1 Amazon Route 53 routes end-user requests resolving

Domain Name Service (DNS).

Scaling PHP Applications on AWS

Amazon CloudFront caches content and accelerates
2
delivery, leveraging global points of presence. CloudFront
also handles SSL ending, integrating with Amazon
Certificate Manager, which automatically creates and
Running highly-available, performant and secure PHP applications. renews SSL certificates with no cost.
AWS Web Application Firewall integration with
3
CloudFront and Application Load Balancer mitigates
OWASP top 10 application vulnerabilities.
AWS Cloud 6 9 10 11
5 4 The Application Load Balancer routes HTTP/S requests to
EC2 instances running on private subnets.
5 An Amazon Linux 2 AMI contains the PHP and other
Users needed binaries, such as the AWS SDK for PHP.
AWS Certificate Amazon Linux 2 Amazon CloudWatch AWS Secrets AWS AWS AWS The Amazon CloudWatch Agent installed on the Amazon
Manager AMI with PHP Logs and Metrics Manager CodeBuild CodeCommit CodeDeploy 6
Linux 2 AMI streams application logs, additional host-level
metrics, and custom business metrics.
1
VPC Amazon EC2 Auto Scaling manages the instance launch
7 Auto Scaling 7
based on metrics such as CPU and memory. It uses Amazon
group
Availability Zone 1 Graviton instances for cost optimization.
www.example.com Amazon
Private subnet Private subnet 13 Using Systems Manager Session Manager, connect to EC2
Route 53 8
instances with web-based sessions on the AWS Console.
2 There is no need for key pairs of SSH ports to be open.
c6g 12
Public Database credentials are securely stored on AWS Secrets
subnet 9
Manager. Using the AWS SDK for PHP, the application code
Amazon EC2 Amazon Amazon Aurora Elastic retrieves the credentials stored on Secrets Manager though
Amazon Instance ElastiCache PostgreSQL network
14
CloudFront 4 an IAM Role.
for Redis - Writer interface
Application code is safely stored on AWS CodeCommit
10
3 using the familiar Git command line interface (CLI).

Application Private subnet Private subnet Amazon Elastic 11 AWS CodePipeline implements continuous integration and
Load Balancer continuous deployment (CI/CD), orchestrating code
AWS WAF File System
deployment using an AWS CodeDeploy hook that triggers
c6g when new EC2 instances are launched.
Public
8 subnet 12 Amazon ElastiCache for Redis caches session data.
Amazon EC2 Amazon Amazon Aurora Elastic
Instance ElastiCache PostgreSQL network Amazon Aurora Multi-AZ enables high-availability.
AWS Systems Manager for Redis - Reader interface 13
Application connects via DNS endpoint that handles failover
Session Manager Availability Zone 2
automatically in case of failure. The Aurora reader endpoint
handles read operations, offloading Aurora writer instance
load.
Reviewed for technical accuracy January 20, 2022
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture 14 Amazon Elastic File System (Amazon EFS) stores and
shares web content with the Auto Scaling group.