Static Website Hosting on AWS with Terraform

Implemented a secure and performant static website architecture using AWS services — including S3 for storage, CloudFront for content delivery, and ACM for SSL/TLS encryption. The entire infrastructure was provisioned using modular and reusable Terraform code, enabling consistent, scalable, and fully automated deployments.

Terraform AWS Route53 CloudFront AWS certificate manager S3
View Code

Project Overview

This project demonstrates the deployment of a fully automated, secure, and highly available static website infrastructure on AWS using Terraform. The website is hosted on Amazon S3 with CloudFront as the CDN to ensure low latency and high performance across global regions. The domain is managed via Route 53, providing DNS resolution and seamless domain mapping.


  • Terraform Infrastructure as Code (IaC): Modular and reusable codebase for consistent and repeatable deployments.
  • Amazon S3: Stores static website files with private bucket to restrict access for enhanced security.
  • CloudFront with OAC: Ensures secure HTTPS access and restricts direct S3 access using Origin Access Control.
  • ACM: SSL/TLS certificates are provided via AWS Certificate Manager for encrypted traffic.
  • Route 53: DNS management for the custom domain saeedafzal.click, routing traffic to CloudFront.
  • Best Practices: HTTPS enforcement, limited HTTP methods, and secure IAM and bucket policies.

This implementation demonstrates expertise in AWS services, Terraform automation, and building production-ready cloud solutions.

Technical Architecture

Technology Stack

  • Terraform 1.12+
  • AWS CLI
  • Amazon S3 bucket
  • Route 53 DNS
  • CloudFront
  • Amazon certificate manager

Project Specifications

  • Duration: 3 weeks
  • Team Size: 1 Engineer
  • Lines of Code: 800+ (Terraform, HTML, CSS)
  • Environments: 1 (Production)
  • Infrastructure: AWS S3, CloudFront (OAC), ACM, Route 53
  • Security: Private S3 bucket via OAC, HTTPS enforced
  • Automation: Terraform Modules
  • Availability: Global CDN with CloudFront
  • Performance: 99.9% Uptime, Low Latency
  • Cost Optimization: Efficient static hosting
  • Domain: saeedafzal.click

Challenges & Solutions

Challenge: Complex Multi-Environment State Management

Solution: Implemented remote state backend with S3 and DynamoDB for state locking, separate workspaces for each environment, and automated state validation checks.

Challenge: Zero-Downtime Deployments

Solution: Designed blue-green deployment strategy with ALB target group switching, health checks, and automated rollback mechanisms.

Challenge: Cost Optimization Without Performance Loss

Solution: Implemented intelligent instance scheduling, right-sizing analysis, and reserved instance planning to reduce costs by 40%.

Development Timeline

Week 1-2

Planning & Architecture Design

Requirements gathering, architecture design, technology selection, and security assessment.

Week 3-6

Core Infrastructure Development

VPC setup, EC2 instances, load balancers, and basic auto-scaling configuration.

Week 7-9

Database & Storage Implementation

RDS deployment, S3 configuration, backup strategies, and disaster recovery setup.

Week 10-12

Security & Monitoring

Security hardening, CloudWatch setup, alerting configuration, and comprehensive testing.

Code Highlights

Auto Scaling Configuration

resource "aws_autoscaling_group" "web_asg" {
  name                = "${var.project_name}-web-asg"
  vpc_zone_identifier = var.private_subnet_ids
  target_group_arns   = [aws_lb_target_group.web_tg.arn]
  
  min_size         = var.min_capacity
  max_size         = var.max_capacity
  desired_capacity = var.desired_capacity
  
  launch_template {
    id      = aws_launch_template.web_lt.id
    version = "$Latest"
  }
  
  tag {
    key                 = "Name"
    value               = "${var.project_name}-web-instance"
    propagate_at_launch = true
  }
}

RDS Multi-AZ Setup

resource "aws_db_instance" "main" {
  identifier = "${var.project_name}-db"
  
  engine         = "postgres"
  engine_version = "13.7"
  instance_class = var.db_instance_class
  
  allocated_storage     = var.db_storage
  max_allocated_storage = var.db_max_storage
  
  db_name  = var.db_name
  username = var.db_username
  password = var.db_password
  
  vpc_security_group_ids = [aws_security_group.rds.id]
  db_subnet_group_name   = aws_db_subnet_group.main.name
  
  backup_retention_period = 7
  backup_window          = "03:00-04:00"
  maintenance_window     = "sun:04:00-sun:05:00"
  
  multi_az               = true
  publicly_accessible    = false
  storage_encrypted      = true
  
  skip_final_snapshot = false
  final_snapshot_identifier = "${var.project_name}-db-final-snapshot"
}

Project Gallery

Architecture Diagram
AWS Architecture Overview
Monitoring Dashboard
CloudWatch Monitoring Dashboard
Terraform Execution
Terraform Execution Results

Key Takeaways

Technical Learnings

  • Infrastructure as Code significantly improves deployment consistency
  • Proper state management is crucial for team collaboration
  • Monitoring and alerting should be implemented from day one
  • Security by design reduces vulnerabilities and compliance issues

Business Impact

  • Automated deployments increased team productivity by 300%
  • Reduced infrastructure costs while improving performance
  • Enhanced system reliability and customer satisfaction
  • Established foundation for future scaling and growth