How To Over-Engineer Your Blog
Having made a sensible choice in tooling, using Astro to build my blog, I was looking to introduce some complexity in my life. The perfect opportunity presented itself in the final steps of bringing my site to the yearning public (you).
But Really, Why?
Technical writers at AWS are notoriously good at splitting up documentation over six pages and several obscure blog posts. Pages will have internal links, though, not the ones you want and one blog post uses silently deprecated functionality while another one is not applicable in your use case. For the persistent it can be quite a rewarding experience, with plenty of rabbit holes and opportunity to accidentally lose money.
Jokes aside, there are lots of cheap “one click” alternatives to hosting and, while this definitely is not one of them, I still find choosing AWS a good idea.
- It can be done cheap, secure and offers high availability.
- Cut out the middle man; a lot of hosting services use AWS in the end.
- Carrying AWS experience is attractive in the job market.
How?
DevOps, of course! Say it with me: DevOps!
Does that not feel good? There is something magical about that abomination of concatenation.
So, how do I deliver content from my computer to yours using AWS? Fun as it may be, I really don’t want to maintain a server. Keeping libraries and a web server up-to-date and what not. That could have been enough of a reason to stay away from something like an EC2 instance, but they’re also quite costly. I want it to be as close to free as I can get. A really nice option is the combination that S3 and CloudFront provide.
Even though this is a fairly easy setup, I like doing rough sketches to try and keep as little as possible in my head.
-
Pushing a new tag to
mainon GitHub will trigger a workflow . - Authenticate and authorize workflow with OpenID Connect using the configure-aws-credentials action.
- Upload build output to an S3 bucket.
- Invalidate CloudFront caches.
- Route 53 routes any request to CloudFront.
- If the requested resource is not currently cached, CloudFront retrieves it from S3 and compresses it before responding.
Infrastructure
As shown in the diagram above, there are a few AWS services to set up and configure before I can set up continuous deployments. Using AWS’ dashboard in the browser suck. It changes often and you have no clear picture over all resources you are using. Instead I will opt for Terraform . With that I will get a catalog of any resources used for this project. It also enables easy teardown of everything, should I move to another service provider for some reason.
- cd (github actions) automate deployments on push to master
- oidc github ws configure-openid-connect avoid managing and storing iam user credentials as long-lived github secrets setting-up-oidc-on-aws
- oac cloudfront s3 configure origin access control benefits of a cdn instead of enabling s3 static website this decrease costs and increase availability
- cloudfront function to rewrite subfolder roots to index documents because s3 static website is not enabled it is no longer possible to set index documents for subfolders
Happy coding!