1. Setup HA Environment (Create EC2, EFS, ALB..etc.

)
a) Create & config 3 Security Groups for EC2, ALB & Data
b) Create Key Pairs for SSH
c) Create RDS - Maria DB
i. Config DB encoding in Parameter Group
d) Create EC2
i. Create EC2 with EBS
ii. Create and assign SSH key
iii. Assign Elastic IPs (for SSH Access)
iv. Install PuTTy & WinSCP for SSH Access
e) Create EFS
i. Attach EFS as folder
ii. Enable Auto Mount
iii. Create dummy files for EFS Burst Credit (refer to 4d)
f) Install Apache & PHP 7.4
g) Create ALB (endpoint for domain mapping)
h) Create Target Group
i) Download WordPress
j) Deploying WordPress to EFS

2. WordPress Setup & install php moudules

a) Install WordPress
b) Setup php Memory Limit
c) Install apache modules
mod_rewrite, mod_headers, mod_expires, mod_deflate
d) Install require php modules
mysqli, curl, Imagick, mbstring, xml, xip, Intl, gzip, opcache, openssl
e) Setup mpm_event mode & fpm config

3. Deploy “cdi.hkma.gov.hk” WordPress package

a) Create Duplicator package from cdi.hkma.gov.hk
b) Deploy cdi.hkma.gov.hk Duplicator package.

4. Setup S3 Bucket for Duplicator Backup

a) Create S3 bucket for Duplicator Backup
b) Create S3 Access Key & S3 mount in Duplicator
c) Setup Duplicator Backup (30 days daily backup)

5. Setup AWS Auto Scaling

a) Create AMI (EC2 Image)
b) Create Instance Launch Template
c) Create Auto Scaling Group
i. Dynamic scaling policies configuration
ii. Setup ASG Activity Notifications
iii. Assign Protected Instance

6. Setup AWS CloudWatch

 a) Create CloudWatch Dashboards with 17 Metrics
b) Create SNS Topics for alarms notification
c) Create 10 alarms with notification
d) EFS Burst Credit Affect and Maintenance

7. Setup AWS Backup

a) Create Backup vault
b) Create Backup plan
c) Create Protected Resources

8. Security Configuration
a) Setup VPC Public Subnets Network ACL
b) Hide Apache/php Version
c) Add Security Headers in php .htacess
d) Robot.txt config
e) WordPress member folder access right (.htaccess)
f) WordFence configuration & License installation

9. SSL Cert setup with ALB & ACM

a) Import SSL cert to ACM
b) Listeners configuration for 80 & 443

10. Setup AWS System Manager

a) Quick Setup

11. Update Instance Patches & Update AMI (maintenance)

a) Update patches in Patch Manager
b) Update patches in SSH
c) Re-create updated AMI for Auto Scaling
Item a
The whole setup process of :
1. HA Environment (Create SG, EC2, EFS, RDS & ALB).
2. WordPress initial setup & install Apache/PHP modules.
3. Deploy “cdi.hkma.gov.hk” Duplicator WordPress package.
4. S3 Bucket for Duplicator Backup.
5. AWS Auto Scaling.
6. AWS CloudWatch.
7. AWS Backup.
8. Security Configuration.
9. SSL Cert setup with ALB & ACM.
10. AWS System Manager.
11. Update Instance Patches & Update AMI (maintenance).

Item b
List the existing configuration of :
1. SG, EC2, EFS, RDS & ALB.
2. Apache & php configuration & requires modules.
3. S3 Bucket & Duplicator.
4. AWS Auto Scaling.
5. AWS CloudWatch.
6. AWS Backup.
7. Security Configuration.
8. ALB & ACM.
9. AWS System Manager.
10. Update Instance Patches & Update AMI (maintenance).