I Spent 6 Hours Automating a 30-Minute Task (And I'd Do It Again)

#terraform #aws #cloudfront #automation

Originally published on graycloudarch.com.

Look, I know what you're thinking. "Glenn, you could've just clicked through the AWS console and had both sites live in an hour."

You're not wrong.

But here's the thing—I'm allergic to clicking through consoles. It's a professional hazard from spending the last 5 years building enterprise platforms where "just do it manually" gets you fired.

So when I sat down to launch graycloudarch.com and cloudpatterns.io, I did what any reasonable person would do: I spent 6 hours writing Terraform to automate a 30-minute task.

The Manual Way (aka Hell)

If I'd done this the normal way:

AWS Console → ACM → Request Certificate
Copy the DNS validation CNAME
Cloudflare → Add DNS record
Wait. Refresh. Wait more.
AWS Console → CloudFront → Create Distribution
Copy CloudFront domain
Cloudflare → Add another DNS record
Test. Find typo. Fix typo. Test again.
Repeat for second domain.

Time: 40 minutes if nothing breaks (it always breaks).

Chance I'd screw up a DNS record: 80%.

The Automated Way (aka Overkill)

One Terraform apply. That's it.

terraform apply
# Go make coffee
# Come back to two working sites

But the real magic isn't the deployment—it's what happens when AWS generates those ACM validation records:

resource "cloudflare_record" "cert_validation" {
  for_each = {
    for dvo in aws_acm_certificate.site.domain_validation_options :
      dvo.domain_name => {
        name   = dvo.resource_record_name
        record = dvo.resource_record_value
        type   = dvo.resource_record_type
      }
  }

  zone_id = data.cloudflare_zone.site.id
  name    = each.value.name
  value   = each.value.record
  type    = each.value.type
}

Terraform reads the validation records from AWS, creates them in Cloudflare, and waits for validation to complete. Zero copy-paste. Zero switching between browser tabs. Zero forgetting which CNAME goes where.

I don't touch Cloudflare. I don't touch AWS Console. I just run terraform apply and go do something useful.

Why This Matters (Spoiler: It's Not About Terraform)

I'm trying to hit $3K/month by March 31. That's 9 weeks away.

Every hour I spend clicking through AWS is an hour I'm not:

Writing blog posts
Reaching out to potential clients on LinkedIn
Building the course I want to sell
Actually making money

Manual infrastructure doesn't generate revenue. Published content generates revenue.

So yeah, I spent 6 hours automating something I could've done in 30 minutes. But now when I launch my third brand (and I will), it takes 10 minutes and one terraform apply.

That's the bet: upfront investment for long-term velocity.

What I Actually Built

The module is dead simple:

ACM certificate with DNS validation
S3 bucket for static hosting
CloudFront distribution
Cloudflare DNS records (both root and www)

Call it twice (once per brand), different inputs, same code:

module "graycloudarch" {
  source      = "../../modules/static-site"
  domain_name = "graycloudarch.com"
  bucket_name = "graycloudarch-website"
}

module "cloudpatterns" {
  source      = "../../modules/static-site"
  domain_name = "cloudpatterns.io"
  bucket_name = "cloudpatterns-website"
}

That's it. No duplication. No drift. No "wait, which CloudFront ID goes with which domain?"

The Part Where I Screwed Up

Of course it didn't work perfectly the first time.

Turns out when you register a domain through Cloudflare, they helpfully create a default parking page DNS record. When Terraform tried to create my root CNAME, it failed with "record already exists."

Took me 20 minutes to figure out I needed allow_overwrite = true in the Cloudflare resource.

20 minutes I'll never get back. But at least it's documented in Git now, not lost in my bash history.

Would I Do This Again?

Absolutely.

Not because it's faster (it's not, the first time).

Not because it's easier (it's definitely not).

Because when I'm sitting at 2am writing my fifth blog post of the week and I realize I need to spin up a third site for a new product line, I can do it in 10 minutes instead of canceling my writing session to spend 45 minutes in AWS console.

Automation is a bet on future you. I'm betting future Glenn will appreciate not having to remember how SSL validation works.

Want the code? It's not open source (yet), but if you're building something similar and want to talk through the architecture, hit me up. I'm always down to talk Terraform.

Or if you just want to tell me I'm insane for spending 6 hours on this, that's cool too. My DMs are open.