Name: aws-refarch-drupal
Owner: Amazon Web Services - Labs
Owner: AWS Samples
Description: This reference architecture provides best practices and a set of YAML CloudFormation templates for deploying Drupal on AWS.
Created: 2017-07-14 23:43:12.0
Updated: 2018-01-09 16:14:39.0
Pushed: 2017-07-31 18:48:06.0
Homepage: null
Size: 2076
Language: PHP
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
This reference architecture provides a set of YAML templates for deploying Drupal on AWS using Amazon Virtual Private Cloud (Amazon VPC), Amazon Elastic Compute Cloud (Amazon EC2), Auto Scaling, Elastic Load Balancing (Application Load Balancer), Amazon Relational Database Service (Amazon RDS), Amazon ElastiCache, Amazon Elastic File System (Amazon EFS), Amazon CloudFront, Amazon Route 53, Amazon Certificate Manager (Amazon ACM) with AWS CloudFormation.
You can launch this CloudFormation stack, using your account, in the following AWS Regions:
| AWS Region Code | Name | Launch |
| — | — | —
| us-east-1 |US East (N. Virginia)| 
|
| us-east-2 |US East (Ohio)| |
| us-west-2 |US West (Oregon)| |
| eu-west-1 |EU (Ireland)| |
| ap-southeast-2 |AP (Sydney)| |
The repository consists of a set of nested templates which are run in order from the master template. Run the master template to create the entire stack, entering the appropriate parameters. Nested templates can be run individually in order, entering the appropriate input parameters for each stack.
To launch the entire stack and deploy a Drupal site on AWS, click on one of the Launch Stack links above or download the Master template and launch it locally.
AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services. SSL/TLS certificates provisioned through AWS Certificate Manager are free.
If you don't already have an SSL/TLS certificate for your domain name, it is recommended that you request one using ACM. For more information about requesting an SSL/TLS certificate using ACM, please read the AWS Certificate Manager User Guide.
Use ACM to request a certificate or import a certificate into ACM. To use an ACM certificate with CloudFront (optional input parameter), you must request or import the certificate in the US East (N. Virginia) region. To use an ACM certificate with Amazon ELB - Application Load Balancer (optional input parameter), you must request or import the certificate in the region you create the CloudFormation stack. After you validate ownership of the domain names in your certificate, ACM provisions the certificate. Use the ACM certificate Amazon Resource Name (ARN) as the optional Cloudfront and/or Public ALB ACM certificate input parameters of the master template.
AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services. SSL/TLS certificates provisioned through AWS Certificate Manager are free.
There are two output URLs for the master template. The SiteURL will take you to your new Drupal site installation wizard. It will be the site domain name if you provided one, the CloudFront URL if you chose to create a CloudFront distribution, or the domain name of the public application load balancer. The second output URL will take you to the OpCache Status page for each EC2 instance in the AutoScaling group. By refreshing the page you will be able to verify OpCache has been enabled on each instance.
Before starting the installation wizard, verify that the OpCache status page is available for all EC2 instances in the AutoScaling group by clicking on the OpCacheValidationURL link of the master template's Output tab. Refresh this page a few times to verify that the EC2 instance id changes.
To start the installation wizard, click on the SiteURL link of the master template's Output tab.
Select the appropriate language and click Save and continue.
Select your desired installation profile and click Save and continue.
Enter your database configuration. Enter the Database name, Database username, and Database password you entered as parameters of the CloudFormation master template. Select ADVANCED OPTIONS and enter the DatabaseClusterEndpointAddress of the RDS cluster created with this stack. This can be found in the CloudFormation Stack window by selecting the RDS statck that was just created and selecting the Output tab. Click Save and continue.
The installation wizard will install the site.
After the site has been installed, enter the site information and click Save and continue.
OPcache is a byte-code cache engine running on each EC2 instance that caches precompiled PHP scripts that boosts performance of PHP applications like Drupal. It is recommended to use a caching engine like OpCache when serving PHP pages for a website from Amazon EFS. OPcache can be configured to store it's cache in memory or on EBS volumes.
Mount the EFS file system using the default Linux mount options identified in the Amazon EFS User Guide. Please confirm that the following options are not used when mounting the EFS file system: actimeo=3 or acregmax=3 or acdirmax=3. These options generate significantly higher metadata operations by timing out the attribute caches more frequently.
