Joomla on AWS ECS
Joomla on AWS ECS
This Terraform blueprint deploys a highly available and scalable Joomla site on AWS using ECS Fargate. It uses container with the latest version of Joomla 5.x and Apache web server packaged by Bitnami.
Why use this Terraform blueprint?
- Deploy enterprise-grade Joomla into your AWS environment in minutes.
- Serverless architecture leveraging ECS Fargate and Aurora to minimize operational overhead.
- CloudFront CDN accelerates content delivery and reduces latency.
- Joomla instances are protected against common web exploits using Web Application Firefall (WAF).
- Scalable and highly available architecture. No single point of failure.
- Official Bitnami Joomla image is updated regularly.
How to use this blueprint?
This blueprint contain full Terraform code, configuration files and documentation needed to deploy and maintain a Joomla site on AWS. You can use this blueprint as a turn-key solution for deploying Joomla into a new AWS account or as a starting point for your implementation.
- Download the latest blueprint release.
- Configure
tfvars
file for your environment. Configuration parameters can be found in the Configuration section. - Follow setup instructions provided separately.
Terraform structure and AWS resources
Terraform files are built using open-source Terraform modules such as CloudPosse.
This blueprint is not a Terraform module, rather it is a complete deployable Terraform stack.
Expand to see Terraform structure
alb.tf
- ALB and Target Groupscerts.tf
- ACM SSL Certificates for ALB and CloudFrontcloudfront.tf
- CloudFront configuration optimised for Joomladata.tf
- Local variables and data sourcesdatabase.tf
- RDS Aurora MySQL databasedefault.auto.tfvars
- Default configuration parameters. Edit this file to adjust the blueprint configuration. See the complete list of the Configuration parameters.dns.tf
- Route53 DNS zone and recordsecs.tf
- ECS Fargate Service and Task. EFS shared volume for persistent Joomla data.main.tf
- Main Terraform filenetwork.tf
- VPC, subnets, NAT gateways, Gateway Endpoints, and other networking resources.outputs.tf
- Output variablesprovider.tf
- Terraform AWS providers and aliasessecrets.tf
- Secrets Manager secretstfstate.tf
- Optional remote state configurationvariables.tf
- Input variable declarationsversions.tf
- Terraform version requirementswaf.tf
- WAF and ACLs' configuration. Optimised to secure Joomla deployment.examples/*.tfvars
- Configuration examples for staging and production environments. See the complete list of the Configuration parameters.modules/secret-generator/
- Secret generator module
For a full list of modules, see the Dependencies section of the Configuration document.
Architecture
This blueprint prioritizes high availability, security, scalability, and cost optimization in alignment with AWS Well-Architected Framework and other official AWS best practices.
High Availability. All components of the infrastructure are deployed at least into two Availability Zones for continuous operation. The architecture ensures your Joomla site remains online, with fault tolerance and point-in-time recovery (PITR) provided by Aurora and EFS.
Scalability. You can scale ECS tasks, EFS volume and Aurora replicas as needed. Easily adapt to changing workload demands, with automatic scaling of Aurora and EFS loads as your data and traffic grows.
Security. All components of the infrastructure are deployed into private subnets and are not directly accessible from the Internet. WAF protects instances against common web exploits.
Cost-optimization. To minimise operational overhead, the blueprint leverages fully managed components such as ECS Fargate and RDS Aurora. Furthermore, you can opt-in to use AWS Fargate Spot to reduce the cost of running ECS tasks.
Architecture Components
ECS Fargate. Joomla is deployed as an ECS Fargate task that uses Bitnami provided and hardened container image. This image is optimised for security, performance and extensibility. It is constantly updated with the latest releases by Bitnami.
Elastic File System (EFS). A shared EFS volume is used for persisting and distributing data across Availability Zones. It enables stateful operation of Joomla and data sharing among instances. ECS tasks access shared Joomla data in an EFS file system using Mount Targets created in each AZ.
RDS Aurora MySQL. This managed database service is used for persisting Joomla data and ensures high availability, scalability, and automatic backups with point-in-time recovery support.
Application Load Balancer (ALB). ALB is deployed in a public subnet and serves as a single entry point for all incoming traffic. It provides secure and efficient routing of traffic to Joomla instances.
CloudFront (Optional). CloudFront CDN is used in to serve static and dynamic content, accelerate content delivery, and reduce latency. It enhances website performance and reduces server load by caching content at the edge. In this blueprint, CloudFront operates in reverse proxy mode where all requests go through CloudFront and it pulls content from the origin (ALB).
