This site is served from a private Amazon S3 bucket through CloudFront's global CDN — zero servers, HTTPS by default, and deployed in minutes with a single Terraform command.
Every request flows through CloudFront before it ever touches S3 — keeping your bucket private and your content fast.
Most teams default to an EC2 instance or public S3 bucket. Both are wrong. Here's why this pattern wins.
All public access is blocked at the bucket level. Only CloudFront can read objects, enforced via IAM Origin Access Control and sigv4 signing.
CloudFront caches your content at 400+ edge locations worldwide. Users in Tokyo get the same low-latency experience as users in New York.
No idle EC2 instances. You pay only for what's served. At typical dev/staging traffic levels, monthly costs are under $5.
One terraform apply provisions S3, CloudFront, ACM, and Route 53 — wired together automatically. Repeatable across any environment.
ACM handles DNS-validated certificate issuance and renewal automatically. No calendar reminders. No renewal outages.
CloudFront absorbs traffic spikes at the edge without touching your origin. No Auto Scaling groups. No load balancers to manage.
This stack uses Origin Access Control (OAC) — the current AWS-recommended method for restricting S3 access to CloudFront. The older Origin Access Identity (OAI) approach is deprecated. This project ships with OAC enabled by default.
Clone the repo, set two variables, run three commands.
# 1. Clone and switch to the AWS branch git clone https://github.com/bluesentry/thought_leadership_1 cd thought_leadership_1 git checkout aws # 2. Set your values in terraform.tfvars project = "your-project-name" domain = "yourdomain.com" region = "us-east-1" # 3. Deploy terraform init terraform plan -out=plan.out terraform apply plan.out # Your site is live at https://your-project.yourdomain.com