Hosting Platform
The hosting strategy is the critical link between development and the end-user. This section details the rationale for selecting a combination of AWS S3 and CloudFront, and how this platform choice directly supports the project's goals of security, cost-efficiency, and high performance.
Platform Selection Criteria
The selection of a hosting platform was guided by the project's core constraints. While platforms like Netlify, Vercel, and GitHub Pages offer excellent ease of use, a custom AWS solution was chosen for its unparalleled control, scalability, and direct relevance to professional cloud engineering roles.
| Criterion | AWS (S3 + CloudFront) | Other PaaS (e.g., Netlify) |
|---|---|---|
| Control | Granular control over every aspect (caching, security headers, IAM). | Abstracted control, "magic" configurations can hide complexity. |
| Cost | Pay-for-what-you-use pricing model results in negligible costs. | Excellent free tiers, but can have costly overages. |
| Learning & Relevance | Directly demonstrates sought-after skills in core AWS services. | Demonstrates knowledge of a specific vendor platform. |
| Integration | Native integration with the entire AWS ecosystem (IAM, Route 53, ACM). | Excellent integration with Git providers, but ecosystem is proprietary. |
S3 & CloudFront Configuration Details
The combination of S3 and CloudFront forms a secure, high-performance hosting solution. The S3 bucket is locked down, and CloudFront serves as the public-facing gateway.
Private S3 Bucket with OAI
The S3 bucket policy is configured to deny all public access. An Origin Access Identity (OAI) is used, which creates a special CloudFront user that is granted exclusive permission to read objects from the bucket. This ensures users cannot bypass the CDN and access files directly.
HTTPS and SSL Enforcement
A free SSL/TLS certificate is provisioned using AWS Certificate Manager (ACM) and attached to the CloudFront distribution. All HTTP requests are automatically redirected to HTTPS, ensuring all data in transit is encrypted.
Optimized Cache Policies
CloudFront cache behaviors are tuned to provide long TTLs (Time To Live) for static assets like CSS and JS, reducing requests to the origin. The deployment pipeline creates cache invalidations only when files change, ensuring users receive updates quickly without compromising performance.