It's being a while after I built this blog in AWS as a fun project. I didn't know much about CloudFormation at that time and everything was created as Click-Ops through the AWS console :-). Then something awesome happened. I started working as a Cloud Engineer! Since then CloudFormation became part of my tool set and I thought it is about time to deploy this blog completely, using CloudFormation.
Below diagram represents the current stack.
The full source code can be found at https://github.com/jayanath/ghost-blog-in-aws
The current setup is a very simple design and it is not highly available and/or fault tolerant at all. However this setup is good enough for my purpose for now. I have one VPC in the Sydney region with a single Subnet in one of the availability zones. This subnet has a NACL and a Route table attached to it and a single EC2 is deployed as the host for the containers. The EC2 instance has a Security group attached to its network interface. I'm using a third party DNS registrar and Route53 has an A record to map my Public IP that I have attached to the EC2 instance. The EC2 runs Ghost, Traefik, Commento with PostgreSQL and its orchestrated using Docker compose. Ghost is the blogging engine and Traefik works as a reverse proxy. Commento provides the commenting platform for the site. The site runs on HTTPS and Traefik handles all the encryption magic with LetsEncrypt. I'm using SSM to manage the EC2 instead of using SSH (yeh, no keys!) . Last but not least I am backing up my contents to an S3 bucket using a shell script.
My plan is to write up few posts explaining everything involved in setting up the blog. There are enough resources out there to explain how to setup AWS account and AWS CLI. I will skip all that except few tips around how to setup AWS CLI on Manjaro Linux.
Below are most likely to be the main areas.
- Setup AWS CLI and try out deploying test CloudFormation templates on Manjaro Linux
- Incrementally build/test the CloudFormation template for the stack
- Setup DNS - need to have another domain for me to play around
- Configure Traefik and LetsEncrypt to have a secured site
- Automate backups using SSM
- Setup a Lambda to replicate the backups to another AWS account - will explain why I need this
Thanks for visiting!