Design a VPC with appropriate subnets, route tables, and security groups.
- Ensure only necessary ports are opened, and traffic between EC2 and RDS is secure.
5. Cost Optimization:
- Choose appropriate EC2 instance types, keeping a balance between performance and cost.
- Implement a strategy to start and stop instances during off-hours (for development/staging
environments) to save costs.
- Use reserved instances or savings plans for the database to optimize for cost.
6. Monitoring & Backup:
- Set up CloudWatch alarms for CPU utilization and disk space on EC2 instances.
- Design a backup strategy for the RDS instance using automated snapshots.
7. Documentation:
- Provide a README.md that explains:
- The architecture of the AWS services used.
- Steps to initialize and apply the Terraform scripts.
- Cost-saving strategies implemented and their impact.
- Any assumptions or considerations taken into account during the design.
Bonus:
- Implement a CI/CD pipeline using GitLab CI/CD to deploy a sample Java monitoring agent
(https://github.com/SonicCloudOrg/sonic-agent) to the EC2 instances.
- Provide an explanation on how to enforce in GitLab that no secrets (API keys, passwords, etc.) are
stored in the code repository.
