High memory utilization on your EC2, especially when running e-commerce platforms with thousands of images, can severely impact performance and user experience. If you're using Ubuntu 24.04 LTS with NGINX and PHP, you're in luck! Amazon S3 Mountpoint offers a powerful solution to offload the burden of serving static assets, freeing up valuable EC2 resources and optimizing your web server.
This guide will walk you through installing and configuring AWS S3 Mountpoint on Ubuntu 24.04 LTS, leveraging chroot for a seamless setup. By the end of this tutorial, you'll be able to serve your website's images and other static content directly from cost-effective and scalable Amazon S3 storage, leading to a significant performance boost for your EC2 instance and a happier website visitor.
Why Use Amazon S3 Mountpoint?
In a nutshell, S3 Mountpoint shifts the heavy lifting of serving frontend resources from your EC2 instance to Amazon S3. This translates to:
- Reduced EC2 Memory Utilization: Free up memory and CPU resources on your EC2 instance, allowing it to focus on application logic and dynamic content processing.
- Improved Web Server Performance: Serve static assets faster and more efficiently directly from S3's robust infrastructure.
- Enhanced Scalability: Leverage the limitless scalability of Amazon S3 to handle traffic spikes without stressing your EC2 instance.
- Cost Optimization: S3 storage is generally more cost-effective for static content than EC2 instance storage.
Prerequisites:
- An active AWS account and an EC2 instance running Ubuntu 24.04 LTS (x86_64).
- NGINX and PHP (version 8.3 or later with PHP-FPM) already installed and configured.
- Basic familiarity with the AWS Management Console and Linux command line.
Let's Get Started: Step-by-Step Guide
Here’s a high-level overview of the steps we'll cover:
- Creating the S3 IAM Role: Establish secure access to your S3 bucket from your EC2 instance using an IAM role.
- Configuring the S3 Bucket Policy: Define bucket permissions to ensure only your IAM role can access specific resources.
- Attaching the IAM Role to EC2: Associate the IAM role with your EC2 instance for authorized access.
- Installing the S3 Mountpoint Tool: Download and install the necessary software on your Ubuntu 24.04 LTS instance.
- Mounting Your S3 Bucket: Mount your S3 bucket to a local directory on your EC2 instance.
- Optimizing NGINX and PHP User Settings: Adjust user configurations for seamless integration with the S3 Mountpoint.
- Automating Mountpoint Remount on Reboot: Ensure your S3 bucket automatically remounts after EC2 instance restarts.
Step 1: Create an S3 IAM Role and Policy
IAM Roles are crucial for granting secure permissions to your EC2 instance to access AWS services like S3.
-
Navigate to IAM: Open the
AWS Management Console -
Create Role: Click Create Role.
-
Select EC2 Use Case: Choose AWS service as the trusted entity and select EC2 as the use case. Click Next.
-
Name Your Role: Give your IAM Role a descriptive name (e.g.,
EC2-S3Mountpoint-Role). We'll attach a custom policy in the next steps. -
Complete Role Creation: Finish creating the role and note down the Role Name for later use.
-
Create IAM Policy: Go to IAM > Policies > Create Policy. Select the JSON tab and paste the following policy, replacing
BUCKET_NAMEwith your actual S3 bucket name:{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::BUCKET_NAME", "arn:aws:s3:::BUCKET_NAME/*" ] }, { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::BUCKET_NAME" } ] } -
Name Your Policy: Give your IAM Policy a descriptive name (e.g.,
S3Mountpoint-Policy) and click Create Policy. -
Attach Policy to Role: Go back to IAM > Roles, find the role you created (
EC2-S3Mountpoint-Role), and click on it. Go to the Permissions tab and click Attach policies. Search for the policy you just created (S3Mountpoint-Policy) and attach it to the role.
Step 2: Configure the S3 Bucket Policy
Now, let's configure your S3 bucket to allow access only from the IAM role you created.
-
Navigate to S3 Bucket Permissions: Go to S3 > Buckets, select your bucket (
BUCKET_NAME), and go to the Permissions tab. -
Edit Bucket Policy: Under Bucket policy, click Edit.
-
Paste Bucket Policy: Paste the following bucket policy, replacing
ACCOUNT_ID,ROLE_NAME, andBUCKET_NAMEwith your specific AWS Account ID, IAM Role Name, and S3 Bucket Name respectively:{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME" }, "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::BUCKET_NAME", "arn:aws:s3:::BUCKET_NAME/*" ] }, { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME" }, "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::BUCKET_NAME" } ] } -
Save Changes: Click Save changes.
Step 3: Attach the IAM Role to Your EC2 Instance
Associate the IAM role with your EC2 instance to grant it the necessary permissions.
- Navigate to EC2 Instances: Go to EC2 > Instances > Instances.
- Select Instance and Modify IAM Role: Select your EC2 instance, click Actions > Security > Modify IAM role.
- Attach IAM Role: In the "IAM role" dropdown, select the IAM role you created (
EC2-S3Mountpoint-Role) and click Update IAM role.
