When you spend your working days designing and building enterprise IT, this tends to have an effect on your private projects. So when I (once more) decided I needed a website, my first thought - naturally - was: Ugh, now I have to setup the Kubernetes cluster, set up auto patching (or even better - an AMI building factory) for the worker nodes (or go to EKS directly?), where will host the CI/CD server? …

I quickly realized that it would take me days or weeks of tinkering after work to set it all up. And then I took a step back and realized that everything I needed I could just do with a simple static site and a site generator like Hugo. And from a hosting perspective, when you hear “static site”, as an AWS guy, you tend to immediately think “S3”.

Turns out hosting with S3 is a little more involved than just enabeling the “Static website hosting” property and upload your stuff (since SSL is still not supported with a custom domain…). But still doable on a rainy afternoon. So this is the design I came up with:

Static hosting architecture

The “trick” when hosting on S3 is to use Amazon CloudFront. For the uninitiated, CloudFront is a Content Delivery Network (CDN)-as-a-Service by AWS. It does caching and moves your endpoint nearer to your users by serving your content at one of their many Points of Presence all around the world. While this is nice to have, it does not matter much in my usecase. What does matter is that it allowes us to use a custom Domain and SSL Certificate and also happyly serves files originating in an S3 bucket.

My domain name was registered through AWS, so I can just use Route 53 to create the A (IPv4) and AAAA (IPv6) records pointing to CloudFront. You get (public) SSL Certificates for your domain for free when you use AWS Certificate Manager, so this was a no-brainer.

One caveat when using CloudFront with Certificate Manager is that when you use another Region then us-east-1, you won’t be able to select your certificate while setting up CloudFront. So make sure your certificates are always created in N. Virigina (us-east-1), even when your CloudFront distribution and the rest of your setup lives else where (eu-central-1 in my case).

Keep your eyes open for the next posts, in which we will discuss the technical details of implementing our architecture as-code with Terraform, automating our setup with Github Actions and create a simple site with Hugo.