Static Website Hosting — S3 + CloudFront + Route53

Highly available static site (HTML/CSS/JS) deployed from GitHub to S3 with CloudFront CDN and a serverless contact form (API Gateway → Lambda → SNS).

Tech Stack: AWS S3, CloudFront, Route53, API Gateway, Lambda (Python), SNS, GitHub Actions, HTML/CSS/JS

Status: Production (deployed) — CI/CD via GitHub Actions

Frontend: Static HTML/CSS + JavaScript for contact form (fetch to API Gateway)

Repository: GitHub Repo ⬅ Back to Projects

Description

This project hosts a static portfolio on S3 served through CloudFront (fast global CDN). The DNS is managed by Route53. A contact form in the static site sends POST requests to an API Gateway endpoint which triggers a Python Lambda. The Lambda publishes the message to an SNS topic which delivers email notifications. Deployments are fully automated with GitHub Actions: on push the workflow builds, syncs files to S3, and invalidates CloudFront using a minimal set of secrets stored in GitHub Secrets.

Security & best practices

Uses HTTPS-only on CloudFront and enforce TLS. Uses AWS Certificate Manager for TLS certs on CloudFront / Route53.
Limits IAM permissions for CI (S3PutObject, S3DeleteObject, CloudFrontCreateInvalidation). Uses OIDC provider for GitHub to avoid storing long-lived AWS keys.
Validate and sanitize form input in Lambda.
Stored secrets in GitHub Secrets, never committing them to the repo.