WordPress on ECS
A production-style WordPress deployment on ECS Fargate with two tasks sharing a real NFS-backed EFS filesystem for wp-content. The application connects to RDS MySQL for the database, uses CloudFront as a CDN, and serves HTTPS through an ALB with ACM certificate. This scenario validates Simfra's ability to run a stateful vendor application with shared filesystem requirements.
Services
| Service | Role |
|---|---|
| ECS Fargate | Two WordPress tasks running wordpress:php8.3-apache |
| ECR | Container image repository |
| ELBv2 | ALB with HTTPS listener (ACM) routing to ECS tasks |
| RDS | MySQL 8.0 database with KMS encryption at rest |
| EFS | Shared NFS filesystem for wp-content, backed by real nfs-ganesha server |
| S3 | Media backup bucket with SSE-KMS encryption |
| CloudFront | CDN distribution in front of the ALB |
| Route53 | Hosted zone with ALIAS records for CloudFront and ALB |
| ACM | TLS certificate for HTTPS termination |
| Secrets Manager | WordPress database credentials and auth keys |
| KMS | Encryption keys for RDS, EFS, and S3 |
| IAM | Execution role (ECR, Secrets, Logs) and task role (S3, EFS) |
| CodeCommit | Source repository |
| CodeBuild | Docker image build and ECR push |
| CodePipeline | Deployment orchestration |
Architecture
Client --> CloudFront --> Route53 ALIAS --> ALB (HTTPS, ACM)
|
v
ECS Fargate (2 tasks)
wordpress:php8.3-apache
| |
v v
RDS MySQL EFS (nfs-ganesha)
(KMS) /wp-content/
|
v
S3 media backup
Both ECS tasks mount the same EFS filesystem at /var/www/html/wp-content, using a real nfs-ganesha NFS server running on the VPC Docker network. This means media uploaded by one task is immediately visible to the other. WordPress auth keys are shared across tasks via Secrets Manager for consistent cookie handling.
What This Validates
- ECS Fargate running a real vendor application (WordPress) with Apache
- EFS with real NFS mounts via nfs-ganesha - not simulated, actual NFS protocol
- Cross-task file sharing: media uploaded through one task visible on the other immediately
- RDS MySQL 8.0 Docker container with KMS encryption
- CloudFront CDN distribution with ALB origin
- ALB HTTPS termination with ACM certificate
- WordPress REST API operations: admin login, post/page CRUD, media upload
- Secrets Manager for database credentials and application secrets
- Multi-task consistency with shared auth keys
Test Coverage
Tests include smoke checks for all resources and health endpoints, integration tests for WordPress admin login, post and page creation through the REST API, media upload with EFS cross-task consistency verification, security tests for KMS encryption on RDS/EFS/S3 and Secrets Manager, and performance tests with 50 concurrent health checks and 20 concurrent homepage requests.