Deploying a secure and scalable static website on AWS using Terraform
Source: Dev.to
Overview
This mini‑project demonstrates the deployment of a secure static website on AWS using Terraform. It provides an end‑to‑end infrastructure‑as‑code solution that leverages Amazon S3 for static content storage and Amazon CloudFront for global content delivery, ensuring high availability, improved performance, and HTTPS‑enabled access through a custom domain.
Architecture
Implementation Steps
Step 1 – Provision S3 bucket
Created an S3 bucket to store static website files and blocked all public access, ensuring the bucket is not directly reachable from the internet.
Step 2 – Upload website assets
Automatically uploaded all files from the local www/ directory to the S3 bucket and set appropriate MIME content types (HTML, CSS, JS, images).
Step 3 – Retrieve Route 53 hosted zone
Looked up the existing public Route 53 hosted zone for the domain.
Step 4 – Request SSL certificate
Requested an SSL certificate through AWS Certificate Manager (required for CloudFront). The certificate was validated using DNS validation via Route 53.
Step 5 – Create CloudFront Origin Access Control (OAC)
Created an OAC so that only CloudFront can read content from the S3 bucket over HTTPS, while direct public access to the bucket remains blocked.
Step 6 – Configure CloudFront distribution
Defined the CloudFront distribution via Terraform resources. The distribution connects users to the content through AWS’s global CDN, reducing latency by caching assets at edge locations.
Step 7 – Apply S3 bucket policy
Added a bucket policy that allows s3:GetObject only from the CloudFront distribution using SourceArn conditions.
Step 8 – Create Route 53 alias record
Created a Route 53 alias record that points the custom domain (e.g., www.example.com) to the CloudFront distribution, enabling HTTPS access via the custom domain.
Additional Resources
- YouTube video:
- GitHub repository:
Tags: Terraform AWS DevOps