Trying to connect to use AWS S3 for the first time can be confusing. Here is a quick guide to roughly what has to happen.

Basic Steps to Set up S3

The only two sections you need in the AWS console for this are “S3” and “IAM”…

  • Create a S3 bucket.
  • Make a S3 bucket policy.
  • Create a policy to access the bucket in IAM.
  • Create a “programmatic-only” user for the bucket and attach this policy to it (IAM).

Store the info for your user (the secret will not be displayed a second time). You’ll use this to connect with the S3 instance in your code.

Easy, huh?

AWS is pretty good at telling you when you’re about to do something stupid during this process. There are plenty of warning signs on the screen if you make anything public. AWS is all about security and particularly dislikes us making things public that should not be public.

The bucket policy and user policy are both in JSON format.

There is a website to help you make the correct JSON but the form itself is pretty good at telling you if there is an error in your policy or you’ve made your bucket public. An example Bucket policy might look like…

{
    "Version": "2012-10-17",
    "Id": "Policy123465789",
    "Statement": [
        {
            "Sid": "Allow ALL access to the bucket by one user",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::111111111111:user/myusername"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::my-bucket-name",
                "arn:aws:s3:::my-bucket-name/*"
            ]
        }
    ]
}

The user policy (IAM) is created by a wizard but then if you want to edit the policy you see that it is also a piece of JSON. Each action is listed in the JSON so it would be very easy indeed to simply delete the actions in the JSON, or just unselect a specific action when you’re creating the policy.

AWS S3 Docs

The AWS S3 docs for PHP are pretty extensive but getting to the exact thing you need is not always straightforward. I found that I was making a lot of google searches in order to find what I was looking for because the navigation wasn’t that great.

This page on the AWS SDK for PHP S3StreamWrapper was particularly well laid out and useful. The main AWS SDK for PHP docs are pretty extensive as long as you know the name of the function you want to use.

Also, if you do a search for instructions on how to do a certain thing, like connect to S3, make sure the article is fairly up-to-date. Earlier versions allow you to connect in different ways that may not always work with the current version of the AWS SDK. Other things may be similar/the same.

As with most programming, there are often multiple ways to complete the same task. For example, in the example below there are at least two ways to output the JPEGs to the screen via PHP (see comments in the code).

You can use this PHP code in any AWS instance that you can code PHP in. I added this to my Lightsail instance but it would also work on EC2 or with any other non-AWS hosting…

S3 Gallery and JPEG Displayer Example

This is a simple code to turn every file in every bucket into a gallery. This is the code to create the list of “thumbs”. In this case, the thumbs are the large image but made smaller with CSS.

<?php

// Require the Composer autoloader.
require '../vendor/autoload.php';

use Aws\S3\S3Client;

try {

    // Instantiate the S3 client with your AWS credentials
    $s3Client = S3Client::factory(array(
        'version' => 'latest',
        'region'  => 'eu-west-2',
        'credentials' => array(
            'key'    => 'unique_string', // From AWS IAM user
            'secret' => 'unique_secret_string' // From AWS IAM user
        )
    ));

    //Listing all S3 Bucket
    $buckets = $s3Client->listBuckets();
    foreach ($buckets['Buckets'] as $bucket) {
        $bucket = $bucket['Name'];
        $objects = $s3Client->getIterator('ListObjects', array(
            "Bucket" => $bucket
        ));

        // Show each one 200x200 and link to full-size file...
        foreach ($objects as $myobject) {
            echo "<p><a href=\"/showitem.php?item={$myobject['Key']}\"><img src=\"/showitem.php?item={$myobject['Key']}\" style=\"height: 200px; width: 200px;\"></a></p>\n";
        } // end foreach
    } // end foreach


}catch(Exception $e) {
    // Only show this for testing purposes...
   exit($e->getMessage());
}

Then, to display the files from the S3 bucket, we do not want to have the AWS S3 URL in the browser, so we’re going to display the images through PHP with the showitem.php file. Here is the code for that file, it’s a very simple image displayer

<?php

// Require the Composer autoloader.
require '../vendor/autoload.php';

use Aws\S3\S3Client;

$bucket = "my-bucket-name";

try {

    // Instantiate the S3 client with your AWS credentials
    $s3Client = S3Client::factory(array(
        'version' => 'latest',
        'region'  => 'eu-west-2',
        'credentials' => array(
            'key'    => 'unique_string', // From AWS IAM user
            'secret' => 'unique_secret_string' // From AWS IAM user
        )
    ));

    $s3Client->registerStreamWrapper();

    if(isset($_GET['item'])){
        $keyname= filter_var($_GET['item'], FILTER_SANITIZE_STRING);

