Based on Bitnami WordPress Multi-Tier solution for AWS:

Run a stack on AWS:

Read the official doc on Bitnami

Build SSH tunnel over Bastion Host to App Instance

Reference: Connect To An Application Instance Using An SSH Tunnel

I am tired of ssh to Bastion Host and then ssh to App Instance, so, build a ssh tunnel.

1. Get 'Elastic IP 1 for Bastion' in CloudFormation
2. Get 'Private IP' of app instance in EC2
3. sudo chmod 600 KEYFILE_PATH
4. ssh -i ec2-user@BASTION_IP
5. Do in Bastion Host:

sudo sed -i -e 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config sudo /etc/init.d/sshd restart exit 

1. Do in local:

cat >> ~/.ssh/config <<'EOF' Host bastionHost Hostname BASTION_IP User ec2-user ForwardAgent yes IdentityFile KEYFILE_PATH Host YOUR_APP_NAME Hostname APP_INSTANCE_PRIVATE_IP User bitnami ForwardAgent yes IdentityFile KEYFILE_PATH ProxyCommand ssh -A -W %h:22 bastionHost EOF 

1. Connect to App: ssh YOUR_APP_NAME