Building and Hosting My HTML/CSS Resume with AWS Services, Terraform, Utilising the Well-Architected Framework

Daniel Walker — Fri, 18 Jul 2025 14:24:23 +0000

This blog is Part 2 of my journey through the Cloud Resume Challenge by Forrest Brazeal. You can read Part 1 here: My Cloud Resume Challenge – AWS.

This blog moves into the practical implementation of the challenge by completing Steps 2–6. This documents my progress through the next core stages of the challenge, focusing on the resume itself, AWS services, and Terraform. All whilst applying best practices from the AWS Well-Architected Framework. I have also added link to useful resources that helped me throughout.

FYI - I used lucidchart to diagram the current topology and I will evolve this as the challenge progresses.

This blog post documents my experience completing steps 2–6 (step 1 is to gain AWS CCP certification but I already had this) of the Cloud Resume Challenge:

Step 2: Created and styled a resume using HTML and CSS.

Step 3: Hosted the resume on an Amazon S3 bucket configured for static website hosting.

Step 4: Configured HTTPS for the site using AWS CloudFront and Amazon Certificate Manager.

Step 5: Registered a domain and configured DNS with Route 53.

Step 6: Connected everything with DNS and HTTPS.

I also took on the extra challanges, which were to:

Use Terraform to define all infrastructure as code.
Enable DNSSEC for the Route 53 hosted zone for extra DNS integrity.

The following sections explain how I tackled each of these milestones.

HTML/CSS Resume

I began with a simple goal as outlined in the challenge: build a professional-looking HTML/CSS resume. This turned out to be more challenging than expected.

I initially struggled with making it look polished and professional. To help, I referred to online examples to understand the structure and styling conventions. I considered separating the HTML and CSS into separate files for clarity, but kept it combined for simplicity during early iterations. Once I had experimented enough, the syntax and structure started to make sense to an extent.

With some help from GitHub Copilot, I also added Bootstrap to streamline styling, which worked worked really well!

I used Visual Studio Code as my code editor and integrated it with GitHub to maintain version control and other useful extensions (e.g. Terraform). Since the challenge also requires you to automate deployment via CI/CD later down the line, this setup helped ensure a better workflow from the start.

Useful Resources:
W3School
Bootstrap Documentation
Github Co-Pilot
FreeCodeCamp - Responsive Web Design Course
VS Code Docs

IAM: Secure by Default

Applying the Security pillar of the AWS Well-Architected Framework, I placed a strong emphasis on building secure IAM structures.

Instead of working from the AWS root account, I created a dedicated IAM user with administrative access. Then I took it further:

Initially removed the root account access keys as these were never going to be used.
Created an AWS Organisation with both test and prod OUs
Used AWS IAM Identity Center to manage access across accounts
Avoided storing long-term credentials by using SSO profiles

To simplify switching between accounts, I then used a third-party CLI tool, aws-sso-util, which made working with multiple environments a lot more cleaner.

Useful Resources:
AWS IAM Best Practices
AWS Organizations Documentation
AWS IAM Identity Center (SSO)
aws-sso-util GitHub

CDN: Deploying via CloudFront

Initially, my CloudFront distribution wouldn't deliver content as expected.

I discovered that using the S3 bucket endpoint was incorrect—I had to use the S3 website endpoint instead. That fixed the routing issue, but it was only serving over HTTP.

To enable HTTPS, I had to:

Remove public access from the S3 bucket
Add a policy to allow CloudFront access to the S3 origin
Update the CloudFront origin and behaviour settings:
- Point to the correct index.html file
- Set viewer protocol policy to HTTPS only

This aligned with the Reliability and Performance Efficiency pillars of the Well-Architected Framework.

Useful Resources:
Amazon CloudFront Developer Guide
Static Website Hosting with CloudFront & S3 – AWS Blog
YouTube: CloudFront + S3 Website Tutorial

DNS: Domain Setup

I initially bought my domain via GoDaddy (djwcloud.co.uk), not realising Route 53 supports domain purchases. As a result, I had to transfer the domain manually. To do this I therefore:

Unlocked the domain in GoDaddy
Retrieved the Authorisation Code
Initiated a domain transfer via Route 53
Updated name servers to match AWS configuration

It took some time to propagate ans had to refresh my cache, but eventually my domain was fully managed under AWS.

