Deploy Ghost on AWS using CloudFormation - Part 01

Deploy Ghost on AWS using CloudFormation - Part 01



2 min read

It's being a while after I deployed a self managed blog in AWS as a side project. At that time, everything was created as Click-Ops through the AWS console but then I decided to deploy the entire solution using CloudFormation.

Check out the github repository for the most up to date source code for this project at

Below diagram represents the current architecture.

Screen Shot 2022-03-28 at 6.59.25 pm.png

Current setup

The current setup is a very simple design and it is not highly available and/or fault tolerant at all. However this setup is good enough for my purpose for now. I have one VPC in the Sydney region with a single Subnet in one of the availability zones. This subnet has a NACL and a Route table attached to it and a single EC2 is deployed as the host for the containers. The EC2 instance has a Security group attached to its network interface. I'm using a third party DNS registrar and Route53 has an A record to map my Public IP that I have attached to the EC2 instance. The EC2 runs Ghost, Traefik, Commento with PostgreSQL and its orchestrated using Docker compose. Ghost is the blogging engine and Traefik works as a reverse proxy. Commento provides the commenting platform for the site. The site runs on HTTPS and Traefik handles all the encryption magic with LetsEncrypt. I'm using SSM to manage the EC2 instead of using SSH (yeh, no keys!) . Last but not least I am backing up my contents to an S3 bucket using a shell script.

The plan

My plan is to write up few posts explaining everything involved in setting up the blog. There are enough resources out there to explain how to setup AWS account and AWS CLI. I will skip all that except few tips around how to setup AWS CLI on Manjaro Linux.

Below are most likely to be the main areas.

  • Setup AWS CLI and try out deploying test CloudFormation templates on Manjaro Linux
  • Incrementally build/test the CloudFormation template for the stack
  • Setup DNS - need to have another domain for me to play around
  • Configure Traefik and LetsEncrypt to have a secured site
  • Automate backups using SSM
  • Setup a Lambda to replicate the backups to another AWS account - will explain why I need this

Until next time ๐Ÿ‘‹