        // Get the object.
        $result = $s3Client->getObject([
            'Bucket' => $bucket,
            'Key'    => $keyname
        ]);

        // Display the object in the browser.
        $type = $result['ContentType'];
        $size = $result["ContentLength"];
        header('Content-Type:'.$type);
        header('Content-Length: ' . $size);
        echo $result['Body'];

        // Alternatively, get file contents from S3 Bucket like this...
        // $data = file_get_contents('s3://'.$bucket.'/'.$keyname);
        // echo $data;
    }

}catch(Exception $e) {
    // Only show this for testing purposes...
    exit($e->getMessage());
}

When you add a file to S3, you’re probably either doing it programmatically, or you’re dragging and dropping into the S3 Browser. When you want to use the file, you’ll find that you can get quite a lot of information from the getObject() method that is listed in the docs. I wanted to find the exact response for content length, so you would just look up getObject and see what is returned.

This is a very quick example. There are some pretty major things here that would be better doing them a different way. For example, when we connect to S3 with the factory() method, we should probably use the .aws/credentials file to make one or more profiles so that our secret info isn’t listed in the PHP of public part of the website.

Also, S3 can be accessed with the AWS CLI

I had a PHP website that was the last man standing on some shared hosting that was slow that didn’t have SSH access. I decided that since I would be moving the website anyway, why not try something different with it. The website in question is PHP/PDO/MySQL with no framework.

Having already tried AWS Lightsail App+OS, I wanted to experiment with the Lightsail “OS Only” option. What better thing to do than to install the Nginx web server on it? Starting from scratch with an OS Only box I would be able to take a look at another side of AWS Lightsail (without Bitnami) and also learn about Nginx and using a LEMP stack.

I created a new instance of Lightsail with Ubuntu 18.04 LTS. It was exactly the same as most VPS that only come with Linux installed. After installing Nginx on Lightsail, the version of PHP I got from by installing PHP-FPM was PHP 7.2.10.

Link… https://www.digitalocean.com/community/tutorials/how-to-migrate-from-an-apache-web-server-to-nginx-on-an-ubuntu-vps

But, we’ve jumped ahead. Let’s look at Linux…

First Things First: Linux

The first thing to do is to update and upgrade Linux. Sudo was already installed, so it’s straight into…

sudo apt-get update
sudo apt-get upgrade

I believe that while Debian is a pretty bare bones install, Ubuntu comes with a lot of stuff pre-installed such as sudo and nano, which is very convenient.

Nginx

With Linux updated, we can get the next part of the LEMP stack installed. That would be Nginx (Engine-X). This is the only part of the stack that I’ve not had much experience of in the past so was most interesting for me. I was expecting it to be slightly more different to Apache than it was. Apart from the different style of the config file...

sudo apt-get install nginx

Now, magically the unique domain you have in your Lightsail console will work in your browser, giving you a page like…

Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

Doing some prep for when we change the DNS and point the domain name at this hosting, we should also make a config file…

The Nginx Config File

The config file should be the name of the site and should be created in /etc/nginx/sites-available. Copy the info from the default file across to the new site, changing the domain name. You can then set up a symlink to “sites-enabled”…

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-ubuntu-18-04

sudo unlink /etc/nginx/sites-enabled/default

Test the new Nginx config, then restart to load the new settings with…

sudo nginx -t
sudo systemctl reload nginx

Change permissions of the /var/www/htdocs/ folder then upload files. Convert htaccess…

https://winginx.com/en/htaccess

Something like this will eventually need the * removing for nginx…

<Files *.inc>
Deny From All
</Files>

becomes…

 location ~ .inc {
deny all;
}

# I also had to convert the "break" to "last" on the mod_rewrite...

rewrite ^/(.*)/$ /item.php?item=$1 last;

Then, add the code to the example.com config file and test it again. Any duplicates will need commenting out with #. In the config file \.php causes an error, remove the slash.

PHP

Now, we can install PHP and MySQL to complete our LEMP stack…

sudo apt install php-fpm php-mysql 

Luckily, the site I was moving had pretty modern PHP with nothing that needed fixing at all. Uploaded a file with the function phpinfo() on it to test that PHP is working. All good!