Set the realpath_cache_size to atleast 512k. Also, please get the realpath_cache_size for your workload and make sure that it is less than 512k. You can do this by placing a php file (you can use any name ? for example realpathcache.php) with the following contents in your Drupal directory and accessing. Please refresh the page multiple times before getting the final value:
p
t_r(realpath_cache_size());
Please get the number of php files using ?find . -type f -print | grep php | wc -l? in your Drupal directory. This number should be smaller than your opcache.max_accelerated_files settings. This setting controls how many PHP files, at most, can be held in memory at once. It's important that your project has LESS FILES than whatever you set this at.
Please set the opcache.memory consumption to 512MB (opcache.memory_consumption=512). The default value for this 64 (MB). In case memory size turns out to be a limiting factor for your workload, we can even configure opcache.file_cache. Also, please disable the opcache.validate_timestamps. Though it is not recommended that validate_timestamps is disabled in production, this ensures that calls are not being made to the NFS server to ensure opcache?s coherency during your testing.
To learn more about OPcache, please read http://php.net/manual/en/book.opcache.php
Drupal has a large partner ecosystem to further enhance the usability, performance, and ease of maintenance of Drupal deployments. Plugins allow you to leverage other AWS services like Amazon S3 and Amazon CloudFront to offload and store static content. Others may like the simplicity of storing all content on Amazon EFS and avoid installing and managing 3rd party plugins.
The master template receives all input parameters and passes them to the appropriate nested template which are executed in order based on conditions and dependencies. Review the template here aws-refarch-drupal-master.yaml
The master template receives all input parameters and passes them to the appropriate nested template which are executed in order based on dependencies. Review the template here aws-refarch-drupal-master.yaml
Review the template here aws-refarch-drupal-01-newvpc.yaml
The 'newvpc' stack creates the following network design:
| Item | CIDR Range | Usable IPs | Description | | — | — | — | — | | VPC | 10.0.0.0/16 | 65,536 | The whole range used for the VPC and all subnets | | Web Subnet | 10.0.0.0/22 | 1022 | Private subnet in first Availability Zone | | Web Subnet | 10.0.4.0/22 | 1022 | Private subnet in second Availability Zone | | Web Subnet | 10.0.8.0/22 | 1022 | Private subnet in third Availability Zone (if available) | | Data Subnet | 10.0.12.0/22 | 1022 | Private subnet in first Availability Zone | | Data Subnet | 10.0.16.0/22 | 1022 | Private subnet in second Availability Zone | | Data Subnet | 10.0.20.0/22 | 1022 | Private subnet in third Availability Zone (if available) | | Public Subnet | 10.0.250.0/23 | 510 | Public subnet in first Availability Zone | | Public Subnet | 10.0.252.0/23 | 510 | Public subnet in second Availability Zone | | Public Subnet | 10.0.254.0/23 | 510 | Public subnet in third Availability Zone (if available) |
You can adjust the CIDR ranges used in this section of the aws-refarch-drupal-01-newvpc.yaml template:
ings:
bnetConfig:
Vpc:
CIDR: 10.0.0.0/16
WebSubnet0:
CIDR: 10.0.0.0/22
WebSubnet1:
CIDR: 10.0.4.0/22
WebSubnet2:
CIDR: 10.0.8.0/22
DataSubnet0:
CIDR: 10.0.12.0/22
DataSubnet1:
CIDR: 10.0.16.0/22
DataSubnet2:
CIDR: 10.0.20.0/22
PublicSubnet0:
CIDR: 10.0.250.0/23
PublicSubnet1:
CIDR: 10.0.252.0/23
PublicSubnet2:
CIDR: 10.0.254.0/23
Review the template here aws-refarch-drupal-02-securitygroups.yaml
Review the template here aws-refarch-drupal-03-bastion.yaml
Review the template here aws-refarch-drupal-03-efs.yaml
Review the template here aws-refarch-drupal-03-elasticache.yaml
Review the template here aws-refarch-drupal-03-publicelb.yaml
Review the template here aws-refarch-drupal-03-rds.yaml
Review the template here aws-refarch-drupal-04-cloudfront.yaml
Review the template here aws-refarch-drupal-04-web.yaml
Review the template here aws-refarch-drupal-05-route53.yaml
If you found yourself wishing this set of frequently asked questions had an answer for a particular problem, please submit a pull request. The chances are that others will also benefit from having the answer listed here.
Portions copyright.
Drupal is licensed under the GNU General Public License (GPLv2 or later).
OPcache is licensed under PHP License, version 3.01.
Please see LICENSE.txt for applicable license terms and NOTICE.txt for applicable notices.