tfentonz/aws-webtrees

Terraform configuration for webtrees on AWS

aws-webtrees

Terraform configuration for webtrees genealogy application on AWS

Overview

This Terraform configuration creates an EC2 instance in the default VPC. The EC2 instance lauches a Bitnami LAMP stack AMI.

The security group allows SSH and HTTP access from a your IP address specified in a Terraform variable.

The EC2 instance user data downloads and installs webtrees app to /opt/bitnami/apps/webtrees.

Prerequisites

• An AWS account is required
• AWS CLI profile setup and configured
• Terraform installed brew install terraform

Install

1. Set up Terraform variables cp terraform.tfvars.example terraform.tfvars

2. Edit terraform.tfvars profile, region, and your public IP address.

3. Generate an SSH key ssh-keygen -t rsa -b 2048 -f ~/.ssh/webtrees

4. Update the permissions of that key with chmod 400 ~/.ssh/webtrees

5. Run Terraform plan to see changes terraform plan

6. Apply Terraform plan terraform apply. Enter yes at the prompt.

7. Set up the following in ~/.ssh/config replacing <elastic_ip> with the output value.

   Host webtrees
     HostName <ec2_elastic_ip>
     User bitnami
     IdentityFile ~/.ssh/webtrees
     IdentitiesOnly yes

8. Connect to the application through SSH ssh webtrees

9. Run the following command to see your application credentials: cat ./bitnami_credentials

10. Connect to MySQL as admin using the application credentials for password: mysql --host=<RDS_CLUSTER_ENDPOINT> --port=3306 --user=admin --password

11. Create a MySQL database, user, and grant privileges

    CREATE DATABASE webtrees;
    CREATE USER 'webtrees'@'%' IDENTIFIED BY '<good_secret>';
    GRANT ALL PRIVILEGES ON webtrees.* TO 'webtrees'@'%';
    \q

12. Open webtrees wizard http://EC2\_ELASTIC\_IP/webtrees/

Start or Stop Services

sudo /opt/bitnami/ctlscript.sh status

Restart Apache

sudo /opt/bitnami/ctlscript.sh restart apache

Modules

cd /opt/bitnami/apps/webtrees/htdocs
composer require magicsunday/webtrees-fan-chart --update-no-dev

Update IP address

The EC2 security group allows access from your current IP address. If this changes the ingress rules will need to be updated.

Edit terraform.tfvars with new IP address.

terraform plan \
  -target=aws_security_group_rule.webtrees_rule_http \
  -target=aws_security_group_rule.webtrees_rule_ssh \
  -out=$(date +plan-%Y%m%d%H%M%S)`

Copy and paste the terraform apply command.

terraform apply "plan-20200102030405"

Uninstall

1. Run terraform destroy. Enter yes at the prompt.

Terraform documentation

Data Sources

• template_file

Provider Data Sources

• aws_availability_zones

Backup Resources

• aws_backup_plan
• aws_backup_selection
• aws_backup_vault

CloudWatch Resources

• aws_cloudwatch_log_group

EC2 Data

• aws_ami

EC2 Resources

• aws_eip
• aws_instance
• aws_key_pair

IAM Data

• aws_iam_policy_document

IAM Resources

• aws_iam_instance_profile
• aws_iam_role
• aws_iam_role_policy_attachment

RDS Resources

• aws_rds_cluster

SSM Resources

• aws_ssm_parameter

VPC Data

• aws_vpc

VPC Resources

• aws_security_group
• aws_security_group_rule

The End