This is the first post. I have been thinking to build a new blog for a long time to share what I have learned and here it is at last. I also want to tell about my current setup on this blog platform.

The website is running on Amazon, deployed with Terraform, and using GitHub Actions as CI/CD for both the Infrastructure and Static website.

I use Jekyll for generating this static blog, with nothing special. Trying to keep it as simple as possible. So nothing flashy.

As frontend, I use Cloudfront with a certificate generated in ACM (Amazon Certificate Manager). The good part of this is that it’s “free” and it renews automatically (So hopefully classic doh! downtime can be avoided). A certificate is generated with DNS verification (Use email verification only as last resort). Basically, it’s a few CNAME records that ACM uses to verify that you own the domain.

On Cloudfront I use Origin access identity to restrict access to the actual backend S3. Users can access s3 only through that specific CDN. Also enabled latest recommended ciphers tlsv1.2_2021. As with origin identity can cause challenges with subfolders and index files access rights I added lambda@edge as mitigation for this.

Route53 I generated Alias records for root pilvi.guru and www.pilvi.guru. The benefit of an Alias record is that you can actually define A record for the root domain which is not possible in normal DNS service. Nice!

As the backend, I use private S3 in the standard frequently access storage tier. S3 is quite cheap (it can expensive if you use it wrong, but will tell you more about that in later posts).

GitHub actions for infrastructure and website deployment. For authentication I use OICD, so no need for an actual user or secrets but can assume more secure AWS roles. Also some variables are located on Amazon Systems manager parameter store (that is free for basic variables but costs for advanced ones)

In the future, after Terraform cleanup will share it with all of you.

Diagram of Deployment