AWS with Terraform (Day 14)

Hosting a Static Website on AWS S3 + CloudFront + Rout53 Using Terraform


Today in my “30 Days of AWS & Terraform” learning journey, I explored how to host a production-grade static website using AWS S3 and CloudFront, with the entire setup automated via Terraform. This combination provides high availability, global content delivery, strong security, and low cost — all while remaining fully repeatable through Infrastructure-as-Code.

Why CloudFront with S3?

A static site hosted directly on S3 works, but it isn’t ideal for real users worldwide. Problems include:

  • High latency for users far from the S3 region

  • Increased cost due to regional data transfer

  • Security risks when buckets are made public

CloudFront solves these by caching content in global edge locations, reducing load time and ensuring users never directly access the S3 bucket. Instead, CloudFront communicates with S3 using Origin Access Control (OAC), keeping the bucket private and secure.

High-Level Architecture

ComponentPurpose
S3 Bucket (private)        Stores static web files (HTML, CSS, JS, images)
CloudFront Distribution        Serves and caches content globally
Origin Access Control        Allows only CloudFront to pull from S3
Bucket Policy        Restricts access to CloudFront ARN
(Optional) ACM + Route 53           Custom domain + HTTPS

Terraform Resources Used

The key Terraform components for this setup:

  • aws_s3_bucket

  • aws_s3_bucket_public_access_block

  • aws_cloudfront_origin_access_control

  • aws_cloudfront_distribution

  • aws_s3_bucket_policy

  • aws_s3_bucket_object (for uploading files)

Useful Terraform functions & patterns:

fileset(path.module, "www/**")
filemd5()
for_each
lookup()
jsonencode()

These enable automated file uploads, intelligent cache busting, and clean policy handling.

Common Gotchas & Tips

Use Origin Access Control, not deprecated OAI
Ensure bucket policy uses correct object ARN (/*)
Don’t mix bucket-level and object-level permissions
CloudFront creation/update takes time — be patient
Use invalidation only for urgent refreshes

Production-Ready Checklist

FeatureStatus
Custom domain via Route 53    Recommended
SSL via AWS Certificate Manager (us-east-1)        Required for HTTPS
CI/CD integration    Upload site + apply Terraform
Security headers / Error pages    Best practice
Remote backend for Terraform state    Strongly recommended

Key Takeaway

Always keep your S3 bucket private. Serve content only through CloudFront for maximum security, speed, and cost efficiency.

Terraform makes static site hosting predictable, version-controlled, and reusable. With modular structure, replicating environments like dev / stage / prod becomes effortless.

Final Thoughts

This exercise strengthened my understanding of real-world DevOps practices: security, scalability, automation, and global performance optimization. Starting from a basic bucket and distribution helped build up step-by-step confidence before integrating Route 53 and ACM.

If you’re deploying static sites — portfolio, documentation, landing pages, or dashboards — this architecture is powerful and production-ready.

Diagram




Here is my repo link: https://github.com/Mo-Adnan-Mo-Ayyub/Aws-with-Terraform

Here is today's session link:



Comments

Post a Comment

Popular posts from this blog

AWS with Terraform (Day 01)

Image
  Terraform Fundamentals – Day 01 (My Learning Notes as a DevOps Engineer) Today I wrapped up Day-01 of my Terraform with AWS series, and even with my DevOps background, this session helped me tighten my fundamentals and rethink how I approach cloud provisioning. Terraform is something I’ve used before, but today was more about understanding why IaC matters at scale and why Terraform continues to dominate in real-world DevOps ecosystems. Understanding Infrastructure as Code (IaC) As a DevOps engineer, IaC is not new to me. But today’s session broke it down in a way that clarified its real value. IaC = Infrastructure represented as code. Instead of building resources manually through AWS/Azure/GCP consoles, we define everything in .tf files. This ensures our setup is predictable, repeatable, and version-controlled. What I liked most is how clearly the contrast was shown: Cloud-Agnostic Tools (Terraform / Pulumi) Work across AWS, Azure, GCP, Kubernetes, GitHub, etc. ...
Read more

AWS with Terraform (Day 02)

Image
  AWS with Terraform – Day 02 Deep Dive into Providers, Versioning & the Real “Bridge” Between Code and Cloud Today’s session took me from simply writing Terraform code to actually understanding the engine behind it — the Provider layer . And honestly, once this clicks, Terraform stops feeling like just a tool and starts feeling like a real engineering system. Here’s what I learned and how I’ve started applying it. Providers: The Plugin That Makes Terraform Real The simplest way I now understand it: Terraform writes the story. Providers translate it into cloud actions. Before today, I treated the provider block as just two lines of mandatory code. Now I see it as the translator that turns HCL into actual AWS API calls . Example: I write: resource "aws_s3_bucket" "demo" { bucket = "my-app-demo" } The AWS provider turns that into the exact S3 API request. This layer saves us from manually hitting APIs, building payloads, or juggling ...
Read more

AWS with Terraform (Day 06)

Image
Mastering Terraform File Structure: Best Practices for Scalable AWS Infrastructure as Code You've built your first AWS resources with Terraform in one big main.tf file. It works fine at first. But as your project grows, that single file turns into a mess. Resources pile up. Variables hide in plain sight. Debugging takes forever. Good news. You can fix this now. Split your Terraform files the right way. Follow HashiCorp's tips for a clean setup. This boosts readability. It helps teams work together. Plus, it scales for big AWS setups like VPCs, EC2s, and S3 buckets. Stick with me. You'll see hands-on steps to organize your root module today. The Anatomy of a Well-Organized Terraform Root Module The root directory acts as your Terraform project's heart. It's the root module. Here, you keep all key files. No strict rules exist for names. But smart choices make life easier. Start simple. Break one fat main.tf into focused files. This stops resource clutter. You n...
Read more