Forget ‘user’, this is now ‘William”
Email is now setup.
What have I learned?
MX records are a pain in the neck.
Nothing comes for free (not AWS SES, not Google Workspace, not anything useful in WP Mail)
I prefer DMARC and DKIM over SPF, mostly because SPF relies on overiding/hacking TXT records with machine readable data; however, nobodies machine agrees. I want to have SPF and Google Auth the same domain, but the records conflict [ugh]. DKIM and DMARC are structured to deconflict (DKIM via CNAME, DMARC via _dmarc.<domain>)
Lightsail saves some effort, but there is still a lot to do to get a wordpress instance fully functional: HTTPS (bncert), email (WPMail, AmazonSES, Google Workspaces), HTTPS again (because bncert only gets and configs the certs, it doesn’t update wp-config to use https), a couple of random IAM users (to get roles and keys for Polly and Translate on AWS plugin) and the SES IAM credentials. It is nice that I don’t need to hand-manage the EC2 instance and load the software by hand, but be under no illusion that Lightsail WordPress is click-and-go.
Oh, right, and I’m still playing around. Single-node, onboard database, one availability zone. Zero redundancy, optimization, CDN, S3 buckets, EFS, VPC, split subnets, autoscaling, etc. Hmmm, feeling like it is time to take a quick snapshot…