I recently wrote about hosting a static site on a private S3 bucket. After publishing, I actually considered migrating this blog to Amplify. It would’ve taken 30 minutes and deleted half my Terraform.

I didn’t do it.

AWS recommends Amplify Hosting for static sites now. It handles builds, deploys, CDN, and HTTPS out of the box. No Terraform, no CloudFront Functions, no OIDC setup. For most people, it’s the right choice.

But for me, the juice wasn’t worth the squeeze. Here’s how I thought through it.

What Amplify Gives You#

Connect a GitHub repo, pick a framework, and you’re live. Amplify auto-detects Hugo, Next.js, Gatsby, and others. It sets up:

  • Build pipeline: Watches your branch, builds on push
  • CDN: CloudFront under the hood (you don’t manage it)
  • HTTPS: Free SSL, auto-renewed
  • Preview deploys: Every PR gets its own URL
  • Atomic deploys: Instant rollback if something breaks

For most static sites, this is everything you need. Setup takes minutes, not hours.

What You Give Up#

No Terraform. Amplify is ClickOps or amplify-cli. If your infra lives in Terraform, Amplify is an island. You can use the Terraform Amplify provider, but it’s limited compared to managing CloudFront directly.

No CloudFront customization. Want to add custom headers, tweak cache behavior, or run edge logic? Amplify abstracts CloudFront away. You get what you get.

No private origin. Amplify manages its own storage. You don’t get a private S3 bucket with OAC—Amplify handles access internally. I don’t love that I can’t inspect the storage layer, lock it down myself, or prove it’s private. If shipping secure products matters to you, this is worth thinking about.

Higher data transfer costs.

CloudFrontAmplify
Data transfer~$0.085/GB$0.15/GB

At low traffic, Amplify’s free tier (15GB/month) covers you. At scale, CloudFront is ~40% cheaper per GB.

Cost Comparison#

Monthly trafficS3 + CloudFrontAmplify
1 GB~$0.10Free
10 GB~$0.85Free
50 GB~$4.25~$5.25
100 GB~$8.50~$12.75

Amplify wins until ~15GB, then CloudFront pulls ahead.

When to Use Amplify#

  • Speed matters more than control. You want to ship, not configure.
  • PR previews are important. Amplify does this out of the box. Rolling your own is painful.
  • You’re not using Terraform. If your infra isn’t IaC anyway, Amplify’s console is fine.
  • Low traffic. Free tier covers most personal sites and side projects.

When to Use S3 + CloudFront#

  • You want Terraform control. Everything in code, version-controlled, reviewable.
  • You need edge customization. CloudFront Functions, Lambda@Edge, custom cache behaviors.
  • Private origin matters. S3 is locked down; only CloudFront can read it.
  • Higher traffic. Data transfer costs add up; CloudFront is cheaper at scale.
  • You already built it. Migration has a cost too. If it’s working, leave it.

Migration Path (If You Want It)#

From S3 + CloudFront to Amplify:

# 1. In AWS Console: Amplify → New app → Host web app → GitHub
# 2. Select repo and branch
# 3. Amplify auto-detects Hugo, confirms build settings:
#    - Build command: hugo
#    - Output directory: public
# 4. Deploy
# 5. Add custom domain in Amplify settings
# 6. Once verified, delete old infra:
#    - CloudFront distribution
#    - S3 bucket
#    - Route 53 records (update to Amplify)
#    - GitHub Actions workflow
#    - Terraform state (or just `terraform destroy`)

Total time: ~30 minutes if DNS cooperates.

My Take#

I’m keeping the S3 + CloudFront setup. I already built it, it costs almost nothing, and I like having everything in Terraform. More importantly, I can point at the bucket policy and say “this is locked down.” That matters to me.

Amplify is a fine choice—probably the right one for most people starting fresh. But the juice wasn’t worth the squeeze for a migration. I’d rather spend 30 minutes writing about it than 30 minutes undoing work that already ships secure.

Related:

Hopefully this amplifies your options.