Hosting a WordPress blog on Amazon Web Services is hard to beat, provided that you have a working knowledge of WinSCP and PuTTY, or the equivalent SFTP and SSH functionality on a non-Windows device. Of course, it pays to thoroughly understand the install documentation beforehand, but you can be logging into your WordPress admin page in just a few minutes.
But then the issues come to light. Out of the box, Bitnami installs WordPress over Ubuntu Linux, on the AWS Elastic Computing Cloud “instance” (an EC2 virtual server) with a restrictive permissions scheme that won’t let WordPress install anything (like new themes or plugins). That’s frustrating if you don’t know what to expect, but actually it’s good for the security of your new site, and it’s easy to address. I’m not going to pretend to be knowledgeable on Linux, so I’ll just point you to Morgan Hvidt’s page about how to address it.
Another feature that throws new users for a loop is that Bitnami’s Ubuntu configuration disables the htaccess file that some plugins use to configure their features. Again, it’s a good thing from a security standpoint, but it seems to confuse a lot of people. One of my core plugins is All In One WP Security, so when I setup this plugin I have to copy what they write to my dummy htaccess file, and paste it into the Ubuntu htaccess.conf file. For me, that’s a fairly small price to pay, for the additional security.
If Bitnami’s default permissions cause some users to stumble, their Ubuntu module configuration does not. Here are some performance statistics from Pingdom Tools both with the default Bitnami configuration and with the WP Super Cache module enabled. For comparison, I’ve also included the Pingdom Tools statistics for a similar WordPress.com site:
Default Bitnami Ubuntu Configuration
Performance grade: 94
Page size: 805.1 KB
Load time: 338 ms
With WP Super Cache Plugin
Performance grade: 94
Page size: 805.2 KB
Load time: 335 ms
Similar Site on WordPress.com
Performance grade: 68
Page size: 1.2 MB
Load time: 1.79 S
At least on one of Amazon’s T2-Micro instances, caching plugins offer no measurable benefit over Bitnami’s Ubunto configuration (certainly they would on a larger instance with more RAM and faster disk). Presumably much of that performance comes from mod_pagespeed, which is enabled by default. The other changes that I made to the default configuration were to enable the Mod_Security, Mod_HTTP2 and Mod_RemoteIP modules. These are all installed, but they are commented out, in the httpd.conf file.
As for Mod_Security, the Bitnami stack ships with version 2.6.7 which is woefully out of date and basically unusable behind a load balancer (X-Forward-For headers bug). Fortunately, it's a fairly straight forward installation - the only dependency that I had to install was libxml2-dev. With a current version of Mod_Security installed, you can then also run the OWASP Core Rule Set.
If you're going to be on AWS you might as well make the most of their cloud schema, which is as simple as applying an Elastic Load Balancer to your EC2 instance. Each instance - even the lowly T2 Micro - has a number of availability zones, which the ELB will use to distribute the web traffic. Another benefit of the ELB is that you can apply an Amazon SSL Certificate to it.
Setting up a WordPress blog on AWS might not be for everybody, but even if you don't have any experience it's easily achievable, and you'll be a lot smarter when it's finished - always a good thing.