EC2 Provider: Introduction, Installation & Configuration Guide

Installing the AWS EC2 Provider

The EC2 provider is just a regular WordPress plugin – upload and activate it from the WordPress PLUGINS screen.

Prerequisites For Using the AWS EC2 Provider

Connecting to EC2 and automatically creating servers requires a lot more moving parts to be synchronized than simpler providers such as DigitalOcean and Linode. In particular:

EC2 default security groups will block attempts to connect to the server after it’s initially deployed. This needs to be resolved before attempting to deploy your first server (generally by opening it up to incoming traffic on port 22 for IPV4 addresses.)
The default firewall will block HTTPS traffic. This needs to be resolved before requesting your first SSL certificate for a site on the server. Please make sure that you do this for IPV4 addresses (EC2 can sometimes default things to only IPV6 addresses).
If the default security group and firewall do not already have port 80 open for incoming traffic you should add rules to allow that for IPV4 addresses.
You will need to create an IAM user (or use an existing IAM user) with the proper permissions to create EC2 instances. You will obtain your EC2 ACCESS KEY and EC2 SECRET KEY from this user.
Create or upload an SSH key pair to the region where you will be building your servers. You cannot use the ‘default’ ssh keys that AWS provides – you must create a new pair or upload your own pair. AWS keypairs are specific to a region. If you need to use the same keypair in all regions then you must upload it to all regions. (How To Create SSH Keys.)

It is very important that all five of the above items be checked and double-checked before proceeding. Otherwise provisioning a server on EC2 WILL FAIL.

Configuring the AWS EC2 Provider

The AWS EC2 provider then needs connection and security information before it can be used. You can provide this information under WPCLOUD DEPLOY->SETTINGS->CLOUD PROVIDERS->AWS EC2. There are several steps to this process:

As mentioned above, make sure you create an SSH Key Pair in your account – you’ll need to do this in the region where you’ll be deploying your servers. Download the private portion of the key. This should be done before performing any of the remaining steps below.
Enter the EC2 ACCESS KEY and EC2 SECRET KEY – these are usually defined in the AWS IAM
Click the SAVE button
Click the SAVE button AGAIN. This will cause the REGION drop-down to be populated from data in your AWS account
Select a region from the REGION drop-down
Click the SAVE button
Click the SAVE button AGAIN
Click the CLEAR CACHE button at the bottom of the screen to force a cache refresh of your keys list. This will cause the PUBLIC SSH keys drop-down to be populated from data in your AWS account.
Select a key from the PUBLIC SSH KEY drop-down. Be careful – this drop-down is initially populated with keys from your account’s default region. If you’re using a different region, you should make sure that the list shown here is the one for your selected region. You might have to save the screen a couple of times to force it to refresh.
Enter your private key that correspond to the public key
Click the SAVE button
Click the SAVE button AGAIN.

Using the AWS EC2 Provider

After the provider is installed and configured you’ll see it as an option when deploying a new server:

EC2 Default Security Groups

Servers are placed into EC2’s ‘default’ security group. There are times where this group BLOCKS incoming traffic – this will cause server deployments to fail since we’ll be unable to connect to it automatically. You should EDIT the default security group to ensure that traffic is allowed from your WordPress server where WPCD is installed. In particular, the SOURCE for incoming traffic is set to “custom” by default – you need to change this to “Anywhere” or specify the IP address of your WordPress server where WPCD is installed.

Alternatively, you can set it up so that only SSH, HTTP and HTTPS traffic is allowed in from all sources.

Using Multiple Regions

The basic EC2 provider can only be used in one region. In order to use it in multiple regions, you need to install the VIRTUAL PROVIDER add-on. Once that has been installed, you can create a virtual provider for each region – learn more in the Virtual Provider documentation.

If you do not see a region you expect in the region list, please check to make sure that you have opted into that region in your AWS console. AWS now has a nice global view summary that includes a column showing your opt-in status for a region: https://console.aws.amazon.com/ec2globalview/home#. We have noticed that locations such as Capetown, Milan, Bharain, Hong Kong and Jakarta are usually disabled in new accounts.

Default Disk Size

EC2 instances default their root device to only 8GB. For most single WP sites this does not pose an issue. But if you will install multiple sites on the device you will need to increase its size. This exercise requires some comfort level with the command line as well as familiarity with the AWS EC2 console!

Step 1 is to log into your EC2 console and use the RESIZE option on the disk for the EC2 instance.
Step 2 is to follow the instructions in the EC2 resize documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recognize-expanded-volume-linux.html

Step 2 generally involves the use of the growpart and resize2fs commands which:

Expands the partition to use all the new space from step 1 and
Expands the filesystem to use all the new space added to the partition.

IPv6

When you configure the EC2 provider, there is an option to enable IPv6. Before turning this on you must do the following:

Assign an IPv6 CIDR to the EC2 default VPC for the region
Assign an IPv6 CIDR to the EC2 default SUBNET for the region

If you do not do this, provisioning EC2 instances WILL fail.

Using Custom Images

This provider includes support for custom images – i.e.: custom AMIs.

You provide the AMI id in the CUSTOM SNAPSHOTS & IMAGES section of the provider settings area.

Please remember that the AMI must reside in the account and region you’re using. If you need to use the same custom AMI in a different region you will need to copy it to the target region which will give it a different AMI id.

Also, please review these very important notes about custom images.

Known Issues & Limitations

Backups

Running a backup on an instance that is too small for the amount of data being backed up will cause the MariaDB server to stop. You will have to manually restart it. This seems to be a flaw in the EC2 instance.

So, if you intend to use our backup process on these instances please make sure you run a few backup tests before placing your site into production to make sure there are no issues.

If you do want to continue to use these instances without our backup process in place you can always use a plugin backup process such as Updraft Plus which does not tax the instance as much but takes far longer to complete.

Server Sync

Server Sync cannot be used on AWS servers – neither as source nor destination.

Site Sync

The function to copy a site to a new server will not work with AWS EC & Lightsail servers as targets.

Deleting A Site

When deleting a site, the option to also delete all local backups will not work on AWS servers.

Resources

Want to know which EC2 instance to use? Take a look at this document on Github that outlines all the various instance types and their differences.