Running websites and forums on AWS for 12+ years

Running on websites and forums on AWS

It’s hard to believe that I have been using Amazon Web Services for over 12 years to handle personal and small websites and a large active non-profit forum related to fly fishing. While my personal sites mainly consists of blog entries discussing technology, the fly fishing site does get a few hundred thousand visits a year, so it is quite active. My journey to AWS comes from failures of using shared hosting providers.

Why did I make the move in the first place?

In the 2000s, it was common to host websites using hosting providers that offer shared hosting plans. It was cheap and provided pre-built templates and a control panel to manage your resources. Sounds great, doesn’t it? Well, it did for a while. The keyword here is shared. I started noticing files that appeared that I did not add. I had a few cases where the site got infected, and after debugging the issues, it turned out other sites or the system got infected, which then caused my resources to become infected.

After getting infected twice, I decided to leave the shared model. Dedicated host plans were too expensive and didn’t offer the control I sought. I settled on starting small with Amazon Web Services.

Initial wins with AWS

As I started the migration towards AWS, I learned that having complete control has its benefits but also comes with risks. I now had to install, configure, and manage all packages in addition to updating code. In the IaaS Shared Model, I had to manage the OS, patching, and packages. Fortunately, having Linux experience helped me prepare the hosting platform for WordPress and the forum software I use.

Infrastructure as Code

One of the first lessons I learned over the years with AWS. When managing infrastructure, use Infrastructure as Code (IaC) to make it repeatable, easy to operate, and re-deployable on another instance or OS. Over the years, I had to move from AWS Linux, AWS Linux 2, and AWS Linux 2023. I may move towards Debian due to concerns over CentOS. IaC makes this all possible by coding the required packages and configurations. Combination using CloudFormation templates to provision AWS services and BASH scripts to automate package deployment has served me well over the years. AWS Cloud9 offers a solid IDE to develop Python and PHP code, but if you want something free, Microsoft Visual Code and plug-ins will fit most use cases.

Multi-tiered Application

Both WordPress and the forum software require access to a database. Initially, I opted to install MySQL on the EC2 instance on which the software was running. From a cost perspective, it was simple and predictable. AWS Aurora was released along the way and offered a managed service to handle the database. It would be one less thing for me to update and manage but at an additional expense. While I purchased reserved Aurora capacity, the I/O was variable and caused other unexpected higher expenses. If I had to do this again, I would have not split out this architecture and continued to manage MySQL on the EC2 instance.

Securing your environment

The AWS Shared Responsibility Model requires you to secure your EC2 instances and applications. I script all my backups to run nightly and send the backups and Apache logs to S3. From there, I utilize the S3 life cycle policies to ship to the deep archive for more efficient costs. I rely on the AWS Linux package manager to update all OS and package software.

Use Amazon’s security services to your advantage, starting with Cloudtrails and Cloudwatch to monitor all API access. I also recommend using either Security Hub or AWS Config to monitor compliance for services you have enabled to ensure that no resources are open to the public. Billing alarms are your best friend when watching over your costs. Set them up and trigger SNS notifications when you hit a threshold you are concerned with.

Another helpful security tool is fail2ban, which provides a mechanism to ban hosts causing multiple authentication errors. It could be a better solution but offers some minor protection. I also utilize open-source tools such as Icinga for monitoring, InfluxDB to capture metrics, and Grafana for visualizations.

Lastly, never use your AWS root account to manage your resources. As a best practice, create a separate IAM account with the fewest privileges, and always enable MFA.

Lightsail

For those who may not want to go to the extreme for managing their websites, especially if they are small sites, Amazon offers ]AWS Lightsail](https://aws.amazon.com/lightsail/). Lightsail is a virtual private server that is lightweight, fast, and secure. It’s perfect for WordPress.

Final Words

I expect to keep using AWS for years to provide a hosting platform for WordPress and forum software. I hope this provides some help for others who want to do the same. I am always happy to help out if others have questions.