理论和基本架构在上一篇已经做了说明,这一篇直接来看看具体的脚本实现吧。首先来看看前面10个步骤的实现。
-
创建EC2-S3的Role,这个Role是分配给EC2虚拟机的,这样他们创建之后自动就有权限访问S3的内容。
-
创建VPC网络
-
创建VPC的2个子网,位于不同的AZ
-
创建Internet网关
-
配置路由表
-
创建并配置EC2的Security Group,确保80和22端口可用
-
创建高可用的MariaDB数据库
-
配置数据库的Security Group,确保3306端口可用
-
创建S3 Bucket 并配置Policy
-
创建CloudFront分布点,绑定S3 Bucket
-
准备WordPress的配置文档
-
准备Virtualhost的配置文档
-
上传配置文档到S3 Bucket中
-
配置Bash Shell脚本,包括LAMP,WordPress,AWS,Crontab和S3同步等等
-
创建EC2虚拟机,指定14步创建的BootStrap命令
-
更新DNS记录,指向该虚拟机
-
初始化WordPress界面
-
确认无误之后生成镜像文件
-
配置ELB
-
更新DNS记录到ELB的地址
-
配置Launch Configuration
-
配置Auto Scaling
0步, 首先我需要一个管理账号能登录到AWS
1
2
3
4
5
6
|
import-module AWSPowerShell
get-module AWSPowershell
#Create account from IAM, download user accesskey and secretkey #Generate, list and delete profile Set-AWSCredentials -AccessKey AKIAJA11SDE5SXVHRQ -SecretKey Pc528Dw2/qwzOo4Pe421p2N618H+yFv1S7JVsBJ2M -StoreAs myprofile
Initialize-AWSDefaults -ProfileName myprofile -Region ap-southeast-2 |
1. 接下来创建一个EC2-S3的role
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# 设置 Trust Relationship $policy1 = @"
{ "Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
} "@ New-IAMRole -RoleName "EC2-S3" -AssumeRolePolicyDocument $policy1
#设置 S3的访问权限 $policy2 = @"
{ "Version": "2012-10-17", "Statement": [ {
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
] } "@ Write-IAMRolePolicy -PolicyDocument $policy2 -RoleName "EC2-S3" -PolicyName "allows3"
|
2. 创建VPC
1
2
3
|
#创建一个新的VPC New-EC2Vpc -CidrBlock 10.2.0.0/16
|
3. 创建VPC下的子网
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
#创建两个子网,位于不同AZ $vpcid = get-ec2vpc | Where-Object { $_ .Cidrblock -eq "10.2.0.0/16" } | select -ExpandProperty vpcid
New-EC2Subnet -CidrBlock 10.2.1.0/24 -VpcId $vpcid -AvailabilityZone ap-southeast-2a
New-EC2Subnet -CidrBlock 10.2.2.0/24 -VpcId $vpcid -AvailabilityZone ap-southeast-2b
Edit-EC2SubnetAttribute -SubnetId subid1 -MapPublicIpOnLaunch $true
Edit-EC2SubnetAttribute -SubnetId sbuid2 -MapPublicIpOnLaunch $true
$subid1 = Get-EC2Subnet | Where-Object { $_ .CidrBlock -eq "10.2.1.0/24" } | select -ExpandProperty SubnetId
#添加tag注释 $tag = new-object Amazon.EC2.Model.Tag -Property @{key= "Name" ;value= "Sydney" }
New-EC2Tag -Resource $subid1 -Tag $tag
$subid2 = Get-EC2Subnet | Where-Object { $_ .CidrBlock -eq "10.2.2.0/24" } | select -ExpandProperty SubnetId
$tag2 = new-object Amazon.EC2.Model.Tag -Property @{key= "Name" ;value= "Melbourne" }
New-EC2Tag -Resource $subid2 -Tag $tag2
#允许自动匹配公网IP Edit-EC2SubnetAttribute -SubnetId $subid1 -MapPublicIpOnLaunch $true
Edit-EC2SubnetAttribute -SubnetId $subid2 -MapPublicIpOnLaunch $true
|
4. 创建网关
1
2
3
4
5
6
7
8
|
#创建Internet网关 if (( Get-EC2InternetGateway | Where-Object { $_ .Attachments[0] -eq $null } | measure).count -eq 0){
New-EC2InternetGateway } $igwid = Get-EC2InternetGateway | Where-Object { $_ .Attachments[0] -eq $null } | select -ExpandProperty internetGateWayId
$tagigw = new-object Amazon.EC2.Model.Tag -Property @{key= "Name" ;value= "AU" }
new-EC2tag -Resource $igwid -Tag $tagigw
Get-EC2InternetGateway $igwid |Add -EC2InternetGateway -VpcId $vpcid
|
5. 配置VPC的路由表
1
2
3
4
5
6
|
#配置路由表 #RouteTable #New-EC2RouteTable -VpcId $vpcid $routetable = Get-EC2RouteTable | Where-Object { $_ .VpcId -eq $vpcid }
#Add new Route New-EC2Route -DestinationCidrBlock "0.0.0.0/0" -GatewayId $igwid -RouteTableId $routetable .RouteTabl
|
6. 配置一个EC2的安全组,开放22和80端口,这样用户可以远程管理和访问博客
1
2
3
4
5
6
7
8
9
10
11
12
13
|
#6.配置SecurityGroup和端口 SSH,HTTP,MySql New-EC2SecurityGroup -GroupName WordPress -Description "WordPress Security Group" -VpcId $vpcid