Web Application Firewall (WAF) (Optional). This component protects Joomla instances against Joomla-specific as well as common web exploits (OWASP). It enhances the security of your Joomla application by shielding it from known vulnerabilities. Moreover, it can be extended with custom rules to meet your specific security requirements.
Jumpbox and SSM Session Manager (Optional). Jumpbox, an SSM Managed EC2 Instance, acts as a gateway for connecting to the Aurora database using SSM Session Manager. Connection to Joomla ECS task is also enabled by SSM Session Manager and ECS Exec. Details about connecting to Joomla tasks and MySQL database are provided in the Maintenance documentation.
AWS Certificate Manager (ACM). ACM is used for managing SSL certificates for ALB and CloudFront.
Route53. Joomla DNS records and ACM certificate verification records will be added to the provided Route53 zone. If no zone is provided, the blueprint will create a new public hosted zone for the specified TLD.
Data Encryption and Secrets Management
Data Encryption. All data at rest, including EFS and RDS Aurora, is encrypted using AWS Key Management Service (KMS). Optionally, existing KMS Customer Managed Keys (CMKs) can be specified to encrypt data at rest. This ensures data security and compliance with encryption standards.
Secrets Management. All secrets, such as database credentials and API keys, are stored in AWS Secrets Manager. It provides centralized and secure storage and rotation of secrets, with the option to encrypt them further using KMS Customer Managed Keys (CMKs).
For more detailed information on deploying and maintaining this Terraform blueprint, please refer to the associated Maintenance documentation.
Performance and Scalability
Joomla deployments with rarely updated or static content will benefit from CloudFront CDN which can handle most of the requests under 30 ms. It will also reduce the load on the ECS instances.
For deployments with predominantly dynamic content, the performance will depend on the ECS Fargate, Aurora and EFS configuration.
ECS Fargate instances can be scaled horizontally and vertically to handle increased traffic. Shared EFS volume can provide up to 250,000 read and 50,000 write IOPS with throughput reaching 10 GiB/s. Aurora MySQL instances can be scaled vertically to handle increased database load and storage throughput.
Maintenance
As a part of the blueprint package, you provided documentation and tools to help you maintain your Joomla site on AWS. Joomla maintenance covers the following topics:
- Scaling options and instructions for Joomla instances and the database.
- Updating Joomla and MySQL.
- Backup and restore procedures for MySQL and EFS.
- Remote access to Joomla instances and MySQL database.
- Using Joomla CLI and installing plugins.
- Advanced Joomla container customization.
FAQ
How much does it cost to run Joomla on AWS ECS?
The cost of running this blueprint on AWS depends on the size and number of instances, database, and other resources configured. We estimate that a small Joomla site with a single instance and a small database can cost aroud $120 per month. A large Joomla site with multiple and more powerful instances can cost hundreds of dollars per month.
What is the difference between this blueprint and the AWS Lightsail for Joomla?
Lightsail is tailored for users looking for a simplified and user-friendly experience. It offers pre-configured virtual private servers with an easy-to-use management console, making it ideal for beginners. Lightsail simplifies management tasks and offers fixed monthly cost. However, it has limitations in scalability and customization, making it more suitable for smaller to medium-sized websites.
On the other hand, architecture of this blueprint leverages building blocks such as ECS Fargate, Aurora and CloudFront to provide greater flexibility, scalability, and customization options. It allows users to fine-tune their cloud infrastructure to meet specific needs, making it ideal for advanced use cases.
Unlike Lightsail, most of the AWS services have usage-based pricing. Therefore, while this blueprint offers more customization, it's essential to monitor resource usage carefully to control costs effectively.
What is the difference between this blueprint and deploying Joomla on AWS Beanstalk?
AWS Beanstalk is a managed PaaS that abstracts away the underlying infrastructure. It offers a simplified deployment experience and is ideal for beginners. However, it has limitations in scalability and customization, making it more suitable for smaller to medium-sized websites.
In many ways, a solution based on AWS Beanstalk would look similar to this blueprint and require CloudFront, Aurora, and EFS to work. Therefore, Beanstalk-based solution would be less flexible without offering any significant benefits.
How often is this blueprint updated?
This blueprint is updated regularly to ensure it is compatible with the latest Terraform version, providers and modules. It also being updated with the latest Joomla and Bitnami releases.
What new features are planned for this blueprint?
We are currently working on adding the following features:
- ECS Autoscaling support
- ECS Fargate Spot support
- ECS Fargate Graviton support
- ElastiCache Memcached support
- CloudWatch dashboards and alarms
- Aurora Serverless configuration