Nginx Default Log File

index.php not working! Look at the log file…

tail /var/log/nginx/error.log

Yes, the PHP was fine, it turns out that PDO was unhappy that I hadn’t added the database yet…

MariaDB

Finish off getting MariaDB installed, then check it’s working…

sudo apt install mariadb-client-core-10.1
sudo apt install mariadb-server
sudo systemctl status mariadb

I was getting the error, below…

ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2 “No such file or directory”)

So, I did a “locate” for the my.cnf file and the “mysqld.sock” file and added this to the mysql/mariadb config file, my.cnf…

socket  = /var/run/mysqld/mysqld.sock

Then…

sudo service mysql restart

Login for the first time with sudo…

sudo mariadb -uroot

Now you can create the database and database user for the app.

https://stackoverflow.com/questions/5376427/cant-connect-to-local-mysql-server-through-socket-var-mysql-mysql-sock-38

SSL Encryption

Pointed domain name at the public IP address with CloudFlare. Server-side SSL encryption to follow.

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04

Simple Password Authentication

https://www.tecmint.com/password-protect-web-directories-in-nginx/
sudo apt install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd username

Then put the following in the “location” you waant to be protected in the config file…

auth_basic "Administrator Login";
auth_basic_user_file /etc/nginx/.htpasswd;

Then, test and restart NginX.

Force or Remove WWW

For some sites I prefer to keep the www in, so I did the opposite of this on this occasion…

server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
server_name example.com;
# […]
}

https://stackoverflow.com/questions/11323735/nginx-remove-www-and-respond-to-both

Conclusion

Website moved and working as it did before, but possibly slightly faster.

In just the short time I have been using it Nginx is already growing on me. I like the simplicity. I like that it is quite similar to Apache in some ways. And, I like the fact that it should be faster than Apache.

Not being able to use .htaccess files, and the Nginx config being different to Apache virtualhost files was not bad at all. A combination of using a htaccess-to-Nginx converter and Google/Stackoverflow has already taught me a lot of how to replicate what I might do with an .htaccess or virtualhost file with Nginx.

As expected, the “OS Only” version of AWS Lightsail was much more like a standard VPS and there was nothing too hard in setting it up and moving a site across and onto Nginx.

AWS Lightsail is the closest thing AWS has to shared hosting. It is their quick, easy and inexpensive off-the-shelf hosting that has SSH access and many of the benefits of using a more expensive EC2 instance.

It is an affordable entry in cloud computing, but is it any good?

I decided to try out Amazon’s cheapest hosting offering by moving a WordPress blog from some shared hosting to Lightsail. I have tried EC2 in the past so this was not my first experience with AWS, but I was curious to see what their new more consumer-based hosting was like.

Creating an Instance

When you create an instance of Lightsail you chose how big or small you want it. You also chose whether you want just the OS, or you can have an app pre-installed with Bitnami (“App+OS“). The options for the app include a pre-installed WordPress blog, LAMP, MEAN, LEMP or several other applications. Alternatively, you can choose “OS Only” where you currently have the choice of either Windows or Linux flavors: Amazon Linux, Ubuntu, Debian, FreeBSD, openSUSE and CentOS.

I went with the PHP 7 LAMP stack option in the smallest size ($3.50 per month). I chose this option because I wanted to make sure WordPress was exactly the way I wanted it. And I wanted to see what the LAMP option was like.

In the price you also get a dedicated IP which makes setting up a breeze before pointing the domain name at the new instance, definitely a nice touch.

The LAMP 7 option came with PHP 7.1. But it’s possible to upgrade. All the elements of LAMP come pre-installed (Linux, Apache, MySQL and PHP) but you’ll want to configure them to your needs.

The main thing you can say about the setup is that it was lightening fast. Within seconds I had a fully operational instance. In the past, when setting up some hosting you might have assumed it would take at least a couple of days. Because the dedicated IP is plainly visible on the AWS console, you can immediately see the default index page in your browser.

First Look at Lightsail App+OS

The main difference between the “App+OS” option and a normal VPS is Bitnami. You notice right away is that the default username is “bitnami” and after logging into the Linux console you get a large “Bitnami” logo at the top of the screen.

So, what is this Bitnami?

Bitnami

Amazon AWS has so many quirks that you might assume that Bitnami is an AWS thing, as is their own Amazon Linux, but it is quite widely used in cloud computing (including Oracle Cloud and Google Cloud Platform).

With the “App+OS” Bitnami a lot of the things you normally have to do to set up a LAMP stack are already done for you. For example, Apache is pre-installed with most/all modules and even MySQL is pre-installed. However, to find your root login for MySQL you’ll need to look for it, see below.

With Bitnami other slightly unusual thing you notice upon logging into SSH or SFTP is the directory structure, the apache.conf does not look the same as normal, and where are the virtual host files?

Bitnami uses httpd-app.conf, httpd-prefix.conf and httpd-vhosts.conf files, as described here.

This is unusual and I imagine many people who do not want to use Bitnami would want to use the “OS Only” option. While it may take a little longer to set up, once that’s done you have a “normal” Bitnami-free Linux instance.

