My Blog Architecture

aws
architecture
serverless
Author

Christophe Beaucé

Published

January 19, 2024

Problem

As a writer, I wanted to publish a blog with my own domain independent of any publishing platform. After all, this is content I produce, so I prefer it to be under my own domain, not behind someone else’s paywall.

Being a fan of Jupyter and Quarto, I wanted to use them to write content.

Quarto is a static web site generator.

Once I have written content, I can render the web site with a simple command.

Note: The deployment pipeline is a subject for another post !

Solution

I deployed my blog to AWS with the following services:

  • a S3 bucket stores the static web files
  • a Cloudfront distribution serves the S3 bucket content
  • Route 53 is my DNS - the DNS record of my domain is associated with the CloudFront distribution
  • Certifcate Manager manages my domain certificate

Architecture

Distribution configuration

The default root object of my distribution is index.html.

If someone tries to access a non-existing page, Cloudfront and S3 will return by default a HTTP 403 error, and a page with a raw access denied message. To improve the user experience, I have added a 404.html page and configured an error page to redirect HTTP 403 errors to my user-friendly 404 page.

Quarto generates some URL paths ending with /, short for the default index.html page. Without the full URL, S3 returns a 403 access denied exception. So I have configured a Cloudfront function to add a /index.html whenever there should have been one.

Security

The bucket has a resource policy configured with Origin Access Control. This mechanism enables to keep the bucket private and make sure it is only accessed through my Cloudfront distribution.

Even if all pages are public, all HTTP accesses to the bucket are redirected by Cloudfront to HTTPS.

The TLS protocol version 1.2 is enforced with clients.

Outcome

Usage

The blog is in service for more than 1 year, and I am using it on a regular basis to publish posts.

Cost

The overall cost of the solution is $1 per month.

My CloudFront cost are negligeable (as I have a very low traffic), the S3 costs are also negligible (the static website size is less than 100MB). The only recurring costs are Route53 costs for the public DNS hosted zone. The cost is around 1$ per month.

Maintenance

With only serverless, managed services, the solution is very low maintenance. There’s practically no maintenance of the system outside of publishing actions.