Deploying a secure and scalable static website on AWS using Terraform

#devops #aws #terraform #tutorial

Day 14 of #30daysofawsterraform challenge

🎯 This mini project demonstrates the deployment of a secure static website on AWS using Terraform. It implements an end-to-end infrastructure-as-code solution leveraging Amazon S3 for static content storage and Amazon CloudFront for global content delivery, ensuring high availability, improved performance, and HTTPS-enabled access through a custom domain.

🧠 Project Architecture:

💡 Step-by-step approach for project implementation:

📌 Step 1:
Provisioned an S3 bucket to store static website files and blocked all public access, ensuring the bucket is not directly accessible from the internet.

📌 Step 2: Automatically uploaded all files from the local www/ directory to S3 and set MIME content types (HTML, CSS, JS, images).

📌 Step 3:
Looked up the existing public Route 53 hosted zone for my domain.

📌 Step 4:
Requested an SSL Certificate through AWS Certificate Manager, which is mandatory for CloudFront access validated the certificate using DNS validation via Route 53.

📌 Step 5:
Created a CloudFront Origin Access Control (OAC), which ensures that only CloudFront can read content from your S3 bucket over HTTPS, and direct public access to S3 is completely blocked.

📌 Step 6:
Configure the CloudFront (CF) distribution through Terraform resources.
CF is the setup that connects users to your content through AWS’s global CDN. It reduces the latency through caching content in nearest edge location.

📌 Step 7:
Applied an S3 bucket policy allowing s3:GetObject only from the CloudFront distribution using SourceArn conditions.

📌 Step 8:
Created a Route 53 alias record pointing your custom domain to the CloudFront distribution and enabled HTTPS access via your custom domain.
The Route 53 alias record maps my custom domain (for example, www.example.com) to the CloudFront distribution so users can access the website using your own domain.