$ip1 = new-object Amazon.EC2.Model.IpPermission
$ip1 .IpProtocol= "tcp"
$ip1 .FromPort=22
$ip1 .ToPort= "22"
$ip1 .IpRange= "0.0.0.0/0"
$ip2 = New-Object Amazon.EC2.Model.IpPermission
$ip2 .IpProtocol= "tcp"
$ip2 .FromPort=80
$ip2 .ToPort=80
$ip2 .IpRange.Add( "0.0.0.0/0" )
Get-EC2SecurityGroup | Where-Object { $_ .GroupName -eq "WordPress" } | Grant-EC2SecurityGroupIngress -IpPermission @( $ip1 , $ip2 )
|
7. 然后创建一个高可用的MariaDB,为了简单起见,数据库名字,用户名,密码都设为wordpress,注意我这里专门记录了这个数据库实例的ID号码,这个是为了后面配置WordPress需要的。
1
2
3
4
5
6
|
#创建RDS MultipleAZ New-RDSDBInstance -AllocatedStorage 5 -DBInstanceIdentifier "wordpress" -MasterUsername "wordpress" -MasterUserPassword "wordpress" `
-AutoMinorVersionUpgrade $true -CopyTagsToSnapshot $false -DBInstanceClass "db.t2.micro" `
-DBName "wordpress" -Engine "mariadb" -MultiAZ $true
$rdssgid =( Get-RDSDBInstance -DBInstanceIdentifier "wordpress" | select -ExpandProperty vpcSecurityGroups).vpcsecuritygroupid
|
因为创建比较花时间,大概有个10分钟左右,所以写了个循环不断检查是否创建完毕。
1
2
3
4
5
6
7
8
|
$status = Get-RDSDBInstance -DBInstanceIdentifier "wordpress" | select -ExpandProperty DBInstanceStatus
write-host "Initializing Mariad DB, Please wait..." -NoNewline
while ( $status -ne "available" ){
write-host "." -NoNewline
Start-Sleep -Seconds 1
$status = Get-RDSDBInstance -DBInstanceIdentifier "wordpress" | select -ExpandProperty DBInstanceStatus
} write-host "RDS is Ready"
|
8. 然后为了确保他能够被我的WordPress 服务器访问,我还得打开3306端口
1
2
3
4
5
6
7
|
#Configure Security Group of DB $ip3 = New-Object Amazon.EC2.Model.IpPermission
$ip3 .IpProtocol= "tcp"
$ip3 .FromPort=3306
$ip3 .ToPort=3306
$ip3 .IpRange.Add( "0.0.0.0/0" )
Get-EC2SecurityGroup | Where-Object { $_ .GroupId -eq $rdssgid } | Grant-EC2SecurityGroupIngress -IpPermission @( $ip3 )
|
9. 接下来配置S3 Bucket和相关的Policy,这个Bucket的目的有2个,第一个是为了所有的EC2实例有一样的WordPress和Vhosts的配置文件;第二个是为了和EC2实例的本地目录同步保存所有的图片,类似的功能WordPress有很多插件可以做到,不过这里用脚本实现了
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#创建S3 Bucket New-S3Bucket -BucketName yuanliwordpress -Region ap-southeast-2
Get-S3Bucket -BucketName yuanliwordpress
#允许该Bucket里面的uploads文件夹具有公共可读的权限,这个文件夹后面会用来保存WordPress里面的图片 $policy3 = @"
{ "Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPem",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::yuanliwordpress/uploads/*",
"Principal": "*"
}
]
} "@ Write-S3BucketPolicy -BucketName yuanliwordpress -Policy $policy3
Get-S3BucketPolicy -BucketName yuanliwordpress
|
10. 然后给这个S3创建一个CDN的分布点,这样子从全球任何区域访问我的博客 速度都会很快了。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
#配置S3和CloudFront $origin = New-Object Amazon.CloudFront.Model.Origin
$origin .DomainName= "yuanliwordpress.s3.amazonaws.com"
$origin .id= "S3-yuanliwordpress"
$origin .S3OriginConfig = New-Object Amazon.CloudFront.Model.S3OriginConfig
$origin .S3OriginConfig.OriginAccessIdentity = " "
$cfd=New-CFDistribution ` -DistributionConfig_Enabled $true `
-DistributionConfig_Comment " Test distribution " `
-Origins_Item $origin `
-Origins_Quantity 1 `
-DistributionConfig_CallerReference wordpresstest `
-DefaultCacheBehavior_TargetOriginId $origin.Id `
-ForwardedValues_QueryString $true `
-Cookies_Forward all `
-WhitelistedNames_Quantity 0 `
-TrustedSigners_Enabled $false `
-TrustedSigners_Quantity 0 `
-DefaultCacheBehavior_ViewerProtocolPolicy allow-all `
-DefaultCacheBehavior_MinTTL 1000 `
-DistributionConfig_PriceClass " PriceClass_All" `
-CacheBehaviors_Quantity 0 `
-Aliases_Quantity 0
|