Step 4: Install the S3 Mountpoint Tool on Ubuntu 24.04 LTS
Now, let's install the S3 Mountpoint tool on your EC2 instance.
-
Download the Mountpoint Package: Connect to your EC2 instance via SSH and download the latest Mountpoint
debpackage for x86_64 architecture from theofficial AWS documentation sudo wget https://s3.amazonaws.com/mountpoint-s3-release/latest/x86_64/mount-s3.deb -
Install the Package: Install the downloaded
debpackage:sudo apt-get install ./mount-s3.deb
Step 5: Create a Mount Directory
Create a local directory on your EC2 instance where you'll mount your S3 bucket.
-
Create Directory:
sudo mkdir /mnt/s3bucket -
Change Ownership: Change the ownership of the mount directory to the
ubuntuuser:sudo chown ubuntu:ubuntu /mnt/s3bucket
Step 6: Mount Your S3 Bucket
Mount your S3 bucket to the directory you created, enabling delete operations and access for other users (like ubuntu).
-
Mount the S3 Bucket:
/usr/bin/mount-s3 --allow-delete --allow-other BUCKET_NAME /mnt/s3bucketReplace
BUCKET_NAMEwith the name of your S3 bucket.Important Note: If you encounter a
fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conferror, you need to edit/etc/fuse.confand uncomment theuser_allow_otherline to allow non-root users to access the mount.
Step 7: Configure NGINX and PHP to Use the ubuntu User
To ensure NGINX and PHP can access the mounted S3 bucket seamlessly, we need to configure them to run as the ubuntu user.
-
Edit NGINX Configuration:
sudo nano /etc/nginx/nginx.confFind the
userdirective and change it to:user ubuntu; -
Update PHP-FPM Pool Configuration:
sudo nano /etc/php/8.3/fpm/pool.d/www.conf(Note: If you are using a different PHP version, adjust the path accordingly, e.g.,
/etc/php/8.4/fpm/pool.d/www.conf)Set the
userandgroupdirectives toubuntu:user = ubuntu group = ubuntu -
Adjust Directory Permissions: Correct permissions for NGINX and PHP runtime directories:
sudo chown -R ubuntu:ubuntu /var/lib/nginx /var/lib/php /run/php
Step 8: Configure PHP Session File Storage
Ensure PHP session files are correctly handled with the user change.
-
Check Current Session Directory: (Optional - to verify default if not explicitly set)
grep "session.save_path" /etc/php/8.3/fpm/php.ini -
Adjust Session Directory Permissions: Ensure the default session directory exists and is writable by the
ubuntuuser:sudo chown ubuntu:ubuntu /var/lib/php/sessions -
Update PHP-FPM Configuration (Optional - if needed): If you want to explicitly set the session save path (though usually defaults to
/var/lib/php/sessions), edit:sudo nano /etc/php/8.3/fpm/php.iniEnsure these lines are present and configured as shown:
session.save_handler = files session.save_path = "/var/lib/php/sessions" -
Restart Services: Restart NGINX and PHP-FPM to apply the changes:
sudo systemctl restart nginx php8.3-fpm -
Verify Permissions: Test if PHP can create session files in the session directory:
ls -l /var/lib/php/sessionsSession files should now be owned by the
ubuntuuser.
Step 9: Automate S3 Mountpoint Remount on Reboot
To automatically remount your S3 bucket after an EC2 instance reboot, create a systemd service.
-
Create Systemd Service File:
sudo nano /etc/systemd/system/s3-mountpoint.service -
Paste Service Configuration: Add the following configuration to the file, replacing
BUCKET_NAMEwith your bucket name:[Unit] Description=Mount S3 Bucket After=network-online.target Wants=network-online.target [Service] Type=oneshot ExecStart=/usr/bin/mount-s3 BUCKET_NAME /mnt/s3bucket --allow-other --allow-delete ExecStop=/bin/umount -l /mnt/s3bucket RemainAfterExit=true User=ubuntu [Install] WantedBy=multi-user.target -
Reload Systemd Daemon, Enable, and Start Service:
sudo systemctl daemon-reload sudo systemctl enable s3-mountpoint sudo systemctl start s3-mountpoint -
Verify Mount: Check if the S3 bucket is mounted:
mount | grep /mnt/s3bucket -
Test on Reboot: Reboot your EC2 instance to ensure the automatic remount works:
reboot -
Verify After Reboot: After reboot, check if the S3 bucket is mounted again:
ls /mnt/s3bucket
Conclusion: Enjoy Optimized EC2 Performance!
Congratulations! You've successfully configured Amazon S3 Mountpoint on your Ubuntu 24.04 LTS EC2 instance. By serving static assets directly from S3, you've freed up valuable EC2 resources, optimized your web server's performance, and improved the scalability and cost-efficiency of your infrastructure.
This setup is ideal for e-commerce websites, media-rich applications, and any scenario where serving a large volume of static content is impacting your EC2 instance's performance.
0 comments:
Post a Comment