Developing with WordPress , when hosted on Amazon Web Services (AWS), will involve access to the underlying file system, data base and OS. Like any other web application, developing in this environment will require access to the infrastructure upon which WordPress is installed. One of the really valuable features provided by AWS is the security infrastructure that helps prevent the hosted website from being hacked. In order to access the various parts of the secured software stack running on AWS, several tools as well as security keys are required. To see how this all fits together it is important to understand just what is in the software stack and how the components fit together. In this article I will attempt a shallow dive into the stack ( LAMP plus WordPress). I will also provide step by step instructions on the installation and configuration of some useful tools.
Review of the Software Stack and Tool Requirements:
WordPress and the stack to support it are all loaded by AWS, at boot time, using an “Amazon Memory Image” (AMI). The version I use is the Bitnami WordPress AMI. This image includes both the LAMP stack and the WordPress installation. The LAMP stack consists of a Linux operation system with several preinstalled applications. These applications are:
- Apache, an http server
- MySql, an SQL relational database
- PHP, a host side programing language
- Related support programs such as phpmyadmin
In addition to the LAMP stack the AMI will include WordPress. A fairly simple view of all of this is shown in figure 1.
the development phases of a website, and occasionally after it goes live, the
developer or administrator may need to directly access Linux (via a shell), the database (usually via phpmyadmin), or
files on the Linux based file system.
These might be .php, config or
Figure 1 is a very simplified overview of the AWS hosted WordPress website. This diagram does not attempt to show IP routing and handling (route53), DNS, or many other AWS service uses. The EC2 instance can be physically different hardware/software implementations depending on what type of instance is launched. In all of these cases the EC2 instance provides an environment for Linux to boot up and it also provides one or more types of disk like storage. The Linux instance then supports the applications in the normal way any Linux installation would. The connection labeled “Web Site User” is the normal http connection to WordPress, via Apache using a client based web browser. Once fully configured most website or blog development can take place via this connection. WordPress and application security mechanisms are used for authentication and transport. Website access is also accomplished in this way. For a detailed description of installing this stack, up to the point of running WordPress take a look at my blog:
Once WordPress has been launched, in order to change any values in configuration files or to restart Linux, you will need to access the underlying applications with tools using a different internet connection. Most of the work will be done using either a remote shell or an ftp type program. In the case of an AWS based installation these will need to be ssh (secure shell) or ftps (file transfer protocol secure) programs. I suggest Putty and WinSCP if you are working from a Windows client. In addition, both of these tools must be configured to use key pairs for authentication and to initiate encryption. Key-pair, as opposed to password, protection is enforced by the AWS facility.
Putty is a terminal program that runs on the client PC. It is capable of being configured in a way that is compatible with AWS security requirements. It also can be configured to open a secure tunnel which allows access to programs like phpmyadmin via localhost. This is the only way to use the database tools without violating the AWS security intentions. The idea is to allow non-public http access directly to the file system or data base (and therefore to the actual php sources).
WinSCP is a visual file system tool which allows for transfer or direct editing of files on the AWS instance. There are other choices for both of these tools, but these both work well and are directly supported, in terms of setup, by both WordPress.org as well as BitNami. I would strongly suggest using these for Windows client environments.
Security Protocols and Key Pairs
When you created your first EC2 instance, at the second step, you created an AWS key-pair and downloaded it as a .pem file. If you later terminated that EC2 and launched another you most likely reused the same key-pair. As noted in my blog on creating an AWS based WP instance, you will need this key pair for all non-http based access to your LAMP stack. In any case, you will need the key pair you specified when you created your EC2 instance. If you are interested, Amazon uses a 2048-bit SSH-2 RSA key.
AWS uses the .pem format of the key pairs. Other programs often use the .ppk format (Putty Private Key). You can convert the key-pair with conversion tools supplied with many of the access programs. I will describe this conversion using PuTTYgen which comes with Putty and is installed with the standard Putty installers. If you launch Puttygen in windows, you will get the screen shown in figure 2.
After launching PuTTYgen, click on the Load button. Browse to and select the .pem file containing the key-pair for your EC2 instance. After it is loaded, click on the “Save private key” button and save the file with a .ppk extension. This is the actual file that you will use with both Putty and WinSCP! You are now ready to configure both of them!
Installing and Configuring Putty for Shell access and Tunnel Creation
Start by getting the latest version of Putty appropriate to your client operating system. I use 64 bit MSI version (Windows). This can be found at:
Run the installer and click through the standard installation. In the Putty folder, you will find Putty, PuTTYgen and several other programs. After converting your key pair per the prior section, go ahead and launch Putty. The first screen is shown in Figure 3.
Enter the IP address which you either wrote down during the EC2 launch or which you can retrieve at any time on the EC2 instance page in the “services” area of AWS.amazon.com. Enter this IP address where ww.xx.yyy.zzz is shown in figure 3.
Enter a name for your setup (under “Saved Sessions”) and click the save button.
Click on Data selection under Connection in the menu on the left. Figure 4 shows the screen you should see.
Enter “bitnami” in the “Auto-login username”
Click on the “+” box next to SSH. Then click on “AUTH”. You should then see the screen shown in figure 5.
Under “Private Key File”, browse to and select the .ppk file containing your key-pair for the EC2 instance (created earlier in this article). It should appear where C:\xxx\yyy\zzz shows in the screen above.
When that is complete click on “Tunnels”. The following screen (figure 6) will appear.
Under “Source Port” enter 8888. Under “Destination” enter “localhoat:80”. Now click “Session” (you may need to scroll the menu down ).
Click on save which is next to the saved sessions list.
Now click on “Open” and a cli with a linux shell should appear as follows:
This shell now provides direct control over the Linux environment in your LAMP stack hosting WordPress on AWS. Be careful what you type here. If you are not Linux and shell literate you should only enter specific commands here that were provided by sources you trust. (Bitnami will be a great source of help if you are using their AMI. This shell may be exited (torn down) by typing “exit” at the shell-prompt .
If you have successfully completed the Putty installation and session creation per the preceding section you can now access phpmyadmin via the tunnel created by the Putty connection. This tunnel will be torn down when you close the putty shell or application. While the tunnel exists (while the shell is displayed) type the following in the URL line of your web browser:
You should then reach (after logging in as root with your application password) the following interface:
Using Phpmyadmin you can create databases. You can also enter data into them and modify existing data.
Install and configure WinSCP for use on the WordPress stack:
This final step is to install and configure WinSCP. If you have already converted your .pem key-pair to a .ppk file this is an easy procedure. If not use the procedure described earlier. You can actually access Puttygen from WinSCP!
Step one is to down load the installation package. This can be found at:
Once downloaded, execute it and use the defaults to finish installation. Click on the desktop icon to launch WinSCP. You should automatically get the following dialog:
Add the name of the special AWS host for your website. It is built as follows:
Where xxx-yy-zzz-aaa is built from the actual public IP address of your AWS website. (this can always be retrieved via the AWS console, services, EC2, running instances.
“us-east-2” corresponds to the actual region you created your EC2 instance in.
For user name enter “bitnami”. Leave “Password” blank.
Click on the Advanced button and then select Authentication from the left hand menu. You should see:
In the “Private key file” text box enter, or browse to, the .ppk file that you created earlier. Note that this is the full path and file name on the client machine where you are running WinSCP. Leave all other check boxes alone. Click OK. Back at the first dialog save your setup then click “Login”. The first time in you will be asked about caching your key. Say yes. You should now see the WinSCP main Screen with the right hand pain depicting your LAMP stack with WordPress! An example is shown in figure 11: