AWS Elastic Beanstalk
Developer Guide

Deploying a High-Availability WordPress Website with an External Amazon RDS Database to Elastic Beanstalk

This tutorial describes how you launch an Amazon RDS DB instance that is external to AWS Elastic Beanstalk. Then it describes how to configure a high-availability environment running a WordPress website to connect to it. The website uses Amazon Elastic File System (Amazon EFS) as shared storage for uploaded files. Running a DB instance external to Elastic Beanstalk decouples the database from the lifecycle of your environment. This lets you connect to the same database from multiple environments, swap out one database for another, or perform a blue/green deployment without affecting your database.


This tutorial assumes that you have some knowledge of basic Elastic Beanstalk operations and the Elastic Beanstalk console. If you haven't already, follow the instructions in Getting Started Using Elastic Beanstalk to launch your first Elastic Beanstalk environment.

To follow the procedures in this guide, you will need a command line terminal or shell to run commands. Commands are shown in listings preceded by a prompt symbol ($) and the name of the current directory, when appropriate:

~/eb-project$ this is a command this is output

On Linux and macOS, use your preferred shell and package manager. On Windows 10, you can install the Windows Subsystem for Linux to get a Windows-integrated version of Ubuntu and Bash.

The procedures in this tutorial for Amazon Relational Database Service (Amazon RDS) tasks assume that you are launching resources in a default Amazon Virtual Private Cloud (Amazon VPC). All new accounts include a default VPC in each region. If you don't have a default VPC, the procedures will vary. See Using Elastic Beanstalk with Amazon Relational Database Service for instructions for EC2-Classic and custom VPC platforms.

The sample application uses Amazon EFS. It only works in AWS Regions that support Amazon EFS. To learn about supporting AWS Regions, see AWS Regions and Endpoints in the Amazon Web Services General Reference.

This tutorial was developed with WordPress version 4.9.5 and PHP 7.0.

Launch a DB Instance in Amazon RDS

To use an external database with an application running in Elastic Beanstalk, first launch a DB instance with Amazon RDS. When you launch an instance with Amazon RDS, it is completely independent of Elastic Beanstalk and your Elastic Beanstalk environments, and will not be terminated or monitored by Elastic Beanstalk.

Use the Amazon RDS console to launch a Multi-AZ MySQL DB instance. Choosing a Multi-AZ deployment ensures that your database will fail over and continue to be available if the master DB instance goes out of service.

To launch an RDS DB instance in a default VPC

  1. Open the RDS console.

  2. Choose Databases in the navigation pane.

  3. Choose Create database.

  4. Choose a database engine. Choose Next.

  5. Choose a use case, if prompted.

  6. Under Specify DB details, review the default settings and adjust as necessary. Pay attention to the following options:

    • DB instance class – Choose an instance size that has an appropriate amount of memory and CPU power for your workload.

    • Multi-AZ deployment – For high availability, set to Create replica in different zone.

    • Master username and Master password – The database username and password. Make a note of these settings because you'll use them later.

  7. Choose Next.

  8. Under Database options, for Database name, type ebdb. Make a note of the Database port value for use later.

  9. Verify the default settings for the remaining options, and choose Create database.

Next, modify the security group attached to your DB instance to allow inbound traffic on the appropriate port. This is the same security group that you will attach to your Elastic Beanstalk environment later, so the rule that you add will grant ingress permission to other resources in the same security group.

To modify the ingress rules on your RDS instance's security group

  1. Open the Amazon RDS console.

  2. Choose Databases.

  3. Choose the name of your DB instance to view its details.

  4. In the Connectivity section, note the Subnets, Security groups, and Endpoint shown on this page so you can use this information later.

  5. Under Security, you can see the security group associated with the DB instance. Open the link to view the security group in the Amazon EC2 console.

        Connectivity section of a DB instance page in the Amazon RDS console
  6. In the security group details, choose Inbound.

  7. Choose Edit.

  8. Choose Add Rule.

  9. For Type, choose the DB engine that your application uses.

  10. For Source, type sg- to view a list of available security groups. Choose the current security group to allow resources in the security group to receive traffic on the database port from other resources in the same group.

        Edit the inbound rules for a security group in the Amazon EC2 console
  11. Choose Save.

Creating a DB instance takes about 10 minutes. In the meantime, download WordPress and create your Elastic Beanstalk environment.

Download WordPress

To prepare to deploy WordPress using AWS Elastic Beanstalk, you must copy the WordPress files to your computer and provide some configuration information.

To create a WordPress project

  1. Download WordPress from

    ~$ curl -o wordpress.tar.gz
  2. Download the configuration files from the sample repository:

    ~$ wget
  3. Extract WordPress and change the name of the folder.

    ~$ tar -xvf wordpress.tar.gz ~$ mv wordpress wordpress-beanstalk ~$ cd wordpress-beanstalk
  4. Extract the configuration files over the WordPress installation.

    ~/wordpress-beanstalk$ unzip ../ creating: .ebextensions/ inflating: .ebextensions/dev.config inflating: .ebextensions/efs-create.config inflating: .ebextensions/efs-mount.config inflating: .ebextensions/loadbalancer-sg.config inflating: .ebextensions/wordpress.config inflating: LICENSE inflating: inflating: wp-config.php

Launch an Elastic Beanstalk Environment

Use the AWS Management Console to create an Elastic Beanstalk environment. Choose the PHP platform and accept the default settings and sample code. After you launch the environment, you can configure the environment to connect to the database, then deploy the WordPress code to the environment.

To launch an environment (console)

  1. Open the Elastic Beanstalk console using this preconfigured link:

  2. For Platform, choose the platform that matches the language used by your application.

  3. For Application code, choose Sample application.

  4. Choose Review and launch.

  5. Review the available options. When you're satisfied with them, choose Create app.

Environment creation takes about 5 minutes and creates the following resources:

  • EC2 instance – An Amazon Elastic Compute Cloud (Amazon EC2) virtual machine configured to run web apps on the platform that you choose.

    Each platform runs a specific set of software, configuration files, and scripts to support a specific language version, framework, web container, or combination of these. Most platforms use either Apache or nginx as a reverse proxy that sits in front of your web app, forwards requests to it, serves static assets, and generates access and error logs.

  • Instance security group – An Amazon EC2 security group configured to allow inbound traffic on port 80. This resource lets HTTP traffic from the load balancer reach the EC2 instance running your web app. By default, traffic isn't allowed on other ports.

  • Load balancer – An Elastic Load Balancing load balancer configured to distribute requests to the instances running your application. A load balancer also eliminates the need to expose your instances directly to the internet.

  • Load balancer security group – An Amazon EC2 security group configured to allow inbound traffic on port 80. This resource lets HTTP traffic from the internet reach the load balancer. By default, traffic isn't allowed on other ports.

  • Auto Scaling group – An Auto Scaling group configured to replace an instance if it is terminated or becomes unavailable.

  • Amazon S3 bucket – A storage location for your source code, logs, and other artifacts that are created when you use Elastic Beanstalk.

  • Amazon CloudWatch alarms – Two CloudWatch alarms that monitor the load on the instances in your environment and that are triggered if the load is too high or too low. When an alarm is triggered, your Auto Scaling group scales up or down in response.

  • AWS CloudFormation stack – Elastic Beanstalk uses AWS CloudFormation to launch the resources in your environment and propagate configuration changes. The resources are defined in a template that you can view in the AWS CloudFormation console.

  • Domain name – A domain name that routes to your web app in the form

All of these resources are managed by Elastic Beanstalk. When you terminate your environment, Elastic Beanstalk terminates all the resources that it contains. The RDS DB instance that you launched is outside of your environment, so you are responsible for managing its lifecycle.


The Amazon S3 bucket that Elastic Beanstalk creates is shared between environments and is not deleted during environment termination. For more information, see Using Elastic Beanstalk with Amazon S3.

Configure Security Groups and Environment Properties

Add the security group of your DB instance to your running environment. This procedure causes Elastic Beanstalk to reprovision all instances in your environment with the additional security group attached.

To add a security group to your environment

  • Do one of the following:

    • To add a security group using the Elastic Beanstalk console

      1. Open the Elastic Beanstalk console.

      2. Navigate to the management page for your environment.

      3. Choose Configuration.

      4. In the Instances configuration category, choose Modify.

      5. Under EC2 security groups, choose the security group to attach to the instances, in addition to the instance security group that Elastic Beanstalk creates.

      6. Choose Apply.

      7. Read the warning, and then choose Confirm.

    • To add a security group using a configuration file, use the securitygroup-addexisting.config example file.

Next, use environment properties to pass the connection information to your environment. The sample application uses a default set of properties that match the ones that Elastic Beanstalk configures when you provision a database within your environment.

To configure environment properties for an Amazon RDS DB instance

  1. Open the Elastic Beanstalk console.

  2. Navigate to the management page for your environment.

  3. Choose Configuration.

  4. In the Software configuration category, choose Modify.

  5. In the Environment properties section, define the variables that your application reads to construct a connection string. For compatibility with environments that have an integrated RDS DB instance, use the following.

    • RDS_HOSTNAME – The hostname of the DB instance.

      Amazon RDS console label – Endpoint (this is the hostname)

    • RDS_PORT – The port on which the DB instance accepts connections. The default value varies among DB engines.

      Amazon RDS console label – Port

    • RDS_DB_NAME – The database name, ebdb.

      Amazon RDS console label – DB Name

    • RDS_USERNAME – The user name that you configured for your database.

      Amazon RDS console label – Username

    • RDS_PASSWORD – The password that you configured for your database.

        Environment Properties section with RDS properties added
  6. Choose Apply.

Configure and Deploy Your Application

Verify that the structure of your wordpress-beanstalk folder is correct, as shown.

wordpress-beanstalk$ tree -aL 1 . ├── .ebextensions ├── index.php ├── LICENSE ├── license.txt ├── readme.html ├── ├── wp-activate.php ├── wp-admin ├── wp-blog-header.php ├── wp-comments-post.php ├── wp-config.php ├── wp-config-sample.php ├── wp-content ├── wp-cron.php ├── wp-includes ├── wp-links-opml.php ├── wp-load.php ├── wp-login.php ├── wp-mail.php ├── wp-settings.php ├── wp-signup.php ├── wp-trackback.php └── xmlrpc.php

The customized wp-config.php file from the project repo uses the environment variables that you defined in the previous step to configure the database connection. The .ebextensions folder contains configuration files that create additional resources within your Elastic Beanstalk environment.

The configuration files require modification to work with your account. Replace the placeholder values in the files with the appropriate IDs and create a source bundle.

To update configuration files and create a source bundle.

  1. Modify the configuration files as follows.

    • .ebextensions/dev.config – restricts access to your environment to your IP address to protect it during the WordPress installation process. Replace the placeholder IP address near the top of the file with the public IP address of the computer you'll use to access your environment's web site to complete your WordPress installation. Depending on your network topology, you might need to use an IP address block.

    • .ebextensions/efs-create.config – creates an EFS file system and mount points in each Availability Zone / subnet in your VPC. Identify your default VPC and subnet IDs in the Amazon VPC console.

  2. Create a source bundle containing the files in your project folder. The following command creates a source bundle named

    ~/eb-wordpress$ zip ../ -r * .[^.]*

Upload the source bundle to Elastic Beanstalk to deploy WordPress to your environment.

To deploy a source bundle

  1. Open the Elastic Beanstalk console.

  2. Navigate to the management page for your environment.

  3. Choose Upload and Deploy.

  4. Use the on-screen dialog box to upload the source bundle.

  5. Choose Deploy.

  6. When the deployment completes, choose the site URL to open your website in a new tab.

Install WordPress

To complete your WordPress installation

  1. Open the Elastic Beanstalk console.

  2. Navigate to the management page for your environment.

  3. Choose the environment URL to open your site in a browser. You are redirected to a WordPress installation wizard because you haven't configured the site yet.

  4. Perform a standard installation. The wp-config.php file is already present in the source code and configured to read the database connection information from the environment. You shouldn't be prompted to configure the connection.

Installation takes about a minute to complete.

Update Keys and Salts

The WordPress configuration file wp-config.php also reads values for keys and salts from environment properties. Currently, these properties are all set to test by the wordpress.config file in the .ebextensions folder.

The hash salt can be any value that meets environment property requirements, but you should not store it in source control. Use the Elastic Beanstalk console to set these properties directly on the environment.

To update environment properties

  1. Open the Elastic Beanstalk console.

  2. Navigate to the management page for your environment.

  3. On the navigation pane, choose Configuration.

  4. Under Software, choose Modify.

  5. For Environment properties, modify the following properties:

    • AUTH_KEY – The value chosen for AUTH_KEY.

    • SECURE_AUTH_KEY – The value chosen for SECURE_AUTH_KEY.

    • LOGGED_IN_KEY – The value chosen for LOGGED_IN_KEY.

    • NONCE_KEY – The value chosen for NONCE_KEY.

    • AUTH_SALT – The value chosen for AUTH_SALT.

    • SECURE_AUTH_SALT – The value chosen for SECURE_AUTH_SALT.

    • LOGGED_IN_SALT – The value chosen for LOGGED_IN_SALT.

    • NONCE_SALT — The value chosen for NONCE_SALT.

  6. Choose Apply.

Setting the properties on the environment directly overrides the values in wordpress.config.

Remove Access Restrictions

The sample project includes a configuration file (loadbalancer-sg.config) that creates a security group and assigns it to the environment's load balancer, using the IP address that you configured in dev.config to restrict HTTP access on port 80 to connections from your network. Otherwise, an outside party could potentially connect to your site before you have installed WordPress and configured your admin account.

Now that you've installed WordPress, remove the configuration file to open the site to the world.

To remove the restriction and update your environment

  1. Delete the .ebextensions/loadbalancer-sg.config file from your project directory.

    ~/wordpress-beanstalk$ rm .ebextensions/loadbalancer-sg.config
  2. Create a source bundle.

    ~/eb-wordpress$ zip ../ -r * .[^.]*

Upload the source bundle to Elastic Beanstalk to deploy WordPress to your environment.

To deploy a source bundle

  1. Open the Elastic Beanstalk console.

  2. Navigate to the management page for your environment.

  3. Choose Upload and Deploy.

  4. Use the on-screen dialog box to upload the source bundle.

  5. Choose Deploy.

  6. When the deployment completes, choose the site URL to open your website in a new tab.

Configure Your Auto Scaling Group

Finally, configure your environment's Auto Scaling group with a higher minimum instance count. Run at least two instances at all times to prevent the web servers in your environment from being a single point of failure. This also allows you to deploy changes without taking your site out of service.

To configure your environment's Auto Scaling group for high availability

  1. Open the Elastic Beanstalk console.

  2. Navigate to the management page for your environment.

  3. Choose Configuration.

  4. In the Capacity configuration category, choose Modify.

  5. In the Auto Scaling Group section, set Min instances to 2.

  6. Choose Apply.

To support content uploads across multiple instances, the sample project uses Amazon Elastic File System to create a shared file system. Create a post on the site and upload content to store it on the shared file system. View the post and refresh the page multiple times to hit both instances and verify that the shared file system is working.

Upgrade WordPress

To upgrade to a new version of WordPress, back up your site and deploy it to a new environment. Do not use the update functionality within WordPress or update your source files to use a new version. Both of these actions can result in your post URLs returning 404 errors even though they are still in the database and file system.

To upgrade WordPress

  1. Export your posts to an XML file with the export tool in the WordPress admin console.

  2. Deploy and install the new version of WordPress to Elastic Beanstalk with the same steps that you used to install the previous version. To avoid downtime, you can create a new environment with the new version.

  3. On the new version, install the WordPress importer tool in the admin console and use it to import the XML file containing your posts. If the posts were created by the admin user on the old version, assign them to the admin user on the new site instead of trying to import the admin user.

  4. If you deployed the new version to a separate environment, do a CNAME swap to redirect users from the old site to the new site.


When you finish working with Elastic Beanstalk, you can terminate your environment. Elastic Beanstalk terminates all AWS resources associated with your environment, such as Amazon EC2 instances, database instances, load balancers, security groups, and alarms.

To terminate your Elastic Beanstalk environment

  1. Open the Elastic Beanstalk console.

  2. Navigate to the management page for your environment.

  3. Choose Actions, and then choose Terminate Environment.

  4. Use the on-screen dialog box to confirm environment termination.

With Elastic Beanstalk, you can easily create a new environment for your application at any time.

In addition, you can terminate database resources that you created outside of your Elastic Beanstalk environment. When you terminate an Amazon RDS database instance, you can take a snapshot and restore the data to another instance later.

To terminate your RDS DB instance

  1. Open the Amazon RDS console.

  2. Choose Databases.

  3. Choose your DB instance.

  4. Choose Actions, and then choose Delete.

  5. Choose whether to create a snapshot, and then choose Delete.

Next Steps

As you continue to develop your application, you'll probably want a way to manage environments and deploy your application without manually creating a .zip file and uploading it to the Elastic Beanstalk console. The Elastic Beanstalk Command Line Interface (EB CLI) provides easy-to-use commands for creating, configuring, and deploying applications to Elastic Beanstalk environments from the command line.

The sample application uses configuration files to configure PHP settings and create a table in the database, if it doesn't already exist. You can also use a configuration file to configure your instances' security group settings during environment creation to avoid time-consuming configuration updates. See Advanced Environment Customization with Configuration Files (.ebextensions) for more information.

For development and testing, you might want to use the Elastic Beanstalk functionality for adding a managed DB instance directly to your environment. For instructions on setting up a database inside your environment, see Adding a Database to Your Elastic Beanstalk Environment.

If you need a high-performance database, consider using Amazon Aurora. Amazon Aurora is a MySQL-compatible database engine that offers commercial database features at low cost. To connect your application to a different database, repeat the security group configuration steps and update the RDS-related environment properties.

Finally, if you plan on using your application in a production environment, you will want to configure a custom domain name for your environment and enable HTTPS for secure connections.