Travers’s Blog

Hey, welcome to my site. I’m a software engineer specializing in cloud-native applications. I’m passionate about building scalable, reliable, and secure systems. I’m also a big fan of open-source software. This is my personal blog where I share my thoughts on software development, cloud computing, and other tech-related topics. I hope you find something useful here. Feel free to reach out if you have any questions or comments. Thanks for stopping by!

Hosting a Static Website on a Private S3 Bucket

I host this blog on AWS for pennies, but I refused to take the easy route of making the S3 bucket public.

S3 Website Hosting is a convenient default, but it exposes the origin directly to the internet. I wanted a setup that was secure by design, highly performant, and treated “static” hosting as a first-class engineering problem.

So I engineered it properly.

The stack:

  • Private S3 Bucket: No public access allowed.
  • CloudFront: The only entity allowed to read from S3 (via Origin Access Control).
  • CloudFront Functions: A lightweight edge function to handle “pretty URLs” (so /about serves /about/index.html) and redirects.
  • GitHub Actions + OIDC: Zero-trust CI/CD that assumes a temporary AWS role to deploy.
  • Terraform: The entire infrastructure is defined as code.

Here is how (and why) I built it.