The Great Leap: Migrating a Small Business WordPress Site from RHEL 7 On-Premises to AWS with Ubuntu 22.04, Powered by Terraform and Ansible
This article details a technical migration strategy for moving a small business’s legacy WordPress site from an on-premises RHEL 7 server to a modern, secure, and scalable cloud environment on Amazon Web Services (AWS), leveraging Ubuntu 22.04 LTS. Our approach uses Terraform for Infrastructure-as-Code (IaC) provisioning and Ansible for configuration management, ensuring repeatability, minimal downtime, and adherence to security best practices
Phase 1: Infrastructure Provisioning with Terraform (IaC)
The first crucial step is defining and provisioning the new AWS infrastructure. We’re moving from a monolithic on-prem server to a cloud-native architecture.
1. Defining the AWS Stack
We use Terraform to provision a secure foundational environment. The key components include:
- Virtual Private Cloud (VPC): A dedicated virtual network for isolation.
- Subnets: Public subnets for the EC2 instance and internal subnets (optional, but recommended for a future RDS database).
- Security Groups (SGs): Acting as a virtual firewall, strictly controlling inbound and outbound traffic.
- EC2 Instance: The virtual machine running Ubuntu 22.04 LTS (Jammy Jellyfish).
- AWS Key Pair: For initial SSH access (though we’ll lock this down later).
2. Terraform Code Snippet: EC2 and Security Group
The following main.tf snippet demonstrates provisioning a secure EC2 instance and a minimal Security Group. Note the use of a data block to dynamically fetch the latest Ubuntu 22.04 AMI ID.
# data.tf - Find the latest Ubuntu 22.04 AMI
data "aws_ami" "ubuntu_2204" {
most_recent = true
owners = ["099720109477"] # Canonical owner ID
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
}
}
# main.tf - Security Group for Web Server
resource "aws_security_group" "wordpress_sg" {
name_prefix = "wordpress-sg-"
vpc_id = aws_vpc.main.id
# Best Practice: Limit SSH access to a specific CIDR block (e.g., your office IP)
ingress {
description = "SSH Access"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["<YOUR_OFFICE_IP_CIDR>/32"]
}
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1" # Allow all outbound traffic
cidr_blocks = ["0.0.0.0/0"]
}
}
# main.tf - EC2 Instance
resource "aws_instance" "wordpress_server" {
ami = data.aws_ami.ubuntu_2204.id
instance_type = "t3.small" # Choose an appropriate type
key_name = aws_key_pair.migration_key.key_name
subnet_id = aws_subnet.public.id
vpc_security_group_ids = [aws_security_group.wordpress_sg.id]
tags = {
Name = "wordpress-web-server"
Environment = "Production"
}
}Phase 2: Configuration Management with Ansible
Once the EC2 instance is provisioned, Ansible takes over to configure the operating system, install the LAMP/LEMP stack (Ubuntu uses Apache/Nginx, MySQL/MariaDB, and PHP), and deploy the WordPress application and data.
1. Database Migration Strategy
Since the RHEL 7 site likely used an older version of MariaDB/MySQL, we need to perform a careful migration:
- On-Premise (RHEL 7): Create a final, consistent dump of the production database:
mysqldump -u root -p –single-transaction > wordpress_db_dump.sql
2. AWS Target (Ubuntu 22.04): Ansible will provision the database server (MariaDB on Ubuntu 22.04) and create the new database and user. The dump file is then securely transferred (e.g., via SCP over SSH) to the AWS instance and imported: