Last Updated: September 2020
Authors: Ben Potter, Security Lead, Well-Architected & Rodney Lester, Manager, Well-Architected
This hands-on lab will guide you through the steps to configure a web application in Amazon EC2 with a defense in depth approach incorporating a number of AWS security best practices. The skills you learn will help you secure your workloads in alignment with the AWS Well-Architected Framework. The WordPress example CloudFormation template will deploy a basic WordPress content management system, This example is not intended to be a comprehensive WordPress system, please consult Build a WordPress Website for more information.
This lab will create the web application and all components using the example CloudFormation template, inside the VPC you have created previously. The components created include:
Overview of wordpress stack architecture:
An SSH key is not configured in this lab, instead AWS Systems Manager should be used to manage the EC2 instances as a more secure and scalable method.
The Application Load Balancer will listen on unencrypted HTTP (port 80), it is a best practice to encrypt data in transit, you can configure a HTTPS listener after completion of this lab.
An example amazon-cloudwatch-agent.json file is provided and automatically downloaded by the instances to configure CloudWatch metrics and logs, this requires that you follow the example naming prefix of WebApp1.
Typically less than $20 per month if the account is only used for personal testing or training, and the tear down is not performed: