S3 Static Website with CloudFront

Deployed a static portfolio on AWS with S3 and CloudFront for global delivery, Route 53 for DNS, and GitHub Actions for automated CI/CD on every push.

Overview

This project hosts a fully static site on AWS with no application servers. Assets live in S3, CloudFront caches and serves them at the edge, and GitHub Actions builds and deploys on merge to main.

Architecture

S3 — private bucket; objects served only via CloudFront OAI/OAC
CloudFront — HTTPS, compression, custom error pages for SPA-style routing if needed
Route 53 — alias record pointing the domain to the CloudFront distribution
ACM — TLS certificate in us-east-1 for CloudFront
GitHub Actions — sync aws s3 sync and cloudfront create-invalidation

Deployment flow

git push → Actions checkout → sync to S3 → invalidate CloudFront cache

Invalidation keeps visitors from seeing stale HTML or assets after a deploy. For a portfolio, invalidating /* is simple; larger sites often target specific paths.

Key decisions

Block all public S3 access; CloudFront is the only read path
Versioned bucket optional for rollback; lifecycle rules control cost
Cache-Control headers on upload for long-lived static assets

Outcomes

Low operational overhead, predictable cost, and a deploy pipeline that matches how the site is actually built — static files only.