Useful Resources:
Transferring a Domain to Route 53
GoDaddy Domain Transfer Guide
AWS Route 53 DNSSEC Setup

Terraform: IaC Modification

I then retrospectiverly used Terraform to build all the infrastructure.

Initially, I couldn’t figure out why terraform plan was failing. I was determined not to fall back on using static credentials (access key + secret key). Instead, I configured Terraform to use my AWS SSO profile I had created earlier by referencing the profile in the provider block.

provider "aws" {
  profile = "my-profile"
  region  = "eu-west-2"
}

This ensured my credentials weren’t exposed if I pushed code to GitHub. Again, GitHub Copilot proved helpful when I got stuck. There is probably a better way to do this but for the sake of time I made it as secure but as simple as needed.

Resources:
Terraform AWS Provider Docs - (Super helpful!)
Official Terraform Labs
YouTube: Terraform Projects for Beginners

Lessons Learned

Understand your tools: SSO, IAM, and Terraform work well—once configured correctly. I admittedly had to ChatGPT, Co-Pilot, YouTube, vendor doc how things worked etc.
Don’t underestimate DNS or SSL setup; there's more nuance than it appears, but it does help in gaining a better appreciation for how things fit together.
Automating with GitHub and VSCode definitly improves workflow and helped enforce good practice.
The AWS Well-Architected Framework helped me make better decisions, particularly around IAM.

This section started in my head as a simple resume and ended up teaching me a whole deployment model. It was frustrating at times, but it's now live, secure, and managed through code.

Looking Ahead: Part 3 – CI/CD and Lambda Visitor Counter

In the next part of the challenge, I’ll focus on automating the deployment of my resume using CI/CD pipelines through GitHub Actions. I’ll also integrate a serverless backend using AWS Lambda, API Gateway, and DynamoDB to implement a visitor counter. This part will most likely be more challenging that the previous!

My Cloud Resume Challenge - AWS

Daniel Walker — Thu, 03 Jul 2025 20:14:56 +0000

After working in cybersecurity for over 10 years, mostly in governance, risk, and compliance (GRC) consultancy roles, I’ve built a strong knowledge in policy, control frameworks, and risk management. During that time, I’ve picked up cloud (and other technology) knowledge through various projects and engagements—reviewing architectures, conducting risk assessments, and advising teams etc.

But admittedly, my hands-on technical experience with cloud platforms (especially AWS) could, and should, be better.

What’s become increasingly clear is that the GRC landscape is shifting. In my opinion, the days when you could succeed in security risk roles without a solid grasp of the underlying technology are becoming less, as so many key business functions, including data, are hosted in the cloud. This, to me, also transcends into the job market. There is always talk of a mass amount of vacant cybersecurity roles. This is absolutely the case, however, this a skills gap.

Recent industry reports highlight that while cybersecurity roles remain in high demand, employers are struggling to find candidates with the right mix of cloud, DevSecOps, and automation skills. For example, the 2024 (ISC)² Cybersecurity Workforce Study estimates a worldwide shortfall of over 4 million cybersecurity professionals, and roles requiring cloud security expertise or experience with infrastructure-as-code tools like Terraform or CI/CD pipelines remain among the hardest to fill.

With the rise of cloud-native environments, infrastructure as code, and now AI-driven services, understanding how these systems actually work is essential if you want to move up the ladder and generally be more effective in a GRC-related role.

That’s why I’ve taken on the AWS Cloud Resume Challenge, so I can:

Strengthen my technical foundation by building something real
Get better exposure to services like S3, Lambda, API Gateway, and DynamoDB
Practice using tools like Terraform and GitHub Actions
Reinforce my understanding of cloud security from a build-first perspective
To document how I did something to either inspire someone else to follow suit or tell me how I could have done it better!

I will aim to blog each section of the challenge, which can be found in the link I provided earlier :)

DEV Community: Daniel Walker

Building and Hosting My HTML/CSS Resume with AWS Services, Terraform, Utilising the Well-Architected Framework

My Cloud Resume Challenge - AWS