Transferring a Website to Lightsail

Having gone with the LAMP (PHP 7) option I basically followed my guide from here to move a WordPress blog over to different hosting. With minimal setup to do it was mainly a case of setting up the database, installing WordPress then using WP-CLI to install the plugins and theme.

As the instance was just going to be hosting one website I didn’t have to worry at all about the virtualhosts as everything was set up to just work from the off.

My first question was how do I login to MySQL. The login info for MySQL did not appear to be anywhere in the AWS console. To find the password for the root user you need the Bitnami Application password. From the home directory (where you arrive after logging in) just type…

$ cat bitnami_application_password

Transferring everything across, most things just worked. While PDO worked fine in normal PHP pages, I had to tweak the php.ini to get PDO to work from a script run with cron. For me, I just had to uncomment the .so file for PDO which was almost the last line of the php.ini.

After changing something like the php.ini you’ll have to restart. The following command seems to stop everything (apache/HTTPd, PHP and MySQL, ), then restart everything; perfect for making sure everything gets restarted all at once but not very graceful (from here)…

$ sudo /opt/bitnami/ctlscript.sh restart

To just restart apache you’d just add “apache” to the end…

$ sudo /opt/bitnami/ctlscript.sh restart apache

Linux

While some things are very different in Bitnami, it’s basically just a Linux instance. The Linux version I got with the LAMP (PHP 7) option was actually Ubuntu 16.04, so if you want the latest version of Ubuntu (18.04 is currently the latest LTS), or a different flavor of Linux, chose the “OS Only” option. I am most comfortable with Ubuntu/Debian and a lot of the standard CLI functions are exactly the same as Ubuntu.

Nano comes pre-installed and was the default editor for the crontab.

$ crontab -e

BTW, cron needs the full path to php, i.e. something like…

* * * * * /opt/bitnami/php/bin/php -f /opt/bitnami/apache2/htdocs/scripts/index.php "name_of_method()"

Then…

$ sudo service cron reload

The timezone is quite important because it can also affect your keyboard layout when typing into the Linux terminal. Changing the timezone is based on Ubuntu 16.04, so something like this would work to list the timezones, select a timezone then check which timezone you’re using…

$ timedatectl list-timezones   
$ sudo timedatectl set-timezone America/Vancouver  
$ timedatectl

Now, that the Linux timezone is set, you may also need to update the timezone PHP uses by updating this line in the php.ini…

date.timezone="Europe/London"

For all the PHP timezone variables, click on your region from the PHP timezones page.

Something else that is the same as Ubuntu is updating and upgrading…

$ sudo apt-get update
$ sudo apt-get upgrade

Once you get used to the quirks and the different directory structure with Bitnami, most things seem the same as a typical Ubuntu instance.

Issue(s) with AWS Lightsail

The first “upgrade” was a large one which took a while. It took so long in fact that either putty went inactive, or my computer went to sleep, or both. After this, the website went down and I had no access to SSH. What I seemed to have to do was not “reboot” the instance, but “stop” and “start” the instance from the AWS console. After this, I had a different public IP address but I was able to fix whatever had happened with the upgrade.

If the restart is the opposite of graceful, stopping and starting was similarly very ungraceful, comparable to doing the same thing with any VPS instance.

Apart from some minor changes that will probably be easy to get used to, I did not have many issues at all.

AWS Lightsail App+OS: Conclusion

Bitnami saved some time during setup, but honestly, any time I saved was probably offset by time spent figuring out what was going on with Bitnami.
I’m not 100% sure that the speed of setup of Bitnami is worth the changes it makes to the Linux operating system. For something like this example, a WordPress blog, that isn’t going to need a lot of administration, the “App+OS” option was fine though.

If you are a purist and don’t mind setting up the Linux instance with everything you need there is always the “OS Only” option which I don’t believe uses Bitnami. This would be better for a website where you’re going to want to make more changes to the Virtualhost file and/or possibly upgrade to an EC2 instance in future. If you are already a full stack LAMP developer you’ll probably be wanting to use that option for any actual development. App+OS seems to be mainly for people who do not want to get too involved with the “L” or “A” parts of LAMP.

AWS Lightsail with the App+OS option is perfect for someone who just wants to have a cheap WordPress blog running on AWS, as I did here. For a brand new blog, choosing the “WordPress” option would simplify the whole process even more.

I’d say App+OS might also be a good way to play around with something new such as MEAN before starting an actual project with it. Everything would be pre-installed so you could get straight into the javascript and the NoSQL.

So far so good. The instance seems fast for a WordPress blog, it certainly is compared to the previous shared hosting. And, very affordable.