Category Archives: AWS

Migrating to AWS

This should be somewhat fun. Its time to really get my feet wet with AWS and that means experiencing the pain as well as the knowledge. Perhaps most of the pain is experienced when you get the bill, but for now we will focus on the technical chops of moving things over to a new instance.

Process Steps:

  1. Backup existing data stores — MySQL db for wordpress.Wow — headache and a half. A common syntax in several walk-throughs all had me trying this:mysqldump -u [username] -p [password] [databasename] > [backupfile.sql]but…. because of the way my hosting service has their MySQL accounts configured, the username and the database name are merged making my syntax incorrect. Fortunately they listed this constraint on their faq site: 
    mysqldump -p user_name > DESIGNATED_DATABASE_BACKUP_NAME.sql

    Not only did I have an extra parameter in there ( the username and the db name are merged ) but there is only one name that you are allowed to give to a backup of your db.

    Whatever floats their integers….

  2. Create new web server instance on AWS — using new stack mind you…Man… we are already 1:50 into this project and pizza is looking very far away. Time for a run. Back in 30… and i just realized that all further commits are going to have to be manually ported over after I import the backup… lol.
  3. Upload site files and data store.
  4. Configure site components and bring site up.
  5. Change name server settings with registrar to point domain to migrated site.
  6. The internet is amazing! Ordering Pizza.

Started Sunday, July 23, 2017 at 11:51 am. Lets see how long this takes. No sleep til’ Brooklyn.

 

 

5 ways to NOT setup a WordPress Server on AWS

Yah know….. ( said with a humorously wry rise )

So I thought I would recall all of the biffs I made when migrating to AWS… I wanted to join the Amazon club pretty bad….. because everyone is doing it, right? I can just hear my mother’s voice in my ear…

“If all your friends decided to jump off a cliff, would you jump off it too?!!” – said with exasperated disapproval being sprayed all over the room that would make any seven-year-old shrink down into their shoes…

Regardless, the AWS cliff looks fun and everyone seems to be surviving. But going straight into it for the first time, I encountered a few bumps in the road. Here is a road map of where I was going and a list of the places where the trail went cold:

Build: Amazon Linux 2 AMI, NGinX, MySQL, PHP, WordPress. 

  • Launched Instance. Couldn’t SSL into the box because I didn’t set a name tag and didn’t set up DNS correctly. For some reason, troubleshooting after you make that mistake before launch is tough.  Flash Box

 

  • Launched Instance. Couldn’t get MySQL installed onto Linux AMI. There is an unsolved library compatibility issue that no one has posted a fix for on Stack Overflow yet. And there is only so much package hunting you can do in the morning before work — gave up and went back to Ubuntu 16.04. Flash Box

 

  • Got ALL THE WAY THROUGH the 5 minute installation and had it ready to install ( yah know… when its accessible via default creds? ) and then I had to go catch the train. During my commute I was taught a harsh lesson around security group configuration. When I got back to do the install, a very courteous piece of cryptojacking malware had  done it for me. I spent a few hours doing some forensic analysis on the box ( running top, I could see the database was VERY busy spending my money) and I attempted to hash in my own password into MySQL so I could get back in, but my drive to not get sidetracked with albeit, an interesting pursuit, was not going to directly contribute to the completion of this project. Flash Box

 

  • Accidentally started up the firewall at some point when I was on NGINX installation autopilot and kicked myself out of my own machine. It didn’t actually terminate the session I already had, which made it take longer for me to remember what I had done wrong when my ssh command didn’t work the next day. That ufw command has consequences… Flash Box

 

  • Yet another Death by Firewall as I changed the configuration of the SSH service to operate on another port ( Security by Obscurity Lives!!! ) and I forgot to open up a port in the firewall. FLASH BOX!

Remember that scene in The 5th Element when Gary Oldman opened the case to find that there were no stones? Yeah… it was like that. The struggle is real.

A funny reminder of all of these id10t viruses compromising the layer 8 host is the naming convention I have applied to the key pairs that I download each time I spin up a new AWS instance. SecondKey, ThirdKey, FourthKey… you get the idea. Wish me luck with a successful configuration while the numbering of the keys is still in the one’s column.

Takeaway: Even when you’re just getting started, the amazon design and security principles do state the importance of automating a best practice around starting with a secure architecture, strong controls and having a system for versioning your instances — which would have been a great help to keep me from starting from scratch every time.