I would like to deploy Ghost on AWS in a 3-tier architecture.
So my thought process is to have 3 private subnets in 3 AZs, 3 public subnets in 3 AZs as well. Internet Gateway attached to the route table for the public subnets and a NAT Gateway attached to the private subnets. Ubuntu 18.04 LTS AMIs for the servers in the private subnets attached to auto scaling groups and a load balancer. NGINX servers in the public subnets attached to auto scaling groups and load balancer. The load balancer for the NGINX servers will serve as the origin for the Cloudfront distribution and Web Application Firewall in front of it. S3 buckets for static storage that can be accessed via VPC Gateway endpoint by all servers in the VPC as required. Now I am thinking of using either MySQL or Amazon Aurora RDS on AWS that can be only reached from the app servers in the private subnets.
Here are a few questions:
In the Ubuntu 18.04 LTS installation guide I see that nginx, sql server and everything else is installed on the same machine. Is there an installation guide for separating the installation in 3 separate tiers, web, app and db?
If you do a separate mysql or Aurora DB installation what is the guidance on creating the DB schema separately not through the ghost install process?
I have deployed ghost on Lightsail before however I don’t prefer packaged platform services since building each piece of infrastructure and controlling their security and operation is something I would like to manage myself. So the architecture I mentioned, is there something fundamentally wrong with it that Ghost cannot be deployed that way?
Thank you for your help.